WO2001024080A1 - Secure play of performance data - Google Patents

Secure play of performance data Download PDF

Info

Publication number
WO2001024080A1
WO2001024080A1 PCT/US2000/024375 US0024375W WO0124080A1 WO 2001024080 A1 WO2001024080 A1 WO 2001024080A1 US 0024375 W US0024375 W US 0024375W WO 0124080 A1 WO0124080 A1 WO 0124080A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
data file
performance
representative
file
Prior art date
Application number
PCT/US2000/024375
Other languages
French (fr)
Inventor
Robert Joseph Villemure
Paul Timothy Miller
Aaron Mark Helsinger
Original Assignee
Gte Internetworking Incorporated
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gte Internetworking Incorporated filed Critical Gte Internetworking Incorporated
Priority to AU73501/00A priority Critical patent/AU7350100A/en
Publication of WO2001024080A1 publication Critical patent/WO2001024080A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising

Definitions

  • This application relates to the field of digital data encryption, more particularly to the field of audiovisual data file encryption for controlled distribution.
  • Copyright has long been used to protect the recorded expressions of artists, authors, composers, performers, and other creative entities from unauthorized exploitation by others, ensuring that the rights to these materials are controlled exclusively by their creators.
  • Recent technological innovations designed to copy recorded materials have made enforcing copyright protection increasingly difficult.
  • the development of the photocopier facilitated the reproduction of the written word and of static images.
  • the development of the tape recorder made the duplication of audio recordings, such as records, compact discs, and radio broadcasts, possible for the average listener.
  • Video cassette recorders opened the doors to wanton reproduction of video materials, including television broadcasts and movies.
  • a system for using an encrypted data file includes a database to store an encrypted data file representative of performances and a player to decrypt the data file and to reproduce the performance represented in the data file substantially simultaneously.
  • the encrypted data file may be encrypted with a public key of a public-private key pair.
  • the private key may stored on a device and may be substantially inaccessible to a user.
  • the device may be a smart card.
  • Unencrypted data may be substantially inaccessible to the user during operation of the player.
  • the data file may be representative of a video performance and the player reproduces a video display.
  • the video file may be an MPEG file.
  • the data file may be representative of an audio performance and the player may reproduce an audio sequence.
  • the data file may be an MP3 file.
  • using an encrypted data file includes storing an encrypted data file representative of a performance, decrypting a data file, and reproducing the performance represented in the data file, where decrypting the data file and reproducing the performance occur substantially simultaneously.
  • a system for distributing a data file representative of performances includes a receiver that receives a request from a user for a data file representative of a performance, an encoder that encrypts the data file for decryption by the user, and a transmitter that sends the encrypted data file to the user.
  • the request may include information representative of a user.
  • the information representative of a user may be a public key of a public-private key pair.
  • the information representative of a user may be representative of an account of the user and the account may include a public key of a public-private key pair.
  • the system may also include a database to store information representative of a plurality of user accounts, where the user accounts including a public key of a public-private key pair.
  • the system may also include a retriever that retrieves information representative of a user.
  • a method for distributing a data file representative of a performance includes receiving a request from a user for a data file representative of a performance, encrypting the data file for decryption by the user, and sending the encrypted data file to the user.
  • the method may also include receiving information representative of a user.
  • the method may also include storing information representative of a plurality of user accounts where the user accounts including a public key of a public-private key pair.
  • a system for distributing a data file representative of a performance includes an identification token including an identification code representative of a user, a first transmitter to send over a network a request for a data file representative of a performance, the request including the identification code, a receiver to receive a request over the network for a data file, a first database to store a plurality of data files, a processor coupled to the database and to the receiver to retrieve the requested file from the database and to encrypt the retrieved file for the user represented by the identification code, a server coupled to the processor to send the encrypted file to the user over the network, and a player coupled to the identification token to decrypt and play the encrypted file substantially simultaneously.
  • the system may also include a second database containing a plurality of accounts, each account containing information representative of an encryption code corresponding to an identification code.
  • the code may be a public key of a public/private key pair.
  • a method for selling performance files over a network includes receiving a request over a network from a user for a data file representative of a performance, encrypting the data file for decryption by the user, sending the encrypted data file to the user over the network, and charging a fee to the user. Charging a fee to the user may include debiting a credit account of the user and/or receiving money from the user in an electronic transaction.
  • Figure 1 presents a system for distributing encrypted performance files according to the present invention.
  • Figure 2 illustrates a transaction for obtaining an encrypted performance file according to the present invention.
  • Figure 3 depicts a flowchart for a method of encrypting performance files according to the present invention.
  • Figure 4 illustrates a method of using encrypted performance files according to the present invention.
  • Figure 5 depicts a system for playing encrypted performance files according to the present invention.
  • the systems and methods described herein relate to the distribution of electronic files which encrypt performances to restrict the use and/or distribution of said files to unauthorized users. In this way, copyright violations and other unauthorized uses of such files may be minimized without requiring extensive policing efforts.
  • a performance may include any informational, entertaining, recreational, or artistic expression including an audio or visual component which proceeds over a span of time in a substantially predefined manner.
  • music, movies, readings, animated cartoons, television programs, and any portions thereof may be considered performances.
  • Performances may include presentations, such as animated sketches, recordings of natural sounds, and wildlife documentaries, that include little or no human participation, as well as singing, acting, sporting events, and other performances that rely heavily on human participation.
  • a performance file may be a data file containing information representative of a performance such that at least an aspect or portion of a performance may be reproduced on the using information in the performance file.
  • the performance file may be compressed or encoded by any means.
  • Representative types of performance files include MPEG, MP3 (MPEG layer 3), WAV, MOV, SGI, QT, INDEO, VOC, MIDI, and audio (.AU) files.
  • performance files may be encrypted for distribution to a user by using a code specific to that user. For example, the performance may be encrypted for distribution with a user's public key, allowing the file to be decrypted and played only by a user with the corresponding private key.
  • Playing a performance file includes reproducing the encoded performance or a portion thereof for the user.
  • the software, or ⁇ player', used to play the file may be configured to decrypt the file substantially simultaneously with playing the file. In this way, generation of a decrypted version of the file, which might be distributed and played by unauthorized users, is inhibited, and the decrypted data is made to be substantially inaccessible to the user before, during, and after play.
  • the decrypted data may be stored in a RAM buffer between the decryption and play stages.
  • a system 100 for distributing performance files is depicted in Fig. 1.
  • the system 100 may include a processor 110, a server 120, a database of performance files 130, and a database of tokens 140.
  • the system 100 may be accessed over a network 150, such as the Internet, by a client 160.
  • a network 150 such as the Internet
  • client 160 Alternate configurations of these components which are capable of performing the functions set forth below will be apparent to those of skill in the art, including embodiments wherein one or more of the above components are unified in a single device, and embodiments wherein the components are connected to each other in a different arrangement, and such embodiments are intended to fall within the scope of the present disclosure.
  • a token is an electronic file or code that includes information, such as a private key, which can be used to decode an encrypted performance file.
  • a token may include additional information such as an account code, information which can be used to encrypt a file such as a public key corresponding to the user's private key, information relating to the user's computer system, the user's performance preferences, or information relating to the user's identity.
  • the system 100 may receive a request for a performance file from a client 160.
  • the request may include a code for encrypting the performance file, or the system 100 may request or retrieve such a code from the user when the request is received.
  • the processor 1 10 may then retrieve the requested performance file from the database 130, encrypt the performance file according to the determined code, and send the encrypted file to the client 160 over the network 150 using the server 120.
  • the request may include information representative of the token or the encryption code rather than the encryption code itself, and the processor 110 may search the database 140 using the representative information to determine appropriate encryption parameters and proceed as above.
  • the database 140 includes a plurality of certificates, and thus may return the user's certificate containing the public encryption key.
  • the database 140 may be remote from the location of the processor 110, or may be operated by a separate entity.
  • This exchange of information is represented schematically in Figure 2, which shows an embodiment wherein the token is included on an external device 170, as discussed in detail below.
  • the authenticity of the token is supported by the use of digital certificates, such as certificates provided by CyberTrust.
  • the token may include or be associated with a digital certificate which includes a public key of a public/private key pair. A request for a file may include this certificate to enable the system to accurately and securely encrypt a file for the user.
  • the token may include an identification code, e.g., a serial number, which may be sent with a request for a file.
  • the system 100 may transmit this code to a certificate authority (CA) for verification, and the CA may send verification to the system 100 that may include an encryption code, such as a public key, associated with that identification code.
  • CA certificate authority
  • the CA may send a certificate to the system 100 as verification. Additional methods of certifying tokens or file requests will be apparent to those of skill in the art and are intended to fall within the scope of the present invention
  • the token is configured in a way that discourages or inhibits redistribution of the token
  • the token may be embedded in or retained by a software program, such as a program that plays performance files, operating system software, e g , Windows 95, Mac OS, Linux, etc , or by another software application on the user's system
  • a software program that employs or includes tokens such as a player or an operating system, may be unable to include more than one token Additional modifications which may reduce unauthorized redistribution of tokens may be readily envisioned by those of skill in the art reading the present disclosure, and are intended to be encompassed by the scope thereof
  • a token includes information representative of a user's system
  • the information may include a serial number, for example, of an application which plays performance files, of the system software, or of any other component of the user's system, or may represent some other configurational aspect of the user's system
  • the information is selected to be individual and distinct for each user and to remain substantially constant over time, so as not to become inoperative based on minor or routine system reconfigurations or manipulations Such a token may be inoperative when the system does not match the information stored in the token
  • the token is stored on a separate device 170, such as a smart card
  • a separate device 170 such as a smart card
  • Suitable technologies include the iKey from Rainbow Technologies, and the Aladdin Smartcard Environment, among others
  • information stored on the device cannot be directly accessed by the user
  • a token-bearing device may further include information such as a URL address for a web site where performance files are available, performance preferences of the user, or other suitable information
  • Token-bearing devices may be further protected by requiring a password for use
  • a token-bearing device when coupled to a user's computer system, prompts the user to provide a password.
  • the device may launch an application, such as a web browser, and direct the user to a distributor of performance files by providing an appropriate URL address.
  • an application such as a web browser
  • the device may further present to the user personalized information, such as new releases in the user's favorite performance categories.
  • Such information may be stored on the token- bearing device, or anywhere on a computer system coupled to the token-bearing device.
  • the private key may be stored on the token-bearing device in a way that is inaccessible to the user so that the user is inhibited from using the private key to make unauthorized copies of the encrypted files.
  • a user may obtain or certify a token by any of several methods. For example, a user may request a token from a performance file distributor or vendor, or from a token distributor, e.g., in person or over the Internet. In embodiments wherein tokens are certified, a token which does not include a certificate may be coupled to a computer system, the token sent over a network such as the Internet to a certificate authority (CA), and a certificate received from the CA for the token.
  • CA certificate authority
  • the user may obtain the token-bearing device from a distributor, such as a music store, which may also provide the certifying information for the token-bearing device.
  • the user may obtain certifying information from another source, such as a CA recognized by the music encryption system 100.
  • a user requests a file 210 from a distributor.
  • a distributor may be any service or device which distributes digital performance files, such as an Internet web site, a file server, etc.
  • the distributor may determine whether a token is valid 220, and refuse requests to invalid tokens 230. Otherwise, a code for encrypting the requested file is then determined 240.
  • the request may include an encryption code suitable for decryption by the user, or such information may be requested or retrieved from the user by the distributor upon initiation of the request.
  • the distributor may then encrypt the requested file 250 using the encryption code.
  • the encrypted file may then be sent to the user 260.
  • the distributor may identify an encryption scheme associated with the identification code, for example, by determining a public key associated with the code, or by accessing an account for the identification code which includes an encryption scheme.
  • a fee may be charged to the user requesting the data file, for example, by charging a credit account of the user, or by receiving money from the user in an electronic transaction.
  • An alternative method 300 for distributing files is outlined in Figure 4.
  • a user submits a request for a file to a distributor 310, as outlined above.
  • the request may include information representative of the user, such as token information or information representative of the user's computer system, such as a serial number for a component, e.g., a player or system software, an identification code embedded in a smart card or similar device, or any other suitable information as discussed above.
  • the system 100 may request or retrieve such information from the user when the request is received.
  • the information selected is individual and distinct for each user and remains substantially constant over time.
  • the distributor may validate the user's information 320, and deny the request if the information is not valid 330.
  • the distributor may create a token which includes the information representative of the user and a decryption key 340.
  • the token may remain separate from the encrypted file or may be appended to or included in the encrypted file.
  • the distributor may then encrypt the requested file for decryption using the token and send the encrypted file and the token to the user.
  • a token will be inoperative when the information representative of the user in the local environment is different from that stored in the token.
  • conventional a one-time encryption key and certificate exchange occurs similar to that used in connection with credit card purchases over the internet.
  • a system 400 for decrypting and playing performance files is depicted in Figure 5.
  • a decryption key 420 and an encrypted file 410 are received by a decrypter 430 as input.
  • the decrypter 430 uses the decryption key 420 to decode the encrypted file 410 and provide decrypted data to a player 440.
  • the decrypter 430 may provide the decrypted data to the player 440 by storing the data in RAM, on a storage medium such as a disk or hard drive, or by directly transferring the data as it is decrypted to the player 440.
  • measures are taken to inhibit user access to the data after it is decrypted and before it is provided to the player 440.
  • the player 440 then converts the data to a performance signal, such as an audio or video signal, suitable for reproduction, for example, using speakers or a video display.
  • a performance signal such as an audio or video signal
  • Techniques for decryption of encrypted files are well known in the art, any of which may be employed in the systems and methods disclosed herein.
  • playing files representative of performances is well known in the art, and any such files may be played in accordance with the systems and methods disclosed herein.
  • decryption occurs substantially simultaneously with playing, e.g., the decrypter and the player operate in tandem.
  • the player may be a software application, while in other embodiments, the player could be a hardware component, e.g., a tamper-proof decryption/playing mechanism.

Abstract

The systems and methods described herein relate to the distribution and reproduction of digital or electronic data files which are representative of performances. Using the systems and methods described herein, performance files can be encrypted to restrict access to the files, hamper redistribution, and reduce unauthorized use. The system includes a database (130) to store an encrypted data file representative of performances and a player (160) to decrypt the data file and to reproduce the performance represented in the data file substantially simultaneously.

Description

SECURE PLAY OF PERFORMANCE DATA
Technical Field This application relates to the field of digital data encryption, more particularly to the field of audiovisual data file encryption for controlled distribution.
Background Art
Copyright has long been used to protect the recorded expressions of artists, authors, composers, performers, and other creative entities from unauthorized exploitation by others, ensuring that the rights to these materials are controlled exclusively by their creators. Recent technological innovations designed to copy recorded materials have made enforcing copyright protection increasingly difficult. The development of the photocopier facilitated the reproduction of the written word and of static images. The development of the tape recorder made the duplication of audio recordings, such as records, compact discs, and radio broadcasts, possible for the average listener. Video cassette recorders opened the doors to wanton reproduction of video materials, including television broadcasts and movies.
Electronic materials, such as computer software, have always been easily duplicated and many schemes for protecting software from unauthorized copying have been developed. Recently, though, many traditional forms of artistic expression have been ported into the digital world, and the advent of the Internet and of data compression formats such as JPEG, GIF, MPEG, and MP3 has enabled the rapid and nearly uncontrolled distribution X legal and illegal X of texts, photographs, audio recordings, video clips, and other copyrighted materials worldwide. A practical technique for protecting the rights of artists and other creative entities by controlling the distribution or usage of electronic audiovisual files is thus needed.
Disclosure of Invention According to the present invention, a system for using an encrypted data file includes a database to store an encrypted data file representative of performances and a player to decrypt the data file and to reproduce the performance represented in the data file substantially simultaneously. The encrypted data file may be encrypted with a public key of a public-private key pair. The private key may stored on a device and may be substantially inaccessible to a user. The device may be a smart card. Unencrypted data may be substantially inaccessible to the user during operation of the player.
The data file may be representative of a video performance and the player reproduces a video display. The video file may be an MPEG file. The data file may be representative of an audio performance and the player may reproduce an audio sequence. The data file may be an MP3 file.
According further to the present invention, using an encrypted data file includes storing an encrypted data file representative of a performance, decrypting a data file, and reproducing the performance represented in the data file, where decrypting the data file and reproducing the performance occur substantially simultaneously.
According further to the present invention, a system for distributing a data file representative of performances includes a receiver that receives a request from a user for a data file representative of a performance, an encoder that encrypts the data file for decryption by the user, and a transmitter that sends the encrypted data file to the user. The request may include information representative of a user. The information representative of a user may be a public key of a public-private key pair. The information representative of a user may be representative of an account of the user and the account may include a public key of a public-private key pair. The system may also include a database to store information representative of a plurality of user accounts, where the user accounts including a public key of a public-private key pair. The system may also include a retriever that retrieves information representative of a user.
According further to the present invention, a method for distributing a data file representative of a performance includes receiving a request from a user for a data file representative of a performance, encrypting the data file for decryption by the user, and sending the encrypted data file to the user. The method may also include receiving information representative of a user. The method may also include storing information representative of a plurality of user accounts where the user accounts including a public key of a public-private key pair.
According further to the present invention, a system for distributing a data file representative of a performance includes an identification token including an identification code representative of a user, a first transmitter to send over a network a request for a data file representative of a performance, the request including the identification code, a receiver to receive a request over the network for a data file, a first database to store a plurality of data files, a processor coupled to the database and to the receiver to retrieve the requested file from the database and to encrypt the retrieved file for the user represented by the identification code, a server coupled to the processor to send the encrypted file to the user over the network, and a player coupled to the identification token to decrypt and play the encrypted file substantially simultaneously. The system may also include a second database containing a plurality of accounts, each account containing information representative of an encryption code corresponding to an identification code. The code may be a public key of a public/private key pair. According further to the present invention, a method for selling performance files over a network includes receiving a request over a network from a user for a data file representative of a performance, encrypting the data file for decryption by the user, sending the encrypted data file to the user over the network, and charging a fee to the user. Charging a fee to the user may include debiting a credit account of the user and/or receiving money from the user in an electronic transaction.
Brief Description of Drawings
Figure 1 presents a system for distributing encrypted performance files according to the present invention. Figure 2 illustrates a transaction for obtaining an encrypted performance file according to the present invention.
Figure 3 depicts a flowchart for a method of encrypting performance files according to the present invention.
Figure 4 illustrates a method of using encrypted performance files according to the present invention.
Figure 5 depicts a system for playing encrypted performance files according to the present invention.
Best Mode for Carrying out the Invention The description below pertains to several possible embodiments of the invention. It is understood that many variations of the systems and methods described herein may be envisioned by one skilled in the art, and such variations and improvements are intended to fall within the scope of the invention. Accordingly, the invention is not to be limited in any way by the following disclosure of certain illustrative embodiments.
The systems and methods described herein relate to the distribution of electronic files which encrypt performances to restrict the use and/or distribution of said files to unauthorized users. In this way, copyright violations and other unauthorized uses of such files may be minimized without requiring extensive policing efforts.
A performance may include any informational, entertaining, recreational, or artistic expression including an audio or visual component which proceeds over a span of time in a substantially predefined manner. Thus, music, movies, readings, animated cartoons, television programs, and any portions thereof may be considered performances. Performances may include presentations, such as animated sketches, recordings of natural sounds, and wildlife documentaries, that include little or no human participation, as well as singing, acting, sporting events, and other performances that rely heavily on human participation.
A performance file may be a data file containing information representative of a performance such that at least an aspect or portion of a performance may be reproduced on the using information in the performance file. The performance file may be compressed or encoded by any means. Representative types of performance files include MPEG, MP3 (MPEG layer 3), WAV, MOV, SGI, QT, INDEO, VOC, MIDI, and audio (.AU) files. As disclosed in greater detail below, performance files may be encrypted for distribution to a user by using a code specific to that user. For example, the performance may be encrypted for distribution with a user's public key, allowing the file to be decrypted and played only by a user with the corresponding private key. Playing a performance file includes reproducing the encoded performance or a portion thereof for the user. The software, or <player', used to play the file may be configured to decrypt the file substantially simultaneously with playing the file. In this way, generation of a decrypted version of the file, which might be distributed and played by unauthorized users, is inhibited, and the decrypted data is made to be substantially inaccessible to the user before, during, and after play. For example, the decrypted data may be stored in a RAM buffer between the decryption and play stages.
A system 100 for distributing performance files is depicted in Fig. 1. The system 100 may include a processor 110, a server 120, a database of performance files 130, and a database of tokens 140. The system 100 may be accessed over a network 150, such as the Internet, by a client 160. Alternate configurations of these components which are capable of performing the functions set forth below will be apparent to those of skill in the art, including embodiments wherein one or more of the above components are unified in a single device, and embodiments wherein the components are connected to each other in a different arrangement, and such embodiments are intended to fall within the scope of the present disclosure.
In certain embodiments, a token is an electronic file or code that includes information, such as a private key, which can be used to decode an encrypted performance file. A token may include additional information such as an account code, information which can be used to encrypt a file such as a public key corresponding to the user's private key, information relating to the user's computer system, the user's performance preferences, or information relating to the user's identity.
In one embodiment, the system 100 may receive a request for a performance file from a client 160. The request may include a code for encrypting the performance file, or the system 100 may request or retrieve such a code from the user when the request is received. The processor 1 10 may then retrieve the requested performance file from the database 130, encrypt the performance file according to the determined code, and send the encrypted file to the client 160 over the network 150 using the server 120. In an alternative embodiment, the request may include information representative of the token or the encryption code rather than the encryption code itself, and the processor 110 may search the database 140 using the representative information to determine appropriate encryption parameters and proceed as above. In certain embodiments, the database 140 includes a plurality of certificates, and thus may return the user's certificate containing the public encryption key. In certain embodiments, the database 140 may be remote from the location of the processor 110, or may be operated by a separate entity. This exchange of information is represented schematically in Figure 2, which shows an embodiment wherein the token is included on an external device 170, as discussed in detail below. In certain embodiments, the authenticity of the token is supported by the use of digital certificates, such as certificates provided by CyberTrust. For example, the token may include or be associated with a digital certificate which includes a public key of a public/private key pair. A request for a file may include this certificate to enable the system to accurately and securely encrypt a file for the user. Alternatively, the token may include an identification code, e.g., a serial number, which may be sent with a request for a file. The system 100 may transmit this code to a certificate authority (CA) for verification, and the CA may send verification to the system 100 that may include an encryption code, such as a public key, associated with that identification code. In certain embodiments, the CA may send a certificate to the system 100 as verification. Additional methods of certifying tokens or file requests will be apparent to those of skill in the art and are intended to fall within the scope of the present invention
In certain embodiments, the token is configured in a way that discourages or inhibits redistribution of the token For example, the token may be embedded in or retained by a software program, such as a program that plays performance files, operating system software, e g , Windows 95, Mac OS, Linux, etc , or by another software application on the user's system Furthermore, in certain embodiments, precautions may be taken to prevent a user from employing more than one token For example, a software program that employs or includes tokens, such as a player or an operating system, may be unable to include more than one token Additional modifications which may reduce unauthorized redistribution of tokens may be readily envisioned by those of skill in the art reading the present disclosure, and are intended to be encompassed by the scope thereof
In some embodiments, a token includes information representative of a user's system The information may include a serial number, for example, of an application which plays performance files, of the system software, or of any other component of the user's system, or may represent some other configurational aspect of the user's system In certain embodiments, the information is selected to be individual and distinct for each user and to remain substantially constant over time, so as not to become inoperative based on minor or routine system reconfigurations or manipulations Such a token may be inoperative when the system does not match the information stored in the token
In a particular embodiment as depicted in Figure 2, the token is stored on a separate device 170, such as a smart card Suitable technologies include the iKey from Rainbow Technologies, and the Aladdin Smartcard Environment, among others In certain embodiments, information stored on the device cannot be directly accessed by the user A token-bearing device may further include information such as a URL address for a web site where performance files are available, performance preferences of the user, or other suitable information Token-bearing devices may be further protected by requiring a password for use Thus, in one exemplary embodiment, a token-bearing device, when coupled to a user's computer system, prompts the user to provide a password. Additionally, upon entry of the correct password, the device may launch an application, such as a web browser, and direct the user to a distributor of performance files by providing an appropriate URL address. By using information such as the user's performance preferences, the device may further present to the user personalized information, such as new releases in the user's favorite performance categories. Such information may be stored on the token- bearing device, or anywhere on a computer system coupled to the token-bearing device. In instances where a public key/private key pair is used, the private key may be stored on the token-bearing device in a way that is inaccessible to the user so that the user is inhibited from using the private key to make unauthorized copies of the encrypted files.
A user may obtain or certify a token by any of several methods. For example, a user may request a token from a performance file distributor or vendor, or from a token distributor, e.g., in person or over the Internet. In embodiments wherein tokens are certified, a token which does not include a certificate may be coupled to a computer system, the token sent over a network such as the Internet to a certificate authority (CA), and a certificate received from the CA for the token. When a token-bearing device, such as a smart card, is used, the user may obtain the token-bearing device from a distributor, such as a music store, which may also provide the certifying information for the token-bearing device. Alternatively, the user may obtain certifying information from another source, such as a CA recognized by the music encryption system 100.
One method of distributing performance files according to the systems and methods set forth herein is presented in Fig. 3. According to the method 200, a user requests a file 210 from a distributor. A distributor may be any service or device which distributes digital performance files, such as an Internet web site, a file server, etc. In certain embodiments, the distributor may determine whether a token is valid 220, and refuse requests to invalid tokens 230. Otherwise, a code for encrypting the requested file is then determined 240. For example, the request may include an encryption code suitable for decryption by the user, or such information may be requested or retrieved from the user by the distributor upon initiation of the request. The distributor may then encrypt the requested file 250 using the encryption code. The encrypted file may then be sent to the user 260. In embodiments wherein the request includes an identification code rather than an encryption code, the distributor may identify an encryption scheme associated with the identification code, for example, by determining a public key associated with the code, or by accessing an account for the identification code which includes an encryption scheme. In certain embodiments, a fee may be charged to the user requesting the data file, for example, by charging a credit account of the user, or by receiving money from the user in an electronic transaction.
An alternative method 300 for distributing files is outlined in Figure 4. In the method 300, a user submits a request for a file to a distributor 310, as outlined above. The request may include information representative of the user, such as token information or information representative of the user's computer system, such as a serial number for a component, e.g., a player or system software, an identification code embedded in a smart card or similar device, or any other suitable information as discussed above. Alternatively, the system 100 may request or retrieve such information from the user when the request is received. In certain embodiments, the information selected is individual and distinct for each user and remains substantially constant over time. In certain embodiments, the distributor may validate the user's information 320, and deny the request if the information is not valid 330. Otherwise, the distributor may create a token which includes the information representative of the user and a decryption key 340. The token may remain separate from the encrypted file or may be appended to or included in the encrypted file. The distributor may then encrypt the requested file for decryption using the token and send the encrypted file and the token to the user. In certain embodiments, a token will be inoperative when the information representative of the user in the local environment is different from that stored in the token. In certain embodiments, conventional a one-time encryption key and certificate exchange occurs similar to that used in connection with credit card purchases over the internet.
A system 400 for decrypting and playing performance files is depicted in Figure 5. In the system 400, a decryption key 420 and an encrypted file 410 are received by a decrypter 430 as input. The decrypter 430 uses the decryption key 420 to decode the encrypted file 410 and provide decrypted data to a player 440. The decrypter 430 may provide the decrypted data to the player 440 by storing the data in RAM, on a storage medium such as a disk or hard drive, or by directly transferring the data as it is decrypted to the player 440. As discussed above, in certain embodiments, measures are taken to inhibit user access to the data after it is decrypted and before it is provided to the player 440.
The player 440 then converts the data to a performance signal, such as an audio or video signal, suitable for reproduction, for example, using speakers or a video display. Techniques for decryption of encrypted files are well known in the art, any of which may be employed in the systems and methods disclosed herein. Similarly, playing files representative of performances is well known in the art, and any such files may be played in accordance with the systems and methods disclosed herein. Furthermore, in certain embodiments, decryption occurs substantially simultaneously with playing, e.g., the decrypter and the player operate in tandem. In certain embodiments, the player may be a software application, while in other embodiments, the player could be a hardware component, e.g., a tamper-proof decryption/playing mechanism.

Claims

Claims:
1. A system for using an encrypted data file, comprising: a database to store an encrypted data file representative of performances; and a player to decrypt the data file and to reproduce the performance represented in the data file substantially simultaneously.
2. A system as in claim 1, wherein the encrypted data file is encrypted with a public key of a public-private key pair.
3. A system as in claim 2, wherein the private key is stored on a device and is substantially inaccessible to a user.
4. A system as in claim 2, where in the device is a smart card.
5. A system as in claim 1, wherein unencrypted data is substantially inaccessible to the user during operation of the player.
6. A system as in claim 1, wherein the data file is representative of a video performance and the player reproduces a video display.
7. A system as in claim 6, wherein the video file is an MPEG file.
8. A system as in claim 1, wherein the data file is representative of an audio performance and the player reproduces an audio sequence.
9. A system as in claim 8, wherein the data file is an MP3 file.
10. A method for using an encrypted data file, comprising: storing an encrypted data file representative of a performance; decrypting a data file; and reproducing the performance represented in said data file, wherein decrypting the data file and reproducing the performance occur substantially simultaneously.
11. A method as in claim 10, wherein decrypting a data file includes using a private key of a public-private key pair.
12. A method as in claim 11, wherein decrypting a data file includes using a private key stored on a device and is substantially inaccessible to the user.
13. A method as in claim 12, wherein decrypting a data file includes using a private key stored on a smart card.
14. A method as in claim 10, wherein unencrypted data is substantially inaccessible to the user during decrypting the data file and reproducing the performance.
15. A method as in claim 10, wherein reproducing the performance includes presenting a video display.
16. A method as in claim 15, wherein reproducing the performance includes playing an MPEG file.
17. A method as in claim 10, wherein reproducing the performance includes presenting an audio sequence.
18. A method as in claim 17, wherein reproducing the performance includes playing an MP3 file.
19. A system for distributing a data file representative of performances, comprising: a receiver that receives a request from a user for a data file representative of a performance; an encoder that encrypts the data file for decryption by the user; and a transmitter that sends the encrypted data file to the user.
20. A system as in claim 19, wherein the request includes information representative of a user.
21. A system as in claim 20, wherein the information representative of a user is a public key of a public-private key pair.
22. A system as in claim 21 , wherein the information representative of a user is representative of an account of the user, said account including a public key of a public-private key pair.
23. A system as in claim 22, further comprising: a database to store information representative of a plurality of user accounts, said user accounts including a public key of a public -private key pair.
24. A system as in claim 19, further comprising: a retriever that retrieves information representative of a user.
25. A system as in claim 24, wherein the information representative of a user is a public key of a public-private key pair.
26. A system as in claim 24, wherein the information representative of a user is representative of an account, said account including a public key of a public-private key pair.
27. A system as in claim 26, further comprising: a database to store information representative of a plurality of user accounts, said user accounts including a public key of a public-private key pair.
28. A system as in claim 19, wherein the data file is representative of a video performance.
29. A system as in claim 28, wherein the data file is an MPEG file.
30. A system as in claim 19, wherein the data file is representative of an audio performance.
31. A system as in claim 30, wherein the data file is an MP3 file.
32. A method for distributing a data file representative of a performance, comprising: receiving a request from a user for a data file representative of a performance; encrypting the data file for decryption by the user; and sending the encrypted data file to the user.
33. A method as in claim 32, further comprising: receiving information representative of a user.
34. A method as in claim 33, wherein receiving information representative of a user includes receiving a public key of a public-private key pair.
35. A method as in claim 33, wherein receiving information representative of a user includes receiving information representative of an account, said account including a public key of a public-private key pair.
36. A method as in claim 35, further comprising: storing information representative of a plurality of user accounts, said user accounts including a public key of a public-private key pair.
37. A method as in claim 32, wherein receiving a request for a data file includes receiving a request for a file representative of a video performance.
38. A method as in claim 37, wherein receiving a request for a data file includes receiving a request for an MPEG file.
39. A method as in claim 32, wherein receiving a request for a data file includes receiving a request for an audio file.
40. A method as in claim 39, wherein receiving a request for a data file includes receiving a request for an MP3 file.
41. A system for using an encrypted data file, comprising: means for storing an encrypted data file representative of a performance; means for decrypting a data file; and means for reproducing the performance represented in said data file.
42. A system for distributing a data file representative of a performance, comprising: means for receiving a request for a data file representative of a performance, said request including information representative of a user; means for encrypting the data file for decryption by the user; and means for sending the encrypted data file to the user.
43. A system for distributing a data file representative of a performance, comprising: an identification token including an identification code representative of a user; a first transmitter to send over a network a request for a data file representative of a performance, said request including the identification code; a receiver to receive a request over the network for a data file; a first database to store a plurality of data files; a processor coupled to the database and to the receiver to retrieve the requested file from the database and to encrypt the retrieved file for the user represented by the identification code; a server coupled to the processor to send the encrypted file to the user over the network; and a player coupled to the identification token to decrypt and play the encrypted file substantially simultaneously.
44. The system of claim 43, further comprising: a second database containing a plurality of accounts, each account containing information representative of an encryption code corresponding to an identification code.
45. The system of claim 43, wherein the identification code is a public key of a public/private key pair.
46. A method for selling performance files over a network, comprising: receiving a request over a network from a user for a data file representative of a performance; encrypting the data file for decryption by the user; sending the encrypted data file to the user over the network; and charging a fee to the user.
47. The method of claim 46, wherein charging a fee to the user includes debiting a credit account of the user.
48. The method of claim 46, wherein charging a fee to the user includes receiving money from the user in an electronic transaction.
PCT/US2000/024375 1999-09-27 2000-09-05 Secure play of performance data WO2001024080A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU73501/00A AU7350100A (en) 1999-09-27 2000-09-05 Secure play of performance data

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US40667299A 1999-09-27 1999-09-27
US09/406,672 1999-09-27

Publications (1)

Publication Number Publication Date
WO2001024080A1 true WO2001024080A1 (en) 2001-04-05

Family

ID=23608986

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/024375 WO2001024080A1 (en) 1999-09-27 2000-09-05 Secure play of performance data

Country Status (2)

Country Link
AU (1) AU7350100A (en)
WO (1) WO2001024080A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10248006B4 (en) * 2001-10-15 2008-01-17 Hewlett-Packard Development Co., L.P., Houston Method and device for encrypting data

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5703951A (en) * 1993-09-14 1997-12-30 Spyrus, Inc. System and method for access data control
US5740246A (en) * 1994-12-13 1998-04-14 Mitsubishi Corporation Crypt key system
US5757909A (en) * 1994-11-26 1998-05-26 Lg Electronics, Inc. Illegal view and copy protection method in digital video system and controlling method thereof
US5825879A (en) * 1996-09-30 1998-10-20 Intel Corporation System and method for copy-protecting distributed video content
US5915018A (en) * 1996-11-05 1999-06-22 Intel Corporation Key management system for DVD copyright management
US5937164A (en) * 1995-12-07 1999-08-10 Hyperlock Technologies, Inc. Method and apparatus of secure server control of local media via a trigger through a network for instant local access of encrypted data on local media within a platform independent networking system
US5991399A (en) * 1997-12-18 1999-11-23 Intel Corporation Method for securely distributing a conditional use private key to a trusted entity on a remote system
US5999629A (en) * 1995-10-31 1999-12-07 Lucent Technologies Inc. Data encryption security module

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5703951A (en) * 1993-09-14 1997-12-30 Spyrus, Inc. System and method for access data control
US5757909A (en) * 1994-11-26 1998-05-26 Lg Electronics, Inc. Illegal view and copy protection method in digital video system and controlling method thereof
US5740246A (en) * 1994-12-13 1998-04-14 Mitsubishi Corporation Crypt key system
US5999629A (en) * 1995-10-31 1999-12-07 Lucent Technologies Inc. Data encryption security module
US5937164A (en) * 1995-12-07 1999-08-10 Hyperlock Technologies, Inc. Method and apparatus of secure server control of local media via a trigger through a network for instant local access of encrypted data on local media within a platform independent networking system
US5825879A (en) * 1996-09-30 1998-10-20 Intel Corporation System and method for copy-protecting distributed video content
US5915018A (en) * 1996-11-05 1999-06-22 Intel Corporation Key management system for DVD copyright management
US5991399A (en) * 1997-12-18 1999-11-23 Intel Corporation Method for securely distributing a conditional use private key to a trusted entity on a remote system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10248006B4 (en) * 2001-10-15 2008-01-17 Hewlett-Packard Development Co., L.P., Houston Method and device for encrypting data
DE10248006B8 (en) * 2001-10-15 2008-05-15 Hewlett-Packard Development Co., L.P., Houston Method and device for encrypting data

Also Published As

Publication number Publication date
AU7350100A (en) 2001-04-30

Similar Documents

Publication Publication Date Title
EP1625479B1 (en) Method and system for controlled media sharing in a network
EP1665717B1 (en) Method for preventing unauthorized distribution of media content
RU2290767C2 (en) Receiving device for protective preservation of a unit of content and reproduction device
US8108671B2 (en) Method and system for controlling presentation of computer readable media on a media storage device
KR100798199B1 (en) Data processing apparatus, data processing system, and data processing method therefor
US6779115B1 (en) Portable device using a smart card to receive and decrypt digital data
US6941283B2 (en) Information recording device and information reproducing device
US8250663B2 (en) Method and system for controlling presentation of media on a media storage device
US20010032312A1 (en) System and method for secure electronic digital rights management, secure transaction management and content distribution
US20040125957A1 (en) Method and system for secure distribution
US20080247731A1 (en) Contents Reproduction Device, Contents Reproduction Control Method, Program
JP2006526204A (en) Secure streaming container
JP2003518351A (en) An adaptive security mechanism to prevent unauthorized access to digital data
JP2001175606A5 (en)
JP2004520755A (en) Method for protecting and managing digital contents and system using the same
JP2008520053A (en) Digital information library and distribution system
WO2004027622A2 (en) Method and system for secure distribution
JP3332361B2 (en) Data conversion device, data conversion method, and program storage medium in data copyright protection system
US20030233563A1 (en) Method and system for securely transmitting and distributing information and for producing a physical instantiation of the transmitted information in an intermediate, information-storage medium
JP2003509881A (en) How to recover a master key from recorded electronic publications
WO2001041027A1 (en) System and method for secure electronic digital rights management, secure transaction management and content distribution
WO2001024080A1 (en) Secure play of performance data
KR100809664B1 (en) Storage device for storing encoded content and method for providing the content
JP3578101B2 (en) Content providing method and apparatus, content providing program, and storage medium storing content providing program
GB2389928A (en) Data stored in encrypted form on a data carrier may be accessed by a user when a remote server provides permission

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP