WO2007113728A2 - Method for enabling the transfer of a digital work - Google Patents

Method for enabling the transfer of a digital work Download PDF

Info

Publication number
WO2007113728A2
WO2007113728A2 PCT/IB2007/051047 IB2007051047W WO2007113728A2 WO 2007113728 A2 WO2007113728 A2 WO 2007113728A2 IB 2007051047 W IB2007051047 W IB 2007051047W WO 2007113728 A2 WO2007113728 A2 WO 2007113728A2
Authority
WO
WIPO (PCT)
Prior art keywords
drm
drm system
transfer process
digital work
access information
Prior art date
Application number
PCT/IB2007/051047
Other languages
French (fr)
Other versions
WO2007113728A3 (en
Inventor
Michael Epstein
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Publication of WO2007113728A2 publication Critical patent/WO2007113728A2/en
Publication of WO2007113728A3 publication Critical patent/WO2007113728A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]

Definitions

  • the present invention relates to a method for enabling the transfer of a first digital work from a first DRM system to a second DRM system.
  • the present invention further relates to a DRM transfer process generator for enabling the transfer of a first digital work from a first DRM system to a second DRM system, a system comprising such a DRM transfer process generator as well as a computer program product comprising program code means stored on a computer readable medium.
  • DRM Digital Rights Management
  • DRM aims to protect the rights of the creators of digital content, as well as the rights of the information provider distributing the information or content.
  • DRM technology facilitates commercial digital content distribution in a manner fair to the creators, the distributors, and consumers.
  • the application of DRM technology is not limited to digital music distribution, and may be used for all sorts of digital content, ranging from audio, still images, video, digital books, to software.
  • DRM technology typically regulates operations such as the duplication and the distribution of digital content.
  • a DRM system uses rules that establish the rights of users with respect to the digital content. These rules/rights may resemble those of an owner of a conventional CD or DVD, and may include rules/rights that allow them to listen freely and copy the content once for personal use. Alternatively such rights may comprise rights such as copy-once, copy-never, listen once, or listen N times, or view only within a particular pre-determined region.
  • the rights granted to a user for a digital content item are sometimes referred to as a license.
  • Cryptographic techniques that provide protection against unauthorized access. These techniques include operations such as encryption, decryption, and cryptographic hashing and/or signing. These techniques are often applied to both the digital content, as well as to the rights information, since the rights information determines possible use of the actual content. Often keys are used during encryption, hashing, and signing to allow only authorized parties, that have access to the relevant keys, to access content. Hereafter keys, key related information, and/or rights information particular to a digital content item are referred to as access information for that digital content item.
  • DRM technologies are more and more standardized such as for example the DRM system defined by the Open Mobile Alliance (OMA)
  • OMA Open Mobile Alliance
  • DRM systems that are incompatible with one another. This diversity presents a serious problem to consumers.
  • OMA Open Mobile Alliance
  • the content may not play on another device of that consumer, or even worse may not even play on the same device, e.g. when using alternate rendering software.
  • EP 1571556 discloses a portable terminal that can download digital contents from a server.
  • the portable terminal apparatus acquires right data that takes into consideration not only contents data but also a first DRM system in the portable terminal.
  • the portable terminal apparatus handles the contents data according to the right data and converts, when the digital contents are exported to the memory card, the right data so as to be adaptable to the second DRM system and outputs the contents data and converted right data using pre-determined conversion rules.
  • a problem associated with the above approach is that the portable terminal that performs the transfer from the first DRM system to the second DRM system is part of the first DRM system.
  • the portable device is capable of generating usage rights and content suitable for the second DRM system, it has to be at least knowledgeable of encryption and security issues related to the second DRM system, if not part of the second DRM system.
  • the portable terminal will need to support each individual DRM system.
  • the present invention provides a method for enabling the transfer of a first digital work from a first DRM system to a second DRM system.
  • the transfer of a first digital work is partitioned in two stages.
  • a DRM transfer process is configured for performing a transformation of the first access information.
  • the first digital work is transferred.
  • the second stage comprises transforming the first access information into a second access information for accessing the transferred first digital work within the second DRM system.
  • the first stage enables the transfer and comprises configuring the DRM transfer process that performs the actual transformation.
  • This stage requires the availability of information characteristic for each of the respective DRM systems involved. This information, hereafter referred to as characteristic information of a DRM system, is needed in addition to the access information to access a digital work, and/or usage rights within a DRM system. Characteristic information may comprise decryption algorithms, encryption algorithms, key-size descriptors, and/or formatting rules.
  • a first characteristic information representative for the first DRM system is retrieved, as well as a second characteristic information representative for the second DRM system.
  • the DRM specific information is used to configure the DRM transfer process.
  • the configured DRM transfer process performs the transformation of the first access information, and possibly other operations that are dependent on the first and the second DRM system.
  • the first characteristic information is used to e.g. retrieve key information from the first access information as used in the first DRM system, or, when provided, usage right information comprised in the first access information.
  • the second characteristic information is subsequently used to map this information onto a second access information for use in the second DRM system.
  • the configured DRM transfer process that is knowledgeable of both DRM systems, is executed on devices outside the respective DRM systems.
  • the present invention may reduce the cost of devices that support rights management, in that such devices only need to be licensed for one particular DRM system, yet may exchange content with other DRM systems.
  • the present invention enables conversion services that by employing the present invention address the interoperability issue, between legacy and future DRM systems.
  • a further embodiment is useful when the first DRM system and the second DRM system both, at least in part, reside on the same local network, the present invention can be used to transfer a first digital work from the first DRM system to the second DRM system.
  • a remote transfer service then conducts the configuring of the DRM transfer process.
  • the remote transfer service transfers the configured DRM transfer process to the local network.
  • the configured DRM transfer process will then locally transfer the content and rights from the first DRM system to the second DRM system. In this manner the first digital work may be transferred from the first DRM system to the second DRM system without the need to transfer the first digital work itself to the remote transfer service.
  • the above embodiment reduces the bandwidth requirements to and from the remote transfer service, and moreover may save payment of a transmission royalty, sometimes called a "performance royalty", for transferring the first digital work over a public network such as the Internet.
  • a transmission royalty sometimes called a "performance royalty”
  • this particular embodiment may be more bandwidth efficient, and more cost efficient.
  • the DRM transfer process is further configured for transforming the first digital work from the first DRM system to the second DRM system.
  • This is particularly useful when the first digital work in the first DRM system is encrypted with a proprietary cipher, and a digital work within the second DRM system requires encryption with a standard cipher e.g. the AES cipher.
  • the present invention can accommodate such differences and use part of the characteristic information, such as code for decrypting and encrypting the first digital work.
  • the present invention can also account for other variations such as variations in key-length, data encoding, rights, right encoding, and many other variations known to those skilled in the art.
  • configuring the DRM transfer process further comprises configuring the DRM transfer process for transferring the second access information to the second DRM system.
  • the present invention can be used for transferring content associated to a first party from a first DRM system to a second DRM system, in the process maintaining the association, the present invention is not limited to this scenario.
  • the present invention can also be used advantageously in a scenario wherein the first digital content associated to the first party in the first DRM system, is transferred to a second party in the second DRM system. Thereby implicitly re-associating the first digital content to the second party.
  • configuring the DRM transfer process further comprises configuring the DRM transfer process for verifying whether the first and second DRM system at least in part reside on the same computing platform. This information may be used to determine whether or not the transfer requires payment of a transmission royalty, for example when the content is transmitted over the Internet.
  • configuring the DRM transfer process further comprises configuring the DRM transfer process for verifying that the program code is executed on a pre-determined computing platform as defined during configuring the DRM transfer process. This may further improve security, as it will deter malicious users from attempting reuse of the configured DRM transfer process on a machine other than that designated during configuring of the DRM transfer process.
  • the first access information is obtained in a secure manner from a first characteristic information provider associated with the first DRM system, and wherein the first characteristic information provider does not expose secrets from the first DRM system that are not related to the first digital work.
  • the characteristic information provider functions as a proxy for the first DRM system, in that it transfers the first access information, but in the process prevents exposure of certain secrets from the first DRM system.
  • a further object of the present invention is to provide an apparatus for enabling the transfer of a first digital work from a first DRM system to a second DRM system that alleviates the aforementioned problem.
  • a DRM transfer process generator can enable the transfer of a first digital work from a first to a second DRM system.
  • the DRM transfer process generator configures a DRM transfer process using a first and a second characteristic information, representative for the first and second DRM system respectively. The latter information is only required at the time of configuring.
  • the DRM transfer process generator may be used to transfer content between devices that support only a single DRM system.
  • the present invention may also be used for transferring content to DRM systems that were introduced on the market after the DRM transfer process generator itself was introduced, provided that both the first and second characteristic information representative for the first and second DRM system are available.
  • both the first and second characteristic information renders the DRM transfer process generator itself substantially independent of the DRM systems involved.
  • Fig. 1 is a block diagram of an application of a method for enabling the transfer a first digital work from a first DRM system to a second DRM system residing on the same computing platform.
  • Fig. 2 is a block diagram of a further application of a method for enabling the transfer of a first digital work from a first DRM system to a second DRM system residing on the same computing platform.
  • Fig. 3 is a block diagram of another application of a method for enabling the transfer of a first digital work from a first DRM system to a second DRM system residing on the same computing platform.
  • Fig. 4 is a block diagram of an application of a method for enabling the transfer of a first digital work from a first DRM system residing on a first computing platform to a second DRM system residing on a further computing platform.
  • Fig. 5 is a block diagram of a further application of a method for enabling the transfer of a first digital work from a first DRM system to a second DRM system.
  • Fig. 6 is a block diagram of a DRM transfer process generator according to the present invention.
  • Fig. 7 is a block diagram of a system for enabling the transfer of a first digital work from a first DRM system to a second DRM system according to the present invention.
  • Fig. 8 is a block diagram of a system for enabling the transfer of a first digital work from a first DRM system to a second DRM system wherein the first and the second DRM system reside on the computing platform executing the DRM transfer process generator, as well as the configured DRM transfer process.
  • the present invention can be used to enable the transfer of a first digital work from a first DRM system to a second DRM system.
  • the present invention provides a flexible mechanism that aims to configure a DRM transfer process to enable the transfer of the first digital work.
  • the configured DRM transfer process is used to transform at least part of a first access information into a second access information for use in the second DRM system, and in certain embodiments the configured DRM transfer process can also transform the first digital work itself.
  • each DRM system is able to access content using access information defined by that DRM system, and each DRM system is able to incorporate new content and place it under DRM control.
  • the first DRM system can provide characteristic information that allows the configured DRM transfer process to transform information such as keys, usage rights, and content into a plain text form.
  • This plain text form information can be transformed into usage rights, and content suitable for use in the second DRM system by the configured DRM transfer process, provided the appropriate characteristic information needed for the transformation is provided by the second DRM system or a trusted third party.
  • the choice to configure a DRM transfer process to perform the actual transfer enables the present invention to support various types of DRM systems, even those that are introduced in the market after the market introduction of a DRM transfer process generator according to the present invention.
  • Configuring of the DRM transfer process is handled by a DRM transfer process generator.
  • the DRM transfer process generator is preferably a device, or a module of a device that is independent of the DRM systems involved in the transfer, but that uses a first and a second characteristic information to configure a DRM transfer process that is configured in dependence of the DRM systems involved.
  • FIG. 1 An embodiment of the present invention depicted in Fig. 1, shows a block diagram of an application of the present invention for enabling the transfer of a first digital work 105 from a first DRM system 180 to a second DRM system 185.
  • both DRM systems reside on the same computing platform 195.
  • the computing platform 195 is connected to a network 190.
  • the network may be a wired or wireless, proprietary network or public network and may be a hybrid network comprising different networks and network bridges.
  • the network may be embodied by networks such as Bluetooth networks, GSM networks, UMTS networks, IEEE 801.11 networks, or even the Internet.
  • the network further comprises a first characteristic information provider 115, a second characteristic information provider 140, and a DRM transfer process generator 130 that is arranged to configure a DRM transfer process.
  • the configured DRM transfer process 165 is transferred to a further computing platform 160 for execution, indicated by the data- stream 161.
  • the first DRM system 180 residing on the computing platform 195 utilizes a first access information 110 associated with the first digital work 105.
  • the first access information 110 in this particular embodiment consists of a first key (not shown) and usage rights information (not shown) both associated with the first digital work 105.
  • the first key and the usage right information are encrypted with a first master key (not shown) specific to the first DRM system 180 using a first cipher.
  • the second DRM system 185 uses access information with a similar structure comprising a second key and usage right information, both encrypted with a second master key and using a second cipher.
  • the content residing in both the first DRM system 180 and that in the second DRM system 185, including the first digital work 105, are encrypted using the same content cipher, such as AES, with a binary 128-bit key, and identical choice of cipher mode.
  • AES content cipher
  • the DRM transfer process generator 130 retrieves the first access information 110 from the first DRM system 180, retrieves a first characteristic information 120 from the first characteristic information provider 115 after sending a request 125 to the first characteristic information provider 115. retrieves a second characteristic information 150 from the second characteristic information provider 140 after sending a request 135 to the second characteristic information provider 140, and uses the first and second characteristic information, and at least part of the first access information 110, to configure a DRM transfer process for transforming at least part of the first access information 110 into a second access information 175 for accessing the transferred first digital work 170 within the second DRM system 185.
  • the first characteristic information 120 comprises the first master key, as well as dynamic linkable object code that can be used for decryption of information encrypted using the first cipher.
  • the second characteristic information 150 comprises the second master key, as well as dynamic linkable object code that can be used to encrypt information using the second cipher.
  • the second access information 175 is created using the first access information 110.
  • the encrypted first access information is decrypted, resulting in a plain text copy of the first key and the usage right information. Due to the fact that the content encryption mechanism is the same for both DRM systems, the first key may be used unaltered as the second key in the second access information. Subsequently the usage right information may be mapped from the first DRM system to the second DRM system.
  • the configured DRM transfer process 165 can then encrypt the plain text second access information into an encrypted second access information compatible with the second DRM system.
  • the encrypted second access information is subsequently transferred to the second DRM system.
  • the master keys as used in the above embodiment are particular to the respective DRM systems. These master keys are used to encrypt usage rights independent of the content. These master keys are characteristic for the respective DRM system and clearly belong to the characteristic information and not to the access information.
  • the first digital work 105 may be transferred to the second DRM system 185.
  • both DRM systems apply a similar content encryption scheme, there is no need for re-encryption of the first digital work 105 in this embodiment.
  • Once both are transferred to the second DRM system 185 it is possible to access the transferred first digital work 170 in the second DRM system 185 using the second access information 175.
  • the embodiment depicted in Fig. 1 involves a DRM transfer process generator 130 that is independent of the DRM systems. This alleviates at least part of the problems known from conventional interoperability solutions as the DRM transfer process generator may also be used together with DRM systems of a later date than the DRM transfer process generator, provided characteristic information is available for the DRM system.
  • the embodiment in Fig. 1 further shows that it is possible to transfer the first digital work without modifications to the DRM systems involved. Moreover it illustrates that the first digital work may be transferred without sharing the first DRM system secrets with the second DRM system, other than the first key, the key used to access the content itself.
  • the DRM transfer process generator 130 configures the DRM transfer process before it is executed.
  • Configuring of the DRM transfer process may comprise, but is not limited to: arranging program code for a process that is configured to transform the first access information, parameterizing program code using e.g. particular key information from the first access information, verifying cryptographic signatures and/or certificates provided with the first and/or second characteristic information computed over the first and/or second characteristic information respectively, obfuscating and/or encrypting the arranged and or parameterized program code, cryptographically signing the program code, spawning a process on a computing platform that is configured to transform the first access information, configuring an existing (DRM transfer) process, for example by selecting particular sub-routines and selecting particular key values, and selecting a previously configured and stored DRM transfer process, for example by selecting a particular program from a program storage, such as a cache, and executing that program.
  • DRM transfer existing
  • Configuring typically involves combinations of the aforementioned operations.
  • the decryption and encryption algorithms are provided as dynamically linkable object code as part of the characteristic information.
  • object code may be combined with e.g. a standard DRM transfer process framework, resulting in a partially configured DRM transfer process.
  • This partially configured DRM transfer process may at a later moment be further parameterized using e.g. key information from the first access information.
  • This partial configured DRM transfer process is still independent on the first access information, and as a result may be further configured for individual transfer operations when needed.
  • the partial configured DRM transfer process is well suited for caching, in particular when transfer operations between the particular DRM systems occur frequently.
  • the process may be configured to transfer more than one digital work.
  • Fig. 1 shows a further embodiment 200 of a method for enabling the transfer of a first digital work 105 from a first DRM system 180 to a second DRM system 185.
  • This embodiment differs from that depicted in Fig. 1 in that the first DRM system and the second DRM system use different content ciphers for content encryption, however both ciphers use keys of similar type and size.
  • the DRM transfer process generator 130 retrieves the first access information 110, the first and the second characteristic information 120,150, and based on this information configures a DRM transfer process.
  • the configured DRM transfer process is subsequently transferred to the computing platform 195 for local execution.
  • Local execution is preferable as in this embodiment the configured DRM transfer process 165 not only transforms the first access information 110 but furthermore transforms the first digital work 105 itself. In doing so this embodiment reduces bandwidth requirements for communications over the network 190, and moreover eliminates the need for the further computing platform 160 (not shown).
  • the first and second characteristic information 120,150 used during configuring of the DRM transfer process in this embodiment further comprise dynamic linkable object code for the first and second content cipher respectively.
  • the DRM transfer process generator 130 can remain DRM independent.
  • the DRM transfer process generator 130 further configures the DRM transfer process to: decrypt the first access information 110, and extract the first key for use in transforming the first digital work 105, configure the DRM transfer process to use the first key obtained from the first access information 110 as the second key when generating the second access information 175, and configure the DRM transfer process to use the first key to decrypt the first digital work 105 using the content cipher of the first DRM system 180 and subsequently use the first key to encrypt the plain text first digital work using the content cipher of the second DRM system 185.
  • the first access information 110 will be transformed into the second access information 175, and the first digital work 105 will be transformed such that it is fit for use in the second DRM system 185.
  • the transformed first digital work is then transferred to the second DRM system 185.
  • the transfer of the transformed first digital work is indicated by the dashed arrow 170, the transferred first digital work by the end point of that arrow within the second DRM system 185.
  • This particular embodiment illustrates how the present invention enables the transfer of a first digital work 105 from a first DRM system 180 to a second DRM system 185, again without modifying the respective DRM systems.
  • the DRM transfer process generator 130 used for configuring the DRM transfer process is not dependent on the DRM systems involved.
  • This embodiment further shows that the first digital work 105 can be transferred without the need to transfer the first digital work over the network 190, thereby saving bandwidth and in case the network is the Internet also possibly saving the payment of a transmission royalty.
  • the first characteristic information 120 is used by the DRM transfer process generator 130 to configure the DRM transfer process for decrypting the first access information 110.
  • the first characteristic information 120 is provided by a first characteristic information provider 115 over the network 190.
  • the first characteristic information 120 may in other embodiments be supplied by other sources comprising e.g. the first DRM system 180 itself, a library of characteristic information associated with a particular DRM system, a library of characteristic information of DRM systems local to the DRM transfer process generator 130, or a central library of characteristic information of DRM systems.
  • the characteristic information is preferably cryptographically signed, or encrypted, by a trusted third party, or by a characteristic information provider that is certified by a trusted third party. Using the signature/certificate the DRM transfer process generator 130 can verify authenticity of the characteristic information before use.
  • characteristic information provider(s) will typically be associated with one of the DRM systems, they may be incorporated by a single entity that provides both the first and the second characteristic information.
  • the first key and the second key part of the first and second access information respectively have an identical format.
  • the present invention may also be applied to systems wherein the first and the second key do not have a common format, or where further requirements are imposed on key information by the second DRM system.
  • Fig. 3 depicts a further embodiment 300 of the present invention in the form of a remote transfer service that communicates with clients over the Internet.
  • the first and the second DRM system use different content ciphers, with different key formats.
  • the second characteristic information provider also provide a second key 345 for re-encryption of the first digital work 105.
  • the second key 345 is provided by the second characteristic information provider 140 to the DRM transfer process generator 130, upon request 135 by the DRM transfer process generator 130.
  • the second key 345 is then used to enable the configured DRM transfer process 165 to correctly transform the first digital work 105 to match the content encoding and/or encryption in the second DRM system 185.
  • the first digital work 105 is transformed in the transfer from the first DRM system 180 to the second DRM system 185, but does not leave the computing platform 305. Thereby enabling the transfer of content from one DRM system to another, and at least alleviating interoperability issues.
  • the configured DRM transfer process 165 may be further fitted with additional security checks to prevent tampering during the actual transfer. These checks may comprise verifying a checksum computed over the first digital work using a cryptographic hash, or verifying a checksum computed over the configured DRM transfer process itself (self-check).
  • the configured DRM transfer process may also be tied to a particular computational platform, e.g. by including a check for a particular processor identifier, or calculating a hash over device identifiers of the computing platform and verifying this with a hash pre-computed during the configuring of the DRM transfer process. This of course would require that the DRM transfer process generator has access to such device identifiers.
  • the above security checks thwart certain attacks by malicious parties, amongst which certain replay attacks.
  • the DRM transfer process generator 130 as depicted in Fig. 3 is particularly advantageous in that: the DRM transfer process generator 130 is flexible and need not comprise information with respect to the respective DRM systems, the first digital content remains local to the computing platform 305 and hence does not load the network, the configured DRM transfer process is executed locally thereby reducing the computational load for the remote transfer service, and both the first access information and first digital content may be transformed by the configured DRM transfer process, enabling complex transformations.
  • the latter three embodiments focus on the transfer of a first digital work 105 from a first DRM system 180 to a second DRM system 185 on the same computing platform 205 the present invention is not limited thereto.
  • FIG. 4 depicts a further embodiment 400 of the present invention that enables the transfer of a first digital work 105 from a first DRM system 180, on a first device 405, to second DRM system 185 on a second device 410.
  • first and the second DRM systems in this embodiment have a compatible content protection mechanism, allowing the first digital work 105 to be transferred from the first DRM system to the second DRM system.
  • the present invention may also be applied advantageously to transfer a first digital work 105 associated with a first party in a first DRM system 180 to a second DRM system 185, and in the process re-associate the first digital work to a second party in the second DRM system 185, regardless of the fact whether or not the first and second DRM system reside on the same computing platform.
  • the present invention may even be used to enable the broadcast of the first digital work 105 by the configured DRM transfer process 165, provided that the first access information 110 allows such an operation.
  • DRM digital versatile disc
  • present invention is not tied to a particular type of DRM system, it may be used in conjunction with: device-centric DRM systems wherein content is tied to a particular device, person-centric DRM systems wherein content is tied to a particular person, and/or authorized-domain-centric DRM systems as describe below.
  • a domain policy prevails, i.e. rules governing the domain composition such as device domain membership must be complied with.
  • the domain policy is complied with and content items such as movies, digital books and audio files, which are brought into the AD, are accessible from a limited number of compliant devices which are part of the AD.
  • ADs Various proposals exist that implement the concept of ADs to some extent.
  • the domain is formed by a specific set of hardware devices or software applications (referred to collectively as clients hereafter) and content.
  • a domain manager which can be one or more of the clients, a smart card or another device, controls which clients may join the domain. Only the specific set of clients in the domain (the members) is allowed to make use of the content of that domain, e.g. to open, copy, play or export it.
  • One type of device-based AD allows a set of clients bound to a domain to access content bound to that domain. This double binding assures that all the members can access the content. This structure is often established by implementing the bindings through a shared secret key. This key is chosen by a domain manager and distributed to all the members.
  • the license is cryptographically linked to the domain by means of encryption with the shared key.
  • the content may be directly bound to one client, and the clients remain bound to the AD.
  • AD Alzheimer's disease
  • person-based AD where the domain is based on persons instead of devices.
  • An example of such a system is described in international patent application WO 04/038568 (attorney docket PHNL021063) by the same applicant, incorporated herein by reference, in which content is coupled to persons, which then are grouped into a domain.
  • Hybrid Authorized Domain-based DRM system ties content to a group that may contain devices and persons.
  • Examples of hybrid AD systems can be found in international patent application WO 2005/010879 (attorney docket PHNL030926) and in international patent application WO 2005/093544 (attorney docket PHNL040315), both incorporated herein by reference.
  • Fig. 5 depicts a further application of the present invention to enable the transfer of a first digital work 105.
  • the particular embodiment depicted here resembles that of the embodiment depicted in Fig. 3.
  • the first and the second characteristic information providers (115,140) are located in extensions of the first and the second DRM systems respectively (580,585).
  • the DRM systems are extended, wherein the first extension 580 extends the first DRM system 180, and the second extension 585 extend the second DRM system 185.
  • the first characteristic information 120 may also provide the DRM transfer process generator 130 with other information related to the first digital work, the first DRM system, or the computing platform 505.
  • the first and second characteristic information providers may prevent DRM related secrets from being exposed to the DRM transfer process generator 130.
  • the first characteristic information provider 115 may set up a Secure Authenticated Channel (SAC) 120 with the DRM transfer process generator 130.
  • SAC Secure Authenticated Channel
  • Information communicated over a SAC is generally encrypted, e.g. using a session key agreed upon by the parties involved.
  • the first characteristic information provider 115 may communicate the first access information to the DRM transfer process generator 130 as plain text; it is protected by the encryption of the SAC.
  • the first characteristic information provider no longer needs to send the first master key to the DRM transfer process generator 130. In doing so the first master key in the first DRM system is no longer exposed to the DRM transfer process generator 130 or the second DRM system 185.
  • Fig. 5 The embodiment depicted in Fig. 5 is a particularly advantageous application of the present invention, as DRM specific secrets, such as master keys need not be shared with the DRM transfer process generator 130.
  • DRM specific secrets such as master keys need not be shared with the DRM transfer process generator 130.
  • the latter is particularly relevant when the DRM transfer process generator 130 is a remote transfer service. DRM system owners, and users alike will be reluctant to exchange information that may provide malicious parties access to their systems.
  • Fig. 5 shows a solution wherein these secrets are removed from the content submitted to the DRM transfer process generator 130.
  • Fig. 6 depicts a block diagram of a DRM transfer process generator 130 according to the present invention.
  • the DRM transfer process generator 130 comprises a first retrieval means 610 arranged to retrieve a first access information 110 associated with a first digital work (not shown).
  • the first access information 110 may be used to access the first digital work within a first DRM system (not shown).
  • the DRM transfer process generator 130 further comprises a second retrieval means 605 arranged to retrieve a first characteristic information 120 representative of the first DRM system.
  • the third retrieval means 620 is arranged to retrieve a second characteristic information 150 representative of a second DRM system (not shown).
  • the fourth retrieval means 615 is arranged to retrieve a second key 345.
  • the retrieved information is communicated with a configuring means 690 over an internal bus 630.
  • the retrieved information is used by the configuring means 690 to configure a DRM transfer process 165 to transform the first access information 110 into a second access information (not shown) for accessing the transferred first digital work within the second DRM system.
  • the configured DRM transfer process 165 is output in the form of data stream 161.
  • intermediate, partially configured, processes are stored in a local storage means 625.
  • such partially configured DRM transfer process 635 can be processes that were configured using the first and the second characteristic information 120,150 but that have not been configured using the first access information 110.
  • Such partially configured DRM transfer processes may be used to speed up the configuring, in particular when the characteristic information is only accessible over a busy network.
  • such an intermediate configured DRM transfer process 640 may be stored in an external repository 630, in order to allow other DRM transfer process generators in a network to benefit.
  • DRM transfer process generator 130 depicted in Fig. 6 is partitioned over various hardware components. However similar functionality may be obtained by implementation of the same operations on other hardware configurations, or even hybrid hardware/software combinations. It will be clear to those skilled in the art that a wide variety of implementations are conceivable, that range from pure hardware implementations, to combined hardware/software implementations, without departing from the scope of the present invention.
  • Fig. 7 depicts a system 700 for enabling the transfer a first digital work 105 from a first DRM system 180 to a second DRM system 185 according to the present invention.
  • the system 700 comprises a DRM transfer process generator 130 as described earlier, a first device 705 comprising at least in part the first DRM system 180 comprising a first digital work 105 accessible by means of a first access information 110, and a second device 710 comprising at least in part the second DRM system 185.
  • the first DRM system 180 depicted in Fig. 7 is an authorized-domain-centric DRM system.
  • the first device 705 is part of an authorized domain 715, and devices in that domain all comply to the domain policy.
  • the first device 705 is a home network server that is used to transfer content from the home network onto the second device 710, a mobile video rendering device that is not part of the authorized domain 715 and that uses a proprietary device-centric DRM system.
  • the present invention may be applied advantageously in that it enables the transfer of a first digital work 105 from the first DRM system 180 to the second DRM system 185.
  • the second characteristic information 150 also comprises the device identifier 720 of the second device 710. This enables the DRM transfer process generator 130 to configure the DRM transfer process and associate the second access information 170 to the second device 710 conform the requirements of the device-centric DRM system 185.
  • Fig. 8 depicts an embodiment of the present invention wherein the first DRM system 180, the second DRM system 185, the DRM transfer process generator 130, and the configured DRM transfer process 165 all reside on the same computing platform 805.
  • This particular embodiment allows interoperability of DRM systems that can provide characteristic information 120, and 150 to the DRM transfer process generator 130.
  • This particular embodiment may be used advantageously by a person to migrate her content from a first DRM system 180 to a second DRM system 185, e.g. on a home network server 805 as part of a system upgrade.
  • the present application is particularly beneficial as it allows the user to migrate her content without the need to transmit it over a network to a conversion service, and as a result without having to transfer the entire content collection over a network, and possibly without the need to pay a transmission royalty for each transferred digital work.
  • decryption and/or encryption as well as key information are used as examples. It will be clear to the skilled person that the scope of the present invention is not limited to the transformation of decryption and/or encryption of key information, but also comprises, transforming usage right information, and or digital works. Moreover it will be clear that these transformation are not merely restricted to encryption and or decryption but may also comprise re-formatting, transcoding and other transformations using the first and second characteristic information.
  • the extent to which the present invention may transform content is determined by the characteristic information provided for each respective DRM system.
  • the characteristic information may provide information that can be used to e.g. convert between different file formats used by the respective DRM systems. It may e.g. comprise two partial transcoders, one for each DRM system, that combined facilitate transcoding digital content in order to enable the transfer between different encoding schemes used in the respective DRM systems.
  • any reference signs placed between parentheses shall not be construed as limiting the claim.
  • the word “comprising” does not exclude the presence of elements or steps other than those listed in a claim.
  • the word “a” or “an” preceding an element does not exclude the presence of a plurality of such elements.
  • the invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer.
  • the device claim enumerating several means several of these means can be embodied by one and the same item of hardware.
  • the mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

Method for enabling the transfer of a first digital work (105) from a first DRM system (180) to a second DRM system (185) the method comprising the following steps: retrieving a first access information (110) associated with the first digital work (105), the first digital work (105) being accessible using the first access information (110) in the first DRM system, retrieving a first characteristic information (120) representative of the first DRM system (180), retrieving second characteristic information (150) representative of the second DRM system (185), and configuring a DRM transfer process using at least part of the first access information and at least part of the first and at least part of the second characteristic information (120,150) the process being suitable for: transforming at least part of the first access information (110) into a second access information (175) for accessing the transferred first digital work (170) within the second DRM system (185). The invention further relates to an apparatus arranged to perform the method and a system incorporating such an apparatus.

Description

Method for enabling the transfer of a digital work
The present invention relates to a method for enabling the transfer of a first digital work from a first DRM system to a second DRM system. The present invention further relates to a DRM transfer process generator for enabling the transfer of a first digital work from a first DRM system to a second DRM system, a system comprising such a DRM transfer process generator as well as a computer program product comprising program code means stored on a computer readable medium.
Recent developments in digital technologies, along with increasingly interconnected high-speed networks and decreasing prices for high-performance digital devices, have established digital content distribution as one of the most rapidly emerging trading activities and have created new methods for consumers to access, manage, distribute and pay for digital content. Commercial initiatives such as iTunes by Apple and Connect™ by Sony are illustrative for the momentum of online content distribution.
The growth of commercial digital content distribution goes hand in hand with the introduction of Digital Rights Management (DRM). DRM aims to protect the rights of the creators of digital content, as well as the rights of the information provider distributing the information or content. DRM technology facilitates commercial digital content distribution in a manner fair to the creators, the distributors, and consumers. The application of DRM technology is not limited to digital music distribution, and may be used for all sorts of digital content, ranging from audio, still images, video, digital books, to software.
DRM technology typically regulates operations such as the duplication and the distribution of digital content. To this end a DRM system uses rules that establish the rights of users with respect to the digital content. These rules/rights may resemble those of an owner of a conventional CD or DVD, and may include rules/rights that allow them to listen freely and copy the content once for personal use. Alternatively such rights may comprise rights such as copy-once, copy-never, listen once, or listen N times, or view only within a particular pre-determined region. The rights granted to a user for a digital content item are sometimes referred to as a license.
In order to enforce these rights DRM technology generally uses cryptographic techniques that provide protection against unauthorized access. These techniques include operations such as encryption, decryption, and cryptographic hashing and/or signing. These techniques are often applied to both the digital content, as well as to the rights information, since the rights information determines possible use of the actual content. Often keys are used during encryption, hashing, and signing to allow only authorized parties, that have access to the relevant keys, to access content. Hereafter keys, key related information, and/or rights information particular to a digital content item are referred to as access information for that digital content item.
Although DRM technologies are more and more standardized such as for example the DRM system defined by the Open Mobile Alliance (OMA), there are many more proprietary DRM systems that are incompatible with one another. This diversity presents a serious problem to consumers. When a consumer purchases digital content from an on-line service, the content may not play on another device of that consumer, or even worse may not even play on the same device, e.g. when using alternate rendering software.
EP 1571556 discloses a portable terminal that can download digital contents from a server. The portable terminal apparatus, acquires right data that takes into consideration not only contents data but also a first DRM system in the portable terminal. The portable terminal apparatus handles the contents data according to the right data and converts, when the digital contents are exported to the memory card, the right data so as to be adaptable to the second DRM system and outputs the contents data and converted right data using pre-determined conversion rules.
A problem associated with the above approach is that the portable terminal that performs the transfer from the first DRM system to the second DRM system is part of the first DRM system. As the portable device is capable of generating usage rights and content suitable for the second DRM system, it has to be at least knowledgeable of encryption and security issues related to the second DRM system, if not part of the second DRM system. As a result when the portable terminal is used to convert a digital work between a first DRM system and several other DRM systems, the portable device will need to support each individual DRM system.
It is an object of the present invention to provide a method for enabling the transfer of a first digital work from a first DRM system to a second DRM system that alleviates this problem.
This objective is realized using a method according to claim 1. The present invention provides a method for enabling the transfer of a first digital work from a first DRM system to a second DRM system. According to the present invention the transfer of a first digital work is partitioned in two stages. In the first stage a DRM transfer process is configured for performing a transformation of the first access information. In the second stage the first digital work is transferred. The second stage comprises transforming the first access information into a second access information for accessing the transferred first digital work within the second DRM system.
The first stage enables the transfer and comprises configuring the DRM transfer process that performs the actual transformation. This stage requires the availability of information characteristic for each of the respective DRM systems involved. This information, hereafter referred to as characteristic information of a DRM system, is needed in addition to the access information to access a digital work, and/or usage rights within a DRM system. Characteristic information may comprise decryption algorithms, encryption algorithms, key-size descriptors, and/or formatting rules.
In the first stage a first characteristic information representative for the first DRM system is retrieved, as well as a second characteristic information representative for the second DRM system. The DRM specific information is used to configure the DRM transfer process. In the second stage the configured DRM transfer process performs the transformation of the first access information, and possibly other operations that are dependent on the first and the second DRM system.
When using a method according to the present invention devices residing in the first DRM system need not be knowledgeable on the second DRM system and vice versa. In doing so the present invention alleviates the aforementioned problem.
In an embodiment the first characteristic information is used to e.g. retrieve key information from the first access information as used in the first DRM system, or, when provided, usage right information comprised in the first access information. The second characteristic information is subsequently used to map this information onto a second access information for use in the second DRM system. By configuring a DRM transfer process to cope with the first and the second DRM systems, but by keeping configuration of the DRM transfer process itself as much as possible independent of the DRM systems, the present method provides a flexible solution that can cope with future developments in encryption algorithms and DRM systems, as long as characteristic information is provided.
In a further embodiment the configured DRM transfer process, that is knowledgeable of both DRM systems, is executed on devices outside the respective DRM systems. As a result the present invention may reduce the cost of devices that support rights management, in that such devices only need to be licensed for one particular DRM system, yet may exchange content with other DRM systems. Moreover the present invention enables conversion services that by employing the present invention address the interoperability issue, between legacy and future DRM systems.
A further embodiment is useful when the first DRM system and the second DRM system both, at least in part, reside on the same local network, the present invention can be used to transfer a first digital work from the first DRM system to the second DRM system. Preferably a remote transfer service then conducts the configuring of the DRM transfer process. After configuring the DRM transfer process the remote transfer service transfers the configured DRM transfer process to the local network. The configured DRM transfer process will then locally transfer the content and rights from the first DRM system to the second DRM system. In this manner the first digital work may be transferred from the first DRM system to the second DRM system without the need to transfer the first digital work itself to the remote transfer service.
The above embodiment reduces the bandwidth requirements to and from the remote transfer service, and moreover may save payment of a transmission royalty, sometimes called a "performance royalty", for transferring the first digital work over a public network such as the Internet. As a result this particular embodiment may be more bandwidth efficient, and more cost efficient.
In a further embodiment the DRM transfer process is further configured for transforming the first digital work from the first DRM system to the second DRM system. This is particularly useful when the first digital work in the first DRM system is encrypted with a proprietary cipher, and a digital work within the second DRM system requires encryption with a standard cipher e.g. the AES cipher. Using the first and the second characteristic information the present invention can accommodate such differences and use part of the characteristic information, such as code for decrypting and encrypting the first digital work. Apart from variations in ciphers the present invention can also account for other variations such as variations in key-length, data encoding, rights, right encoding, and many other variations known to those skilled in the art.
In yet a further embodiment configuring the DRM transfer process further comprises configuring the DRM transfer process for transferring the second access information to the second DRM system.
Although the present invention can be used for transferring content associated to a first party from a first DRM system to a second DRM system, in the process maintaining the association, the present invention is not limited to this scenario. The present invention can also be used advantageously in a scenario wherein the first digital content associated to the first party in the first DRM system, is transferred to a second party in the second DRM system. Thereby implicitly re-associating the first digital content to the second party.
In a preferred embodiment configuring the DRM transfer process further comprises configuring the DRM transfer process for verifying whether the first and second DRM system at least in part reside on the same computing platform. This information may be used to determine whether or not the transfer requires payment of a transmission royalty, for example when the content is transmitted over the Internet.
In a further embodiment configuring the DRM transfer process further comprises configuring the DRM transfer process for verifying that the program code is executed on a pre-determined computing platform as defined during configuring the DRM transfer process. This may further improve security, as it will deter malicious users from attempting reuse of the configured DRM transfer process on a machine other than that designated during configuring of the DRM transfer process.
In a preferred embodiment the first access information is obtained in a secure manner from a first characteristic information provider associated with the first DRM system, and wherein the first characteristic information provider does not expose secrets from the first DRM system that are not related to the first digital work. In this particular embodiment the characteristic information provider functions as a proxy for the first DRM system, in that it transfers the first access information, but in the process prevents exposure of certain secrets from the first DRM system.
A further object of the present invention is to provide an apparatus for enabling the transfer of a first digital work from a first DRM system to a second DRM system that alleviates the aforementioned problem.
This objective is realized using a DRM transfer process generator according to claim 15. A DRM transfer process generator according to the present invention can enable the transfer of a first digital work from a first to a second DRM system. The DRM transfer process generator configures a DRM transfer process using a first and a second characteristic information, representative for the first and second DRM system respectively. The latter information is only required at the time of configuring.
The DRM transfer process generator may be used to transfer content between devices that support only a single DRM system. The present invention may also be used for transferring content to DRM systems that were introduced on the market after the DRM transfer process generator itself was introduced, provided that both the first and second characteristic information representative for the first and second DRM system are available. In addition the use of the first and second characteristic information renders the DRM transfer process generator itself substantially independent of the DRM systems involved.
These and other aspects of the present invention will be further elucidated and described with reference to the drawings, in which:
Fig. 1 is a block diagram of an application of a method for enabling the transfer a first digital work from a first DRM system to a second DRM system residing on the same computing platform.
Fig. 2 is a block diagram of a further application of a method for enabling the transfer of a first digital work from a first DRM system to a second DRM system residing on the same computing platform.
Fig. 3 is a block diagram of another application of a method for enabling the transfer of a first digital work from a first DRM system to a second DRM system residing on the same computing platform.
Fig. 4 is a block diagram of an application of a method for enabling the transfer of a first digital work from a first DRM system residing on a first computing platform to a second DRM system residing on a further computing platform.
Fig. 5 is a block diagram of a further application of a method for enabling the transfer of a first digital work from a first DRM system to a second DRM system.
Fig. 6 is a block diagram of a DRM transfer process generator according to the present invention.
Fig. 7 is a block diagram of a system for enabling the transfer of a first digital work from a first DRM system to a second DRM system according to the present invention.
Fig. 8 is a block diagram of a system for enabling the transfer of a first digital work from a first DRM system to a second DRM system wherein the first and the second DRM system reside on the computing platform executing the DRM transfer process generator, as well as the configured DRM transfer process.
Throughout the drawing, the same reference numeral refers to the same element, or an element that performs the same function. The present invention can be used to enable the transfer of a first digital work from a first DRM system to a second DRM system. The present invention provides a flexible mechanism that aims to configure a DRM transfer process to enable the transfer of the first digital work. The configured DRM transfer process is used to transform at least part of a first access information into a second access information for use in the second DRM system, and in certain embodiments the configured DRM transfer process can also transform the first digital work itself.
The present invention uses the fact that each DRM system is able to access content using access information defined by that DRM system, and each DRM system is able to incorporate new content and place it under DRM control. As a result the first DRM system can provide characteristic information that allows the configured DRM transfer process to transform information such as keys, usage rights, and content into a plain text form. This plain text form information can be transformed into usage rights, and content suitable for use in the second DRM system by the configured DRM transfer process, provided the appropriate characteristic information needed for the transformation is provided by the second DRM system or a trusted third party.
The choice to configure a DRM transfer process to perform the actual transfer enables the present invention to support various types of DRM systems, even those that are introduced in the market after the market introduction of a DRM transfer process generator according to the present invention. Configuring of the DRM transfer process is handled by a DRM transfer process generator. The DRM transfer process generator is preferably a device, or a module of a device that is independent of the DRM systems involved in the transfer, but that uses a first and a second characteristic information to configure a DRM transfer process that is configured in dependence of the DRM systems involved.
An embodiment of the present invention depicted in Fig. 1, shows a block diagram of an application of the present invention for enabling the transfer of a first digital work 105 from a first DRM system 180 to a second DRM system 185. In this embodiment both DRM systems reside on the same computing platform 195. The computing platform 195 is connected to a network 190. The network may be a wired or wireless, proprietary network or public network and may be a hybrid network comprising different networks and network bridges. The network may be embodied by networks such as Bluetooth networks, GSM networks, UMTS networks, IEEE 801.11 networks, or even the Internet.
The network further comprises a first characteristic information provider 115, a second characteristic information provider 140, and a DRM transfer process generator 130 that is arranged to configure a DRM transfer process. The configured DRM transfer process 165 is transferred to a further computing platform 160 for execution, indicated by the data- stream 161.
The first DRM system 180 residing on the computing platform 195 utilizes a first access information 110 associated with the first digital work 105. The first access information 110 in this particular embodiment consists of a first key (not shown) and usage rights information (not shown) both associated with the first digital work 105. The first key and the usage right information are encrypted with a first master key (not shown) specific to the first DRM system 180 using a first cipher. The second DRM system 185 uses access information with a similar structure comprising a second key and usage right information, both encrypted with a second master key and using a second cipher.
In this particular embodiment the content residing in both the first DRM system 180 and that in the second DRM system 185, including the first digital work 105, are encrypted using the same content cipher, such as AES, with a binary 128-bit key, and identical choice of cipher mode.
Before transferring the first digital work 105 from the first DRM system 180 to the second DRM system 185 the DRM transfer process generator 130: retrieves the first access information 110 from the first DRM system 180, retrieves a first characteristic information 120 from the first characteristic information provider 115 after sending a request 125 to the first characteristic information provider 115. retrieves a second characteristic information 150 from the second characteristic information provider 140 after sending a request 135 to the second characteristic information provider 140, and uses the first and second characteristic information, and at least part of the first access information 110, to configure a DRM transfer process for transforming at least part of the first access information 110 into a second access information 175 for accessing the transferred first digital work 170 within the second DRM system 185.
In this particular embodiment the first characteristic information 120 comprises the first master key, as well as dynamic linkable object code that can be used for decryption of information encrypted using the first cipher. On the other hand the second characteristic information 150 comprises the second master key, as well as dynamic linkable object code that can be used to encrypt information using the second cipher. After configuring the configured DRM transfer process 165 this DRM transfer process 165 is transferred to the computing platform 160. Now the first digital work 105 can be transferred from the first DRM system 180 to the second DRM system 185.
When the configured DRM transfer process 165 is executed on the computing platform 160, the second access information 175 is created using the first access information 110. First, the encrypted first access information is decrypted, resulting in a plain text copy of the first key and the usage right information. Due to the fact that the content encryption mechanism is the same for both DRM systems, the first key may be used unaltered as the second key in the second access information. Subsequently the usage right information may be mapped from the first DRM system to the second DRM system.
The configured DRM transfer process 165 can then encrypt the plain text second access information into an encrypted second access information compatible with the second DRM system. The encrypted second access information is subsequently transferred to the second DRM system.
The master keys as used in the above embodiment are particular to the respective DRM systems. These master keys are used to encrypt usage rights independent of the content. These master keys are characteristic for the respective DRM system and clearly belong to the characteristic information and not to the access information.
In parallel to the execution of the configured DRM transfer process 165 the first digital work 105, may be transferred to the second DRM system 185. As both DRM systems apply a similar content encryption scheme, there is no need for re-encryption of the first digital work 105 in this embodiment. Once both are transferred to the second DRM system 185 it is possible to access the transferred first digital work 170 in the second DRM system 185 using the second access information 175.
The embodiment depicted in Fig. 1, involves a DRM transfer process generator 130 that is independent of the DRM systems. This alleviates at least part of the problems known from conventional interoperability solutions as the DRM transfer process generator may also be used together with DRM systems of a later date than the DRM transfer process generator, provided characteristic information is available for the DRM system. The embodiment in Fig. 1 further shows that it is possible to transfer the first digital work without modifications to the DRM systems involved. Moreover it illustrates that the first digital work may be transferred without sharing the first DRM system secrets with the second DRM system, other than the first key, the key used to access the content itself. The DRM transfer process generator 130 configures the DRM transfer process before it is executed. Configuring of the DRM transfer process may comprise, but is not limited to: arranging program code for a process that is configured to transform the first access information, parameterizing program code using e.g. particular key information from the first access information, verifying cryptographic signatures and/or certificates provided with the first and/or second characteristic information computed over the first and/or second characteristic information respectively, obfuscating and/or encrypting the arranged and or parameterized program code, cryptographically signing the program code, spawning a process on a computing platform that is configured to transform the first access information, configuring an existing (DRM transfer) process, for example by selecting particular sub-routines and selecting particular key values, and selecting a previously configured and stored DRM transfer process, for example by selecting a particular program from a program storage, such as a cache, and executing that program.
Configuring typically involves combinations of the aforementioned operations. Consider an embodiment wherein the decryption and encryption algorithms are provided as dynamically linkable object code as part of the characteristic information. Such object code may be combined with e.g. a standard DRM transfer process framework, resulting in a partially configured DRM transfer process. This partially configured DRM transfer process may at a later moment be further parameterized using e.g. key information from the first access information. This partial configured DRM transfer process is still independent on the first access information, and as a result may be further configured for individual transfer operations when needed. As a result the partial configured DRM transfer process is well suited for caching, in particular when transfer operations between the particular DRM systems occur frequently. Alternatively the process may be configured to transfer more than one digital work.
The embodiment depicted in Fig. 1 does require that both DRM systems use the same type of content encryption. This however can be remedied within the scope of the present invention, as shown in a further embodiment. Fig. 2 shows a further embodiment 200 of a method for enabling the transfer of a first digital work 105 from a first DRM system 180 to a second DRM system 185.
This embodiment differs from that depicted in Fig. 1 in that the first DRM system and the second DRM system use different content ciphers for content encryption, however both ciphers use keys of similar type and size.
Once more the DRM transfer process generator 130 retrieves the first access information 110, the first and the second characteristic information 120,150, and based on this information configures a DRM transfer process. The configured DRM transfer process is subsequently transferred to the computing platform 195 for local execution. Local execution is preferable as in this embodiment the configured DRM transfer process 165 not only transforms the first access information 110 but furthermore transforms the first digital work 105 itself. In doing so this embodiment reduces bandwidth requirements for communications over the network 190, and moreover eliminates the need for the further computing platform 160 (not shown).
The first and second characteristic information 120,150 used during configuring of the DRM transfer process in this embodiment further comprise dynamic linkable object code for the first and second content cipher respectively. As a result the DRM transfer process generator 130 can remain DRM independent. The DRM transfer process generator 130 further configures the DRM transfer process to: decrypt the first access information 110, and extract the first key for use in transforming the first digital work 105, configure the DRM transfer process to use the first key obtained from the first access information 110 as the second key when generating the second access information 175, and configure the DRM transfer process to use the first key to decrypt the first digital work 105 using the content cipher of the first DRM system 180 and subsequently use the first key to encrypt the plain text first digital work using the content cipher of the second DRM system 185.
After execution of the configured DRM transfer process 165 the first access information 110 will be transformed into the second access information 175, and the first digital work 105 will be transformed such that it is fit for use in the second DRM system 185. The transformed first digital work is then transferred to the second DRM system 185. The transfer of the transformed first digital work is indicated by the dashed arrow 170, the transferred first digital work by the end point of that arrow within the second DRM system 185.
This particular embodiment illustrates how the present invention enables the transfer of a first digital work 105 from a first DRM system 180 to a second DRM system 185, again without modifying the respective DRM systems. The DRM transfer process generator 130 used for configuring the DRM transfer process is not dependent on the DRM systems involved. This embodiment further shows that the first digital work 105 can be transferred without the need to transfer the first digital work over the network 190, thereby saving bandwidth and in case the network is the Internet also possibly saving the payment of a transmission royalty.
The first characteristic information 120 is used by the DRM transfer process generator 130 to configure the DRM transfer process for decrypting the first access information 110. Here the first characteristic information 120 is provided by a first characteristic information provider 115 over the network 190. The first characteristic information 120 may in other embodiments be supplied by other sources comprising e.g. the first DRM system 180 itself, a library of characteristic information associated with a particular DRM system, a library of characteristic information of DRM systems local to the DRM transfer process generator 130, or a central library of characteristic information of DRM systems. In order to establish authenticity of the first and/or second characteristic information, the characteristic information is preferably cryptographically signed, or encrypted, by a trusted third party, or by a characteristic information provider that is certified by a trusted third party. Using the signature/certificate the DRM transfer process generator 130 can verify authenticity of the characteristic information before use.
Although the characteristic information provider(s) will typically be associated with one of the DRM systems, they may be incorporated by a single entity that provides both the first and the second characteristic information.
In the embodiment 200 depicted in Fig. 2 the first key and the second key, part of the first and second access information respectively have an identical format. The present invention may also be applied to systems wherein the first and the second key do not have a common format, or where further requirements are imposed on key information by the second DRM system.
Fig. 3 depicts a further embodiment 300 of the present invention in the form of a remote transfer service that communicates with clients over the Internet. In this embodiment the first and the second DRM system use different content ciphers, with different key formats. As a result it will be necessary to have the second characteristic information provider also provide a second key 345 for re-encryption of the first digital work 105.
The second key 345 is provided by the second characteristic information provider 140 to the DRM transfer process generator 130, upon request 135 by the DRM transfer process generator 130. The second key 345 is then used to enable the configured DRM transfer process 165 to correctly transform the first digital work 105 to match the content encoding and/or encryption in the second DRM system 185.
In this embodiment the first digital work 105 is transformed in the transfer from the first DRM system 180 to the second DRM system 185, but does not leave the computing platform 305. Thereby enabling the transfer of content from one DRM system to another, and at least alleviating interoperability issues.
The configured DRM transfer process 165 may be further fitted with additional security checks to prevent tampering during the actual transfer. These checks may comprise verifying a checksum computed over the first digital work using a cryptographic hash, or verifying a checksum computed over the configured DRM transfer process itself (self-check). The configured DRM transfer process may also be tied to a particular computational platform, e.g. by including a check for a particular processor identifier, or calculating a hash over device identifiers of the computing platform and verifying this with a hash pre-computed during the configuring of the DRM transfer process. This of course would require that the DRM transfer process generator has access to such device identifiers. The above security checks thwart certain attacks by malicious parties, amongst which certain replay attacks.
The DRM transfer process generator 130 as depicted in Fig. 3 is particularly advantageous in that: the DRM transfer process generator 130 is flexible and need not comprise information with respect to the respective DRM systems, the first digital content remains local to the computing platform 305 and hence does not load the network, the configured DRM transfer process is executed locally thereby reducing the computational load for the remote transfer service, and both the first access information and first digital content may be transformed by the configured DRM transfer process, enabling complex transformations. Although the latter three embodiments focus on the transfer of a first digital work 105 from a first DRM system 180 to a second DRM system 185 on the same computing platform 205 the present invention is not limited thereto. Fig. 4 depicts a further embodiment 400 of the present invention that enables the transfer of a first digital work 105 from a first DRM system 180, on a first device 405, to second DRM system 185 on a second device 410. For the sake of simplicity of the example both the first and the second DRM systems in this embodiment have a compatible content protection mechanism, allowing the first digital work 105 to be transferred from the first DRM system to the second DRM system.
In order to enable the transfer of content from the first device 405 to the second device 410 similar steps are conducted as discussed for the embodiment depicted in Fig. 1.
The present invention may also be applied advantageously to transfer a first digital work 105 associated with a first party in a first DRM system 180 to a second DRM system 185, and in the process re-associate the first digital work to a second party in the second DRM system 185, regardless of the fact whether or not the first and second DRM system reside on the same computing platform. The present invention may even be used to enable the broadcast of the first digital work 105 by the configured DRM transfer process 165, provided that the first access information 110 allows such an operation.
As the present invention is not tied to a particular type of DRM system, it may be used in conjunction with: device-centric DRM systems wherein content is tied to a particular device, person-centric DRM systems wherein content is tied to a particular person, and/or authorized-domain-centric DRM systems as describe below.
It may even support the transfer of content from one type of DRM system to another type of DRM system.
In an Authorized Domain (AD), a domain policy prevails, i.e. rules governing the domain composition such as device domain membership must be complied with. Hence, in a DRM environment supporting an AD concept, the domain policy is complied with and content items such as movies, digital books and audio files, which are brought into the AD, are accessible from a limited number of compliant devices which are part of the AD.
Various proposals exist that implement the concept of ADs to some extent. In so-called device based ADs, the domain is formed by a specific set of hardware devices or software applications (referred to collectively as clients hereafter) and content. A domain manager, which can be one or more of the clients, a smart card or another device, controls which clients may join the domain. Only the specific set of clients in the domain (the members) is allowed to make use of the content of that domain, e.g. to open, copy, play or export it. Examples of such device-based ADs are given in international patent application WO 03/098931 (attorney docket PHNL020455), international patent application WO 05/088896 (attorney docket PHNL040288) and international patent application WO 04/027588 (attorney docket PHNL030283) by the same applicant, all of which are hereby incorporated by reference.
One type of device-based AD allows a set of clients bound to a domain to access content bound to that domain. This double binding assures that all the members can access the content. This structure is often established by implementing the bindings through a shared secret key. This key is chosen by a domain manager and distributed to all the members. When content is bound to the domain, the license is cryptographically linked to the domain by means of encryption with the shared key. Alternatively the content may be directly bound to one client, and the clients remain bound to the AD.
Another type of AD is the so-called person-based AD, where the domain is based on persons instead of devices. An example of such a system is described in international patent application WO 04/038568 (attorney docket PHNL021063) by the same applicant, incorporated herein by reference, in which content is coupled to persons, which then are grouped into a domain.
A so-called Hybrid Authorized Domain-based DRM system ties content to a group that may contain devices and persons. Examples of hybrid AD systems can be found in international patent application WO 2005/010879 (attorney docket PHNL030926) and in international patent application WO 2005/093544 (attorney docket PHNL040315), both incorporated herein by reference.
Fig. 5 depicts a further application of the present invention to enable the transfer of a first digital work 105. The particular embodiment depicted here resembles that of the embodiment depicted in Fig. 3. In this embodiment the first and the second characteristic information providers (115,140), are located in extensions of the first and the second DRM systems respectively (580,585).
With only minimal modifications to the original DRM systems, the DRM systems are extended, wherein the first extension 580 extends the first DRM system 180, and the second extension 585 extend the second DRM system 185. As a result of these extensions it is possible to include the first access information 110 in the first characteristic information 120. In addition the first characteristic information provider may also provide the DRM transfer process generator 130 with other information related to the first digital work, the first DRM system, or the computing platform 505.
Moreover the first and second characteristic information providers may prevent DRM related secrets from being exposed to the DRM transfer process generator 130. For example in order not to expose the first master key to the DRM transfer process generator 130, the first characteristic information provider 115, may set up a Secure Authenticated Channel (SAC) 120 with the DRM transfer process generator 130.
Information communicated over a SAC is generally encrypted, e.g. using a session key agreed upon by the parties involved. As a result the first characteristic information provider 115 may communicate the first access information to the DRM transfer process generator 130 as plain text; it is protected by the encryption of the SAC. As a result the first characteristic information provider no longer needs to send the first master key to the DRM transfer process generator 130. In doing so the first master key in the first DRM system is no longer exposed to the DRM transfer process generator 130 or the second DRM system 185.
The embodiment depicted in Fig. 5 is a particularly advantageous application of the present invention, as DRM specific secrets, such as master keys need not be shared with the DRM transfer process generator 130. The latter is particularly relevant when the DRM transfer process generator 130 is a remote transfer service. DRM system owners, and users alike will be reluctant to exchange information that may provide malicious parties access to their systems. Fig. 5 shows a solution wherein these secrets are removed from the content submitted to the DRM transfer process generator 130.
Fig. 6 depicts a block diagram of a DRM transfer process generator 130 according to the present invention. The DRM transfer process generator 130 comprises a first retrieval means 610 arranged to retrieve a first access information 110 associated with a first digital work (not shown). The first access information 110 may be used to access the first digital work within a first DRM system (not shown). The DRM transfer process generator 130 further comprises a second retrieval means 605 arranged to retrieve a first characteristic information 120 representative of the first DRM system. The third retrieval means 620 is arranged to retrieve a second characteristic information 150 representative of a second DRM system (not shown). The fourth retrieval means 615 is arranged to retrieve a second key 345.
The retrieved information is communicated with a configuring means 690 over an internal bus 630. The retrieved information is used by the configuring means 690 to configure a DRM transfer process 165 to transform the first access information 110 into a second access information (not shown) for accessing the transferred first digital work within the second DRM system.
In the embodiment show in Fig. 6 the configured DRM transfer process 165 is output in the form of data stream 161. Meanwhile intermediate, partially configured, processes are stored in a local storage means 625. As discussed earlier such partially configured DRM transfer process 635 can be processes that were configured using the first and the second characteristic information 120,150 but that have not been configured using the first access information 110. Such partially configured DRM transfer processes may be used to speed up the configuring, in particular when the characteristic information is only accessible over a busy network. Alternatively such an intermediate configured DRM transfer process 640 may be stored in an external repository 630, in order to allow other DRM transfer process generators in a network to benefit.
The functionality of the DRM transfer process generator 130 depicted in Fig. 6 is partitioned over various hardware components. However similar functionality may be obtained by implementation of the same operations on other hardware configurations, or even hybrid hardware/software combinations. It will be clear to those skilled in the art that a wide variety of implementations are conceivable, that range from pure hardware implementations, to combined hardware/software implementations, without departing from the scope of the present invention.
Fig. 7 depicts a system 700 for enabling the transfer a first digital work 105 from a first DRM system 180 to a second DRM system 185 according to the present invention. The system 700 comprises a DRM transfer process generator 130 as described earlier, a first device 705 comprising at least in part the first DRM system 180 comprising a first digital work 105 accessible by means of a first access information 110, and a second device 710 comprising at least in part the second DRM system 185.
The first DRM system 180 depicted in Fig. 7 is an authorized-domain-centric DRM system. The first device 705 is part of an authorized domain 715, and devices in that domain all comply to the domain policy. The first device 705 is a home network server that is used to transfer content from the home network onto the second device 710, a mobile video rendering device that is not part of the authorized domain 715 and that uses a proprietary device-centric DRM system.
The present invention may be applied advantageously in that it enables the transfer of a first digital work 105 from the first DRM system 180 to the second DRM system 185. In order for the DRM transfer process generator 130 to transform the first access information 110 into the second access information 175 the second characteristic information 150 also comprises the device identifier 720 of the second device 710. This enables the DRM transfer process generator 130 to configure the DRM transfer process and associate the second access information 170 to the second device 710 conform the requirements of the device-centric DRM system 185.
Fig. 8 depicts an embodiment of the present invention wherein the first DRM system 180, the second DRM system 185, the DRM transfer process generator 130, and the configured DRM transfer process 165 all reside on the same computing platform 805. This particular embodiment allows interoperability of DRM systems that can provide characteristic information 120, and 150 to the DRM transfer process generator 130.
This particular embodiment may be used advantageously by a person to migrate her content from a first DRM system 180 to a second DRM system 185, e.g. on a home network server 805 as part of a system upgrade. In this scenario, where typically the number of digital works to be transferred is substantial, the present application is particularly beneficial as it allows the user to migrate her content without the need to transmit it over a network to a conversion service, and as a result without having to transfer the entire content collection over a network, and possibly without the need to pay a transmission royalty for each transferred digital work.
Throughout the figure description decryption and/or encryption as well as key information are used as examples. It will be clear to the skilled person that the scope of the present invention is not limited to the transformation of decryption and/or encryption of key information, but also comprises, transforming usage right information, and or digital works. Moreover it will be clear that these transformation are not merely restricted to encryption and or decryption but may also comprise re-formatting, transcoding and other transformations using the first and second characteristic information.
The extent to which the present invention may transform content is determined by the characteristic information provided for each respective DRM system. The characteristic information may provide information that can be used to e.g. convert between different file formats used by the respective DRM systems. It may e.g. comprise two partial transcoders, one for each DRM system, that combined facilitate transcoding digital content in order to enable the transfer between different encoding schemes used in the respective DRM systems. It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design many alternative embodiments without departing from the scope of the appended claims.
In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps other than those listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements.
The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the device claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

Claims

CLAIMS:
1. Method for enabling the transfer of a first digital work (105) from a first DRM system (180) to a second DRM system (185) the method comprising the following steps: retrieving a first access information (110) associated with the first digital work (105), the first digital work (105) being accessible using the first access information (110) in the first DRM system, retrieving a first characteristic information (120) representative of the first DRM system (180), retrieving second characteristic information (150) representative of the second DRM system (185), and configuring a DRM transfer process using at least part of the first access information and at least part of the first and at least part of the second characteristic information (120,150) the process being suitable for: a) transforming at least part of the first access information (110) into a second access information (175) for accessing the transferred first digital work (170) within the second DRM system (185).
2. Method of claim 1, wherein the first DRM system (180) and the second DRM system (185) both at least in part reside in a local network.
3. Method of claim 2, wherein the configured DRM transfer process (165) is executed on a computing platform in the local network.
4. Method of claim 3, wherein the first DRM system (180) and the second DRM system (185) both at least in part reside on a computing platform (305) where the configured DRM transfer process (165) is executed.
5. Method of claim 1, wherein the configuring further comprises configuring the DRM transfer process for being suitable for: b) transferring the first digital work (105) from the first DRM system (105) to the second DRM system (185).
6. Method of claim 5, wherein the first access information (110) comprises a first key encrypted with a first master key associated with the first DRM system, and wherein the transferring b) comprises copying the first digital work (105) from the first DRM system (180) to the second DRM system (185), and the transforming a) comprises decrypting the first key and encrypting the first key using a second master key.
7. Method of claim 5, wherein the b) transferring of the first digital work (105) further comprises transforming the first digital work (105) for use in the second DRM system (185).
8. Method of claim 7, wherein the first characteristic information (120) comprises decryption program code for decrypting a digital work residing in the first DRM system (180) and the second characteristic information (150) comprises encryption program code for encrypting a digital work for the second DRM system (185).
9. Method of claim 8, wherein the transforming comprises: decrypting the first digital work (105) using at least part of the first access information (110) and the first characteristic information (120), and encrypting the decrypted first digital work (105) using at least part of the second access information (175) and the second characteristic information (150).
10. Method of claim 1, wherein the configuring further comprises configuring the DRM transfer process for being suitable for: c) transferring the second access information (175) to the second DRM system (185).
11. Method of claim 1 , wherein the configuring further comprises configuring the DRM transfer process for being suitable for: d) verifying whether the first DRM system (180) and the second DRM system (185) at least in part reside on the same computing platform.
12. Method of claim 1, wherein the configuring further comprises configuring the DRM transfer process for being suitable for: e) verifying that the program code is executed on a pre-determined computing platform as defined during the configuring.
13. Method of claim 1, wherein the first access information (110) is obtained in a secure manner from a first characteristic information provider (115) associated with the first DRM system (180), and wherein the first characteristic information provider (115) is arranged to preserve confidentiality of secrets from the first DRM system (180) necessary to access the first digital work (105) within the first DRM system (180).
14. Use of a DRM transfer process according to any one of the claims 1 to 13 for transferring a first digital work from a first DRM system (180) to a second DRM system (185).
15. DRM transfer process generator (130) for enabling the transfer of a first digital work (105) from a first DRM system (180) to a second DRM system (185) the DRM transfer process generator (130) comprising: a first retrieval means (410) arranged to retrieve a first access information (110) associated with a first digital work (105), the first digital work (105) being accessible using the first access information (110) in the first DRM system, a second retrieval means (405) arranged to retrieve a first characteristic information (120) representative of the first DRM system (180), a third retrieval means (420) arranged to retrieve a second characteristic information (150) representative of the second DRM system (185), and an configuring means (430) arranged to configure a DRM transfer process using at least part of the first access information and at least part of the first and at least part of the second characteristic information, the DRM transfer process being arranged to: a) transform the first access information (110) into a second access information (175) for accessing the transferred first digital work (170) within the second DRM system.
16. DRM transfer process generator (130) of claim 15, further comprising a fourth retrieval means (415) arranged to retrieve a second key (145) for use in the second DRM system (185).
17. DRM transfer process generator (130) of claim 15, further comprising a storage means (425) for storing partially configured DRM transfer processes.
18. System (700) for transferring a first digital work (105) from a first DRM system (180) to a second DRM system (185) the system (700) comprising: a DRM transfer process generator (130) according to claim 15, a first device (705) comprising at least in part the first DRM system (180) comprising a first digital work (105) accessible by means of a first access information (110), and a second device (710) comprising at least in part the second DRM system
(185).
19. System of claim 18, wherein the first device (805) and the second device (805) are one and the same device (805) that is furthermore operable as the computing platform (805) for the execution of the arranged DRM transfer process (165).
20. Computer program product comprising program code means stored on a computer readable medium generated according to the method of any of the claims 1 to 13 when said program product is run on a computer.
PCT/IB2007/051047 2006-04-03 2007-03-26 Method for enabling the transfer of a digital work WO2007113728A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US78876306P 2006-04-03 2006-04-03
US60/788,763 2006-04-03

Publications (2)

Publication Number Publication Date
WO2007113728A2 true WO2007113728A2 (en) 2007-10-11
WO2007113728A3 WO2007113728A3 (en) 2008-01-10

Family

ID=38543886

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2007/051047 WO2007113728A2 (en) 2006-04-03 2007-03-26 Method for enabling the transfer of a digital work

Country Status (1)

Country Link
WO (1) WO2007113728A2 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040158712A1 (en) * 2003-01-24 2004-08-12 Samsung Electronics Co., Ltd. System and method for managing multimedia contents in intranet

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040158712A1 (en) * 2003-01-24 2004-08-12 Samsung Electronics Co., Ltd. System and method for managing multimedia contents in intranet

Also Published As

Publication number Publication date
WO2007113728A3 (en) 2008-01-10

Similar Documents

Publication Publication Date Title
EP1817687B1 (en) Apparatus and method for supporting content exchange between different drm domains
Subramanya et al. Digital rights management
US20100257370A1 (en) Apparatus And Method for Supporting Content Exchange Between Different DRM Domains
US7975312B2 (en) Token passing technique for media playback devices
JP4366037B2 (en) System and method for controlling and exercising access rights to encrypted media
CN102882677B (en) The method of digital rights management
US7864953B2 (en) Adding an additional level of indirection to title key encryption
JP5351158B2 (en) Tethered device system and method
US8091137B2 (en) Transferring a data object between devices
US8224751B2 (en) Device-independent management of cryptographic information
US20080209231A1 (en) Contents Encryption Method, System and Method for Providing Contents Through Network Using the Encryption Method
KR101696447B1 (en) Method and device for managing digital content
US20080097923A1 (en) Method and apparatus for providing digital rights management content and license, and method and apparatus for using digital rights management content
US8347098B2 (en) Media storage structures for storing content, devices for using such structures, systems for distributing such structures
EP1390851A1 (en) A system and method for secure and convenient management of digital electronic content
WO2008039246A2 (en) System and method for drm translation
CN101610148B (en) Protection method of digital copyrights of peer-to-peer Internet network
US10574458B2 (en) Media storage structures for storing content, devices for using such structures, systems for distributing such structures
CN111818000B (en) Block chain-based distributed Digital Rights Management (DRM) system
JP2012533785A (en) Method and apparatus for digital rights management (DRM) in small and medium enterprises (SME) and method for providing DRM service
WO2009065342A1 (en) A method for importing rights object and a rights issuer
WO2007113728A2 (en) Method for enabling the transfer of a digital work
US20070220585A1 (en) Digital rights management system with diversified content protection process
Zhaofeng et al. Secure and flexible digital rights management in a pervasive usage mode
KR20070113510A (en) Method and device for security on digital rights management system

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07735254

Country of ref document: EP

Kind code of ref document: A2