WO2012080972A2 - Storage media - Google Patents
Storage media Download PDFInfo
- Publication number
- WO2012080972A2 WO2012080972A2 PCT/IB2011/055690 IB2011055690W WO2012080972A2 WO 2012080972 A2 WO2012080972 A2 WO 2012080972A2 IB 2011055690 W IB2011055690 W IB 2011055690W WO 2012080972 A2 WO2012080972 A2 WO 2012080972A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- access key
- content
- transit
- storage area
- master
- Prior art date
Links
- 238000004891 communication Methods 0.000 claims abstract description 29
- 238000000034 method Methods 0.000 claims abstract description 16
- 238000007726 management method Methods 0.000 claims description 32
- 238000013475 authorization Methods 0.000 claims description 18
- 238000012546 transfer Methods 0.000 claims description 5
- 238000012545 processing Methods 0.000 claims description 4
- 230000000977 initiatory effect Effects 0.000 claims description 3
- 230000004913 activation Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
Definitions
- the present invention relates to storage media and more specifically, to a storage media with secure content access management systems.
- the content can be downloaded via data networks like general packet radio service (GPRS) or using 3rd Generation (3G) technology or any other wireless / data packet communication technology. In either case, a good quality connection is required to avoid frequent disconnections or failure during download. Further, based upon the user subscription, there may be a cap on the content size or usage period or the number of files etc. that can be downloaded and used through the data pipe. Also, the content to be downloaded may be protected via an encryption algorithm like digital rights management (DRM) technology. DRM technology enables content owners to specify and control the access rights they want to give consumers and the conditions under which it is given.
- DRM digital rights management
- the content can be unlocked using existing DRM solutions like -
- the present invention obviates the aforesaid drawbacks and provides a storage media that includes a first storage area with pre-loaded content, a second storage area hosting at least one master access key, and a third storage area that includes an application programming interface (API) that processes a transit access key such that the application programming interface converts the transit access key to the master access key.
- API application programming interface
- the present invention provides a processing system that includes a controller and a storage device.
- the storage media includes a first storage area with preloaded content, a second storage area hosting at least one master access key, and a third storage area that includes an application programming interface that processes a transit access key such that the application programming interface converts the transit access key to the master access key.
- the present invention provides an application server that includes a subscriber profile management system, a content ID management system that stores the content details, a billing / authorization key delivery system that permits delivery of the transit access key upon authorization and a transit key management system that generates a transit access key based upon the subscriber profile, the content details and authorization from billing / authorization key delivery system.
- the present invention provides a method for generating a master access key on a storage media to access encrypted content.
- the method includes the step of sending a transit access key request for the accessed encrypted content to an application server. Thereafter, the method receives a transit access key and processes the transit access key to obtain a master access key required to decrypt the encrypted content.
- the transit access key and the master access key is unique for each content that is accessed.
- FIG. 1 illustrates the environment in which the present invention is implemented.
- FIG. 2 illustrates a communication device 104 held by a subscriber 102 in accordance with an embodiment of the present invention.
- FIG. 3 illustrates an application server 114 in accordance with an embodiment of the present invention.
- FIG. 4 illustrates a method of generating master access key in accordance with an embodiment of the present invention.
- FIG. 1 illustrates the environment in which the present invention is implemented. It includes a subscriber 102 who is associated with one or more communication devices 104 to 110 for accessing content stored in the storage media of the communication devices 104 to 110.
- the device 104 may be a Global System for Mobile Communications (GSM), or Code Division Multiple Access (CDMA) or Wideband Code Division Multiple Access (WCDMA) mobile telephone with an internal / external storage media which can be used to conduct wireless / wired telephone calls and to send Short Messaging Service (SMS) messages.
- GSM Global System for Mobile Communications
- CDMA Code Division Multiple Access
- WCDMA Wideband Code Division Multiple Access
- the device 106 may be a desktop workstation with internal and / or external storage media which operates an email client for sending and receiving emails.
- the device 108 may be a business phone with internal storage media for conducting telephone calls over wired telephone network such as the Public Switched Telephone Network (PSTN).
- PSTN Public Switched Telephone Network
- the device 110 may be a laptop computer with internal / external storage media which can be used to send and receive emails via a Wireless Local Area Network (WLAN).
- WLAN Wireless Local Area Network
- the devices 104 to 110 are connected to a communications network 112, either through a wired or a wireless connection.
- the communications network 112 may be a telecommunications network or a data network which is adapted to transmit packet based and circuit based communication data.
- the communications network 112 may be used to transmit text and/or video and/or audio and/or multimedia content.
- the subscriber 102 communicates with an application server 114 via the communications network 112 using one or more of the communication devices 104 to 110.
- the application server 114 includes a subscriber profile management system 116, a content ID management system 118 that stores the content details, a transit key management system 120 that communicates with subscriber profile management system 116 and the content ID management system 118, and a billing / authorization key delivery system 122.
- the application server 114 is composed of one or several interlinked computers that mean a hardware platform, a software platform based on the hardware platform and several application programs executed by the system platform formed by the software and hardware platform. The functionalities of the application server 114 are provided by the execution of these application programs which are stored on a storage medium on the application server 114.
- FIG. 2 illustrates a communication device 104 held by subscriber 102 in accordance with an embodiment of the present invention.
- the communication device includes a controller 202 and a storage media 204.
- controller 202 controls the communication device 104 .
- storage media 204 for simplicity other components of the communication device 104 are not shown in the diagram. The functioning of such components is known in the art.
- the storage media 204 has a first storage area 206, a second storage area 208 and a third storage area 210.
- the first storage area 206 stores pre-loaded content.
- the pre-loaded content may be loaded by a vendor from whom the storage media is purchased or preloaded by the subscriber 102 via for example, a file transfer protocol or any known technology. Alternately, the content may be pre-loaded by downloading the content over wireless / wired internet connections.
- the storage media 204 as explained using exemplary devices 104 to 110, can be an internal storage media or an external storage media to the communication device.
- the internal storage media includes without limitation memory cards / internal memory / flash memory, etc while the external storage media includes without limitation memory cards, flash cards, universal serial bus (USB) drives etc..
- the pre-loaded content is wrapped with an encryption mechanism, for example, digital rights management (DRM) or 16 / 128 / 256 bit or more encryption algorithm and needs proper authorization keys to allow usage. Unless the pre-loaded content is unwrapped and authorized for use, it can not be used for playback.
- Pre-loaded content in the context of the present invention refers to content that is stored in the first storage area of the storage media and is required to be unwrapped /authorized prior to its usage.
- the pre-loaded content includes audio files, video files, multimedia files, games, applications, or service initiation links.
- the second storage area 208 is relatively smaller in size when compared to first storage area 206.
- the second storage area 208 maybe about 5 MB while the first storage area 206 maybe about 995 MB in a 1 GB storage media 204.
- the second storage area 208 is a secure area as it hosts master access key.
- the content master access keys are DRM activation keys, which are used to unwrap and authorize the DRM protected content.
- the master access key maybe codes used to open the wrapped pre-loaded content.
- the wrapped preloaded content is stored in the first storage area 206 on the storage media 204 and cannot be accessed by anyone as the master access keys are not available in the first storage area 206.
- the third storage area 210 stores one or more application programming interfaces.
- the application programming interfaces process a transit access key received from the application server 114 and converts the transit access key to the master access key.
- the controller 202 stores the transit access key in the first storage area 206 and the master access key in the second storage area 208.
- the controller 202 controls / executes the functionalities / applications stored on the storage media 204.
- each content that is loaded on the first storage area 206 has a unique transit access key / master access key associated to it and may be wrapped for a separate delivery capability (for example, open mobile alliance (OMA) 2.0 compatible). Further, the transit access key / master access key for same content but different subscribers will be different too.
- OMA open mobile alliance
- the controller 202 executes the APIs that process the transit access key / authorization keys corresponding to the content to be unwrapped.
- the transit access keys are stored in the first storage area 206.
- the master access key is generated using the transit access key and internal logic stored in the first storage area 206. This master access key is mapped to the content being used and limits the usage as per the rights detailed in the transit and the master access key.
- the transit access key may be delivered over a short message service (SMS) or a wired / wireless connection or may be pre-stored at the first loading point of the content on the storage media.
- SMS short message service
- the controller 202 executes a master application 212 stored in the first storage area 206.
- the master application 212 sends a transit access key request to the application server 114.
- the transit access key request includes without limitation content ID, subscriber identity requesting the key, price point, activation key details for time / duration / access rights and the like.
- the transit access keys are delivered to the master application on the storage media 204 over, for example, SMS / http either after being generated by the application server 114 or the transit access key details are accessed by the master application from the first storage area 206.
- the transit access key is processed by the application API for creating a master access key which is then stored in the second storage area 208.
- This master access key is different from the transit access key delivered over SMS / http as the transit access keys could be intercepted and used by anyone to access and use the content.
- This master access key creation capability ensures that the actual activation keys / master access keys are not available to anyone but only to the master application and adequate content usage security is ensured.
- These master access keys are delivered through the application API.
- This second storage area 208 has a password access and allows the API to read / write into this secure area 208 once the password is verified.
- the master application seeks the content hosted on the first storage area 206. If the content is present and if it is wrapped, it calls for the master access key stored within the second storage area 208 on the storage media 204. This check is performed as it is possible that the storage media hosts free content along with encrypted content.
- the master access key mapped to this content is accessed and is used via the API to unwrap the content on the storage media 204.
- the master application requests the application server 114 to deliver the transit access key for the corresponding content. On receipt of the transit access key, the master application allows the API to generate the master access key which is then stored in the second storage area 208.
- FIG. 3 illustrates the application server 114 in accordance with an embodiment of the present invention.
- the application server 114 includes a subscriber profile management system 116, a content ID management system 118, a transit key management system 120, and a billing / authorization key delivery system 122. While the subscriber profile management system 116 and the content ID management system 118 are separate databases hosted at the application server 114, it is possible that the two databases are hosted as a common database.
- the subscriber profile management system 116 hosts details of the subscribers like subscriber name/ uniquelD, subscribed content, address, etc while the content ID management system 118 hosts details like content type, content price, content time duration mapped to the pricing, etc.
- An application runs on the application server 114 which is designed to handle and service requests from communication devices 104 to 110 received via communications network.
- the application may be composed of one or more server applications that are executing on one or more servers corresponding to transit key management system 120 and billing / authorization key delivery system 122.
- application may coordinate with other software on communication devices 104 to 110 to accomplish its tasks.
- the transit key management system 120 receives a transit access key request from the subscriber 102 for delivery of a transit access key mapped to a particular content item stored in the storage media 204.
- This transit access key request includes without limitation content ID, subscriber identity requesting the key, price point, activation key details for time / duration / access rights and the like.
- the transit key management system 120 manages the generation and delivery of transit activation. For this purpose, the transit key management system 120 exchanges data with the subscriber profile management system 116, the content ID management system 118 and the billing / authorization key delivery system 122.
- the transit key management system 120 communicates the billing price points / delivery requests associated with the received transit access key request with the billing / authorization key delivery system 122. Once the transit key management system 120 obtains an authorization to allow the transit access key delivery to the storage media 204 from system 122, it generates the transit access key. In an embodiment, the authorization may be with any billing associated to the request, for example, the request to authorize access to a movie XXX for a period of 30 days against a payment of INR 100 or can be free for a week or demo trials. Alternately, it could be a simple authorization against the access rights allowed to the subscriber for the same. Thereafter, the transit key management system 120 delivers the transit access key to the master application hosted on the storage media 204 over for example, SMS / http, mapping the access rights against the content ID.
- FIG. 4 illustrates a method of generating master access key in accordance with an embodiment of the present invention.
- the controller launches the master application at step 402.
- the master application coordinates the data stored in the first storage area (FSA), second storage area (SSA) and the third storage area (TSA).
- the master application ascertains whether the content to be accessed from the first storage area 206 is free or encrypted at 404. If the content is free, the master application permits display / playback of the content at 406. If the content is encrypted, the master application checks the second storage area 208 for the master access key for the corresponding content at 408. If the master access key is found, the master application transfers control to the password controlled API to allow display / playback the content at 406.
- the master application further checks the first storage area if the transit access key is stored in the first storage area at 410. If the transit access key is stored, the master application transfers control to API to allow processing of the transit access key and generation of master access key there from for the requested content at 412. The control is then transferred to step 406.
- the master application sends transit access key request to the application server at 414.
- the application server generates the transit access key based upon without limitation, price point, content type etc and sends it to the communication device at 416.
- the master application transfers the control to password controlled API at step 412 to allow processing of the transit access key and generation of master access key there from for the requested content.
- the present invention is more secure than the traditional encryption approaches and doesn't need multiple infrastructure elements to be implemented. Further, the subscriber may have an option to preview the content before purchasing.
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
IN2995DE2010 | 2010-12-15 | ||
IN2995/DEL/2010 | 2010-12-15 |
Publications (3)
Publication Number | Publication Date |
---|---|
WO2012080972A2 true WO2012080972A2 (en) | 2012-06-21 |
WO2012080972A3 WO2012080972A3 (en) | 2012-08-16 |
WO2012080972A8 WO2012080972A8 (en) | 2013-01-17 |
Family
ID=46245165
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2011/055690 WO2012080972A2 (en) | 2010-12-15 | 2011-12-15 | Storage media |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2012080972A2 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150039475A1 (en) * | 2013-08-02 | 2015-02-05 | OverDrive, Inc. | Point of sale system and method for sampling and purchasing digital content |
CN110233723A (en) * | 2019-04-28 | 2019-09-13 | 新大陆(福建)公共服务有限公司 | A kind of secondary key management method and safety chip |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060010074A1 (en) * | 2004-07-09 | 2006-01-12 | Zeitsiff Adam M | Delivery and storage system for secured content library |
US7110982B2 (en) * | 2001-08-27 | 2006-09-19 | Dphi Acquisitions, Inc. | Secure access method and system |
US7194092B1 (en) * | 1998-10-26 | 2007-03-20 | Microsoft Corporation | Key-based secure storage |
US20080022088A1 (en) * | 2006-06-06 | 2008-01-24 | Red Hat, Inc. | Methods and systems for key escrow |
US20080215896A1 (en) * | 2003-02-25 | 2008-09-04 | Steve Bourne | Issuing a Publisher Use License Off-Line in a Digital Rights Management (DRM) System |
US7568111B2 (en) * | 2003-11-11 | 2009-07-28 | Nokia Corporation | System and method for using DRM to control conditional access to DVB content |
-
2011
- 2011-12-15 WO PCT/IB2011/055690 patent/WO2012080972A2/en active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7194092B1 (en) * | 1998-10-26 | 2007-03-20 | Microsoft Corporation | Key-based secure storage |
US7110982B2 (en) * | 2001-08-27 | 2006-09-19 | Dphi Acquisitions, Inc. | Secure access method and system |
US20080215896A1 (en) * | 2003-02-25 | 2008-09-04 | Steve Bourne | Issuing a Publisher Use License Off-Line in a Digital Rights Management (DRM) System |
US7568111B2 (en) * | 2003-11-11 | 2009-07-28 | Nokia Corporation | System and method for using DRM to control conditional access to DVB content |
US20060010074A1 (en) * | 2004-07-09 | 2006-01-12 | Zeitsiff Adam M | Delivery and storage system for secured content library |
US20080022088A1 (en) * | 2006-06-06 | 2008-01-24 | Red Hat, Inc. | Methods and systems for key escrow |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150039475A1 (en) * | 2013-08-02 | 2015-02-05 | OverDrive, Inc. | Point of sale system and method for sampling and purchasing digital content |
CN110233723A (en) * | 2019-04-28 | 2019-09-13 | 新大陆(福建)公共服务有限公司 | A kind of secondary key management method and safety chip |
Also Published As
Publication number | Publication date |
---|---|
WO2012080972A8 (en) | 2013-01-17 |
WO2012080972A3 (en) | 2012-08-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113347206B (en) | Network access method and device | |
CN102231746B (en) | Method for validating identification information and terminal thereof | |
KR101944800B1 (en) | Method and apparatus for downloading drm module | |
CN104520805B (en) | According to the security application ecosystem with key and data exchange of company information control strategy | |
EP1859351B1 (en) | Network-distributed data routing | |
US9100497B2 (en) | Method, system and apparatus for managing persona-based notifications at a communication device | |
KR101489725B1 (en) | Methods, systems, and apparatus for content licensing | |
CN111064757B (en) | Application access method and device, electronic equipment and storage medium | |
CA2693723C (en) | Automatic license key injection | |
US20170303075A1 (en) | System and method for playing licensed music based on bluetooth communication cross-reference to related application | |
US20110197264A1 (en) | System and method for remote media access | |
US20130013912A1 (en) | Systems and Methods for Securing Media and Mobile Media Communications with Private Key Encryption and Multi-Factor Authentication | |
CN102739708A (en) | System and method for accessing third party application based on cloud platform | |
US20120291142A1 (en) | Method and apparatus for providing drm service | |
EP2036234A2 (en) | Method and apparatus for effecting the return of a rights management object | |
CN103501344A (en) | Method and system for realizing single sign-on of plurality of applications | |
WO2023030450A1 (en) | Data sharing method and electronic device | |
CN104486388A (en) | Accessing method and device of cloud storage file | |
WO2008021041A2 (en) | Systems and methods for conducting secure wired and wireless networked telephony | |
KR100848540B1 (en) | Apparatus and method for managing right of contents in mobile communication system | |
US11042364B2 (en) | One click application asset distribution | |
WO2014166227A1 (en) | Method, apparatus, and device for adding plug-in in address book | |
TW201220122A (en) | Software authorization system and method | |
US8387148B2 (en) | Secure rights protection for broadcast mobile content | |
WO2023005838A1 (en) | Data sharing method and electronic device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 11849472 Country of ref document: EP Kind code of ref document: A2 |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205N DATED 22/08/2013) |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11849472 Country of ref document: EP Kind code of ref document: A2 |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 11849472 Country of ref document: EP Kind code of ref document: A2 |