CN1908921B - Method and device for obtaining controlled content or information in DVD disc and method for operating DVD device - Google Patents
Method and device for obtaining controlled content or information in DVD disc and method for operating DVD device Download PDFInfo
- Publication number
- CN1908921B CN1908921B CN200610101460.9A CN200610101460A CN1908921B CN 1908921 B CN1908921 B CN 1908921B CN 200610101460 A CN200610101460 A CN 200610101460A CN 1908921 B CN1908921 B CN 1908921B
- Authority
- CN
- China
- Prior art keywords
- equipment
- information
- dvd
- content
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Abstract
A rights management arrangement for storage media such as optical digital video disks (DVDs, also called digital versatile disks) provides adequate copy protection in a limited, inexpensive mass-production, low-capability platform such as a dedicated home consumer disk player and also provides enhanced, more flexible security techniques and methods when the same media are used with platforms having higher security capabilities. A control object (or set) defines plural rights management rules for instance, price for performance or rules governing redistribution. Low capability platforms may enable only a subset of the control rules such as controls on copying or marking of played material. Higher capability platforms may enable all (or different subsets) of the rules. Cryptographically strong security is provided by encrypting at least some of the information carried by the media and enabling decryption based on the control set and/or other limitations. A secure 'software container' can be used to protectively encapsulate (e.g. by cryptographic techniques) various digital property content (e.g. audio, video, game, etc) and control object (i.e. set of rules) information. A standardized container format is provided for general use on/with various mediums and platforms. In addition, a special purpose container may be provided for DVD medium and appliances (e.g., recorders, players, etc) that contains DVD program content (digital property) and DVD medium specific rules. The techniques, systems and methods disclosed herein are capable of achieving compatibility with other protection standards, such as CGMA and Matsushita data protection standards adopted for DVDs. Cooperative rights management may also be provided, where plural networked rights management arrangements collectively control a rights management event on one or more of such arrangements.
Description
Dividing an application of the Chinese patent application that the application is that the application number submitted on Dec 31st, 2002 is 02160594.7, denomination of invention is " obtaining the method for the method of DVD disc controlled content or information and device, operating dvd apparatus ".
Cross reference about application and patent
This instructions is quoted instructions and the accompanying drawing of following publication formerly, common transfer.
PCT publication number WO96/27155, submission date is on September 6th, 1996, name is called " in the system and method for secure transaction management and electronic rights protection ", and this is the PCT application PCT/US96/02303 based on submitting on February 13rd, 1996 and the people's such as Ginter that submit to February 13 nineteen ninety-five U.S. Patent application (series number is 08/388107) (hereinafter referred to as the people's such as Ginter patent);
U.S. Patent number 4827508, name is called " method ", and the submission date is on May 2nd, 1989;
U.S. Patent number 4977594, name is called " method ", and the submission date is Dec 11 nineteen ninety;
U.S. Patent number 5050213, name is called " method ", and the submission date is on September 17th, 1991;
U.S. Patent number 5410598, name is called " method ", and the submission date is April 25 nineteen ninety-five;
European patent number EP329681, name is called " method ", and the submission date is on January 17th, 1996.
In addition, this instructions is quoted instructions and the accompanying drawing of following publication formerly, common transfer.
PCT application number PCT/US96/14262, the submission date is on September 4th, 1996, name is called "
Be commissioned foundation structure back-up system, method and the technology of formula calculating and managing entitlement ", the U.S. Patent Application Serial 08/699712 (hereinafter referred to as the people's such as Shear) that it was submitted to corresponding on August 12nd, 1996;
PCT application number _ _ _ _ _ _ _, submission date is the _ _ _ moon _ _ _ day in 1997, name is called " in hidden (steganographic) technology of transmitting safely the control information of electronic digit managing entitlement on insecure communication passage ", and it is corresponding to the U.S. Patent Application Serial 08/689606 (hereinafter referred to as the people's such as Van Wie and Weber) of the Van Wie submitting on August 12nd, 1996 and Weber etc.; And
PCT application number _ _ _ _ _ _ _ _; submission date is the _ _ moon _ _ day in 1997; the people's such as its Silbert based on submitting on August 12nd, 1996 and Van Wie U.S. Patent Application Serial 08/689754, name is called " with the system and method for cryptography protection secured computing environment " (hereinafter referred to as the people's such as Silbert and Van Wie).
Technical field
The present invention relates to adopt the information protective technology of cryptography; more particularly relate to that to manage the technology-portable medium of the right of canned data on portable medium be for example optical medium with encrypting, such as digital video disk (also claiming " digital multi-purpose disk " and or " DVD ").The present invention also relates to for example, there is according to other attribute that is for example the device resource (PC or independent play-out machine) that uses of consumer, equipment (such as whether connecting and/or generally connect certain information network (" connections " be not with respect to " connecting ")) and available right information protection and the managing entitlement technology applied can selected.The present invention further part relates to that cooperation managing entitlement-wherein a plurality of networking managing entitlement equipment jointly controls a managing entitlement event on one or more this equipment.In addition, adopted the managing entitlement of importance of the present invention, be applicable to by broadcast and/or network is downloaded and/or by-no matter independently or with portable medium combine with portable medium-electronic information that non-portable storage medium obtains.
Background technology
The household consumption electronic equipment that can play the video/audio in prerecording medium has made show business be changed.This transformation is selected the random time to listen to its band of liking, orchestra or singer's program in 20 beginnings of the century at home because start-phonograph of phonographic invention makes consumer first.Start the beginning of the eighties to have the boxlike that the charge is small to record/put machine, the deep reform that this has caused film and broadcast service, has produced the household consumption markets such as brand-new film, documentary film, music movie and television film, physical training movie and television film.
Show business is being pursued the best medium to family consumer's propagating contents always.By Thomas. the early stage phonograph cylinder of Edison and other phonograph pioneer invention have advantages of copy difficult, but have various shortcomings, for example manufacturing cost is high, resistanee to rupture is low, playback duration is very limited, playback quality is relatively low, easily frayed, the infringement that scrapes or melt.The cake wax of exploitation and vinyl disc record can hold more multitone pleasure afterwards, but had many shortcomings same as described above.On the other hand, the manufacturing cost of tape is very low, can hold a large amount of programme content image and/or the sound of even 6 hours (for example 2,4).The quality of this tape playback of programs content is relatively high, not fragile or wearing and tearing.Yet although tape has many obvious advantages than other medium, show business is never regarded as a kind of ideal or best medium, reason is that it is very easy to copy.
Tape has characteristic very flexibly, is to record tape ratio and is easier to.Really, it is equally easy with playback prerecorded content that the process of recording tape is close to.Relatively easy owing to recording tape, so household consumption tape unit manufacturer provides the equipment with double-mode always, can record tape again can playback tape.So family's sound-track engraving apparatus and video tape recorder have " a recording " button traditionally, allow consumer on empty tape, to record its oneself programme content.For example, although this recording function (gives the more dirigibility of consumer, can record of future generation the listening of language confession that child says the earliest later, can record the soap opera broadcasting afternoon supplies see evening), but unfortunately, this is also the hotbed of pirate industry, the annual illegal imitated tape of producing of illegal piracy industry has millions of, and amount of money involved has multi-million dollar.The scope of this illegal piracy activity is international, in annual Dou Cong world major distraction content manufacturer hand, has seized huge profit.Show business must be by these loss transfers to honest consumer's head, and result causes box office price higher, and price and the rent of video-tape and audiotape are higher.
The mid-80, audio entertain mem industry has been developed CD, as a kind of response to some this class problem.CD is the thin dish of silver color plastics of a kind of diameter number inch, can store one hour or music or other audio program of longer time with digital format.This class CD was also used to storing computer data afterwards.This dish manufacturing cost can be very low, and owing to adopting digital technology record and recovery information, so noise resistance, playback quality is high.Because CD can be finished with plastic, so lightweight, frangibility, is not good at tolerating the damage (vinyl records unlike former, easily scratches, and is even subject to the phonographic wearing and tearing of normal running) that the normal use of user causes.And, larger than the difficulty of playback CD owing to recording so far CD, so, household consumption equipment will possess to be recorded and playback dual-use function, simultaneously expense usefulness is equally worthwhile, also impossible in the recent period with equipment that can only playback, thereby has greatly reduced the possibility of bootlegging.Due to these unrivaled advantages, music industry has promptly been accepted the old vinyl records of this new optical digital disk technology-almost replaced in recent years.
Really, owing to there is no managing entitlement technology, unauthorized replication is simply easy, is widely current, this threat be clearly cause data audio tape (DAT) as the medium of music communication-the more important thing is the medium as a family's recording-move towards key factor of extinction.The right owner of recording music comes down hard upon to lack the widespread commercial of the cheap DAT technology of managing entitlement function, and this is because the completely faithful to digital source on music CD for example of digital recording.Certainly, lacking managing entitlement is not unique factor working, because compare with CD, magnetic tape format makes random access difficulty, for example played songs out of turn.
Video entertainment industry is faced with a similar change causing with music CD, and its basis is the digital format film distributing on large capacity read-only optical medium.For example, optical digital disk technology has developed into such stage, now except can recording out of Memory to digitizing, can also by whole pictures (adding sound accompaniment) digitizing of a film be recorded in the one side of 5 inches of plastic discs.Same CD also can hold a plurality of quality digital sound channels (for example, record home theater multichannel " around " sound and/or on same Zhang Guangpan, record multilingual film dialogue).Same technology makes indivedual frames or the picture of accessing film become possibility to reproduce still image, and more exciting, it provides a kind of unprecedented " random access " playback function, and former household consumption equipment is had no precedent this function.This " random access " playback function can be used for for example when playback, deleting violence, obscene words or nude content, makes child's father and mother press " PG " playback version that individual button just can be selected one " R " level film.It is exciting possible that " random access " function (for example allows fitness enthusiasts to contribute to the part content of specific certain day exercise in only selecting body-building movie and television film) allowing spectators and prerecord aspect content exchange effect also to have.This respect content for example can be read application requirements > > mono-literary composition of the < < new video program design in DVD plenary lecture compilation, and (this conference is held by Interactive Multimedia Association, date: October 19~20 nineteen ninety-five, place: the Sheraton Universal restaurant in California, USA Universal city).
The part example of the DVD series of products of optical medium:
● DVD (digital video disk, digital multi-purpose disk), an one indefiniteness example comprises the consumer device of the film of recording on energy DVD playing back dish;
● DVD-ROM (DVD ROM (read-only memory)), an one indefiniteness example comprises DVD read driver and the dish being connected with computing machine or miscellaneous equipment;
● DVD-RAM (DVD random access memory), an one indefiniteness example comprises a read-write driver and optical medium, is for example arranged on for the consumer device of family's program recording and computing machine or for the miscellaneous equipment of wide scope of application-specific;
● current known or unknown any other large capacity optical medium.
Certainly, DVD series is not limited to be used on film.The same with CD series, they also can for example, for storing the information of other kind:
● recording
● software
● database
● game
● Karaoke
● multimedia
● long-distance education
● document
● policy and handbook
● the numerical data of any kind or out of Memory
● the combination in any of various numerical datas or out of Memory
● any current other known or unknown purposes.
DVD purposes scope extensive proposed a technological challenge: the information content of propagating on this class DVD dish-and may be the image of any kind, sound or in broad terms other data or information, or the sufficient protection of any combination between them-how to access, meanwhile retain, even farthest improve consumer's dirigibility? the extensive requirement that new technology (being mainly aspect video) is proposed is, with regard to the degree that allows to copy, (a) allow consumer to make one-level copy to programme content, give over to personal, but forbid that consumer makes " copy of copy ", given property is made to many generation copies (making so honest person keep honest), (b) allow right owner not wish copy protection, or the home built property of consumer is made unconfined copy.
Yet; only in inextensible mode, provide this simple and limited copy protection; may be very shortsighted-because no matter now or in the future; more complicated protection and/or managing entitlement target can be very useful (for example: more sound and optionally apply copy protection technology and other resist technology; realizing pays watches mode; consumer can utilize enhancing function, just can extract programme content or interactively watch program, accept credit of propagating again etc. such as payment extra cost).In addition, when solving protection and managing entitlement target best, for example, according to available device resource and/or equipment networking, still do not network, it is exceedingly useful distinguishing and take seriously to the commercial opportunity that information is relevant being provided by dvd media and threatening.
More complicated managing entitlement function is also managed these assets better by allowing acoustic image to make institute and other film and/or the owner of a right of disc, for example, allow authorized side to copy digital movie, acoustic image works-no matter be special or optional works, be used for creating derivative works, wherein multimedia game for example.The solution of the protection dvd content proposing up to now generally just concentrates in limited copyright protection target, fails fully to relate to, even do not recognize more complicated managing entitlement target and requirement.More particularly; the Copyright protection scheme that has a kind of initial generation for DVD equipment and medium; its basis is a kind of encryption method and the simple CGMA control routine of being developed by Matsushita company at first, and the copy type that the latter indicates permission has: a generation copies, must not copy, infinite copy.
Summary of the invention
To solve the information protection and the problem of management that have comprised such as in the system of the large capacity optical medium of DVD comprehensively, wherein require to have the method and system that can solve following two large class problems: (a) number-Mo changes (or on the contrary); (b) in the environment of networking and not networking, use this class optical medium.The invention disclosing herein relates to these problems and other problem.For example, with regard to analog-to-digital conversion (or contrary), according to the present invention, imagine at least some and also can transmit by simulating signal for the protection of some information of the digital form of property and/or description managing entitlement and/or control information.For example, from a kind of form and/or medium, to another kind of form/medium, make the equipment of changing, comprise some or all control and identification information in new context, or at least in transfer process, initiatively do not delete this information.In addition, the invention provides control, managing entitlement and/or sign solution that digital field is generally provided, and the crucial important technology that can implement in subscriber equipment, computing machine and miscellaneous equipment is provided.An object of the present invention is, provide not only useful but also in the useful powerful managing entitlement technology of computer market in consumer electronics market, and technical capability in the future and commerce model are developed become possibility.Another indefiniteness object is, provides a kind of and existing for limited function copy protection and compatible as far as possible for the industrial standard encrypted, comprehensively control, managing entitlement and/or sign solution.
Managing entitlement provided by the invention and resist technology, meet the limited copy protection target to film that current show business requires completely, also has dirigibility and extensibility simultaneously, can extensive more complicated managing entitlement selection scheme and the function of accommodation.
Importances more of the present invention (will discuss in more detail in addition in the application) comprising:
● the control information of the information association recording on selection and dvd media (for example rule and consequences for use control information, the key element example of the virtual communication environments (VDE) that it comprises indefiniteness), it is the classification based on equipment at least partly, for example the type of equipment, available resources and/or right;
● allowing this class to select control information is a subset of control information used in miscellaneous equipment and/or equipment class at least partly, or diverse control information;
● protection is from the information of DVD equipment output, such as by Ginter etc. people's and the disclosed managing entitlement technology of the application be applied in DVD player the signal with IEEE1394 port (or other serial line interface) transmission;
● on the basis of dummy source, create protected digit content;
● reflect country variant and/or regional different rights to use and/or content availability in the world;
● manage reliably the information on dvd media, make some part can for example, upper use of a class or multi-class device (independently DVD player), and other parts can for example, upper use of the equipment of identical or different classification (independently DVD player or PC);
● store reliably and/or transmit and the information of paying, check, controlling and/or the content of the upper storage of management DVD is relevant, comprising and the relevant technology disclosed in patent people such as the people such as Ginter and Shear;
● the encryption key that renewal and/or replacement are used in equipment operating process, the scope of the information that can use with modification equipment and/or equipment class;
● protection information in all processes that creates, propagates and use, for example, the information that initial protection is gathered by digital camera, continues to carry out protection and managing entitlement to its method in all processes of editor, production, propagation, use and operation report.
● allow to be shared by " the virtual right machine " participated in and cooperative a plurality of equipment and/or other system form in the permanent network connecting or the temporary transient network connecting some and/or whole managing entitlement of single and/or a plurality of nodes, for example, allow the available resources in a plurality of this equipment and/or other system, and/or with use and/or control a plurality of litiganies of this equipment and/or other system and/or the right of weave connection, be applied to concert (according to the rule relevant to right and control), to manage in this equipment and/or other system the one or more electron events on any one or more, this incident management for example comprises: watch, editor, classification, compile, print, copy, name, pluck choosing, preserve and/or propagate again the digital content that is subject to rights protection.
● allow the exchange of right between reciprocity equipment and/or other system, wherein equipment and/or other system add the permanent or temporary transient network connecting, and wherein the exchanged form of this right is the dealing of barter business, currency, and/or be worth and/or consideration exchange-wherein this value and/or remuneration are to exchange between the business of reciprocity participation network and/or consumer device and/or other system.
Large capacity digital medium rights protection and management that general DVD/ cost-effectiveness is suitable
The present invention described herein can be used for any mass storage device that the suitable propagation medium of employing effectiveness-cost is provided of business and/or consumption numerical information, and DVD as herein described should be understood to include any this type systematic.
Copy protection and managing entitlement are important in actual dvd system, and, in current known or unknown other large capacity storage, playback and recording system, be still important in the future.Provide (or writing) information on most dvd medias some or all need protection.This anti-copy protection is an aspect of managing entitlement.Other side comprise allow right holder and other people manage they commercial interest (and the potential time and/space length realizes their), no matter be what propagation medium and/or channel, also regardless of the special properties of receiving equipment.The managing entitlement solution of this combination DVD, along with the appearance of readable dvd media generation upon generation of and equipment in the future, will become more important.The in the situation that of can selecting recording arrangement on market, and for example record, record and when other digital properties will be from a device transmission to another equipment, now, right holder safeguards hope propose their right.
The obvious combination of consumer device and computing machine, the raising of network and modem speed, the decline of the expense of computer capacity and bandwidth, and the increase of optical medium capacity, these factors combine has created a world of mixing business model, in this world, on the optical medium that all various digital contents can be play on the equipment connecting at least once in a while and/or computing machine, propagate; In this world, music CD and initial DVD film sell in common disposable purchasing model, obtain supplementing of other pattern, the latter for example leases, pay watch, lease purchase, etc.Consumer can select these and other pattern from same or different distribution persons or other suppliers.Usage charges can and/or connect on other communications conduit of certain paying clearing operation at network and pay.Consumer's use and fox message can be back to developer, distribution person and/or other participant.The basic replication resist technology for DVD of introducing now can not be supported these and other complex patterns.
Along with writing the appearance in market of DVD equipment and medium, other mixed mode is also possible, for example, comprise via satellite and cable system spreading digital film.After recording a film, consumer can select to lease, lease, pay and watch or appropriate mode that other is possible.Along with the appearance of Digital Television, can write the ability that DVD loyalty copies on-air program and produce other possible pattern and/or managing entitlement requirement.To this, the current simple copy protection mechanism of applying for initial read-only DVD technology, can not satisfy the demand equally.Encryption is means, is not object
Encryption is applicable to protect the knowledge property of digital format; no matter that the magnetic medium of the optical medium, disc driver and so on of DVD and so on is, in the activity store of digital device, still just by the network of computing machine, cable, satellite or other kind or the knowledge property of delivery means transmission.In the past, encryption technology is owing to sending secret information.For DVD, a fundamental purpose of encryption is that requirement is used a kind of copying to control and right management system, with the content of having guaranteed to only have the talent who is authorized by right holder really can use to encrypt.
But, encrypt, be object, not equal to be means.Central issue is how to design method; in maximum as far as possible degree; guarantee only has authorized equipment and litigant could decipher shielded content, and/or by other method use information in the scope that other party concerned of right owner and/or protected content allows only.
The invention provides powerful managing entitlement function.According to an aspect provided by the invention, the digital properties of encryption can be left in the software " container " of a kind of anti-destruction on DVD, for example, in " Digibox " safety container, the rule about " must not copy " and/or " copying " and/or " allow copy number of times " that can apply and be implemented by consumer device in addition of depositing together.Regular and/or the more flexible and/or different rule that these are identical, can, by computer equipment or other System Implementation, provide more and/or different functions (for example to edit, pluck choosing, one or more payment methods, (storage of increase is used for capacity of detailed inspection information etc.).In addition, for example " software container " of " Digibox " safety container can store certain plaintext (without encryption format) content.For example, film or music title, copyright statement, sound equipment sample, preview and/or advertisement can expressly be stored, and/or can be by any suitable application or device plays out.This information when being provided for watching, copy and/or other is movable for authenticity can be protected.Simultaneously, various valuable digital properties-films, image, image, text, software and multimedia can be at least Partial encryption storages, can only be used by authorized equipment and/or application, can only for example, in licensed (after right owner agrees to) in the situation that, use.
According to another aspect provided by the invention (in conjunction with some functions that disclose in people's patents such as Ginter), be can store a plurality of rule sets in same on DVD dish " container ".Then software apply these rules as the case may be, concrete condition is: for example film is play by consumer device or computing machine, whether particular device has rear passage (for example on-line joining process), country and/or other law or the geographic zone at the played place of player position and/or film, and/or whether equipment contains the parts that can identify and apply this rule.For example, when information is play by consumer device, some service regeulations is applicable, and when being play by computing machine, other service regeulations are applicable.The selection of rule depends on that right owner and/or other participant-or some rule can be predetermined (for example according to specific environment, maybe should be used for being scheduled to).For example, film right owner can wish that restriction copies, and guarantees that content is not taken passages, no matter this property residing be what situation.This restriction may be only in certain law or geographic zone application.Other way is, the right owner of sound goods can wish to allow to extract the content of predetermined length (for example, in 20 seconds), and these extractions must not be for making new business works.In some cases, government can require to only have the film of " PG " version and/or the TV programme of In Grade on the local equipment of government, to play, if and/or to the content of recording on DVD require and/(use such as film, game, database, software product etc. is paid to carry out charge; And/or according to the order of the catalogue at least partially in storing on dvd media, etc.), the applicable expenses of taxation, usage charges etc. will automatically be calculated and/or collect.
In (or enhancing) digital consumer device under microprocessor is controlled, the enforcement of this rule the present invention relates to, for example only need increase a little equipment to central authorities, control processor (or other CPU, IEEE1394 port controller or other contents processing control circuit), and/or utilize some ROM or quick internal memory to store necessary software.In addition, each ROM quick internal memory or other internal memory of this control circuit that is unitary system forging piece (or can be connected to reliably or be integrated into) for example can store one or more digital document or " certificates " that can identify uniquely particular device, personal identification, compass of competency, equipment class and/or other selected parameter.Equipment for example can be programmed to encryption format, to give another digital device by the duplicate of digital properties, and can only be placed in " software container " of new anti-destruction.Container for example also can with one represent present sent be the code of a duplicate rather than original paper.Equipment also can be put into identical safety container by the exclusive identifier of receiving equipment and/or equipment class.As a result, for example, in an ad hoc arrangement, on the equipment of equipment, equipment class and/or particular locality that this duplicate only receives in wish, can play, the relevant right of using this duplicate can be according to these and/or other variable and difference.
Receiving equipment when this digital properties being detected and be really duplicate, for example, can be programmed to not make other duplicate that can play in consumer device and/or miscellaneous equipment class.If equipment Inspection is not original equipment of intending broadcasting to equipment and/or the equipment class that will play digital properties, it can be programmed to refusal and play this duplicate (if desired).
The same rule of applying in consumer device for example can be implemented having possessed on providing according to the computing machine of managing entitlement of the present invention protection.In this example, rule can must not stipulate and on any equipment that is not for example consumer device and/or equipment class, play certain film and/or other content.Another kind of way is, this powerful function can be used for the hope by right owner, different service regeulations and payment scheme that regulation is suitable for when (and/or in miscellaneous equipment and/or equipment class) play on computers, for example, carry out price discrimination according to the difference geography at play content place or law region.
In addition, if for example have " rear passage ", if (backchannel)-there is the Set Top Box of two-way communication or be attached to the computing machine of network-the present invention and consider to need or require to transmit for the independent of electronics of the new regulation of given property.These new regulations for example can tariff discount, time-limited sale, advertising subsidy and/or other information needing.Said above, regular determining that these independently transmit depended on right owner and/or completely to other people in mould-fixed.
Two object lessons about several aspects of the invention described above below:
1.
the example that analog to digital copies
(a) Bob has a dish to buy the vhs video band of (or leasing), and he wants to copy portion and gives over to personal.The control routine that copies of this analog motion picture is embedded, the quality of not overslaugh signal.Bob has the DVD equipment that can write, and the outfit of this equipment can provide according to managing entitlement protection of the present invention.The DVD register of Bob detects control routine embedded in simulating signal (for example this register can detect watermark and/or the fingerprint that contains the control relevant to right and/or the information of use), create a new safety container and deposit content rule and description encoding film, and create new control law and (and/or be delivered to a safe VDE system to store and report some and use historical relevant information, such as address name, time etc.), simulation control routine and/or the out of Memory that it detects that follow, then they be stored in Digibox and/or the safe VDE device data storer such as safety database.Bob at any time can be on its DVD equipment this duplicate of playback.
(b) DVD that Bob is recorded coils to Jennifer, and the latter wants to play this dish on the computing machine with DVD driver.The outfit of her computing machine can provide according to managing entitlement protection of the present invention.Her computing machine is opened Digibox, and detecting and using the equipment of this replicating disk is not the equipment (being therefore undelegated equipment) that records this dish, so refusal is play this replicating disk.
(c) Bob coils its this DVD to Jennifer again, but the latter has this time been obtained and contacted with the relevant person who works out new regulation and consequences for use by electronics mode, this relevant person may be film manufacturer, retail trader and/or right and license switching station (or also may she had enough rights this replicating disk of its player plays).Relevant person sends a Digibox container to Jennifer, the rule being loaded with above and consequence allow her on its computing machine, to play this film, to charge to her, although this film is recorded to DVD by Bob rather than by film manufacturer or other value chain participant simultaneously.
2.
the example that digital-to-analog copies
(a) Jennifer comes home from work, by a dish DVD that lease or own insert one be connected with TV or with the integrated player of TV, play this dish.Film is decrypted in completely transparent mode, and form becomes simulation by digital conversion, on its simulated television, shows.
(b) Jennifer wants to copy portion and gives over to personal.She plays this film on the DVD equipment containing with good grounds managing entitlement protection of the present invention.This equipment is opened Digibox safety container, and access control information is deciphered this film.She records simulating signal on video cassette recorder, obtains a high-quality duplicate.
(c) Jennifer copies this VCR to Doug, and the latter wishes by this simulation tape copy a personal, but it is very low to simulate the quality that VCR that control information makes to copy copies, or reproducible not.In another indefiniteness example, digital rights management information more fully can be coded in simulation output, method is to adopt in above-cited Van Wie and Weber patented claim method and/or system in greater detail.
According to an aspect provided by the invention, same portable storage media, for example DVD, can be used for a series of environment different, that have certain protection, and different defencive functions is provided.Managing entitlement technology and/or function that each varying environment can be supported according to this specific environment, used the information of carrying in portable storage media.For example, the disk player of household consumption simple in structure, the charge is small can be supported copy protection, without the more complicated content rights that relates to the function of player own and do not reach.Stronger and/or the safer platform of technical functionality (for example may connect the PC that contains safe handling parts of supporting by network, or the equipment of " more clever "), for example can use identical portable storage media, and (for example require the outer usage charges of amount paid according to more complicated managing entitlement technology, provide the safety of the chosen content part of taking passages or selecting and compile to extract, etc.), the right to use of the enhancing relevant to the use of the contained content of medium is provided.For example, the control collection associated with portable storage media can adapt to various use function-more senior or complicated use and correspondingly require to only have some platform just to have and the protection that do not have, more senior of other platform and managing entitlement.As another example; the environment of low-function can be ignored (or do not start or do not attempt use) and controls and concentrate their vague rights, and H.D environment (they know the repertoire oneself having) for example can start the right ignored by the environment of low-function and corresponding resist technology.
According to another aspect provided by the invention, can be stretched to function and a performance that is independent of the safety component of medium and platform, the fundamental right management expectancy that makes consumer-elcetronics devices is one group of subset of more enriching function that can be applied to more senior platform.This safety component can be both a physics, hardware component, can be also " software simulation " of parts.According to this feature, medium example (or rather, a contents version with media independent) can be passed client, no matter their equipment or Platform Type are how, content will be protected certainly.The more not senior platform in safety and/or technical functionality aspect can only provide the right of limited use content, and more senior platform can provide the more right of expansion according to corresponding suitable safety condition and safety practice.
According to another aspect provided by the invention, the DVD player of large-lot production, the household consumption that the charge is small (such as those for example structural complexity is minimum and the minimum player of package count), can be transformed for example, with strong and/or identical DVD that security platform (PC) is used or other portable storage media compatiblely, and do not reduced the senior managing entitlement function that this storage medium and combination more senior and/or security platform can provide.According to the managing entitlement that the invention provides and support and protective device; so basic replication protection that support price is inexpensive; and can be further used as the convergent technology of business; support to allow the cross-over connection by limited resources consumer device according to the use of the right of identical content; simultaneously; by (a), be useful on safe rights management more large resource equipment and/or (b) with the miscellaneous equipment of further safe rights management resource or the equipment that system is connected can be provided, protect fully content more complicated safe level and the function of further support.This aspect of the present invention allows to participate in and a plurality of equipment and/or other system of cooperation operation in the permanent or temporary transient network connecting are shared in the managing entitlement of at least one or more electron event (managing such as the processing environment of the protection by describing in using people's patents such as Ginter) occurring on single or multiple node, and allows with use and/or control the litigant of this plurality of equipment and/or other system and/or right that group is associated can be used according to the potential rule relevant with right and control.This just for example allows, the right that can obtain by company manager's equipment, can in some way, be combined with one or more subordinate office workers' of company right, or replace the latter, condition is that their calculating or miscellaneous equipment connects into a temporary transient networking relation and operate in suitable scope.In general, this aspect of the present invention allows the content distributed, the protection of ad eundem managing entitlement that is subject to of the distributed managing entitlement of DVD or encapsulation and transmission.No matter DVD equipment or other electronic information are used equipment whether to add the permanent or temporary transient network connecting, whether the equipment and/or the relation between other system that also no matter participate in distributed managing entitlement arrangement are temporary transient or have more lasting operative relationship, and this distributed managing entitlement can move.Like this, identical equipment just can (for example have different rights according to the scope at equipment operating place, in a company's environment such as with other people and/or group cooperation, within the family in portion's environment and/or home environment of cooperating with other outside individual and/or other litiganies, in a retail store environment, in the device of student's classroom-its middle school student's notebook cooperating with the server in classroom and/or teacher's PC aspect managing entitlement, in library environment-wherein use to a plurality of litigant's cooperations the right of different use data searchings, handheld device and opertaing device cooperation at factory's flooring-wherein, safety is also suitably carried out proprietary feature, etc.).
For example, by limited resources apparatus, DVD equipment for example, be connected with network computer (NC) or the PC (PC) that the charge is small, can allow the peculiar right of managing entitlement function and/or litigant and/or equipment to be enhanced (or replacement), method is that allowance managing entitlement is the part of DVD equipment and/or right or the combined result of managing entitlement function of whole right and/or managing entitlement function and network or personal computer (NC or PC).This right can further be strengthened, revised or be replaced due to the availability of the managing entitlement function by reliably (safety) telecommunication network managing entitlement mechanism provides.
It is the difference arrangement of managing entitlement function in DVD equipment-support disconnection and coupling arrangement that these aspects of the present invention can allow in same equipment-this example, for example in various degree, and allow right from being produced by managing entitlement equipment and/or other system in combination and/or the availability of managing entitlement function to produce available right.This can comprise by use one " more no " safety and/or the equipment of natural resources shortage or one or more combinations of the part or all of right that system obtains, wherein " more no " safety and/or equipment of natural resources shortage or system by safe or safety " degree is different " and/or resourceful from one " " and/or have the equipment of different rights or the connection of system is enhanced, replace or revise, wherein this connection adopts one of them equipment and/or these two equipment, describe and share right dependency rule and the determined right of control and/or the management function that managing entitlement arranges.
Under latter event, be connected in logic and/or long-range managing entitlement function physically, can expand (for example increasing available safe rights management resource) and/or change DVD equipment or the characteristic of the right that the user of the DVD equipment that is connected with NC, PC home server and/or long-range managing entitlement mechanism can use.In the situation strengthening in this right, extra content part can obtain, and price can change, then propagates right and can change (being for example expanded), and contents extraction right can be increased, etc.
This " networking managing entitlement " can allow the combination of the managing entitlement resource of a plurality of logics and/or the panoramic equipment of physical relation and/or other system, by the enhancing resource providing that is connected with one or more " long-range " managing entitlement mechanism, produce larger right, or produce different rights.In addition, when managing entitlement functions increase and/or different and/or right are provided, this managing entitlement arrangement based on connecting can also be supported the content availability in many places, method be to provide the content of long-range available content-for example store in World Wide Web long-range, based on the Internet content memorizer (world wide web), supporting database-with one or more DVD dishes on local content seamless integrated.
In this example, user can not only experience rights increase or different, and can use local DVD and supplemental content (more popular from time viewpoint, price is higher, more diversified or say the content with complementarity etc. from other meaning).In this case, the user of DVD equipment and/or DVD equipment miscellaneous equipment or the system of this equipment connection (or from) can be applied to identical right, discrepant and/or different rights in the content that Local or Remote can use, and Local or Remote can with content part this when being used by user and/or equipment, can be limited by discrepant or different rights.This arrangement is by adopting managing entitlement and the content resource of a plurality of connected devices, can support that user can effectively obtain in content retrieval and/or use activity by whole great increase of the chance of seamless integrated user content.
The telemanagement mechanism that this right strengthens can be directly connected to DVD equipment and/or miscellaneous equipment with modulator-demodular unit, or directly or indirectly pass through to use the I/O interface such as serial 1394 compatible controllers (for example to connect, by communicating by letter between the DVD equipment in 1394 startups and local PC, wherein, PC is useed an intelligent synchronization or asynchronous information communication interface as, connect one or more telemanagement mechanism, comprise as the local PC or NC or the server that strengthen and/or provide the local right management structure of managing entitlement in DVD equipment).
According to another aspect provided by the invention, participant and/or participate in DVD equipment or right that other system is provided, that buy or that obtain with other method, can be by the equipment of one or more permanent or temporary transient networkings, between the equipment of this peer-to-peer and/or other system, exchange.In this case, as long as this kind equipment and/or other system are participated in right management system, such as the virtual communication environments of describing in people's patents such as Ginter, and adopt subrogation and other managing entitlement function of wherein describing, right just can be by barter business, betray, otherwise have valency exchange and/or taxi.For example, this aspect of the present invention allows litigant to exchange game or the film that they have bought right.Still in this embodiment, someone can buy the right that a part is watched film from neighbours, or will from the credit received of game publisher, transfer the opposing party to propagate into several acquaintances by game is super, this credit can be transferred (exchange) to certain friend, to have bought this friend's part right, different game is played on certain number of times ground, etc.According to another aspect provided by the invention, the content that the portable storage media of DVD and so on contains is associated with one or more encryption keys and a secure content identifier.Content itself (or using the desired information of this content) at least partly with enciphered method encrypt-before using content, need to decipher this content with associated decruption key.Decruption key itself also can be encrypted with the form of encryption key block.According to platform used, can use different key managements and access technique.
According to another aspect provided by the invention, digital camera/the video recorder of the electronic equipment of " establishment " digital content (even analog content)-for example or sound-track engraving apparatus can be equipped with suitable hardware and/or software easily, to the content providing in safety container is at the beginning provided.For example, the content being recorded by digital camera can be encapsulated into immediately by video camera safety container when it records.Then video camera just can export the content being encapsulated in safety container.This just need to be later or in production phase encapsulated content, so according in the overall realization of electronic rights management of the present invention, saved a production procedure step.In addition, owing to " reading " this process of content in order to use in managing entitlement environment, in many stages of conventional production and communication process, all may there is (for example, in what is called " compacting " process of editor and/or DVD or audio disc stamper).Correspondingly, another important advantage of the present invention is that the managing entitlement of content can expand to each stage that content generates, edits, distributes and use substantially, with the seamless content protecting system that provides can protect the right of whole content life cycle.
In one embodiment, storage medium itself contains key block decruption key, and decruption key is hidden in storage medium, with general access and/or reproduction technology, generally can get out.Then this hiding key can be by driver for being used to decipher selectively content and the relevant information on medium to the key block of the be decrypted-this deciphering of key block of encrypting.Driver can design in a kind of mode safe, anti-destruction, makes hiding key can not expose driver, and an extra protective seam is provided.
According to another embodiment, the key of an encryption key block can be stored and be kept for deciphering to optic disk driver.This key block decruption key can be stored in the crypto key memory of driver, if communication port, the network port or other communicating route for example being provided by Set Top Box is provided optic disk driver at least once in a while, decruption key can also upgrade.
According to another embodiment, a virtual assigned Environmental security node comprises a shielded processing environment, such as a hardware based secure processing units.This safe handling node can, according to be delivered to medium originally security node with it and/or control law and the method security node, that stipulated by one or more safety containers of transmitting on the independent communication passage such as network, be controlled the use such as the content on the portable storage medias such as digital video disk.
The CGMA copy protection control routine that some combines with some encryption technology obviously being proposed first by Matsushita company to the current prediction of conventional copy protection of DVD.Although this method is limited to the benefit of digital safeguarding of assets, the present invention can provide supplementary, compatible and more comprehensive right management system also provides other and/or different selection and solutions simultaneously.Some other examples according to advantage provided by the invention below:
● meet the tight security of content provider's needs completely.
● comprise that the value chain management robotization of distributed rights protection is with efficiency, to " timing burst " paying disaggregation of value chain participator (" piece of tick " paymentdisaggregation), cost-microcosmic transaction management efficiently and the super propagation to the micro-paying of the off line of the equipment being connected at least once in a while and micro-transaction support.
● simple and clear, channel management efficiently, comprise support to use can be at limited resources, more resources, independently and/or the identical content transmitting on the equipment connecting.
● can be used for the content of any medium and application type and/or form of ownership and content model-be not only compressed video and the sound such in some prior art, and be supported in the duplicate that for example, uses identical or identical in fact content container between various medium broadcasting systems (broadcast, storehouse, the Internet device, CD etc.), for for example, above operating at various distinct electronic apparatuses (digital camera, digital editing equipment, sound pick-up outfit, sound editing equipment, cinema's projector, DVD equipment, broadcast tape player, PC, intelligent television etc.).
● by important new content income and/or other, consider the raising of chance and value chain efficiency of operation, asset management and income and/or other consideration are maximized.
● can be absolutely compatible other resist technology, for example CGMA protected code and/or the Matsushita data perturbation method to DVD copy protection.
● can use with various existing data perturbations or protection system, very high compatible and/or very senior function is provided.
● allow DVD technology to become reusable, the programmable resource of panoramic amusement, infomercial and PC World's business model.
● make manufacturer and/or retail trader and/or other increment participant of DVD driver and/or semiconductor device, become supplier and the right owner of physical basis structure in the connection world of emerging the Internet and in-house network, they can require people to use with compensation to join part distribution, physical basis structure (part that for example they provide) for commercial network.These manufacturers and/or retail trader and/or other increment participant can enjoy economic interests from participate in " timing burst ", and this interests are freed from the accumulation of the sub-fraction income of participating in business and obtaining.
● automatic internationalization, regionalization and managing entitlement are provided, wherein:
One dvd content can have the combination of Different Rule collection, for automatically using according to user's right and identity;
-can process pellucidly the social right that comprises tax revenue.
In addition, DVD right management method of the present invention and device have increased interests for medium recording person/publisher, are specifically:
● meet the philosophy of " allow honest people honest ".
● can be absolutely compatible other protection scheme, for example the data perturbation method of Matsushita and/or CGMA code-wheel.
● can work together with other protection scheme and/or as a supplement, provide degree and/or the function of expectation, maybe can be for supplementing or replacing other method so that extra and/or different functions or characteristic to be provided.
● provide powerful, extendible, surmount the managing entitlement to the limited copy protection schemes of the managing entitlement in the convergent world of numeral.
● give the ability that record/publishing house creates complicated asset management tool.
● by the control of recording property outside multimedia environment is used and is created important commercial opportunity.
● uniquely by internationalization, regionalization, super propagation, heavily enterpriseization is related to content creation process and/or is used and control.
The right owner of other class is benefited in other invention of the present invention, for example:
● by value chain and procedure level, in the world digital content is carried out to lasting, transparent protection.
● significantly reduce because copying and propagate the revenue losses causing.
● " propagation " copied with the copyright infringement of many forms and threatened and be transformed into important commercial opportunity by strategic business.
● with medium and/or place to use and other right variable single standard irrelevant, all digital contents.
● the main scale economics of inter-trade, channel of distribution, medium and content type.
● can support this locality in DVD player use management and check, allow high efficiency micro-transaction support, comprise micro-transaction in many ways and transparent micro-transaction in many ways.
● the entitle owner adopts the ability of price, business model and market strategy the most widely as the case may be.
The present invention to DVD and the favourable other side of other digital media equipment manufacturers is:
● the compatibility with existing dish bit-by-bit can be provided.
● content type is independent.
● medium is independent and able to programme/reusable.
● be converted to highly easily the equipment that the next generation has high-density equipment more and/or can write DVD and/or other optical media formats.
● participate in the revenue stream generating with this equipment.
● can extension standards to the single of all digital content devices.
● prepare at any time to face following " convergent " world, in this world, much equipment in family for example for example, with IEEE 1394 interfaces or other device be connected together (some equipment extraordinary image computing machine, and some computing machine extraordinary image equipment).
Content of the present invention provides many benefits to computing machine HeOS manufacturer, for example:
● for example, by least one transparent plug-in unit, as the expansion to operating system, in computing machine, realize, do not need to change computer hardware and/or operating system.
● easily seamless integration is in operating system and equipment.
● extremely powerful security-particularly when strengthening with " safe silicon chip " (hardware/firmware protective device of making on chip).
● subscriber equipment is transformed into genuine e-business equipment.
● be provided for reliable, safe managing entitlement and the platform of event handling.
● by the programmability of special requirement customization.
Other feature provided by the invention and advantage for example comprise:
● the information on medium (for example property and metadata) can be encrypted also and can not encrypted.
● the available different secret key encryption of different information (for example property and metadata).This not only provides more protection for preventing from divulging a secret, and is also supported in the optionally right to use in complicated right management system.
● can be on medium storage encryption key, although this and inessential.These keys can be used for deciphering shielded property and metadata.Why the key of having encrypted may be used, and is because this permission information itself has more security information, meanwhile remains on the access under single cipher controlled.
● can on medium, store many group encryptions key, different set of cipher key is associated from different information, allow a plurality of control modes to use identical information, wherein each control mode can go to decipher its encryption key set used with one or more different keys.
● in order to support player can access container and/or the content that is subject to managing entitlement, the decruption key of encryption key can be hidden in medium access conventionally less than one or more positions on.The position of this " conventionally access less than " is physically open to the driver of installing on player, and the computing machine of installing on player is forbidden.The available different firmware of this startup or the wire jumper on driver etc. are realized.
● player access also can be supported by one or more keys in player memory storage by the container of managing entitlement and/or the ability of content, and these keys can be decrypted some encryption key on medium.
● the key in player can allow other different properties of some player plays.Key connects (be for example connected to personal computer, cable system and/or modulator-demodular unit are connected to new and/or other key and/or a key cancel information) by network and is added to player and/or deletes from player, or is automatically packed into by " broadcasting " encryption key distribution DVD.
● controlling that computing machine uses can controlled player content and/or some or all constructed support of the use of digital rights management information.
● control computing machine and can make computing machine receive one or more suitable keys and supported by a right management system of being commissioned to the use of content and/or digital rights management information.
● computing machine can be accepted other keys that permission is decrypted some encryption key on medium.
● computing machine can accept to allow direct other keys that one or more parts of enciphered data are decrypted.This just allows the information on working medium selectively and does not expose key (for example can decipher the player keys of any encryption key).
According to another aspect provided by the invention, " software container " of a safety is provided, it allows:
● the encapsulation of controlling with content, right rule and the use of encryption method protection.
● for transporting, store and the lasting protection of value chain management.
● complicated regular interface structure.
Element can transmit independently, the new control for example for example, changing about discount price (sell the discount of price, special user and group, price based on the pattern of use, etc.) and/or other business models, can after propagating, be transmitted at property that (this is for example, useful especially for a large amount of properties and physical allocation propagation medium (DVD, CD-ROM), because can avoid the expense of propagating again, and consumer can continue to use the dish of their collections).In addition, enciphered data can be positioned in container " outside ".This just can for example allow to use for example, data from controlling and support the separate, stored of " flowing " content and " legacy " system (CGMS).
Accompanying drawing explanation
These and other features and the advantage that these inventions have to be thoroughly understood better, the detailed description to most preferred embodiment can be read in conjunction with the following drawings:
Figure 1A represents to use the household consumption electronic equipment example of portable storage media such as digital video disk;
Figure 1B represents to use identical portable storage media but the example of the security node equipment of more advanced managing entitlement function is provided;
Fig. 1 C represents the process of the protected CD of an example manufacture;
Fig. 2 A represents a routine structure of the consumer-elcetronics devices of Figure 1A;
Fig. 2 B represents a routine structure of the security node equipment of Figure 1B;
Fig. 3 represents the example of Figure 1A equipment data;
Fig. 3 A and Fig. 3 B represent to control the example of collection definition;
Fig. 4 A and Fig. 4 B represent the example of the operation technique that Figure 1A equipment provides.
Fig. 5 represents that Figure 1B is used for the example of the data structure of information in access storage media by security node;
Fig. 6 represents the routine operation technique that Figure 1B security node is carried out;
Fig. 7 means the block diagram of the example of a specific safety software container containing on DVD;
Fig. 8 means the routine safety container stored on dvd media and the block diagram of video property content;
Fig. 9 means the block diagram of another example of the volumetric standard containing on dvd media, and this DVD comprises an extra container, and it has a more complicated regular scheme of for example using together with security node;
Figure 10 represents the DVD with a container (it exists on this medium) to be used for the DVD player of being furnished with safe rights management node, and this figure has also shown same DVD and the DVD player use of not being furnished with safe rights management node;
Figure 11 is that an expression is used in the DVD player of being furnished with managing entitlement security node according to the present invention and be there is no the DVD of container and in the DVD player that there is no security node, use the contrast block diagram of identical DVD;
Figure 12~14 represent the example of network configuration;
Figure 15 A~15C represents a routine virtual right process.
embodiment
The example that Figure 1A represents is to produce the household consumption electronic equipment 50 that the charge is small in enormous quantities, and it can use for example, information on the storage medium 100 of such as portable digital coding CD (digital video disk or DVD).Consumer device 50 comprises a special-purpose cd player 52, and in some embodiments, Disc player also can have ability (can write DVD dish or " DVD-RAM ") from data to optical medium that write, and Disc player is connected with family color TV 54.A remote control unit can be used for controlling this disk player 52 and/or televisor 54.
In one embodiment, dish 100 can be stored minister's feature film or other video contents.Want to watch the people of content in dish 100 can buy or lease this dish, this dish inserted to player 52, with telepilot 56 (and/or on player 52 may with controller 58), control player and pass through this content of family's colour TV 54 playback.
In some embodiments, telepilot 56 (and/or on equipment 52 may with controller 58) can control example as recording film.Digitized video and audio-frequency information that player 52 reading disks 100 are contained, be converted into the signal with family's colour TV 54 compatibilities, and these signals offered to family's colour TV.
In some embodiments, televisor 54 (and/or a Set Top Box) provides vision signal, by equipment 52, can write optical medium-for example record on DVD-RAM.The signal that televisor 54 provides to televisor according to player 52 generates image and plays sound accompaniment by loudspeaker 54b on screen 54a.
For instance, in the options that the user of platform 60 shows on display 64, make one's options, the order of content image is changed (in many different final results is for example provided, allows user-interactive ground to control image and play stream, etc.).Computing machine 62 may also can use and process numerical data, these data for example comprise storage on dish 100, the not treatable computer program of player 52 and/or other information.
The dish of safety creates and communication process is given an example
Fig. 1 C represents that an example safety creates a process for the multimedia DVD stamper 100 of player 50,60.In this example, digital camera 350 converts light image (for example photo) to the numerical information 351 that represents one or a sequence image.Digital camera 350 in this example comprises a security node 72A, and it protected numerical information before numerical information 351 is left camera 350.For example realize the method for this protection, in one or more containers, encapsulate numerical information, and/or will control associated with numerical information.
In this example, digital camera 350 offers a memory device by shielded digital image information 351, for example a Digital Video Tape Recorder 352.Video tape recorder 352 stores digital image information (together with any relevant control information) on a storage medium into, for example, on magnetic tape cassette.Video tape recorder 352 also can comprise a security node 72B.Security node 72B in this example can understand and combine digital camera security node 72A is applicable and/or the control relevant to numerical information 351, and/or can apply its oneself control to storage information.
Identical or different video tape recorders 352 can be played back to digital mixing console 356 by protected numerical information 351.Numeral mixing console 356 can mix, edit, strengthens or the numerical information 351 of processing otherwise, and generation represents the numerical information 358 of the processing of or a sequence image.Numeral mixing console 356 for example can be accepted, from other equipment-other inputs of other tape recording/cameras, other digital cameras, character generator, pattern generator, cartoon maker or any other equipment one based on visual.Any or all these kind equipments also can comprise security node 72, with the information of protecting them to generate.In some embodiments, some numerical information can obtain from include the equipment of security node, and other numerical informations never obtain in the equipment of security node.In further embodiments, the numerical information that is provided to digital mixer 356 is shielded a bit, and some is not shielded.
In this example, digital mixing console 356 also can include a security node 72C.Numeral mixing console security node 72C implements the control being applied by digital camera security node 72A and/or video tape recorder security node, and/or it can be added to its protection the numerical information 358 that it produces.
In this example, audio microphone 361 is accepted the sound, and to the simulating signal of converting.In this example, sound signal is imported into a digital audio tape recorder 362, and in illustrated example, blattnerphone 362 and Audio mixer 364 are digital devices.Yet, in other embodiments, in these equipment one of them or the two can operate with analog form.In illustrated embodiment, digital audio tape recorder 362 converts simulated audio signal to the numerical information that represents the sound, and stores numerical information (and any relevant control information) into tape 363.
In this example, blattnerphone 362 includes can be by the control information security node 72E associated with tape 363 canned datas.This control information can be stored in tape 363 together with this information.In another embodiment, microphone 361 can include its oneself can control information is associated with audio-frequency information (for example, by audio-frequency information and control information hidden (steganogrphically) be encoded) internal security node 72.Blattnerphone 362 can be implemented this control being applied by microphone 361.
Another way is, microphone 361 can operate by digital form, by the numeral of audio frequency, may also comprise the control information that the security node 72 that is included in alternatively in microphone 361 provides, directly offer connected equipment, such as blattnerphone 362.In Fig. 1 C example, the optionally analog representation of arbitrary signal between alternate device of numeral.
Identical or different blattnerphone 362 can playback tape 363 on the information 366 of record, and this information is offered to Audio mixer 364.Audio mixer 364 can mix, edit or process information 366 otherwise, generates the information 368 that represents one or a sequence sound.Audio mixer 364 for example can be accepted, from other equipment-input of other blattnerphone, other microphones, sound generator, music synthesizer or any other equipment one based on audio frequency.Any or all these kind equipments also can comprise security node 72, with the information of protecting them to generate.In some embodiments, some numerical information can obtain from include the equipment of security node, and other numerical informations never obtain in the equipment of security node.In further embodiments, the numerical information that is provided to Audio mixer 364 is shielded a bit, and some is not shielded.
In this example, Audio mixer 364 includes a security node 72F, and its implements-if any-control that applied by blattnerphone security node 72E, and/or implements its oneself control.
Digital image mixer 356 provides numerical information 358 to " DVD-RAM " equipment 360, and this equipment can be write stamper 100 and/or write and can be generated by it dish of stamper.Similarly, Audio mixer 364 can provide numerical information 368 to equipment 360, and equipment 360 is recorded to picture information 358 and audio-frequency information 368 on stamper 100.In this example; equipment 360 can include a security node 72D; its implements the control applied by digital camera security node 72A, video tape recorder security node 72B, digital mixer security node 72C, blattnerphone security node 72E and/or Audio mixer security node 72F, and/or it also can add its oneself protection information in its numerical information of writing stamper 100 358 to.Disc manufacturer then just can be with conventional mass production of optical discs equipment, and the CD 100 (1)~100 (N) of large-lot production based on stamper 100, for for example, by any channel propagation (passing through Audio-Video Shop, web network address, cinema etc.).Consumer device 50 shown in Figure 1A and Figure 1B can be implemented to coiling the control that on 100, canned data applies by playback dish 100-.Security node 72 like this, in all processes of manufacture, propagation and use dish 100, is keeping end-to-end, lasting security control on the image being generated by digital camera 350 and the sound that generated by microphone 361.
In the example of Fig. 1 C, between various device is mutual, can communicate by so-called " IEEE1394 " high-speed figure universal serial bus.Here, " IEEE 1394 " refer to the hardware and software standard proposing in the following standard criterion of quoting herein:
1394-high performance serial bus 1995?
ieee standardno. 1-55937-583-3 (International Power EEA Eelectronic Eengineering Association nineteen ninety-five).This specification description a kind of self-configuring, can heat insert, low-cost, scalable high-speed memory mapping digital serial bus.The synchronous and asynchronous transmission of this bus support 100,200 or 400Mbps, and support neatly many different topological structures.This specification description a Physical layer that includes two power leads and two pairs of signal dual-hinge lines.This standard has further described physics, connection and the transaction layer protocol that comprises serial bus management.
On the other hand, also can carry out " IEEE 1394 " medium shown in alternate figures 1C with other suitable electronic communication device, comprise other wire medium (for example Ethernet, USB (universal serial bus)) and/or wireless medium, infrared signal and/or any other electronic communication device and/or type based on radio frequency (RF) transmission.
Special player structure for example
Fig. 2 A represents a configuration example of special player 52.In this example, player 52 comprises an optic disk driver 80, controller 82 (for example comprise microprocessor 84, storer-such as ROM (read-only memory) 86 and user interface 88) and video/audio processing block 90.Optic disk driver 80, by the optics with CD 100 and physical action, reads numerical information from this dish.Controller 82 is controlled optic disk driver 80 according to being stored in storer 86 and the programmed instruction of being carried out by microprocessor 84 (and the user who further provides according to the user interface 88 by connecting control 58 and/or telepilot 56 inputs).The standard technique of video/audio processing block 90 use Audio and Video decompress(ion)s and so on, the digital video that optic disk driver 80 is read and audio-frequency information convert the signal with family's colour TV 54 compatibilities to.Video/audio processing block 90 also can insert the visable indicia of an expression to the entitlement of this video program and/or protection.Piece 90 adopts a kind of figure notation must not indicate and record this content to standard recording arrangement.
Security node topology example
Fig. 2 B represents platform shown in a Figure 1B 60 routine structure one used, and it builds around a PC in this example, but can comprise the dissimilar equipment of any amount.In this example, PC 62 can be connected to one such as the electric network 150 of the Internet by communication block 152.Computer equipment 62 can comprise optic disk driver 80 (it can be similar or identical with the optic disk driver 80 comprising in player 52 examples).Computer equipment 62 further can comprise microprocessor 154, storer 156 (for example comprising random access memory and ROM (read-only memory)), disc driver 158, video/audio processing block 160.In addition, computer equipment 62 can also comprise secure processing units 64 or other shielded processing environment of anti-destruction.Like this, the security node shown in Figure 1B 72 just can be combined to provide by the software of carrying out on secure processing units 164, microprocessor 154 or these two.With only with software, only all can realize security node 72 by the different implementation methods such as scheme that hardware or software and hardware mix.
Dish data structure and relevant protection are for example
The example of some data structures of storage on Fig. 3 indicating panel 100.In this example, dish 100 can be stored property or other content 200 of one or more protected forms or unprotect form.In general; in this example, if property 200 is at least Partial encryption, and/or to use the required related information of this property be at least Partial encryption; and/or do not meet some requirements and just can not use in other cases, this property is shielded.For example, property 200 (1) can be with all or part of encryption of conventional safety encipher technology.Another property 200 (2) may be completely unshielded, therefore can unrestrictedly freely use by milli.Therefore; according to this example; dish 100 can be stored two kinds of contents simultaneously, and a kind of is film as protected property 200 (1) storages, a kind of be as 200 (2) storages of unprotect property will not protect to performer and producer's interview program or " film advance notice advertisement ".As shown in this example, dish 100 can be stored the different properties 200 of the protected of any amount or unprotect form, and quantity is only subject to the restriction of capacity of optical storage.
In one embodiment, by dish 100 protection mechanisms that provide, can use any part of the protection described in the patent of above-cited Shear (and/or other) structure and/or technology or all.The patent of Shear by non-exhaustive for example, has been described to solve and how have been protected digital content not by the method for the problem of unauthorized use.For example, in the patent specification of Shear, wherein described one by the method for distribution control node-use electronically " supervision " digital content service condition in client computer.This comprises can realize the apparatus and method to the consequence of any this use.
In the patent specification of Shear, the non-limitative example of some key element comprises:
(a) deciphering of enciphered message,
(b) statistics,
(c) rule of setting with content supplier according to the statistical information deriving is combined the use control drawing,
(d) report content is used information safely,
(e) database technology is in the storage of protected information with the use of transmitting,
(f) local security of budget is safeguarded, for example, comprise credit budget,
(g) this locality of encryption key and contents usage information, safe storage,
(h) control the local security of processing and carry out,
(i) in many non-limitative examples, the use of optical medium
Any part of these features or all can with herein narration invention be combined with.
It is local or long-range problem to user that the instructions of authorizing the patent of Shear also relates to data-base content.In the storage of an end user's system place and by the supplementary database information of long-range " online " database information, for example can be for strengthening local information, in one embodiment, local information for example can be stored in, in optical medium (DVD and/or CD-ROM).For example the semiconductor hardware of available dedicated provides a secure execution environments, guarantees that digital business activity has a safe and reliable basis.
The patent of Shear has wherein also been described the database being undertaken by the use of safety, statistics and use management function and has been used control.In instructions, especially described a kind of statistics and control system, in this system, the database of encrypting is at least partly sent to user's (for example, on optical medium).The indefiniteness example of this class optical medium for example comprises DVD and CD-ROM.Example is subsequently if add up and control with the whole bag of tricks, and the use information of result can be transferred to a party responsible (as an example).
The patent specification of Shear has also been described according to the Information generation bill of transmission.Other embodiment of the patent of Shear for example provides unique information security invention, and these examples are the use of restricted digital content as related to according to use pattern, such as the quantity of specific use kind.These functions comprise that monitoring is by " propinquity " and/or " logical interdependency " of the information of use, to guarantee the right of someone its license of electronics " behavior " insurmountability.The other side of Shear patent has especially also been described and can have been made organization security ground, the function of managing electronic information right to use partly.When a part for a database or database is passed to a customer address, some embodiment of Shear patent for example provides optical storage (wherein the example of non-limit comprises DVD and CD-ROM) as transmission mechanism.This memory storage can such as a collection of video, audio frequency, image, software program, game etc., be stored on optical medium, for example, on DVD and/or CD-ROM, in addition also store other content, such as a collection of text, document record, parts catalogue and various copyright material and non-copyright material.These features any one or all can be for embodiment herein.
A specific indefiniteness embodiment for example may relate to a supplier who prepares a collection of game.Supplier prepares the database " index " of a storage gaming-related information, and the information content is for example maximum access times or the T.T. of game name, introduction, producer identification symbol, price and each game before registration or re-registration requirement.This information some or all can for example be stored on optical medium by encryption format, the indefiniteness example of optical medium comprises DVD and CD-ROM.So supplier can partly or entirely encrypt some of playing, unless make one or more encryption sections decrypted, game just can not be used.In general, unless supplier's defined terms is met, for example, unless can obtain paying the credit of cost of use and the fox message of reflection game service condition is stored, otherwise deciphering just can not occur.Whether supplier can determine, for example, which User Activity is its permission, be check and/or control object and add up this class activity, if required, set what restriction for allowed activity.This may comprise, for example, and the time of the number of times of playing games and each game.Price can give a discount, and whether total degree, the client of the use game of its T.T. of using according to game, current registration also logins other service that this same supplier provides, etc.
In the indefiniteness example of discussing in the above, supplier for example can be assembled together ready game and other for information about, and this set is distributed on optical medium, and the indefiniteness example of optical medium comprises IDVD and/or CD-ROM.Then supplier can sell to the client of expection this DVD dish.So client can select to think the game of object for appreciation, then contacts with supplier.So supplier just can be according to its business model, log-on message is issued to each and authorize client, wherein for example comprise use log-on message, the decruption key of the encryption section of selected game (another way is, use the mandate of game to arrive with DVD dish and/or CD-ROM dish, or, by user's security client system, according to the user class of the check that for example user participates in, the standard of setting according to supplier is determined automatically).Client adopts user's client's deciphering and statistical organization, so just can utilize these game.Then this mechanism can record use information, the number of times of for example playing and being used, and the time span of for example at every turn playing.It can send this information to game supplier termly, and reality has reduced the management overhead requirement of supplier's central server like this.Game supplier can collect game usage charges according to the fox message of receiving.This information both can be collected account for client, also can be for from credit supplier rent is to be paid.
Game provides a kind of example of indefiniteness easily, yet many these identical thoughts can easily be applied to the content of all kinds, and the property of all kinds, for example, comprise:
● video,
● digital movie,
● audio frequency,
● image,
● multimedia,
● software
● game,
● any other property,
● any property combination
Other indefiniteness embodiment of Shear patent specification for example supports to control safely different types of User Activity, for example, show, printing, electronics mode store, communicate by letter etc.Different control criterions is further applied to these different use activities in some aspect.For example, can by viewed information with take copy, modification and remote transmission read in the information difference of principal computer, the applicable different usage charges (expense of like this, for example browsing is just significantly less than the expense that copies or print) of different activities as object.
Shear patent specification is for example also described the information management of the organization internal that Liao You publisher and client carry out.For example, there is a kind of optional security system to can be used for allowing tissue to prevent from using all or part of information bank, unless user has inputted security code.Can support multi-level security code to allow the secret use of authorizing level to carry out limited subscriber according to user.An embodiment for example can combine to improve survivability with hardware and software, and another embodiment can adopt a kind of system based on software completely.Although dedicated hardware/software system can guarantee anti-destruction in some cases, for some application, on non-dedicated system, with software, carry out the technology realizing and just can provide enough anti-damage performances.Any or all these features can illustrate that the technology of disclosure is combined with the present invention.
Fig. 3 CD also can storing metadata (metadata), control and out of Memory
In this example, dish 100 also can store " metadata " of protection and/or unprotect form.Player 52 use metadata 202 are assisted one or more properties 200 of use dish 100 storages.For example, dish 100 can store the meta data block 202 (1) of a unprotect form and another has the meta data block 202 (2) of protecting form.Dish 100 can be stored any amount of " metadata " piece 202 that has protection and/or unprotect form, and quantity is only subject to the restriction of CD capacity.In this example, metadata 202 comprises for accessing the information of property 200.This metadata 202 for example can comprise frame sequential or " navigation " information for the playback sequence of one or more properties 200 of storage on console panel 100.For instance; unprotect meta data block 202 can be accessed the selected part of protected property 200 to generate " preview " image of a breviary; meanwhile, shielded meta data block 202 can contain the picture frame playback sequence of all videos of property 200.Another example is to provide different meta data block 202 for the difference " montage " (such as R level version, PG level version, director's edited versions etc.) of same film property 200.
In this example, dish 100 other data that can store for security purpose.For example, dish 100 can be stored the control law of controlling collection 204 forms, and these control laws can be packaged together with the form of one or more safety containers 206.Business model participant can provide representative electron Rule and the control of " electronics " interests separately safely.These rules and control have expanded a kind of " virtual presence
tM" (Virtual presenct
tM), the right that business participant can arrange mutually according to them separately by it is managed long-range value chain activity.This virtual presence can adopt the form of the electronics condition that participant stipulates (for example rule and control), and before electron event occurs, these conditions must meet.These rules and control can be used in the right of implementing litigant between " downstream " e-business active stage.That VDE content container provides and/or otherwise use the obtainable control information of VDE content container, for example can form one or more " proposal " electronic protocol, this agreement is for managing the use of this content and/or using the consequence of this content, and can work out the terms of agreement that relate to litigant in many ways and rights and obligations thereof.
In many ways litigant's rule and control example form centralized control collection (" cooperation virtual presence as can be used for
tM"-Cooperative Virtual presence
tM), guarantee that the e-business activity in value chain participant is consistent with agreement.These control collection such as stipulating management and the interactive condition of protected digital content (digital content of propagation, device control message etc.).These conditions for example can not only, for the use of control figure information itself, also can be controlled the consequence of this use.Result is, business participant's interests are separately protected, cooperation, efficient and flexibly electronic business mode formed.These patterns can be combined with the present invention.
Dish can storage encryption information
Encryption key block 208 itself will be used one or more encryption keys.In order to make any protected information of storage on player 52 energy use dishes 100, first the counterpart keys in encryption key block must be deciphered-then with the key of deciphering in key block, go to decipher corresponding content.
In this example, to the required key of the deciphering of encryption key block, can there is several different one of (may be optional) source.In example shown in Fig. 3, the one or more forms of dish 100 storage are the decruption key of secrete key 210, for to the originally deciphering of key block 208 with it of medium.Secrete key 210 for example can be stored in general access on dish 100 less than position.This " general access less than " position for example can, physically to driver 80 gatings of installing in player 52, be closed the driver 80 being arranged in personal computer 62.Gating can be by the realizations such as wire jumper on different firmwares, driver 80.Secrete key 210 can be placed on dish 100 like this, makes the attempt of any this dish of physical copy cause copying this secrete key.In one embodiment; secrete key can be according to the description of J.Hogan; be hidden in the bit stream coded sequence of one or more and (consult Josh Hogan " DVD copy protection "; this is the report of author in the conference of the 4th DVD copy protection technology; on May 30th, 96, California, USA Burbank).
A kind of optional method and/or addition method are that the key required to the deciphering of encryption key block 208 can be provided by disk drive 80.In this example, CD drive 80 may comprise small-sized deciphering parts, and for example an integrated circuit decryption engine, includes a small-sized safety internal key storer 212 of storing key.CD drive 212 can be decrypted encryption key block 208 with this crypto key memory 212; neither expose key 212 and do not expose again the key block 208 of having deciphered, then with the deciphering in key block 208 key to protected content 200,202 deciphering.
Safety container can be stored and/or use to dish
In another example, deciphering protected content 200,202 required key in safety container 206 inside, provide.The example that Fig. 3 A expresses possibility comprise the information content 304 safety container 206 (property 200 and metadata 202 for this container, can be outside-or, the data structure of optic disk 100 storage all or most parts that can be used as logic and/or actual protected container).Shown in Fig. 3, control collection 204 and can comprise one or more permission records 306, one or more budget 308 and/or one or more method 310, as shown in Figure 3A.The example that Fig. 3 B represents is controlled collection 204 provides one or more encryption keys 208, one or more content designator 220 and one or more control 222.In this example, different control 222 can be applied to different equipment and/or equipment class, such as player 52 and/or computer equipment 62, specifically depending on particular platform and/or platform-relevant function.In addition, control 222 and also can be applied to different property 200 and/or different meta data block 202.For example, controlling 222 (1) can allow the played device 52 of property 200 (1) or computer equipment 62 to copy once as backup.(it may be played device 52 completely ignores, because the latter's technology and/or function of keeping secret are inadequate to control 222 (2); But it can be by computer equipment 62 for its security node 72) can allow user to ask, allow openly to perform identical property 200 (1) (for example in bar or other public place), and make user's credit or other account's book automatically for to perform in a radio or TV programme and to borrow certain usage charges at every turn.Controlling 222 (3) for the 3rd for example can allow security node 72 (rather than player 52) to agree to that certain user class (advertiser who for example checks and approves and reporter) extracts or some part of the protected property 200 (1) of selected parts is used for publicity.Another is controlled 222 (4) and for example can allow VDisc player 52 and security node 72 but the two can be watched some tableaux one in property 200 (1) scopes may only allow security node 72 to copy tableaux under the condition of usage charges that pays certain level.
CD and/or system can be utilized the example of the foundation structure of being commissioned
Control 222 and can contain sensing for the pointer in the source of the additional control collection of other content on one or more properties, control, metadata and/or CD.In an example, these additional acquisition approach of controlling can be from a third party who is commissioned, for example right and license switching station, and/or authorize at least one additional value chain participant who controls collection is provided by least one right holder from any other.This right is several distributed electronic management and one of reinforcement service with license switching station.Distributed electronic management can be called " distributed business application " with reinforcement service, and one of its feature is that it is the integrated module array of a kind of management for e-business and electronic rights and trade management and reinforcement service.These management and reinforcement service can be used for as carrying out Financial Management, managing entitlement, license, rule clearance, use clear, security catalog service and other and provide foundation for security at electronic network (such as the Internet) and/or in-house in-house network or the relevant function of the transaction of even working on the electronic equipment network in family.The indefiniteness example of these electronic equipments comprises at least once in a while the optical media device connecting, for example, comprise read-only and/or can write the DVD driver in DVD player and computing machine and comprise Digital Television for example and containing the convergent equipment (convergent devices) of the Set Top Box of DVD driver.
These management and reinforcement services for example can adapt to e-business value chain in any amount of vertical market-the comprise special requirement of omnifarious entertainment applications after transformation.E-business participant for example can support its interests with reinforcement service with these management, and/or they can also form and re-use according to commercial reality with keen competition their service.The example of ecommerce participant's the non-limit of some of them comprises individual creator, video display and music making chamber, retail trader, program gatherer, broadcaster, cable and satellite operator.
Distributed business application examples is if used management resource with the highest efficiency utilization, and at least in some embodiments, can determine scale pragmaticly, adapts to best the demand that e-business increases.
Distributed business application examples is as comprised many commercial systems for applications.These commercial systems for applications can provide foundation structure to support net, for whole electronics circle and/or its many or whole participants or re-use.Different support functions for example can be put together to adapt to various business models and/or other object by level and/or cyberrelationship.Modularization support function for example can be combined into different series, forms and can adapt to different design realizations and the different commercial systems for applications of object.These commercial systems for applications for example can be distributed in the electronic equipment that various distributed degrees differ.
Many additional functions and benefit that " distributed business application " provides, can combine use with the specific embodiment shown in the application's accompanying drawing, and some non-exhaustive examples wherein comprise:
● can make e-business and managing entitlement efficient and practical.
● the service of managing safely and supporting electronic reciprocal effect and consequence is provided.
● be provided for mankind's electronic reciprocal effect of e-business and other form and the fundamental mechanism of relation.
● optimally bring into play the efficiency of Modern distribution calculating and network.
● automatic electronic and distribution process are provided.
● support modularization, able to programme, distributed and computerized e-business and communication infrastructure best.
● provide scope comprehensive function combination series, support the service of carrying out various management and supporting function.
● adopt to greatest extent the benefit of automatic electronic and distribution process, realize optimum allocation and the use of System and Network resource.
● efficient, flexibly, cost-benefit is high, configurable, can be again with, can revise, can promote.
● can reflect economically user's commercial affairs and security requirements.
● optimally distribution process-permission business model arrange flexibly, convergent-divergent as required, adapt to and meet user's needs.
● can process efficiently comings and goings and volume of services.
● can combine to distribute and to focus on, be every kind of business model customization and operation.
● provide and can form uniquely and can condition of compatibility change and a whole set of this locality of reinventing, concentrate and networking comprehensive function.
● support generic resource and can be used further to many different patterns; The foundation structure having arranged can be had the different different value chains that require and be used.
● can support any amount of business and communication pattern.
● use efficiently local, concentrate and networking resource meets the requirement of each value chain.
● the shared expense of having shared of public resource, makes maximizing efficiency.
● support hybrid, distributed, reciprocity, centralized network functions.
● can carry out this locality, long-range and/or central operation.
● can be synchronously, operation asynchronously, or support this two kinds of operator schemes.
● variable flexibly, to adapt to instantaneous ten thousand commercial opportunity, relation and the constraints that become in " PC World ".
These features partly or entirely can be combined with the present invention who discloses herein.
One of advantage that distributed business application provides is, for the electronic reciprocal effect of e-business and other form provides comprehensively integrated management and reinforcement service.These electronic reciprocal effects that distributed business application is supported, need at least in some embodiments to use equipment and the propagation medium of wide region, their indefiniteness example comprises, the network of all current forms and in the future form and other communication port, consumer device, computing machine, for example, such as convergent equipment and the optical medium of WebTV, CD-ROM and DVD.
The example of access technique
Fig. 3,4A and 4B represent the example of the access technique that player 52 provides.In this example, when dish 100 is loaded into the CD drive 80 (Fig. 4 A, frame 400) of player, player controller 82 can indicate driver 80 from coiling 100 extraction secrete keys 210, with them, go decryption portion or whole encryption key block 208 (Fig. 4 A, frame 402).In this example, driver 80 is storage key like this, while making to decipher, they can be exposed to player controller 82 (for example by key storage in the crypto key memory 212 of the secure decryption components interior of the decryption engine such as based on integrated circuit) (Fig. 4 A, piece 404).Player 52 can be controlled driver 80 and read control collection 204 (can encrypt also and can not encrypt) from coiling 100.Player microprocessor 82 can analysis and Control collection, ignore or abandon the control 222 that those surpass its envelop of function, and corresponding license and/or the digital rights management information of the control subset that can implement with it (for example " copy once " and control 222 (1)) saved.
Then player 52 can wait for that user files a request by control inputs 58 and/or telepilot 56.If control inputs is duplicate requests ("Yes" of decision block 408 outlet in Fig. 4 A), the microprocessor 84 of player just inquiry controls 222 (1), judges whether to allow to copy; And if allow, what (decision block 410 of Fig. 4 A) is condition be.Then, if corresponding control 222 (1) forbids copying ("No" of decision block 410 outlet in Fig. 4 A), player 52 is just refused replicating disk 100; If corresponding control 222 (1) allows to copy (the "Yes" of decision block 410 outlet in Fig. 4 A; Decision block 412), just allow to copy (for example control all information on driver 80 sequential access dishes 100 and information is sent to not shown output port).In this example, player 52 when copying, can be in inner nonvolatile memory (for example, in controller storage 86) or control one of 222 (1) other local storage requiring and coil 100 associated identifiers.The identifier of this storage for the restriction of implementing " copying once " (for example can be played device 52, if user attempts with the same CD of same player multiple copies, or promising control 222 (1) other when attempt of forbidding, player can be refused this request).
If user asks to play or reads a property 200 ("Yes" of decision block 414 outlet in Fig. 4 A), player controller 82 just can be controlled driver 80 and read corresponding information (for example, by the order of metadata 202 regulations) from selected property 200, and optionally to the decrypts information of reading, deciphering used is the key (frame 416 of Fig. 4 A) being stored in from key block 208 is obtained while starting in the crypto key memory 212 of driver.
Fig. 4 B is a kind of version of Fig. 4 A process, and the situation of its adaptation is that player 52 itself provides the decruption key to encryption key block 208 deciphering.In this example, controller 82 can provide one or more decruption keys to driver 80, method is to use a kind of security protocol, such as Diffie-Hellman key protocol, or by use that driver is connected or was connected with player 52 with some other systems or parts known shared key (frame 403 of Fig. 4 B) all.Driver 80 can be deciphered the encryption key block 208 shown in Fig. 4 A center 404 with these keys that provide, or also can directly decipher with provided key the content of protected property 2000 and/or protected metadata 202 (2) and so on.
Another example is that player 52 can be programmed to it to the duplicate of the digital properties of film of encrypted form and so on, to be placed in the software container of an anti-destruction.In this software container, contain a code, indicating this digital properties is duplicate plate rather than master.The player 52 sending also can be placed in identical safety container its own exclusive identifier (or one be intended to the equipment that receives-such as another player 52, boxlike video player or the exclusive identifier of equipment 50-) to realize the requirement of playing this duplicate plate on the equipment that is only intended to receive at this.Player 52 (or other receiving equipment) can be programmed to, and when detecting, does not copy (or additionally not copying) when digital properties is duplicate plate rather than master.If required, player can be with being programmed to, and refusal is play the digital properties of not packing together with the exclusive identifier with this player.
Use the example of analog encoding technology
In another example, more comprehensive digital rights management information can be by player 52 coding in simulation output, and method is to adopt watermark and/or fingerprint method.It is all simulation rather than digital that present " real world " has suitable part.Although simulating signal is omnipresent, existing in simulation field management right and the protection method of copyright or very original, or do not have at all.For example:
● how for deterioration state-owned in analoging reproduction, do not stop pirate industry prevailing of tens dollars.
● some watches the method for protection to attempt to prevent completely that the content to commercial distribution from copying about video-tape copy protection and paying, or only allows a generation to copy.These methods are generally easy to be overcome by people.
● be not that all existing equipments are all made correct reaction to copying protection signals.
● existing scheme is for example confined to " allowing to copy/must not copy " such control.
● the copy protection of phonogram is not yet commercially carried out.
Have one to analog and digital signal between information change relevant problem.Even if information is at the beginning because adopting powerful digital rights management technology be subject to effectively protection and control, the analoging reproduction version of identical information may no longer be subject to safe protection.
For example, for somebody, to carrying out analogue recording with the program material of digital format distribution at first, be generally possible.Some is fairly good according to the analogue recording quality of digital master.For example, a kind of digital universal disc (DVD) player can become analog format by the movie conversion of digital format, and this simulating signal is offered to high-quality simulated domestic videocassette recorder (VCR).Family expenses VCR records this simulating signal.Like this, consumer has just obtained the high-quality analoging reproduction version to master digital properties.People can record the simulating signal in DVD-RAM again.In many situations, this recording has suitable quality-and is no longer subject to the constraint of " paying is watched ", or the constraint that controlled by other digital rights management associated with the identical content of digital version.
In view of analog format will be followed our long time, the right owner of film studio and so on, image taxi and distribution company, music making company and retail trader and other value chain participant can enjoy a lot the significantly better managing entitlement function for analog motion picture, image, sound goods and other content.Address this problem and generally need to have a kind of method to come really digital rights management information to be associated with protected content.
After watermark and/or fingerprint and the combination of other right functions; " end-to-end " safe rights administrative protection can be provided, allow content provider and right owner to guarantee that their content is subject to enough protections--the character of processing regardless of the type at content propagation chain internal unit, signal format and signal is how.The analog machine that this " end-to-end " protection allow to be authorized by easily, seamlessly, high being integrated in modern managing entitlement structure of cost-effectiveness.
Watermark and/or fingerprint for example can contain can be as the basic control information of virtual communication environments (" VDE "), and in this virtual communication environments, electronic rights management control information can for example, be transmitted on unsafe (simulating) communication port.This virtual communication environments high flexible is convenient, adapt to existing and new business model, simultaneously also provide unprecedented flexibility ratio, be especially convenient to set up between e-business and value chain participant new arrangement and relation-no matter content with numeral and/or analog format, propagate.
Watermark combines and has many advantages with distributed reciprocity administrative skill, comprising:
● for a kind of unsuppressible-suppression and the sightless safety technique of digital rights management information are provided.
● a kind of unsuppressible method being associated with analog content such as film, image and sound goods that e-business and/or managing entitlement are controlled.
● business and/or managing entitlement are controlled lasting associated with the content of the end to end of broadcasting system, for example, no matter the quantity of conversion between signaling format (analog-to-digital conversion, number-Mo change) and type are how.
● the ability of regulation " must not copy/once copy/multiple copies " managing entitlement rule and more complicated right and transaction pricing model (for example " paying is watched " and other).
● all seamlessly with the integrated ability of comprehensive, general electronic rights management solution.
● with the simulation of mandate and the security control information transmission that other is nonnumeric and/or non-vital data signal transmission mechanism is combined
● the more complicated and/or ability of business and/or managing entitlement rule is more flexibly provided for numeral or while changing in the other direction from analog-converted in content.
●, business that upgrade or additional business model new by implementing and/or simulation that managing entitlement rule is sent to mandate and/or the flexible ability of digital device.
The use that partly or entirely can combine with the present invention that instructions of the present invention discloses of these features.
In brief, watermark and/or fingerprint method can be used " hidden " (" steganographical ") technology, substantially unsuppressible-suppression and substantially can not see insight in information signal in-line coding managing entitlement and/or e-business rule and control, information signal is for example digitizing (for example sampling) form of simulating signal or simulating signal, non-limitative example wherein comprises video and/or audio data, and then this information signal is decoded by local device and used.This analog information and having much by the transmission means of the digital rights management information of shorthand coding, non-limitative example wherein comprises that broadcast, CATV (cable television) and/or physical medium one one of them indefiniteness example are VCR tape.
The use that partly or entirely can combine with the present invention that instructions of the present invention discloses of these features.
Watermark and/or fingerprint method at least can make some digital rights management information carry out remaining after analog-digital conversion and digital-to-analog conversion at video and/or out of Memory.Like this, in one embodiment, the safe rights management process that two or more simulations and/or digital device can participate in being commissioned and/or the end-to-end tissue of event.
Embodiment with better function
As mentioned above, the control collection example shown in Fig. 3 B provides a kind of comprehensive, flexible and extendible control collection, can be for player 52 and computer equipment 62 (or other platform), and this depends on particular technology, safety and other function of platform.In this example, player 52 is because large-lot production consumer appliance will reduce costs the requirement with complicacy, so only have limited technology and security function, therefore substantially can ignore or not start that some of the control 222 that provides in collection 204 is provided is part or all of.In another example, because the cost of storer and/or processor constantly declines, manufacturer selects to increase technology and the security function of player 52 possibly.That the more player 52 of function will provide will be more powerful, sound and managing entitlement function flexibly.
Fig. 5 shows the device example that the platform 60 that allows to comprise security node 72 has function enhancing and/or different of information on use dish 100 and/or digital rights management information.Referring to Fig. 5, security node 72 can be connected to network 150, and player 52 cannot, this makes security node have other great dirigibility at relevant communication security message context, such as checking that clue, relevant paying require or the information-related compensation such as order.This connection of security node 72 and network 150, (it was likely replaced by other the communication technology in any application, such as the technology of inserting an interchangeable memory bar) allow security node 72 to accept and preserve safely managing entitlement control information, such as comprise extra control collection 204 ' extra container 206 '.Security node 72 collects can also use 204 and controls collection 204 ' or collect 204 with controlling collection 204 ' replace controlling except coiling on 100 the control of storage.Security node 72 also can retain the encryption key storer 212 of a safety, by its provide on replacement dish 100 storage any key 208,210 or key 208,210 outside additional encryption key.Due to the raising of safety and/or technical functionality, security node 72 just may use player 52 ignore or out of use control collection 204 in control 222--and can control collection 204 ' basis on be equipped with further and/or the right strengthening and/or managing entitlement function (they for example can specify and can be applied to be stored in specific property 200 and/or specific CD collection on dish 100 by user is special).
The example of security node access technique
Fig. 6 shows the example (for example it can by adopting the platform 60 of security node 72 carry out) of access technique, and it comprises in this example, security node 72 is from coiling 100 extraction property identification informations 220 (frame 502 of Fig. 6), then finds applicable control collection and/or rule 204 (they may be stored on dish 100, in security node 72, in one or more memory locations of accessing by network 150 of security node 72 and/or any or all of combination of these technology) (frame 504 of Fig. 6).Then security node 72 packs necessary decruption key into and with them, carrys out decryption information (Fig. 6 center 500) as required.In an example; security node 72 obtains necessary key from safety container 206 and/or 206; and they are kept in protected processing environment a such as SPU 164 or are kept in the protected processing environment of a software emulation, and they are not exposed to outside this environment.In another example, security node 72 can pack necessary key (or its subset) into CD drive by a security key exchange agreement, for disk drive, for decryption information, its mode is identical with generation in player 52, to keep the complete compatibility of driver hardware.
For example, if institute's solicit operation is to discharge content (this content once being copied), platform 60 (or player in upper example 52) is just at least partly according to the specific control of this Content Implementation right is carried out to asked operation.For example, this control can stop platform 60 can not discharge content for the equipment copying beyond the output device of particular type of this content to some, or allows it with a kind of, be unfavorable for that the mode copying discharges content and (for example on duplicate, embeds " fingerprint " that represents duplicator's identity; Have a mind to reduce the quality that is released content, what make it to copy is with low quality, etc.).A concrete example is that a videocassette recorder being connected with platform 60 (do not give and illustrating in figure) can be the output device for copying.If copied because current analog machine series such as videocassette recorder carries out many generations, will inevitably greatly reduce quality, so content provider can provide the control (not reducing quality because digital device can unrestrictedly copy) that allows content by this analoglike device replication but do not allow to be copied by digital device.For example, under the numerically controlled control that platform 60 is preserved at security node 72, only at videocassette recorder, to this platform, provide a digital ID, while representing that this output device is a videocassette recorder, unless just can discharge content-this digital ID to videocassette recorder, confirm that this output device is an analog machine that quality is lower, otherwise can refuse to provide any output.In addition or another kind of optional way be that the quality of the content providing to videocassette recorder can be deliberately provided platform 60, unacceptable to guarantee the quality that the second generation copies.In another example, the more fully digital rights management information of can being encoded in simulation output by platform 60 use watermarks and/or fingerprint technique.
Other example that safety container is used
Fig. 7 means according to the present invention, contains one for a ground instance of the dvd media 700 of the safety container 701 that uses at DVD.As shown in this example, container 701 (" DigiBox of DVD ") can be to be specially the professional version of " standard " container of designing for DVD and/or other media, or can be also (scheme as shown in Figure 8) complete " standard " container.As shown in this example, professional container 701 has such feature, allows it to be combined with encryption and/or the protection information of storage on content information, metadata and dvd media 700, used just the same when its mode does not exist as container 701.Like this, professional container 701 possessed with DVD and/or other medium on the available data form that uses and the compatibility of tissue.In addition, professional container 701 can be customized to and only support those for supporting DVD and/or the necessary feature of other medium, to can use than supporting the needed more powerful or more not cheap computational resource of " standard " container object to process and/or control completely.
In this example, specialty " only DVD " container 701 comprises content object (property) 703, the latter comprises " external reference " 705 of pointing to video title content 707, and it can be not comprise that medium such same way used of container 701 is stored in DVD and/or other medium.Video title content 707 can comprise MPEG-2 and or AC-3 content 708, and upset (protection) information 710 and stem, structure and/or metadata 711.The information that external reference 705 contains can be specified (point to, identify and/or describe) the specific external procedure that will apply or carry out in order to use the out of Memory of not storing on content and container 701.In this example, external reference 705 designated title contents 707 and parts 708,710 and 711 thereof.Another kind of way is, container 701 can container self EMS memory storage video title content partly or entirely, form used is a kind of form and the tissue of container 701 special uses, rather than DVD and/or other medium 700 form used.
In this example, container 701 also comprises a control object (controlling collection) 705, the rule that its regulation is used video title content 707 to use.As shown in solid arrow 702, control object 707 " is applied to " content object (property) 703.As shown in this example, rule 704 can stipulate the protection process that will apply, for example CGMA or Matsushita data perturbation process, and can pass through regular 704 contained external references 709, specify in data perturbation information 710 used while carrying out protection scheme.Cutline in rule 704 " is carried out CGMA " and is represented; this rule request is combined with the standard C GMA protection scheme for content on dvd media with video title content 707; but in a different example except " carry out CGMA " rule; can also in control object 705, stipulate any Else Rule; or in control object 705, stipulate that any Else Rule replaces " carrying out CGMA " rule; this any Else Rule comprises other standard DVD protection mechanism, such as Matsushita data perturbation scheme and other managing entitlement mechanism.External reference 709 allows rule 704 to be based upon on the basis of protection information 710, the form of its storage and control and mode with not containing container 701 and/or only in the context of container handling 701 DVD of the significant protection information of ability identical.
The dvd media 800 that the example that represents Fig. 8 contains " standard " safety container 801.In this example, " standard " container provides all functions (if necessary) of Fig. 7 container, but can also provide additional and/or use function (for example, by the function of using the various different platforms operations of security node) than getable managing entitlement widely on " only DVD " container and/or content.
Fig. 9 represents the dvd media 800 that an example is more complicated, the volumetric standard 901 that it has provides all functions (if necessary) of Fig. 7 container, and can be the same with other volumetric standard 902 work, no matter this other volumetric standard 902 is positioned on identical dvd media or from another telesecurity node or network.In this example, volumetric standard 902 can comprise a replenishment control object 904 applying to the content object 902 of volumetric standard 901.Equally in this example, container 902 can provide additional rule, and such as a kind of rule of permission/expanded rights, it allows the content on DVD 900 to carry out copying of certain number of times (for example 5 times).This scheme has increased between a plurality of platforms the dirigibility of the managing entitlement of dvd content being controlled by access " rear passage " (such as the hardware that can communicate by letter with other network or computer bidirectional by Set Top Box or other).
Other purposes of the DVD dish of safety container for tool
Figure 10 represents to use " new " DVD to coil-be and includes in medium the DVD dish of special DVD safety container.In an example, this container uses possible in the situation that at two kinds: the first situation is that what to use CD is " old-fashioned " player (DVD equipment be not equipped with according to the DVD equipment that the invention provides the security node of managing entitlement); The second situation is, what use CD is " new-type " player-be equipped with according to the DVD equipment that the invention provides the security node of managing entitlement.In this example, the security node in " new-type " player has configured necessary function and has processed other copy protection information, for example CGMA control code and the main data perturbation form that is proposed and developed by Matsushita company.
For example, shown in Figure 10 in the situation that, " new-type " player (it contains according to security node of the present invention) can be identified the existence of safety container on dish.So player packs this special use DVD safety container into resident security node from dish.Security node is opened this container, and by application from the rule of control object, realize and/or implement suitable rule and with the consequences for use of relevance.These rules are very flexible.In an example, rule for example can be called other protection mechanism (wherein for example, the data perturbation method of CGMA protected code and Matsushita company), and the latter can find in content (or property) part of container.
In another example shown in Figure 10, the special-purpose DVD container on dish still allows " old-fashioned " player to use according to the content material of the operable predetermined limits quantity of routine.
The example that there is no the DVD dish of security node
Referring now to Figure 11,, another kind of situation is discussed.Figure 11 represent to have two kinds can applicable " old-fashioned " DVD dish example: in first case, what use CD is " old-fashioned " player-be not equipped with according to the DVD equipment that the invention provides the security node of managing entitlement); In second case, what use CD is " new-type " player (being equipped with security node).
In the first situation, DVD playing back content in the usual way in " old-fashioned " player.In the second situation, " new-type " player will identify and in medium, not store a container.So it just builds " virtual " container in the resident memory of equipment.For this reason, it builds a container contents object, and builds a control object that contains suitable rule.In a specific examples, the unique applicable rule that it need to be applied be " carry out CGMA "-but in other example, can adopt more and/or different rules.Then security node virtual container being offered in " new-type " player goes to carry out according to right to use management of the present invention.Although do not represent in Figure 10 and 11, can provide the use of " external reference " in the virtual and non-virtual container using yet in DVD context.
While operating between at least or the in the situation that of connection, for shared intermediary, give an example with the exemplary device of right combination.
As mentioned above, the managing entitlement resource of several distinct devices and/or other system can be combined flexibly according to different logics and/or physical relation, thereby for example produce more and/or different rights.The combination of this managing entitlement resource can be by realizing with being connected of one or more long-range managing entitlement mechanism.Figure 12~14 mean some the indefiniteness examples how managing entitlement mechanism is used in various contexts.
For example, Figure 12 shows an intermediary of managing entitlement mechanism 1000 being connected with LAN (Local Area Network) (LAN) 1002.LAN 1002 can be connected to wide area network if required.LAN 1002 connects any amount of equipment by intermediary of managing entitlement mechanism 1000, wherein for example player 50, PC 60, CD " tower " type server 1004.In illustrated example, LAN 1002 comprises a modulator-demodular unit group (and/or network protocol service device does not represent in figure) 1006, and its allows laptop computer 1008 to be connected with intermediary of managing entitlement mechanism 1000 by dial-up telephone line 1010.In addition, laptop computer 1008 can be taked other network and/or communicator with being connected also of intermediary of managing entitlement mechanism 1000, for example the Internet and/or other wide area network (WANs).Disc player 50A can be connected user is above-knee with laptop computer 1008.According to above narration, any or all equipment in Figure 12 can comprise one or more security nodes 72.
Arbitrator and/or the coordinator of right can serve as in intermediary of managing entitlement mechanism 1000.For example, laptop computer 1008 and relevant player 50A may only have limited right to use when in separate configurations.Yet, when laptop computer 1008 is connected intermediary 1000 of right management organization by modulator-demodular unit group 1006 with LAN 1002 and/or by other communicator, this laptop computer just can obtain the rights different and/or expansion of use dish 100 (for example can access different content parts, different prices, different extractions and/or propagate again right, etc.).Similarly, player 50, equipment 60 and equipment 1004 also can be by the communicating by letter of LAN 1002 intermediaries of Shang Yu managing entitlement mechanism 1000, be equipped with an enhancing and/different usage of CD-ROM right set.Preferably, by using the container of the type disclosing in the people's such as above-cited Ginter patent specification, guarantee to communicate by letter with the dealing of intermediary of managing entitlement mechanism 1000.
Figure 13 represents the use of another example intermediary of managing entitlement mechanism 1000 in home environment.In this example, laptop computer 1008 can, by high-speed serial I EEE 1394 buses and/or by other communicator, be connected with the intermediary of managing entitlement mechanism 1000 based on family.In addition, intermediary of managing entitlement mechanism 1000 can be connected with following any or all of equipment:
● high-definition television 1100
● one or more loudspeakers 1102 or other tonepad
● one or more PC 60
● one or more Set Top Box 1030
● one or more Disc players 50
● one or more 1000A~1000N of other intermediary of managing entitlement mechanism
● any other family expenses or consumer device
The above-mentioned equipment of enumerating is any or all of can comprise a security node 72.
Figure 14 represents another example use of intermediary of managing entitlement mechanism 1000.In this example, intermediary of managing entitlement mechanism 1000 connects a network 1020, such as LAN (Local Area Network), wide area network, the Internet etc.Network 1020 can provide intermediary of managing entitlement mechanism 1000 with following any/or being connected of armamentarium:
● one or more connections or the Disc player 50A, the 50B that connect once in a while;
● the computing machine 1022 of one or more networkings;
● one or more disc reader tower/servers 1004;
● one or more laptop computers 1008;
● one or more such as right and the commercial systems for applications (referring to " reliable basis structure ... " instructions of the people such as above-cited Shear) of permitting switching station;
● one or more satellites or other communication uplink 1026;
● one or more cable television head ends 1028;
● one or more Set Top Box 1030 (can be connected to satellite downlink 1032 and/or Disc player 50C);
● one or more personal computer equipments;
● one or more portable optic disk players 1034 (can connect by miscellaneous equipment, directly and/or once in a while disconnect);
● the 1000A~1000N of intermediary of one or more managing entitlement mechanism;
● any other equipment needed thereby.
The above-mentioned equipment of enumerating is any or all of can comprise a security node 72.Intermediary of managing entitlement mechanism 1000 can distribute and/or combine right, and other parts of as shown in Figure 14 any or all are used.For example, intermediary of managing entitlement mechanism 1000 can provide further safe rights management resource to the equipment being connected with intermediary by network 1020.A plurality of equipment shown in Figure 14 can participate in and in permanent or temporary transient network 1020 co-operation that connect, share the managing entitlement of single node.The right associated to using and/or control the litigant of this plurality of equipment and/or other system and/or group can be used according to the potential rule relevant with right and control.For instance, the right that can obtain by company manager's laptop computer 1008, can in some way, be combined with one or more subordinate office workers' of company right, or replace the latter, condition is that office worker's computing machine or miscellaneous equipment 60 is connected to network 1020 with networking relation temporarily.In general, this aspect of the present invention allow the distributed managing entitlement of DVD or otherwise encapsulate and send be subject to content distributed, reciprocity administrative protection.No matter whether whether DVD equipment or other content-using device add permanent or temporary transient network 1020, the equipment that no matter participates in distributed managing entitlement arrangement and/or the relation between other system connecting to be temporary transient or to have more lasting operative relationship, and this distributed managing entitlement can move.
For example, laptop computer 1008 can have depending on the obtainable different right of equipment operating place context.For example, in all Yi Ge main office environment as shown in figure 12, laptop computer 1008 can have a right set.Yet other people and/or the group cooperation in identical laptop computer 1008 and company, while being connected to more comprehensive network 1020, can be endowed a different right set.In the time of in home environment when identical laptop computer 1008 is connected in shown in example in Figure 13, can be endowed another different right set.When identical laptop computer 1008 is connected in other environment, can be endowed more different right set, the indefiniteness example of this other environment is:
● with specify individual/or the home environment of group cooperation,
● retail environment,
● as student's classroom device,
● the classroom device of cooperating with a teacher in library environment,
● factory's flooring,
● with the factory's flooring that can carry out the equipment cooperation of proprietary feature, etc.
As more specific example, the limited resources apparatus of all equipment of DVD as shown in Figure 14 50 is connected with the network computer (NC) 1022 that the charge is small, can allow the peculiar right of managing entitlement function and/or litigant and/or equipment to be enhanced (or replace), method is to permit part that managing entitlement is DVD equipment and/or all right and/or managing entitlement function and network or the combined result of personal computer (NC or PC).This right can further be strengthened or be replaced due to the availability of the managing entitlement function by reliably (safety) telecommunication network managing entitlement mechanism 1000 provides.
In same equipment-this example, be DVD equipment 50, so just can support the difference of managing entitlement function in disconnection and coupling arrangement arranges, for example in various degree, and allow right from being produced by managing entitlement equipment and/or other system in combination and/or the availability of managing entitlement function to produce available right.This can comprise by use one " more no " safety and/or the equipment of natural resources shortage or one or more combinations of the part or all of right that system obtains, wherein " more no " safety and/or equipment of natural resources shortage or system by safety or safety " degree is different " and/or resourceful from one " more " and/or have the equipment of different rights or the connection of system is enhanced, replace or revise, wherein this connection adopts one of them equipment and/or these two equipment, describe and share the right dependency rule of managing entitlement arrangement and right and/or the management function of control.
Under latter event, be connected in logic and/or long-range managing entitlement function physically, can expand (for example increasing available safe rights management resource) and/or change DVD equipment 50 or the characteristic of the user's of the DVD equipment that is connected with NC 1022, PC 60 and/or long-range managing entitlement mechanism 1000 available right.In the situation strengthening in this right, extra content part can obtain, and price can change, then propagates right and can change (being for example expanded), and contents extraction right can be increased, etc.
This " networking managing entitlement " can allow the combination of the managing entitlement resource of a plurality of logics and/or the panoramic equipment of physical relation and/or other system, by the enhancing resource providing that is connected with one or more " long-range " managing entitlement mechanism, produce larger right, or produce different rights.In addition, when managing entitlement functions increase and/or different and/or right are provided, this managing entitlement arrangement based on connecting can also be supported the content availability in many places, and method is to provide the seamless integrated of local content on content one that long-range available content one for example stores in World Wide Web long-range, based on the Internet content memorizer (world wide web), supporting database and one or more DVD dishes 100.
In this example, user can not only experience rights increase or different, and can use local dvd content and supplemental content (more popular from time viewpoint, be worth higher, more diversified or say the content with complementarity etc. from other meaning).In this case, the user of DVD equipment 50 and/or DVD equipment miscellaneous equipment or the system of this equipment connection (or from) can be applied to the content that Local or Remote can be used by identical right, discrepant and/or different rights, and the part of local and remote available content this when being used by user and/or equipment, can be limited by discrepant or different rights.Thisly arrange to support greatly to increase generally that user can effectively obtain in content retrieval and/or use activity by the chance of seamless integrated user content.
The telemanagement mechanism 1000 of this enhancing right can be directly connected to DVD equipment 50 and/or miscellaneous equipment with modulator-demodular unit (seeing the item 1006 in Figure 12), and/or (for example pass through the I/O interface of use such as serial 1394 compatible controllers, by can be with communicating by letter between the 1394 DVD equipment that start and local PC, wherein, PC is useed an intelligent synchronization or asynchronous information communication interface as, connect one or more telemanagement mechanism, comprise as the local PC 60 or the NC 1022 that strengthen and/or provide the local right management structure of managing entitlement in DVD equipment) and/or pass through such as other digital communication apparatus wired and/or that wireless network connects, directly or indirectly connect.Right that the DVD equipment 50 of participant and/or participation or other system are provided, that buy or that obtain with other method can exchange-need only them and participate in a permanent or temporary transient network 1020 connecting between this reciprocity relevant device and/or other system.In this case, as long as this kind equipment and/or other system are participated in right management system, such as the virtual communication environments of describing in people's patents such as Ginter, and adopt subrogation and other managing entitlement function of wherein describing, right just can be by barter business, betray, otherwise have valency exchange and/or taxi.For example, this aspect of the present invention allows litigant to exchange game or the film that they have bought right.Still in this embodiment, someone can buy the right that a part is watched film from neighbours, or credit is provided is in order to propagate into several acquaintances by game is super by transfer another from the credit received of game publisher, this credit can be transferred (exchange) to certain friend, to have bought this friend's part right, different game is played on certain number of times ground, etc.
The example of virtual right process
In the process representing at Figure 15 A~15C, the managing entitlement parts of two or more equipment or miscellaneous equipment are set up a virtual right machine environment associated with an event, operation and/or other action.This process has many Starting mode.In an example; equipment user (and/or representative of consumer, user group and/or automatically perform the computer software of the system of action) with first equipment carry out an action (for example ask a safety container of this device plays content, extract a part of content element, move a shielded computer program; authorize a workflow process step, the operation on instrument of starting the machine, play a song bent etc.), cause the startup (Figure 15 A center 1500) of managing entitlement parts associated with this first equipment.In other example, the startup of this process follows an event automatically generating (for example, according to certain time of one day etc.), and a random or pseudorandom event and/or this class event and user start the combination of event.
Process Once you begin, managing entitlement parts, just determine such as security node 72 (such as the SPE and/or the HPE that disclose in people's patents such as Ginter), should move, this user can use which right associated with this first equipment (Figure 15 A center 1502), if any.The coordination associated with this action that also definite user who is positioned at wholly or in part miscellaneous equipment can use of managing entitlement parts and/or the right (Figure 15 A center 1502) of cooperation.
In an example, the method for carrying out these steps is to send safely a request to managing entitlement authority server 1000, identifies first equipment, intends character and the necessary or required out of Memory of this managing entitlement authority server perform an action.This out of Memory for example comprises:
● the date and time of request,
● user's identity,
● the character that network connects,
● acceptable operating lag etc., and
● any out of Memory.
The response of 1000 pairs of these requests of managing entitlement authority server is to beam back a list (or other suitable structure) to first equipment.This list for example can contain the sign of miscellaneous equipment, and they maybe may have relevant right and/or the right relevant information of action of carrying out to this plan really.
In another embodiment, first equipment can for example, by request notice (polling) network to miscellaneous equipment, and this miscellaneous equipment has really maybe may have relevant right and/or the right relevant information of action of carrying out to this plan.When number of devices is relatively less and/or not during frequent variations, polling is desirable.When the function of right authority server 1000 is distributed on several equipment, polling is also desirable.
In this example, then the managing entitlement parts associated to first equipment can check really to have maybe may have with this and move relevant right and/or the equipment of right relevant information and/or the user's of miscellaneous equipment safe level (and/or type) (Figure 15 A center 1506).Authority of a user, safe name service and safety communication technology that people's patents such as the safe level that can disclose according to the patent of Silbert and Van Wie and/or device type administrative skill and Ginter of this step discloses are carried out.Equipment and/or user security level really usual practice as can be all or part of according to equipment and/or user class.
Then managing entitlement parts can determine whether each miscellaneous equipment and/or user have enough safe level, with cooperation, form and this moves associated right set and/or right relevant information (Figure 15 A center 1508).After each equipment is assessed, possible some equipment and/or user have enough safe level, and other does not have.In this example, if there is no enough safe level (the "No" outlet of decision block 1508), managing entitlement parts can create an inspection record (inspection record of the form disclosing such as people's patents such as Ginter) (Figure 15 A center 1510), and terminal procedure (Figure 15 A center 1512).This inspection record is used for or is transferred to immediately a responsible management organization, or in this locality storage, transmits later again.Inspection record step for example can comprise, increases progressively the counter (such as serving associated counter with summary in people's patents such as Ginter) of a record security level fault.
If equipment/or user there is the safe level "Yes" of the frame 1508 (outlet) of requirement, the managing entitlement parts in this example just further judge (Figure 15 B center 1514) according to equipment and/or user class and/or other configuration and/or feature.This judgement can be according to any amount of factor, such as:
● equipment only has by the network interface of a handling capacity deficiency and could access;
● general its resource of equipment of this class has not been enough to the maybe relevant portion of this action of this action, or has acceptable performance, quality or other feature;
● due to various conditions, user class is not suitable for (these conditions for example: age, security clearance, nationality, the administration of justice or any other class-based or other user's feature); And/or
● other factors.
For instance, the Part Methods of the execution of decision block 1514 is, to user, proposes a selection, and user refuses this selection.
If the process in managing entitlement parts is determined this equipment and/or user class and is not suitable for (the "No" outlet of frame 1514), if need or wish, managing entitlement parts are write an inspection record (Figure 15 B center 1516), and then process can finish (Figure 15 B center 1518).
But, if managing entitlement parts are determined this equipment and/or the suitable continuation of user class (the "Yes" outlet of frame 1514), managing entitlement parts can be determined action right and the resource (Figure 15 B center 1520) used of carrying out on first equipment and other coefficient equipment.The execution of this step, such as arbitrary or whole treatment technology that can adopt people's patents such as Ginter to disclose.For example, methodological function can comprise can work out one to the Event handling of the request of each relevant devices, this request to describe to move or part action is relevant, overall or be partly suitable for potentially by the information of this outfit of equipment or section processes.In this example, this class request and relevant response can be managed by the exchange method technology that people's patents such as Ginter disclose.If this reciprocation needs more information, or result is indefinite, managing entitlement parts for example just can with telex network, allow user to select, for example in various selections available, Various Functions, select, and/or managing entitlement parts can carry out the negotiation (such as the negotiation technology disclosing by people's patents such as Ginter) of a relevant resource, right and/or right relevant information.
Next step judges whether that enough rights and/or resource can be used for carrying out the action (in Figure 15 B, decision block 1522) of asking managing entitlement parts.If can be used for carrying out right and/or the resource inadequate (the "No" outlet of frame 1522) of this action, managing entitlement parts are just write an inspection record (Figure 15 B center 1524), then finish this process (Figure 15 B center 1526).
In this example, if having enough rights and/or resource can use (the "Yes" outlet of frame 1522), managing entitlement parts are judgement just, in order to complete whole action, whether also will process other event (Figure 15 B center 1528).For example,, if can not get the necessary right of execution and/or resource, the part that may wish only to carry out whole action.If need and/or require more event (the "Yes" outlet of frame 1528), managing entitlement parts can repeat frame 1520,1522 (may also carry out frame 1524,1526) to each this event.
If have enough rights and/or resource to can be used for each event (the "No" outlet of frame 1528), if needed or requirement, managing entitlement parts just provide one about moving the selection (Figure 15 B center 1530) of required right and/or other available alternative of resource to carrying out this to user.In addition and/or in addition method is that managing entitlement parts rely on user's preference information (and/or default information) representative of consumer " automatically " to make this judgement (for example overall expenses, performance, quality etc.).In another embodiment, can utilize class of subscriber filter or otherwise assist in possibility and make one's options.In another embodiment, can adopt artificial intelligence (for example comprising expert system technology) to assist in possibility makes one's options.In another embodiment, can be by the combination of above-mentioned (and/or other) any or all of technology for this selection course.
If right and/or resource are not had to other selection of acceptable, or due to other negative factor of selection course (for example, " cancellation " button, user interaction procedure that user presses in graphic user interface have surpassed regulation pot life of selecting etc.) (the "No" outlet of frame 1530), managing entitlement parts are just write an inspection record (Figure 15 B center 1532), then finish this process (Figure 15 B center 1534).
But, if selection course determined one or more acceptable right for performing an action and/resource group and handled judgement are sure (the "Yes" outlets of frame 1530), managing entitlement parts just use separately first equipment or first equipment for example, to carry out the action of intending execution, (Figure 15 C center 1536) with the combination of any miscellaneous equipment (managing entitlement mechanism 1000 or any equipment that other is connected) according to selected right and/or resource.This cooperation of intending performing an action is carried out and is for example comprised:
● with first equipment, carry out the part or all of of this action;
● for example, with the one or more miscellaneous equipments (managing entitlement mechanism 1000 and/or some miscellaneous equipments) beyond first equipment, carry out the part or all of of this action;
● with first equipment, carry out a part for this action, one or more miscellaneous equipments are carried out a part for this action; Or
● any combination of aforesaid way.
For example, this step can be carried out with the event processing disclosing in people's patents such as Ginter.
For instance, first equipment may have the required whole resources of particular task (for example, from the certain information of disc reading), but does not complete the right of this required by task.In this case, first equipment obtains by above-mentioned steps other right that it carries out this required by task.In another illustrative example, first equipment may have the required whole rights of particular task, but does not complete the resource of this required by task.For example, first equipment may not have enough hardware and/or software resource can be used for access, processing or use information in some mode.In this example, step 1536 can or partly or entirely be carried out according to the equipment of right that first equipment provides partly or entirely by some miscellaneous equipment.In another example, first equipment will be carried out certain action and not only lack essential right but also lack essential resource, relies on possibly one or more miscellaneous equipments that this resource and right are provided.
In this example, managing entitlement parts, when release, are write one or more inspection records (Figure 15 C center 1538), then finish this process (Figure 15 C center 1540).
This paper describes a kind of device; it not only fully met current show business to low expense, can the digital video disk of large-scale production or the requirement of the copy protection scheme of other huge capacity compact discs, but also provide for more advanced and/or security platform and for enhancing, the extendible managing entitlement function of the cooperation managing entitlement between less, the more and/or different equipment of right resource.Although the present invention, in conjunction with it seems that most realistic, the most desirable embodiment describes at present, it should be understood that the present invention is not limited to disclosed embodiment, on the contrary, be intended to comprise the various improvement and the equivalent arrangements that by the spirit and scope of the present invention, are comprised.
Claims (4)
1. the user of permission the first electronic equipment uses a method for the protected information on the portable storage media that is stored in described the first electronic equipment, and described method comprises:
At described the first electronic equipment, receive the request of using described protected information from described user's the request of pressing;
When described the first electronic equipment does not have enough rights to use described protected information by request, described the first electronic equipment is carried out following steps by the managing entitlement parts by described the first electronic equipment and is obtained it by asking to use other required right of described protected information:
Determine, with regard to use described protected information by request with regard to, described user can use which right associated with described the first electronic equipment;
Determine be positioned at wholly or in part that the described user of miscellaneous equipment can use with by request, use the right of the cooperation of described protected information association;
Check really to have and maybe may have and use the right of described protected information association and/or the device of miscellaneous equipment of right relevant information and/or user's safe level and/or type by request;
Whether the device and/or the user that determine each miscellaneous equipment have enough safe level, with cooperation, form and use the right of described protected information association and/or the set of right relevant information by request;
If device and/or user have the safe level of requirement, according to device and/or user class and/or other configuration and/or feature, further judge;
If the suitable continuation of determining device and/or user class, determines the right and the resource that can be used for using by request described protected information on described the first electronic equipment and other coefficient equipment;
Determine whether that enough rights and/or resource can be used for using described protected information by request;
If have enough rights and/or resource to use, whether judgement, in order to use described protected information by request, also should process other event;
If have enough rights and/or resource to can be used for each event, if needed or requirement, to user, provide about use the selection of the available alternative of the required right of described protected information and/or resource by request; And
If selection course has been determined for use one or more acceptable right and/or the resource group of described protected information by request, has been used described protected information by request with the combination of described the first electronic equipment or described the first electronic equipment and miscellaneous equipment separately according to selected right and/or resource.
2. the method for claim 1, wherein obtain described other right safe level based on described miscellaneous equipment at least partly.
3. the method for claim 1; wherein, determine with regard to use described protected information by request with regard to described user can by which right associated with described the first electronic equipment and determine be positioned at wholly or in part that the described user of miscellaneous equipment can use with the right identification information based on described user at least partly that uses the cooperation of described protected information association by request.
4. the method for claim 1; wherein; determine with regard to use described protected information by request with regard to described user can by which right associated with described the first electronic equipment and determine be positioned at wholly or in part that the described user of miscellaneous equipment can use with the right environment based on described the first electronic device works at least partly that uses the cooperation of described protected information association by request; wherein, described environment comprises the characteristic of the network that described the first electronic equipment connects.
Applications Claiming Priority (14)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US1772296P | 1996-05-15 | 1996-05-15 | |
| US60/017722 | 1996-05-15 | ||
| US1813296P | 1996-05-22 | 1996-05-22 | |
| US60/018132 | 1996-05-22 | ||
| US69971296A | 1996-08-12 | 1996-08-12 | |
| US08/689,754 US6157721A (en) | 1996-08-12 | 1996-08-12 | Systems and methods using cryptography to protect secure computing environments |
| US08/689754 | 1996-08-12 | ||
| US08/689,606 US5943422A (en) | 1996-08-12 | 1996-08-12 | Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels |
| US08/699712 | 1996-08-12 | ||
| US08/689606 | 1996-08-12 | ||
| PCT/US1996/014262 WO1998010381A1 (en) | 1996-09-04 | 1996-09-04 | Trusted infrastructure support systems, methods and techniques for secure electronic commerce, electronic transactions, commerce process control and automation, distributed computing, and rights management |
| USPCT/US96/14262 | 1996-09-04 | ||
| US3793197P | 1997-02-14 | 1997-02-14 | |
| US60/037931 | 1997-02-14 |
Related Parent Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB971964874A Division CN1139067C (en) | 1996-05-15 | 1997-05-15 | Cryptographic method, apparatus and systems for storage media electronic rights management in closed and connected appliances |
| CNB021605947A Division CN100470653C (en) | 1996-05-15 | 1997-05-15 | Method and device for obtaining DVD disc controlled content or information and method for controlling DVD device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1908921A CN1908921A (en) | 2007-02-07 |
| CN1908921B true CN1908921B (en) | 2014-09-03 |
Family
ID=37700034
Family Applications (3)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2006101014647A Expired - Lifetime CN1908922B (en) | 1996-05-15 | 1997-05-15 | Method and device for obtaining controlled content or information in DVD disc and method for operating DVD device |
| CN200610101460.9A Expired - Lifetime CN1908921B (en) | 1996-05-15 | 1997-05-15 | Method and device for obtaining controlled content or information in DVD disc and method for operating DVD device |
| CNB2006101014632A Expired - Lifetime CN100501713C (en) | 1996-05-15 | 1997-05-15 | Method and device for acquiring controlled content and information of DVD, method for operating DVD apparatus |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2006101014647A Expired - Lifetime CN1908922B (en) | 1996-05-15 | 1997-05-15 | Method and device for obtaining controlled content or information in DVD disc and method for operating DVD device |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006101014632A Expired - Lifetime CN100501713C (en) | 1996-05-15 | 1997-05-15 | Method and device for acquiring controlled content and information of DVD, method for operating DVD apparatus |
Country Status (1)
| Country | Link |
|---|---|
| CN (3) | CN1908922B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9589124B2 (en) | 2014-05-29 | 2017-03-07 | Comcast Cable Communications, Llc | Steganographic access controls |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5276735A (en) * | 1992-04-17 | 1994-01-04 | Secure Computing Corporation | Data enclave and trusted path system |
| CN1120697A (en) * | 1994-10-12 | 1996-04-17 | 联华电子股份有限公司 | method and device for software protective lock |
-
1997
- 1997-05-15 CN CN2006101014647A patent/CN1908922B/en not_active Expired - Lifetime
- 1997-05-15 CN CN200610101460.9A patent/CN1908921B/en not_active Expired - Lifetime
- 1997-05-15 CN CNB2006101014632A patent/CN100501713C/en not_active Expired - Lifetime
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5276735A (en) * | 1992-04-17 | 1994-01-04 | Secure Computing Corporation | Data enclave and trusted path system |
| CN1120697A (en) * | 1994-10-12 | 1996-04-17 | 联华电子股份有限公司 | method and device for software protective lock |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1908922A (en) | 2007-02-07 |
| CN1908922B (en) | 2012-11-07 |
| CN1916878A (en) | 2007-02-21 |
| CN100501713C (en) | 2009-06-17 |
| CN1908921A (en) | 2007-02-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100470653C (en) | Method and device for obtaining DVD disc controlled content or information and method for controlling DVD device | |
| US20150006403A1 (en) | Cryptographic methods, apparatus and systems for storage media electronic rights management in closed and connected appliances | |
| US20100174652A1 (en) | Cryptographic methods, apparatus and systems for storage media electronic right management in closed and connected appliances | |
| US20060206397A1 (en) | Cryptographic methods, apparatus and systems for storage media electronic right management in closed and connected appliances | |
| EP1405148B1 (en) | Secure super distribution of user data | |
| Calamita | Coming to Terms with the Celestial Jukebox: Keeping the Sound Recording Copyright Viable in the Digital Age | |
| CN1908921B (en) | Method and device for obtaining controlled content or information in DVD disc and method for operating DVD device | |
| KR20030047559A (en) | System for production and regeneration of encrypted file regardless of a media players | |
| JP2005222556A (en) | Method, equipment, and system for cryptography for storage medium electronic right management of closed and connected equipment | |
| Marcus | The Celestial Jukebox Revisited: Best Practices and Copyright Law Revisions for Subscription-Based Online Music Services |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term | ||
| CX01 | Expiry of patent term |
Granted publication date: 20140903 |