WO2008080431A1 - System and method for obtaining content rights objects and secure module adapted to implement it - Google Patents

System and method for obtaining content rights objects and secure module adapted to implement it Download PDF

Info

Publication number
WO2008080431A1
WO2008080431A1 PCT/EP2006/012607 EP2006012607W WO2008080431A1 WO 2008080431 A1 WO2008080431 A1 WO 2008080431A1 EP 2006012607 W EP2006012607 W EP 2006012607W WO 2008080431 A1 WO2008080431 A1 WO 2008080431A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
ris
uea
electronic apparatus
content
Prior art date
Application number
PCT/EP2006/012607
Other languages
French (fr)
Inventor
Giuseppe Mazara
Boris Moltchanov
Barbara Negro
Massimo Balestri
Gianluca De Petris
Original Assignee
Telecom Italia S.P.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telecom Italia S.P.A. filed Critical Telecom Italia S.P.A.
Priority to PCT/EP2006/012607 priority Critical patent/WO2008080431A1/en
Publication of WO2008080431A1 publication Critical patent/WO2008080431A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity

Definitions

  • content rights object (often a computer digital file); the content object and the content rights object may be combined into a single computer digital file or, as an alternative, they may be kept separate.
  • a license holder acquires protected content and an original digital license to the protected content from a content provider system.
  • the license holder in turn delegates all or part of the grants in that original license to other qualified devices or clients.
  • the content remains in its original, protected or encrypted form while it is delivered from the license holder to the client along with a digital sublicense that the client receives from the original license holder, whereupon the content can then be rendered.
  • the original digital license defines or governs the conditions under which such delegation occurs, and includes terms under which such delegation is permitted to continue in order to enforce the intent of the content provider.
  • the system is typically implemented within a multi-user domain wherein a local server is connected to a local area network and to the Internet through a router, and a plurality of clients are connected to the local area network.
  • a rights management system comprises a user electronic apparatus and a secure module associated to the user electronic apparatus and provided with a local content rights issue application; the local content rights issue application is adapted to receive user requests from the user electronic apparatus, to locally generate content rights objects based at least on the user requests, and to transmit the generated content rights objects to the user electronic apparatus in order to allow that the user electronic apparatus decrypts and uses protected content objects.
  • An important component of such a system is the secure module provided with the local content rights issue application.
  • Such a module may be fit within the user electronic apparatus and/or may be adapted to establish a wireless (and preferably secure) communication channel with the user electronic apparatus, in particular a short-range wireless communication channel.
  • the renewed license is derived from the previous expired or exhausted license; the renewal may be based on constraints specified by the remote content rights issue application (such as maximum number of renewals, maximum amount of permissions per renewal, maximum term of renewal, maximum cost of renewal, etc.); these constraints may be specified e.g. in an application rights object issued by the remote content rights issue application and specific to the local rights issue application or in an appropriate application rights object issued by the remote rights issue application and specific to the agent application.
  • the permissions and restrictions of the original license received from the remote content rights issue application may be extended.
  • the user may receive a very limited license for a music song (e.g. the permission for listening the song once or for listening a 30 sec. low-quality preview) from the remote application and then he/she may obtain an extended license (derived from the previous limited license) from the local application after paying for the song.
  • a very limited license for a music song e.g. the permission for listening the song once or for listening a 30 sec. low-quality preview
  • an extended license derived from the previous limited license
  • the operation of the local content rights issue application may be subject to one or more application licenses / application rights objects that specify the permissions and restrictions to be enforced for the usage of the local server application.
  • the local server application is under the control of the remote server application even if the communication between them is absent or much limited.
  • licenses may be generated also for content owned, controlled or generated by the user of the user electronic apparatus; in this case, the local content rights issue application in addition to generating original content rights objects for this content also generates one or more protected (i.e. appropriately encrypted and formatted) content objects corresponding to this content for the user electronic apparatus, in particular for the agent application. It is quite common that a user wishes to distribute a file (corresponding to e.g.
  • additional services may be provided as clarified in the following.
  • the present invention takes into account that the issue of a license by the local content rights issue application may be (and in general is) subject to payment by the user.
  • Such payment may be carried out in a traditional electronic way through e.g. a credit card. This requires the transfer of sensitive data over a telecommunication network.
  • payment may be carried out through "prepaid billing".
  • prepaid billing within the secure module information relating to prepaid credits is stored; the prepaid credits are securely managed by the local content rights issue application within the secure module.
  • the user may buy credits e.g.
  • the content rights issue application may e.g. download from a remote apparatus (for example of the service provider) through a telecommunication network one or more DRM logics; the download may be subject to payment by the user.
  • the remote content rights issue application is associated to the content provider while the remote payment application may be associated to the service provider (for example the telecommunication operator); anyway, the two entities may be integrated into a single entity.
  • Fig.1 shows schematically a digital rights management system according to the present invention. It is to be understood that the following description and the annexed drawing are not to be interpreted as limitations of the present invention but simply as exemplifications. DETAILED DESCRIPTION OF THE INVENTION PRELIMINARY CONSIDERATIONS Digital rights management [DRM] systems are designed to protect content usually in digital form.
  • the traditional DRM systems essentially consist of a client-server architecture.
  • the server component usually comprises a first module (which may be a server application) that is in charge of preparing protected content, that is often called “content preparation server” [CPS], and a second module (which may be a server application) that is in charge of generating and distributing licenses, that is often called “rights issue server” [RIS].
  • CPS content preparation server
  • RIS rights issue server
  • the CPS module receives content in clear form and then protects it by encryption through an encryption key and formats appropriately; the end result is often called protected content object [CO].
  • the RIS module generates licenses that contain decryption keys and the permissions and restrictions of using the content so that the content should be used according to these permissions and restrictions; the end result is often called content rights objects [CRO].
  • the client component usually comprises a DRM agent module located and running within the user electronic apparatus (or user terminal) that is in charge of controlling the use of the content according to the rights and restrictions specified in a corresponding license.
  • DRM agent module located and running within the user electronic apparatus (or user terminal) that is in charge of controlling the use of the content according to the rights and restrictions specified in a corresponding license.
  • the traditional DRM systems are based on the separation between content and license; in fact, the first one can circulate between the user domains without high concerns as it is encrypted and can not be used alone without an appropriate license, while the second one requires an increased security when distributed as it serves for providing users with "sensitive" information such as decryption keys ( CEK) for decrypting content and rights/restrictions for allowing use of the content.
  • CEK decryption keys
  • DRM systems focus particularly on the way in which licenses are obtained, distributed and transmitted and also on the way of checking the identity of the entities involved in the transactions, particularly of the subscribers.
  • the most critical aspects of the traditional DRM system are thus connected to the communication between the remote server and the local clients.
  • a first aspect is the mutual authentication through e.g.
  • a second aspect is the registration of the local client with the remote server
  • a third aspect is the transfer of the request for license
  • a fourth aspect is the transfer of the issued license; these are the main critical aspects.
  • Communication between a local client and a remote server in the traditional DRM systems is necessary in particular whenever a DRM agent requires a license; this applies both when an original / "new" license is required by a user for e.g. a content never used in the past by this user and when a renewed or extended license is required for e.g. a content already used in the past by the same user.
  • the need to establish a communication between local client and remote server at the issue of every license may seem a very secure approach in order to avoid frauds. Nevertheless, such communication may be subject to attacks so the transferred license can be tampered.
  • the present invention provides a secure module associated to a user electronic apparatus; the secure module comprises a local content rights issue application (i.e. a local server application) adapted to locally generate content rights objects without interacting with the remote content rights issue application (i.e. the remote server application).
  • a local content rights issue application i.e. a local server application
  • the remote content rights issue application i.e. the remote server application
  • secure module an electronic module comprising at least a processor and a memory and provided with means for avoiding unauthorized access and operation on the memory;
  • a typical embodiment of a secure module is a smartcard (contact or contactless), e.g. a SIM card or a USIM card or a secure multimedia card [SMMCTM] or a secure digital [SDTM] card; it is not excluded that the secure module is provided with internal power supply means; the secure module may also comprise a radio interface implementing e.g. the BlueToothTM or ZigBeeTM technology.
  • the remote server application delegates the task to generate some kinds of licenses to the local server application; to this purpose, the interaction and the corresponding communication between the client and the server may be carried out only locally (typically within the user electronic apparatus) and therefore security is highly increased.
  • Fig.1 shows schematically an embodiment of a digital rights management system according to the present invention.
  • Four entities are essentially shown and the following references are used:
  • DRMA digital rights management agent application (i.e. a client application) located and running within a user electronic apparatus UEA;
  • SIM-RIS local content rights issue application (i.e. a server application) located and running within a secure module SM;
  • C-PRO content provider that typically comprises a content preparation server [CPS] exemplified as an apparatus RA1 remote from the UEA apparatus;
  • the WEB- RIS application generates a digital certificate (or alternatively obtains a digital certificate from a reference certification authority) that serves for identifying the SIM-RIS application as a delegate of the WEB-RIS application so that it is authorised to act on behalf of it; this certificate contains the received PKDRMC key as well as, where necessary, the cryptographic information (for example the private key of WEB-RIS server application) that can be used for modifying the security parameters of CRO objects; this certificate, that is authenticated by the WEB-RIS application through a digital signature, will be referred to in the following as DRM certificate [DRMC].
  • DRM certificate DRM certificate
  • Such license is an application rights object for the SIM-RIS application which will be referred to in the following as RIS-RO.
  • the RIS-RO object specifies the permissions and restrictions of using the DRM logic by the SIM-RIS application in terms of e.g. authorised entities (i.e. entities that may interact with the SIM-RIS application itself) and authorised operations (amount of renewal operations granted, types of renewal -limited or unlimited-, timeframe of the renewal etc.).
  • the WEB-RIS application may receive: • the KRIS key from the mobile operator who released the SRNC certificate; this key serves for decrypting the DRM logic stored in encrypted form by the SIM-RIS application into the USIM card;
  • Such credits may be under the indirect control of the content provider C-PRO, in particular the WEB-RIS application, and/or of the mobile operator / service provider S-PRO, in particular a remote payment application PAY; in fact, the SIM-RIS application may be requested by the DRMA agent in the user apparatus to check the status of the repository and thereafter to send to an application (WEB-RIS) of the content provider C-PRO and/or to an application (PAY) of the service provider (S-PRO) a notification of the prepaid credits left.
  • WEB-RIS application
  • PAY application of the service provider
  • the WEB-RIS application authenticate the SIM-RIS application, to request a RIS-RO object and to buy a certain number of prepaid credits through e.g. a service provided by the mobile operator.
  • the SIM-RIS application request the CRO object (encrypted e.g. only through its public key) to the DRMA agent application, uses the KRIS key (that enables it to access to the DRM logic to be used for modifying the CRO object) and renews it (in the sense of generating a new license having the same rights and restrictions of the original one) or extends it (in the sense of generating a license having higher rights and/or lower restrictions than the original one) according to the request by the user. Thereafter the SIM-RIS application deducts in the repository a number of credits corresponding to the operation carried out, and finally, the SIM-RIS application transmits to the DRMA agent application the just generated CRO object encrypted through the public key of the DRMA agent application.
  • the DRMA agent application is able to access the new CRO object and the use of the corresponding protected content object in the usual way, i.e. decrypting the CRO object by means of its private key, extracting the symmetric key CEK used for encrypting the content, decrypting the protected content object and using it according to the rights and restrictions specified in and by the CRO object.
  • the composition of the RIS-RO object i.e. the rights and restrictions contained therein) may determine two possibilities for the user:
  • the user can use the SIM-RIS server application for the purpose of requesting a simple renewal of the license, i.e. the issue of a license that enables the same use possibilities of the original license,
  • the user has no limit (apart from the credit available) on the request of license generation; in this case, the user is substantially free to request any license either broader (with a higher cost) or narrower (with a lower cost).
  • the original license (CRO object) is used in the process of renewal or extension at least as it contains the CEK key; the same key will be introduced and contained in the renewed or extended license (CRO object) generated by the SIM-RIS application.
  • the method describes completely different and alternative to the method used at present for getting new licenses; in fact, the prior art DRM agent applications contact the WEB-RIS application for obtaining a new license when the old license is expired or exhausted. Therefore, there are two main differences at the time of the request of renewal or extension: the WEB-RIS application is not involved (and thus not necessary), the communication network is not involved (and thus not necessary). Additionally, according to the architecture of the present invention, different DRM logic may be used e.g.
  • the present invention considers also the generation of a new license; this is an optional an advantageous feature.
  • the mobile operator instead of simply storing the KRIS key in order to satisfy the request of a WEB-RIS application, it can insert it into a generic RIS-RO object that will be referred to in the following as content RIS-RO [CRIS-RO] object,
  • CRIS-RO object is transmitted by the mobile operator to the user apparatus; this may happen e.g. at the time when the DRM logic is transmitted to the SIM-RIS application.
  • Such CRIS-RO object enables the service of protection of user's content in the user apparatus; in fact, the DRMA agent application based on this CRIS-RO object can encrypt content and generate the corresponding license according to the DRM logic available to the SIM-RIS application.
  • the user may request to the DRMA agent application the use of the protection service; this service is available if there exists an instance of the SIM-RIS application with a corresponding DRM logic and CRIS-RO object; the user specifies the content or the file to be protected.
  • the generation of protected content and the corresponding license is very secure as neither the content in clear nor the encryption key goes out of the user apparatus or of the secure module associated with the user apparatus. Additionally, this service can be obtained even if when the service is desired) no connection to a telecommunication network (e.g. for example a mobile telecommunication network or the Internet) is available to the user apparatus.
  • a telecommunication network e.g. for example a mobile telecommunication network or the Internet
  • ALTERNATIVES AND EXTENSIONS OF THE INVENTION A SIM-RIS server application within a secure module may be designed to offer the services described in the preceding pages not only to the user apparatus (in particular to the DRM agent application running within it) where the secure module is fit in, but also to other user apparatuses connected to the former one.
  • Such exportation function may be offered to the user through e.g. the DRMA agent application.
  • the DRMA agent application Typically, not only the first SIM-RIS application but also the second SIM-RIS application have received a digital certificate from the same WEB-RIS application.
  • the exportation may take place as follows.
  • a user request to the DRMA agent application to export a CRO object to another SIM-RIS application ;
  • a discovery phase takes place in order to identify the other SIM-RIS application;
  • the SIM-RIS A application and SIM-RIS B application mutually authenticate through the opening of an encrypted communication session during which they exchange their digital certificates.
  • the CRO object (in clear form) is transferred through the encrypted channel.
  • Such CRO object is received by the SIM-RIS B application that takes care of formatting it according to the specification of the DRM logic supported by it.
  • the destination DRM logic may be the same or different from the source DRM logic; in the latter case the destination DRM logic may be specified within the rights and/or restrictions of the CRO object. It is up to the DRM logic, which is used by the SIM RIS B application for performing the export operation, to correctly (e.g. according to the rules of a particular trust model) map the permissions and the restrictions of the source DRM system into the corresponding permissions and restrictions of the destination DRM system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The rights management system comprises a user electronic apparatus (UEA), and a secure module (SM) such as a smartcard associated to the user electronic apparatus (UEA) and provided with a local content rights issue application (SIM-RIS); the local content rights issue application (SIM-RIS) is adapted to receive user requests from the user electronic apparatus (UEA), to locally generate content rights objects (CRO) based on the user requests, and to transmit the generated content rights objects (CRO) to the user electronic apparatus (UEA) in order to allow the user electronic apparatus (UEA) to decrypt and uses protected content objects (CO).

Description

SYSTEM AND METHOD FOR OBTAINING CONTENT RIGHTS OBJECTS AND SECURE MODULE ADAPTED TO IMPLEMENT IT
FIELD OF THE INVENTION The present invention relates to a system and method for obtaining content rights objects and a secure module adapted to implement it.
BACKGROUND OF THE INVENTION
Digital rights management [DRM] systems are known and used for protecting and controlling the use of digital content, for example a film to be distributed and played by selected users. It is to be noted that DRM systems may be used (and are sometimes used) for protecting and using any kind of content, for example text digital documents; the use of a content may correspond to displaying or playing or in general rendering or executing the content.
Nowadays, DRM systems are based on a client-server architecture that requires a high level of security to the communication between client and server. Usually, such communication takes place over a telecommunication network, for example a mobile telephone communication network and/or the Internet.
In general, such systems comprise a server component or application that manages the protection of digital content and takes care of generating and delivering licenses for using the managed digital content to a client component or application. A piece of digital content is embodied in a so-called "content object" (often a computer digital file); a use license is often embodied in a so-called "rights object" or, to be more precise,
"content rights object" (often a computer digital file); the content object and the content rights object may be combined into a single computer digital file or, as an alternative, they may be kept separate.
In general, such systems are designed to, be used in environments comprising a plurality of users having a corresponding plurality of user electronic apparatuses (such as MP3 players or video players but also mobile phones or personal computers); a client application, often called agent, is resident and running within the user electronic apparatus and takes care of controlling that the use of digital content is performed according to the rules (in particular the permissions and restrictions) contained in the licenses and specified by the rights object.
From patent application US2004/0168073 there is known a DRM system wherein a publishing user publishes digital content and issues a corresponding digital publisher license to allow other users to render the published digital content. The publishing user is supplied with a publishing certificate from a DRM server; the publishing certificate allows the publishing user to so publish the digital content and to so issue the publisher license. The system is typically implemented within a corporate network having a plurality of users in order to let the users have control over the use of published content.
From patent application US2005/0278787 there is known a DRM system; there is proposed the implementation of a DRM agent into a tamper-resistant identity module adapted for engagement with a client system, such as a mobile phone or a computer system. The DRM agent is generally implemented with functionality for enabling usage, such as rendering or execution of protected digital content provided to the client system from a content provider, according to use licenses received by the DRM agent. In general, the DRM agent includes functionality for cryptographic processing of DRM metadata associated with the digital content to be rendered. In a particularly advantageous realization, the DRM agent is implemented as an application in the application environment of the identity module. The DRM application can be preprogrammed into the application environment, or securely downloaded from a trusted party associated with the identity module.
From patent application US2005/0138357 there is known methods and systems for controlling the distribution of digital content. A license holder acquires protected content and an original digital license to the protected content from a content provider system. The license holder in turn delegates all or part of the grants in that original license to other qualified devices or clients. The content remains in its original, protected or encrypted form while it is delivered from the license holder to the client along with a digital sublicense that the client receives from the original license holder, whereupon the content can then be rendered. The original digital license defines or governs the conditions under which such delegation occurs, and includes terms under which such delegation is permitted to continue in order to enforce the intent of the content provider. The system is typically implemented within a multi-user domain wherein a local server is connected to a local area network and to the Internet through a router, and a plurality of clients are connected to the local area network. SUMMARY OF THE INVENTION
At present, the use of a content protected according a DRM technology implies the need to establish a secure communication between a DRM client component and a DRM server component; in fact, such communication is necessary to transfer not only the protected content but also a license specifying the license (i.e. permissions and restrictions) to use the protected content in addition to a set of sensitive parameters (e.g. identities of the parties, the cryptographic information necessary for the protection of the license, the key for decrypting the content, etc.).
The Applicant has noticed that the availability of network connectivity that enables the communication between the server component and the client component within the DRM system is a critical factor for the operation of the whole DRM system, either when the client needs to obtain a new license for a protected content, or when he simply wants e.g. to get renewed an expired license previously acquired. Furthermore, the Applicant has noticed that such communication between the server component and the client component of the DRM system is subject to relevant security threats and exposed to different types of attacks; there is e.g. a so-called "Replay Attack" according to which a valid license is intercepted and sent to the client only when it is exhausted or expired and there is e.g. the so-called "Denial of Service (DOS) Attack" according to which the server is submerged by fake requests of license until when, due to the overload, it is not longer able to operate correctly.
In the solution according to patent application US2005/0138357, the original license is received by a server in a traditional way, while sublicenses (i.e. licenses having rights and permissions equal or lower than the original license) are generated by the server and distributed to clients within a local domain. The generation and distribution of such sublicenses does not imply the communication with the server and, therefore, a connection e.g. over the Internet is not required; anyway, the solution disclosed in US2005/0138357 does not allow neither the delegation of sublicenses with a larger set of permission than the original license permissions, nor the creation of new original licenses; furthermore, no way is provided for charging the issued sublicense to the server or to the clients.
Additionally, the Applicant has noticed that the solutions currently used for managing digital rights are based on several, different and incompatible standard or proprietary technologies; for example, if a server uses the Open Mobile Alliance DRM [OMA DRM] technology, it will not be able to provide content and licenses to an apparatus provided with a Microsoft Windows Media™ DRM [WMDRM] agent.
From the above considerations, it appears that known DRM systems suffer from security and flexibility problems; in addition they rely on network connectivity for their operation, specifically for their capacity to generate and distribute licenses to the requesting users and/or devices. In order to reduce the above described problems, the Applicant has conceived to avoid communication over a telecommunication network between the client component and the server component at least when an already obtained license has to be renewed or extended because it is expired or exhausted or because it is too limited. According to the present invention a content rights issue application is provided locally to a user electronic apparatus; such an application may be dynamically instantiated in order to interoperate with different DRM systems; such an application is adapted to generate licenses in the form of content rights objects for protected content objects of third parties (e.g. content providers); advantageously, if such an application is provided, this can also be used for generating licenses relating to protected content objects owned, controlled or generated by the user of the user electronic apparatus.
In order to guarantee that such an application is not tampered by a fraudulent user, the content rights issue application is located and runs within a secure module. In the present patent application by secure module it is meant an electronic module comprising at least a processor and a memory and provided with means for avoiding unauthorized access and operation on the memory; a typical embodiment of a secure module is a smartcard (contact or contactless), e.g. a SIM card or a USIM card or a secure multimedia card [SMMC™] or a secure digital [SD™] card; it is not excluded that the secure module according to the present invention is provided with internal power supply means; such secure module may also comprise a radio interface implementing e.g. the BlueTooth™ or ZigBee™ technology.
More particularly, according to the present invention, a rights management system comprises a user electronic apparatus and a secure module associated to the user electronic apparatus and provided with a local content rights issue application; the local content rights issue application is adapted to receive user requests from the user electronic apparatus, to locally generate content rights objects based at least on the user requests, and to transmit the generated content rights objects to the user electronic apparatus in order to allow that the user electronic apparatus decrypts and uses protected content objects. An important component of such a system is the secure module provided with the local content rights issue application. Such a module may be fit within the user electronic apparatus and/or may be adapted to establish a wireless (and preferably secure) communication channel with the user electronic apparatus, in particular a short-range wireless communication channel. The local content rights issue application may be an important component also for payment, especially in the case of "prepaid billing", as it will be clarified in the following. Advantageously, the user electronic apparatus comprises a rights management agent application for using protected content objects and adapted to communicate with the local content rights issue application; in this way, the agent application (client) may request to and receive from the issue application (local server) content rights objects. Additionally and optionally, the rights management system according to the present invention may provide or comprise a remote content rights issue application typically located and running within a remote apparatus and/or a payment application typically located within the same or a different remote apparatus. According to the present invention, the local content rights issue application may renew licenses previously issued to the user electronic apparatus (e.g. previously obtained from a remote content rights issue application and already expired or exhausted) instead of and on behalf of a remote content rights issue application; the renewed license is derived from the previous expired or exhausted license; the renewal may be based on constraints specified by the remote content rights issue application (such as maximum number of renewals, maximum amount of permissions per renewal, maximum term of renewal, maximum cost of renewal, etc.); these constraints may be specified e.g. in an application rights object issued by the remote content rights issue application and specific to the local rights issue application or in an appropriate application rights object issued by the remote rights issue application and specific to the agent application.
According to the present invention, the permissions and restrictions of the original license received from the remote content rights issue application may be extended. For example, in a "preview and buy" service, the user may receive a very limited license for a music song (e.g. the permission for listening the song once or for listening a 30 sec. low-quality preview) from the remote application and then he/she may obtain an extended license (derived from the previous limited license) from the local application after paying for the song.
In both cases described above, the operation of the local content rights issue application may be subject to one or more application licenses / application rights objects that specify the permissions and restrictions to be enforced for the usage of the local server application. To this regard, the local server application is under the control of the remote server application even if the communication between them is absent or much limited. According to the present invention, licenses may be generated also for content owned, controlled or generated by the user of the user electronic apparatus; in this case, the local content rights issue application in addition to generating original content rights objects for this content also generates one or more protected (i.e. appropriately encrypted and formatted) content objects corresponding to this content for the user electronic apparatus, in particular for the agent application. It is quite common that a user wishes to distribute a file (corresponding to e.g. a text document, a photo, a video) but maintaining control over its use by other users (e.g. persons using the file, number of uses of the file, period of use of the file, etc.). According to the present invention this can be carried out in a very secure way as no sensitive information goes out of the user electronic apparatus and much of sensitive information even remains within the secure module.
According to the present invention, additional services (e.g. payment for licenses, download of DRM logics, etc.) may be provided as clarified in the following. The present invention takes into account that the issue of a license by the local content rights issue application may be (and in general is) subject to payment by the user. Such payment may be carried out in a traditional electronic way through e.g. a credit card. This requires the transfer of sensitive data over a telecommunication network. Alternatively, in order to be connection-independent, payment may be carried out through "prepaid billing". To this regard, within the secure module information relating to prepaid credits is stored; the prepaid credits are securely managed by the local content rights issue application within the secure module. The user may buy credits e.g. in a traditional way from a content provider (where typically the remote content rights issue application is located) or a service provider (e.g. a telephone operator). Due to the fact that the content rights objects are generated locally to the user electronic apparatus within the secure module by the local content rights issue application, it is possible that this application generates content rights objects according to different DRM technologies. To this regard, the content rights issue application may e.g. download from a remote apparatus (for example of the service provider) through a telecommunication network one or more DRM logics; the download may be subject to payment by the user. It is to be noted that typically, the remote content rights issue application is associated to the content provider while the remote payment application may be associated to the service provider (for example the telecommunication operator); anyway, the two entities may be integrated into a single entity. BRIEF DESCRIPTION OF THE DRAWINGS The present invention will become more apparent from the following description to be considered in conjunction with the annexed drawing, wherein:
Fig.1 shows schematically a digital rights management system according to the present invention. It is to be understood that the following description and the annexed drawing are not to be interpreted as limitations of the present invention but simply as exemplifications. DETAILED DESCRIPTION OF THE INVENTION PRELIMINARY CONSIDERATIONS Digital rights management [DRM] systems are designed to protect content usually in digital form.
The traditional DRM systems essentially consist of a client-server architecture. The server component usually comprises a first module (which may be a server application) that is in charge of preparing protected content, that is often called "content preparation server" [CPS], and a second module (which may be a server application) that is in charge of generating and distributing licenses, that is often called "rights issue server" [RIS]. The CPS module receives content in clear form and then protects it by encryption through an encryption key and formats appropriately; the end result is often called protected content object [CO]. The RIS module generates licenses that contain decryption keys and the permissions and restrictions of using the content so that the content should be used according to these permissions and restrictions; the end result is often called content rights objects [CRO]. The client component usually comprises a DRM agent module located and running within the user electronic apparatus (or user terminal) that is in charge of controlling the use of the content according to the rights and restrictions specified in a corresponding license. Typically, the traditional DRM systems are based on the separation between content and license; in fact, the first one can circulate between the user domains without high concerns as it is encrypted and can not be used alone without an appropriate license, while the second one requires an increased security when distributed as it serves for providing users with "sensitive" information such as decryption keys ( CEK) for decrypting content and rights/restrictions for allowing use of the content.
According to this approach, traditional DRM systems focus particularly on the way in which licenses are obtained, distributed and transmitted and also on the way of checking the identity of the entities involved in the transactions, particularly of the subscribers. This has led to RIS servers connected to a telecommunication network such as the Internet and adapted to communicate with DRM agents associated with and local to user electronic apparatuses through this network; a specific DRM technology is associated to both the remote server and the local clients or agents. The most critical aspects of the traditional DRM system are thus connected to the communication between the remote server and the local clients. A first aspect is the mutual authentication through e.g. digital certificates, a second aspect is the registration of the local client with the remote server, a third aspect is the transfer of the request for license, a fourth aspect is the transfer of the issued license; these are the main critical aspects. Communication between a local client and a remote server in the traditional DRM systems is necessary in particular whenever a DRM agent requires a license; this applies both when an original / "new" license is required by a user for e.g. a content never used in the past by this user and when a renewed or extended license is required for e.g. a content already used in the past by the same user. The need to establish a communication between local client and remote server at the issue of every license may seem a very secure approach in order to avoid frauds. Nevertheless, such communication may be subject to attacks so the transferred license can be tampered.
According to the present invention, security is increased as the communication between the remote server and the local client is unnecessary or at least optional at the time when a user wants to a obtain a license for a content. In particular, this is true for renewed or extended licenses relating to a third party content and for any license relating to a piece of content owned, controlled or generated by the user (for example generated by the user himself). In order to avoid such communication, the present invention provides a secure module associated to a user electronic apparatus; the secure module comprises a local content rights issue application (i.e. a local server application) adapted to locally generate content rights objects without interacting with the remote content rights issue application (i.e. the remote server application). As already said, in the present patent application by secure module it is meant an electronic module comprising at least a processor and a memory and provided with means for avoiding unauthorized access and operation on the memory; a typical embodiment of a secure module is a smartcard (contact or contactless), e.g. a SIM card or a USIM card or a secure multimedia card [SMMC™] or a secure digital [SD™] card; it is not excluded that the secure module is provided with internal power supply means; the secure module may also comprise a radio interface implementing e.g. the BlueTooth™ or ZigBee™ technology.
It may be considered that the remote server application delegates the task to generate some kinds of licenses to the local server application; to this purpose, the interaction and the corresponding communication between the client and the server may be carried out only locally (typically within the user electronic apparatus) and therefore security is highly increased. ARCHITECTURE AND BASIC FUNTIONALITIES
Fig.1 shows schematically an embodiment of a digital rights management system according to the present invention; Four entities are essentially shown and the following references are used:
• DRMA : digital rights management agent application (i.e. a client application) located and running within a user electronic apparatus UEA;
• SIM-RIS : local content rights issue application (i.e. a server application) located and running within a secure module SM; • C-PRO : content provider that typically comprises a content preparation server [CPS] exemplified as an apparatus RA1 remote from the UEA apparatus;
• S-PRO : service provider exemplified as an apparatus RA2 remote from the UEA apparatus; in the following description it will be assumed that the service provider is mobile telephone operator or mobile operator; • WEB-RIS : remote content rights issue application (i.e. a server application) located and running within the content provider C-PRO;
• PAY : a remote payment application;
• DRML : a DRM logics provider application.
It is to be noted that these four entities (UEA, SM, RA1 , RA2) are connected by a telecommunication network NTWK for communication between each other; apparatus
UEA and secure module SM communicate between each other without the need to use network NTWK; apparatus RA1 , i.e. the apparatus of the content provider C-PRO, and apparatus RA2, i.e. the apparatus of the service provider S-PRO may communicate directly (or even be integrated together) as in the figure or communicate over network NTWK.
The secure module SM is associated with the user electronic apparatus UEA, for example a mobile telephone. In particular, according to the embodiment of Fig.1 , the secure module SM is fit within the user electronic apparatus UEA. In the following, it is assumed (only as an example) that the secure module SM is a USIM card. In Fig.1 , a USER is schematically shown interacting with the user electronic apparatus UEA.
In this description the following references are used:
• CO : protected content object = it is an object, such as a file or a portion of a file, that contains content in a protected way; • CRO : content rights object = it is an object, such as a file or a portion of a file, that contains a license to use a content with well defined permissions and restrictions; its refers to a specific protected content object;
• RIS : rights issue application = it is an application in charge of generating content rights objects, i.e. licenses; • RIS-RO : application rights object = it is an object, typically a file, that contains a license to use an application with well defined rights and restrictions, in particular a RIS application;
• CRIS-RO : it is a particular type of RIS-RO = for the user's content.
According to a typical deployment of the present invention, the mobile operator distributes secure modules, in particular removable secure modules such as USIM cards, comprising a SIM-RIS server application already pre-installed in a default configuration. According to this default configuration, the SIM-RIS application does not contain any DRM logic; one or more DRM logics may be downloaded and installed from the mobile operator or from the WEB-RIS server application. Once the USIM card is fit within the user electronic apparatus UEA, i.e. the mobile telephone, the user apparatus issues a request of access to the USIM card (typically when the user apparatus is switched on), then the SIM-RIS application carries out a "discovery" procedure in order to detect and store the HW/SW characteristics of the user apparatus (e.g. the so-called "terminal profile") including the presence of native DRM applications, for example the DRMA agent application that is conformant to a standard or proprietary solution and is provided with a public-private key pair wherein the public key is contained in a Digital certificate. It is to be noted that the "discovery procedure" might be carried out at a later time if and when the operation of the SIM-RIS application is requested by the user. The identification of the type or types of DRM supported by the DRMA application allows the SIM-RIS application to request the download of the correspondent DRM logic (standard or proprietary) to the mobile operator / service provider S-PRO; to this purpose a DRM logics provider application DRML is provided in the embodiment of the figure. This download is carried out through network NTWK and can be carried out e.g. "Over-The-Air" through a GPRS or the UMTS network. In order to satisfy such request, the mobile operator not only checks the credentials of the SIM-RIS application but also encrypts the DRM logic to be transferred to the USIM card by means of a symmetric key, that will be referred to in the following as KRIS key (managed by the mobile operator). The check of the credentials of the SIM-RIS application may be based on an identification procedure through digital certificates; in this case, the SIM-RIS application may have a pre-installed digital certificate issued by the mobile operator (or by its reference certification authority) that allows to identify itself directly with the mobile operator and indirectly (i.e. through the mobile operator) with one or more WEB-RIS applications; this certificate will be referred to in the following as "SIM-RIS native certificate" [SRNC].
Once the DRM logic has been transferred and stored e.g. in encrypted form into the USIM card, the SIM-RIS application is in line with the other applications of the user apparatus, in particular the DRMA application; in other words, it can interact with them as it supports the same DRM logic.
When a user, by means of a secure channel (for example a HTTPS or SSL connection), connects to the WEB-RIS application in order to obtain a license (and pay for it) to use protected content, i.e. a content rights object [CRO], the SIM-RIS server application signals its presence to the WEB-RIS server application and identifies itself as an instance of a DRM server within a USIM card of a certain mobile operator and compliant with the standard or proprietary DRM solution used by such operator. To this purpose, the SIM-RIS application generates a new pair of private-public keys and sends to the WEB-RIS application this public key, i.e. a public key for DRM certificate [PKDRMC], together with the SRNC certificate; the key and the certificate are appropriately encrypted by means of the public key of the mobile operator before being sent.
If the WEB-RIS application trusts this instance of the DRM logic, i.e. the SIM-RIS application, (this happens if a contract is in place) the WEB-RIS application sends to the mobile operator an encrypted data packet containing the PKDRMC key and the SRNC certificate; if the validation of the SRNC certificate performed by the mobile operator is successful, it returns the PKDRMC key in clear to the WEB-RIS application. Thereafter, the WEB-RIS server application can:
• authenticate the SIM-RIS server application (i.e. trust the SRNC validated by the mobile operator), • determine the operation of the SIM-RIS server application, • determine the cost of the license issued by the SIM-RIS server application. Regarding the authentication, this means that the SIM-RIS server application is authorised to act on behalf of the WEB-RIS server application. In particular, the WEB- RIS application generates a digital certificate (or alternatively obtains a digital certificate from a reference certification authority) that serves for identifying the SIM-RIS application as a delegate of the WEB-RIS application so that it is authorised to act on behalf of it; this certificate contains the received PKDRMC key as well as, where necessary, the cryptographic information (for example the private key of WEB-RIS server application) that can be used for modifying the security parameters of CRO objects; this certificate, that is authenticated by the WEB-RIS application through a digital signature, will be referred to in the following as DRM certificate [DRMC]. This DRMC certificate may be transferred from the WEB-RIS application to the SIM- RIS application directly through the secure channel established between content provider and the USIM card or indirectly via the mobile operator that is provided with device management procedures for provisioning. In particular, the device management procedures allow operations such as: services configurations, installation of applications on the telephone terminal, update of the firmware of the telephone terminal; these may consist of a simple SMS message or a procedure remotely launched e.g. when the terminal connects to the network. Regarding the operation of the SIM-RIS server application, the access to the SIM-RIS application (i.e. sending request to and receiving response from) is subject to the possession of an appropriate use license by the DRMA agent. Such license is an application rights object for the SIM-RIS application which will be referred to in the following as RIS-RO. The RIS-RO object specifies the permissions and restrictions of using the DRM logic by the SIM-RIS application in terms of e.g. authorised entities (i.e. entities that may interact with the SIM-RIS application itself) and authorised operations (amount of renewal operations granted, types of renewal -limited or unlimited-, timeframe of the renewal etc.). In order to generate a RIS-RO object, the WEB-RIS application may receive: • the KRIS key from the mobile operator who released the SRNC certificate; this key serves for decrypting the DRM logic stored in encrypted form by the SIM-RIS application into the USIM card;
• the public key contained in the digital certificate of the DRMA agent application installed in the user apparatus, in order to decrypt the RIS-RO object (which is encrypted for secure purposes); in this way, the encrypted data may be accessed exclusively by the destination DRMA agent application.
Regarding the cost of the license, it may be provided a list of associations between a number of prepaid credits and an operation requested by the DRMA agent application to the SIM-RIS server application (for example, the request to increase in the content rights object the number of the available use permissions for a piece of content - e.g. "play twice" instead of "play once"-, the request to increase the time interval available for using a piece of content, etc.). In fact, the operation of the SIM-RIS application may depend on the availability of prepaid credits; the prepaid credits may be bought by a user (at any time) from e.g. the mobile operator (i.e. the service provider) or from the content provider, in particular the WEB-RIS server application. Such prepaid credits are stored into a repository located within the user apparatus or preferably within the USIM card. Such credits are under the direct control of the SIM-RIS application, i.e. it is the SIM-RIS application which accesses the repository and extracts the credit necessary for carrying out the requested operation. Such credits may be under the indirect control of the content provider C-PRO, in particular the WEB-RIS application, and/or of the mobile operator / service provider S-PRO, in particular a remote payment application PAY; in fact, the SIM-RIS application may be requested by the DRMA agent in the user apparatus to check the status of the repository and thereafter to send to an application (WEB-RIS) of the content provider C-PRO and/or to an application (PAY) of the service provider (S-PRO) a notification of the prepaid credits left.
In the former case, the WEB-RIS application not only may have the possibility to determine within the RIS-RO object the policy of using prepaid credits (i.e. how many credits correspond to the various operations of the SIM-RIS application), but also may request the SIM-RIS application to send the status of the above mentioned repository; this can be done e.g. by introducing a time out information within the RIS-RO object; when this time out is expired, the DRMA agent application within the user apparatus requests the SIM-RIS application to check the status of the repository and then to notify this status to the WEB-RIS application. In the present embodiment, if a user wants to use the functionalities offered by the SIM-RIS application in his USIM card, he needs to let the WEB-RIS application authenticate the SIM-RIS application, to request a RIS-RO object and to buy a certain number of prepaid credits through e.g. a service provided by the mobile operator.
Before offering the service, the mobile operator:
• identifies the SIM-RIS server application using e.g. an authentication mechanism intrinsic to the wireless network (GSM, UMTS, WiFi, etc.) and a further authentication mechanism provided by the application within the USIM card (that can be programmed by the operator or by another entity authorized by the operator);
• allows to carry out the transaction connected to the purchase of prepaid credits; • sends these prepaid credits to the SIM-RIS application for storing them with a repository located e.g. the USIM card under its direct control.
Once the above described preliminary operations are completed, the SIM-RIS application becomes operative and the user has the possibility to request its services when for example a CRO object obtained from the WEB-RIS application is expired or exhausted or in general its rights are no longer valid (for example the maximum number of uses or the maximum time validity has been reached). The access to the SIM-RIS application by the user when services are requested to it (typically the generation of a CRO object) take place after an authentication phase that is aimed at checking the validity of the DRMC certificate; for security reasons, the access to the SIM-RIS application takes place through a DRMA agent application that has received an appropriate RIS-RO object from the WEB-RIS application. In fact, such a DRMA agent application is able to decrypt the RIS-RO object and thus to understand what are the rights and restrictions of the SIM-RIS application and what is the costs (in terms of prepaid credits) of the various operations by the SIM-RIS application N, and also to get the KRIS key that is used for decrypt the DRM logic to be used. It is the DRMA agent application that by interacting with the user generates a renewal request of a CRO object to the SIM-RIS application and transfers to the SIM-RIS application the RIS-RO object (including the KRIS key), suitably encrypted through the public key of the SIM-RIS application itself, so that it can compare the request against the rights and permissions embedded in the RIS-RO object as well as the sufficiency of prepaid credits for the request.
If both checks are positive, the SIM-RIS application request the CRO object (encrypted e.g. only through its public key) to the DRMA agent application, uses the KRIS key (that enables it to access to the DRM logic to be used for modifying the CRO object) and renews it (in the sense of generating a new license having the same rights and restrictions of the original one) or extends it (in the sense of generating a license having higher rights and/or lower restrictions than the original one) according to the request by the user. Thereafter the SIM-RIS application deducts in the repository a number of credits corresponding to the operation carried out, and finally, the SIM-RIS application transmits to the DRMA agent application the just generated CRO object encrypted through the public key of the DRMA agent application. Now, the DRMA agent application is able to access the new CRO object and the use of the corresponding protected content object in the usual way, i.e. decrypting the CRO object by means of its private key, extracting the symmetric key CEK used for encrypting the content, decrypting the protected content object and using it according to the rights and restrictions specified in and by the CRO object. The composition of the RIS-RO object (i.e. the rights and restrictions contained therein) may determine two possibilities for the user:
A) the user can use the SIM-RIS server application for the purpose of requesting a simple renewal of the license, i.e. the issue of a license that enables the same use possibilities of the original license,
B) the user has no limit (apart from the credit available) on the request of license generation; in this case, the user is substantially free to request any license either broader (with a higher cost) or narrower (with a lower cost). From the above description, it appears that it is indeed the WEB-RIS application that controls the process of issuance of licenses; but this is achieved to a large extent at the beginning when the WEB-RIS application generates the RIS-RO object that specifies the operating modes and the degree of freedom for the SIM-RIS application. In this way, the new license may be from very closely to very loosely related to the original license.
In any case, the original license (CRO object) is used in the process of renewal or extension at least as it contains the CEK key; the same key will be introduced and contained in the renewed or extended license (CRO object) generated by the SIM-RIS application. The method describes completely different and alternative to the method used at present for getting new licenses; in fact, the prior art DRM agent applications contact the WEB-RIS application for obtaining a new license when the old license is expired or exhausted. Therefore, there are two main differences at the time of the request of renewal or extension: the WEB-RIS application is not involved (and thus not necessary), the communication network is not involved (and thus not necessary). Additionally, according to the architecture of the present invention, different DRM logic may be used e.g. when the SIM-RIS application is used in engagement with a single device equipped with different DRM systems and\or with a plurality of devices. All this may be achieved if a secure module is used; therefore the user apparatus need to be adapted to be associated to a secure module. ADDITIONAL FUNTIONALITY
In addition to the service of renewal and extension of a license, the present invention considers also the generation of a new license; this is an optional an advantageous feature.
The SIM-RIS application may offer to the user a service for protecting and controlling the use of a content owned, controlled or generated by the user himself as for example the content was generated by the user; such content is available to the user in clear form; examples of such content can be a photo taken through the camera integrated within a mobile phone or a text message written by the user.
In this case, the mobile operator instead of simply storing the KRIS key in order to satisfy the request of a WEB-RIS application, it can insert it into a generic RIS-RO object that will be referred to in the following as content RIS-RO [CRIS-RO] object, Such CRIS-RO object is transmitted by the mobile operator to the user apparatus; this may happen e.g. at the time when the DRM logic is transmitted to the SIM-RIS application. Such CRIS-RO object enables the service of protection of user's content in the user apparatus; in fact, the DRMA agent application based on this CRIS-RO object can encrypt content and generate the corresponding license according to the DRM logic available to the SIM-RIS application. This additional functionality may be subject to payment; as payment method, the same and already described "prepaid credits" approach may be followed. In this case, the CRIS-RO object shall contain an indication of cost for this service. The CRIS-RO object is advantageously protected in the same way as the RIS-RO object; in other words, it may be provided that access to the CRIS-RO object is limited to the DRMA agent application of the destination user apparatus.
Through the interface of the user apparatus (e.g. the menu of the SAT Toolkit), the user may request to the DRMA agent application the use of the protection service; this service is available if there exists an instance of the SIM-RIS application with a corresponding DRM logic and CRIS-RO object; the user specifies the content or the file to be protected.
Thereafter, the DRMA agent application decrypts the CRIS-RO object and sends it to the SIM-RIS application (after having it encrypted with the public key of the SIM-RIS application) together with the content in clear form. The SIM-RIS application gets the KRIS key from the CRIS-RO object, checks the availability of enough prepaid credits, and generates a CEK key that is used to format the content according to the specifications of the DRM logic used. At the end of this process, during which the cryptographic secret (i.e. the CEK key) never goes out of the secure module (i.e. a trusted environment), the CEK key is stored together with an identifier of the content to be protected e.g. within a secure storage area of the secure module or the user apparatus.
Thereafter, the SIM-RIS application sends the protected content to the DRMA agent application. Such content can not be used without an appropriate CRO object. In order to generate a CRO object for the protected content, it may be necessary to send to the SIM-RIS application information relating to destination terminals and/or destination users (i.e. those entities that will use the protected content), for example the public keys of the DRMA agent applications and/or their digital certificates. Such information may be collected in many different ways. They may be requested to the mobile operator through e.g. a Web service, or directly to the persons or entities that are the intended destinations of the protected content. Once this information is available, the user (through e.g. the interface of the user apparatus) activates the DRMA agent application and request the service of generation of new CRO objects indicating which is the content to be referred to in CRO object and which are the rights and restrictions to be contained in the CRO object. After having extracted the KRIS key from the CRIS-RO object, the DRMA agent application decrypts the DRM logic and provides to the SIM-RIS server application an identifier of the content, an identifier of the destination user apparatus and the "property", i.e. the permissions and the restrictions, of the license. The SIM-RIS application take the CEK key previously stored and generates the new CRO object. The process ends with the delivery of the new CRO object to the user apparatus. Typically, it will be the task of the user to distribute the content object (i.e. the protected content) together with the CRO object (i.e. the license) to the destination apparatuses, i.e. to other persons or entities.
It is to be highlighted that, according to the present invention, the generation of protected content and the corresponding license is very secure as neither the content in clear nor the encryption key goes out of the user apparatus or of the secure module associated with the user apparatus. Additionally, this service can be obtained even if when the service is desired) no connection to a telecommunication network (e.g. for example a mobile telecommunication network or the Internet) is available to the user apparatus. ALTERNATIVES AND EXTENSIONS OF THE INVENTION A SIM-RIS server application within a secure module may be designed to offer the services described in the preceding pages not only to the user apparatus (in particular to the DRM agent application running within it) where the secure module is fit in, but also to other user apparatuses connected to the former one. This connection may advantageously be realized through a secure communication channel, preferably a short-range or proximity communication channel such as BlueTooth™, ZigBee™, wireless LAN, infrared. The services of a SIM-RIS application may be provided to other SIM-RIS applications (for example through a Peer-to-Peer approach or technology) and/or to other DRM agent applications which can be internal or external to the same user apparatus.
An interesting possibility consists in exporting a CRO object from a first SIM-RIS application, i.e. SIM-RIS A, supporting a first DRM logic to a second SIM-RIS application, i.e. SIM-RIS B supporting a second DRM logic; anyway, this requires that the first DRM logic may be translated into the second DRM logic. Such exportation function may be subject to a specific right indicated in the CRO object and/or to a specific right indicated in the RIS-RO object.
Such exportation function may be offered to the user through e.g. the DRMA agent application. Typically, not only the first SIM-RIS application but also the second SIM-RIS application have received a digital certificate from the same WEB-RIS application.
The exportation may take place as follows. A user request to the DRMA agent application to export a CRO object to another SIM-RIS application; a discovery phase takes place in order to identify the other SIM-RIS application; the SIM-RIS A application and SIM-RIS B application mutually authenticate through the opening of an encrypted communication session during which they exchange their digital certificates. Once the authentication is successfully completed (i.e. both SIM-RIS applications have checked the validity and authenticity of their respective digital certificates), the CRO object (in clear form) is transferred through the encrypted channel. Such CRO object is received by the SIM-RIS B application that takes care of formatting it according to the specification of the DRM logic supported by it. The destination DRM logic may be the same or different from the source DRM logic; in the latter case the destination DRM logic may be specified within the rights and/or restrictions of the CRO object. It is up to the DRM logic, which is used by the SIM RIS B application for performing the export operation, to correctly (e.g. according to the rules of a particular trust model) map the permissions and the restrictions of the source DRM system into the corresponding permissions and restrictions of the destination DRM system.
The "exported" CRO has finally to be encrypted e.g. with the public key of the DRM A agent certificate, in order to limit access to it by other unintended DRM Agent applications. From the point of view of the certification or authentication of the SIM-RIS application by the WEB-RIS application, it is to be noted that this can be carried out at different times; in the preceding embodiment it was provided when an original CRO object is obtained by the DRMA agent application; alternatively, it could happen at a later time e.g. when the CRO object is expired or exhausted. In the latter case, if the user wants to continue to use the content without obtaining a new original license, he may contact the WEB-RIS application and request that that the SIM-RIS application within his secure module be authenticated; such request of authentication may be carried out automatically by the DRMA agent application when the user requests to renew a license. In this way, the SIM-RIS applications are authenticated only if and when it is necessary.
From the point of view of the repository of the prepaid credits, it may not be necessarily managed by a SIM-RIS application. For example, it may be managed by a specific application delegated (and possibly authenticated) by the mobile operator; in this way, for example, the repository may be shared between several SIM-RIS applications. On the other side, a SIM-RIS application may manage more than one repository (on the same or on different apparatuses or secure modules).
Further check and authentications may be provided. For example, the SIM-RIS application may check the identity of a DRM agent application that requests services to it; this can be carried out by comparing the certificate received from this DRM agent application with the certificate received from the WEB-RIS application at the time an original CRO object is obtained by said DRM agent application.

Claims

1. Secure module (SM) to be associated to a user electronic apparatus (UEA) and comprising a local content rights issue application (SIM-RIS) adapted to locally generate content rights objects (CRO) based on user requests from the user electronic apparatus (UEA) and to transmit them to the user electronic apparatus (UEA) in order to allow that the user electronic apparatus (UEA) decrypts and uses protected content objects.
2. Secure module (SM) according to claim 1 , characterized by being in the form of a smartcard, in particular a SIM card or a USIM card.
3. Secure module (SM) according to claim 1 , characterized by being adapted to be fit within said user electronic apparatus (UEA).
4. Secure module (SM) according to claim 1 , characterized in that it is adapted to establish a wireless communication channel, in particular a short-range wireless communication channel, with said user electronic apparatus (UEA).
5. Secure module (SM) according to claim 1 , wherein the local content rights issue application (SIM-RIS) is adapted to transmit content rights objects (CRO) to a rights management agent application (DRMA) within the user electronic apparatus (UEA).
6. Secure module (SM) according to claim 1 , characterized by being adapted to receive a first content rights object (CRO) from said user electronic apparatus (UEA) and to generate a second content rights object (CRO) based on said first content rights object (CRO) and to transmit said second content rights object (CRO) to said user electronic apparatus (UEA).
7. Secure module (SM) according to claim 6, wherein the rights of said first content rights object (CRO) are expired or limited and the rights of said second content rights (CRO) object are alive or extended.
8. Secure module (SM) according to claim 1 , characterized by securely storing an application rights object (RIS-RO) and by the fact that said local content rights issue application (SIM-RIS) is adapted to generate content rights objects (CRO) based on said application rights object (RIS-RO).
9. Secure module (SM) according to claim 8, characterized by being adapted to receive said application rights object (RIS-RO) from said user electronic apparatus (UEA).
10. Secure module (SM) according to claim 8, characterized by being adapted to receive from said user electronic apparatus (UEA) information relating to a content object (CO) and to generate a content rights object (CRO) based on said application rights object (CRIS-RO) for said content object (CO).
11. Secure module (SM) according to claim 1 or 10, characterized by being adapted to generate an encryption key (CEK) and to generate one or more protected content objects based on said encryption key (CEK).
12. Secure module (SM) according to claim 1 , characterized by being adapted to communicate over a telecommunication network with a remote content rights issue application (WEB-RIS) within a remote apparatus (RA1) for being authenticated by it, in particular for receiving an authentication certificate.
13. Secure module (SM) according to claim 1 , characterized by being adapted to communicate over a telecommunication network with a remote apparatus (RA2) for the payment of the issued content rights objects (CRO).
14. Secure module (SM) according to claim 1 or 13, characterized by securely storing credit information for the issuance of content rights objects (CRO).
15. Rights management system comprising:
- a user electronic apparatus (UEA), and
- a secure module (SM) associated to said user electronic apparatus (UEA) and provided with a local content rights issue application (SIM-RIS); wherein said local content rights issue application (SIM-RIS) is adapted: - to receive user requests from said user electronic apparatus (UEA),
- to locally generate content rights objects (CRO) based on said user requests, and
- to transmit the generated content rights objects (CRO) to said user electronic apparatus (UEA) in order to allow that said user electronic apparatus (UEA) decrypts and uses protected content objects (CO).
16. System according to claim 15, wherein said secure module (SM) is a smartcard, in particular a SIM card or a USIM card.
17. System according to claim 15, wherein said secure module (SM) is fit within said user electronic apparatus (UEA).
18. System according to claim 15, wherein said secure module (SM) is adapted to establish a wireless communication channel, in particular a short-range wireless communication channel, with said user electronic apparatus (UEA).
19. System according to claim 15, wherein said secure module (SM) is adapted to receive a first content rights object (CRO) from said user electronic apparatus (UEA) and to generate a second content rights object (CRO) based on said first content rights object (CRO) and to transmit said second content rights object (CRO) to said user electronic apparatus (UEA).
20. System according to claim 15, wherein said user electronic apparatus (UEA) comprises a rights management agent application (DRMA) for using protected content objects (CO) and adapted to communicate with said local content rights issue application (SIM-RIS).
21. System according to claim 15, characterized by comprising a remote apparatus (RA1 ) provided with a remote content rights issue application (WEB-RIS)1 and wherein said secure module (SM) is adapted to communicate over a telecommunication network with said remote content rights issue application (WEB-RIS) for being authenticated by it, in particular for receiving an authentication certificate.
22. System according to claim 15, characterized by comprising a remote apparatus (RA2), and wherein said secure module (SM) is adapted to communicate over a telecommunication network with said remote apparatus (RA2) for the payment of the issued content rights objects (CRO).
23. Method for obtaining a content rights object (CRO) by a user electronic apparatus (UEA) comprising the steps of:
A) providing a secure module (SM) comprising a local content rights issue application (SIM-RIS), B) associating the secure module (SM) with the user electronic apparatus (UEA),
C) transmitting a user request from the user electronic apparatus (UEA) to the secure module (SM),
D) locally generating a content rights object (CRO) within the secure module (SM) by means of the local rights issue application (SIM-RIS) based on said user request, and
E) transmitting the generated content rights object (CRO) from the secure module (SM) to the user electronic apparatus (UEA).
24. Method according to claim 23, characterized by providing a rights management agent application (DRMA) running within the user electronic apparatus (UEA) and communicating with said local content rights issue application (SIM-RIS) within the secure module (SM) for obtaining said content rights object (CRO).
25. Method according to claim 23, wherein step B consists in fitting the secure module (SM) within the user electronic apparatus (UEA).
26. Method according to claim 23, comprising the step to establish a wireless communication channel between the secure module (SM) and the user electronic apparatus (UEA), in particular a short-range wireless communication channel.
27. Method according to claim 23, characterized in that a first content rights object (CRO) is transmitted from the user electronic apparatus (UEA), a second content rights object (CRO) is generated based on said first content rights object (CRO) within the secure module (SM), and said second content rights object (CRO) is transmitted from the secure module (SM) to the user electronic apparatus (UEA).
28. Method according to claim 27, wherein the rights of said first content rights object (CRO) are expired or limited and the rights of said second content rights object
(CRO) are alive or extended.
29. Method according to claim 23, wherein before step D the local content rights issue application (SIM-RIS) authenticates with a remote content rights issue application (WEB-RIS, RA1 ).
30. Method according to claim 23, comprising the step of securely storing an application rights object (RIS-RO) within said secure module (SM), and wherein step D is carried out based further on said application rights object (RIS-RO).
31. Method according to claim 30, comprising the step of transmitting said application rights object (RIS-RO) from the user electronic apparatus (UEA) to the secure module (SM).
32. Method according to claim 30, comprising the step of transmitting information relating to a content object received from the user electronic apparatus (UEA) to the secure module (SM), and wherein step D relating to said content object is carried out based further on said application rights object (CRIS-RO).
33. Secure module according to claim 23 or 32, comprising the step of generating an encryption key (CEK) within the secure module (SM), and wherein step D is carried based further on said encryption key (CEK).
34. Method according to claim 23, wherein the local content rights issue application (SIM-RIS) communicates with a remote payment application (PAY) for carrying out the payments corresponding to the issued content rights objects (CRO).
35. Method according to claim 34, wherein the local content rights issue application (SIM-RIS) obtains credit information from the remote payment application (PAY) and decreases the credit when a content rights object (CRO) is issued.
36. Method according to claim 23, wherein the user electronic apparatus (UEA), in particular a rights management agent application (DRMA) running within the user electronic apparatus (UEA), communicates with a remote apparatus (RA2), in particular a rights management logics provider application (DRML), for obtaining a rights management logic.
37. Method according to claim 36, wherein the user electronic apparatus (UEA), in particular a rights management agent application (DRMA) running within the user electronic apparatus (UEA), communicates with a remote apparatus (RA2) for paying the obtained rights management logic.
PCT/EP2006/012607 2006-12-29 2006-12-29 System and method for obtaining content rights objects and secure module adapted to implement it WO2008080431A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2006/012607 WO2008080431A1 (en) 2006-12-29 2006-12-29 System and method for obtaining content rights objects and secure module adapted to implement it

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2006/012607 WO2008080431A1 (en) 2006-12-29 2006-12-29 System and method for obtaining content rights objects and secure module adapted to implement it

Publications (1)

Publication Number Publication Date
WO2008080431A1 true WO2008080431A1 (en) 2008-07-10

Family

ID=38567224

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2006/012607 WO2008080431A1 (en) 2006-12-29 2006-12-29 System and method for obtaining content rights objects and secure module adapted to implement it

Country Status (1)

Country Link
WO (1) WO2008080431A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2012494A2 (en) * 2007-07-03 2009-01-07 Samsung Electronics Co., Ltd. License management system and method
WO2010021975A3 (en) * 2008-08-20 2010-04-22 Sandisk Corporation Memory device upgrade
US8146153B2 (en) 2007-12-31 2012-03-27 Sandisk Technologies Inc. Method and system for creating and accessing a secure storage area in a non-volatile memory card
US8417575B2 (en) 2010-01-19 2013-04-09 Apple Inc. On-device offline purchases using credits
US8428649B2 (en) 2008-08-20 2013-04-23 Sandisk Technologies Inc. Memory device upgrade
US8984645B2 (en) 2008-08-20 2015-03-17 Sandisk Technologies Inc. Accessing memory device content using a network
EP2580701A4 (en) * 2010-06-10 2016-08-17 Ericsson Telefon Ab L M User equipment and control method therefor

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000033264A1 (en) * 1998-12-02 2000-06-08 Swisscom Ag Method and system for charging or recharging an account with a value corresponding to a sum of money
US20030026432A1 (en) * 2001-07-31 2003-02-06 Intel Corporation System and method for enhanced piracy protection in a wireless personal communication device
WO2004114042A2 (en) * 2003-06-24 2004-12-29 Nokia Corporation Method and corresponding equipment enabling billing for use of applications hosted by a wireless terminal
US20040266482A1 (en) * 2003-06-26 2004-12-30 Nokia Corporation Method and arrangement for realizing a prepaid subscription and a prepayment terminal and a cellular network terminal utilizing the method
WO2005036854A1 (en) * 2003-10-14 2005-04-21 Telecom Italia S.P.A. Method, system and computer program for managing usage of digital contents.
EP1542117A1 (en) * 2003-10-29 2005-06-15 Sony Ericsson Mobile Communications AB Binding content to a user
WO2006123280A2 (en) * 2005-05-20 2006-11-23 Axalto S.A. Drm system for devices communicating with a portable device.

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000033264A1 (en) * 1998-12-02 2000-06-08 Swisscom Ag Method and system for charging or recharging an account with a value corresponding to a sum of money
US20030026432A1 (en) * 2001-07-31 2003-02-06 Intel Corporation System and method for enhanced piracy protection in a wireless personal communication device
WO2004114042A2 (en) * 2003-06-24 2004-12-29 Nokia Corporation Method and corresponding equipment enabling billing for use of applications hosted by a wireless terminal
US20040266482A1 (en) * 2003-06-26 2004-12-30 Nokia Corporation Method and arrangement for realizing a prepaid subscription and a prepayment terminal and a cellular network terminal utilizing the method
WO2005036854A1 (en) * 2003-10-14 2005-04-21 Telecom Italia S.P.A. Method, system and computer program for managing usage of digital contents.
EP1542117A1 (en) * 2003-10-29 2005-06-15 Sony Ericsson Mobile Communications AB Binding content to a user
WO2006123280A2 (en) * 2005-05-20 2006-11-23 Axalto S.A. Drm system for devices communicating with a portable device.

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"DRM Architecture - Candidate Version 2.0", ANNOUNCEMENT OPEN MOBILE ALLIANCE, 15 July 2004 (2004-07-15), pages 1 - 24, XP002310145 *
SILKE HOLTMANNS, FRANK HARTUNG: "Privacy Rights Management for Mobile Phones", PROCEEDINGS OF THE 3RD INTERNATIONAL WORKSHOP ON WIRELESS INFORMATION SYSTEMS WIS 2004, April 2004 (2004-04-01), INSTICC PRESS, Portugal, pages 12 - 17, XP002474382 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2012494A2 (en) * 2007-07-03 2009-01-07 Samsung Electronics Co., Ltd. License management system and method
EP2012494A3 (en) * 2007-07-03 2012-08-29 Samsung Electronics Co., Ltd. License management system and method
US8146153B2 (en) 2007-12-31 2012-03-27 Sandisk Technologies Inc. Method and system for creating and accessing a secure storage area in a non-volatile memory card
US8997214B2 (en) 2007-12-31 2015-03-31 Sandisk Technologies Inc. Method and system for creating and accessing a secure storage area in a non-volatile memory card
WO2010021975A3 (en) * 2008-08-20 2010-04-22 Sandisk Corporation Memory device upgrade
US8428649B2 (en) 2008-08-20 2013-04-23 Sandisk Technologies Inc. Memory device upgrade
US8984645B2 (en) 2008-08-20 2015-03-17 Sandisk Technologies Inc. Accessing memory device content using a network
USRE46023E1 (en) 2008-08-20 2016-05-31 Sandisk Technologies Inc. Memory device upgrade
US8417575B2 (en) 2010-01-19 2013-04-09 Apple Inc. On-device offline purchases using credits
US9336544B2 (en) 2010-01-19 2016-05-10 Apple Inc. On-device offline purchases using credits
EP2580701A4 (en) * 2010-06-10 2016-08-17 Ericsson Telefon Ab L M User equipment and control method therefor

Similar Documents

Publication Publication Date Title
EP1530885B1 (en) Robust and flexible digital rights management involving a tamper-resistant identity module
EP2158716B1 (en) Binding content licenses to portable storage devices
US8336105B2 (en) Method and devices for the control of the usage of content
RU2260918C2 (en) System and method for safe and comfortable control of digital electronic content
US7676846B2 (en) Binding content to an entity
KR101315076B1 (en) Method for redistributing dram protected content
US8181266B2 (en) Method for moving a rights object between devices and a method and device for using a content object based on the moving method and device
Messerges et al. Digital rights management in a 3G mobile phone and beyond
AU2007237159A1 (en) Methods and systems to distribute content via a network utilizing distributed conditional access agents and secure agents, and to perform digital rights management (DRM)
US20070110012A1 (en) Device and method for tracking usage of content distributed to media devices of a local area network
JP5688364B2 (en) Method and apparatus for protecting private content
WO2008080431A1 (en) System and method for obtaining content rights objects and secure module adapted to implement it
EP1739913A1 (en) DRM system for devices communicating with portable device.
JP2009501982A (en) Method and apparatus for managing rights to digital security operations
Abbadi Digital asset protection in personal private networks
KR100823677B1 (en) DRM system and method for multimedia contents added in multimedia message
AU2007234620B2 (en) Methods and systems to distribute content via a network utilizing distributed conditional access agents and secure agents, and to perform digital rights management (DRM)
Tacken et al. Mobile DRM in pervasive networking environments
Sun et al. A Trust Distributed DRM System Using Smart Cards
AU2007234609A1 (en) Methods and systems to distribute content via a network utilizing distributed conditional access agents and secure agents, and to perform digital rights management (DRM)

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06841211

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06841211

Country of ref document: EP

Kind code of ref document: A1