CN101305394B - Transferring rights to media content between networked media devices - Google Patents
Transferring rights to media content between networked media devices Download PDFInfo
- Publication number
- CN101305394B CN101305394B CN2006800421061A CN200680042106A CN101305394B CN 101305394 B CN101305394 B CN 101305394B CN 2006800421061 A CN2006800421061 A CN 2006800421061A CN 200680042106 A CN200680042106 A CN 200680042106A CN 101305394 B CN101305394 B CN 101305394B
- Authority
- CN
- China
- Prior art keywords
- media
- media device
- content
- equipment
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 claims description 17
- 238000003860 storage Methods 0.000 claims description 6
- 238000004891 communication Methods 0.000 description 66
- 238000007726 management method Methods 0.000 description 15
- 238000005516 engineering process Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 5
- 239000000203 mixture Substances 0.000 description 5
- 230000004044 response Effects 0.000 description 5
- 238000000429 assembly Methods 0.000 description 4
- 230000000712 assembly Effects 0.000 description 4
- 238000012546 transfer Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000007704 transition Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- IRLPACMLTUPBCL-KQYNXXCUSA-N 5'-adenylyl sulfate Chemical compound C1=NC=2C(N)=NC=NC=2N1[C@@H]1O[C@H](COP(O)(=O)OS(O)(=O)=O)[C@@H](O)[C@H]1O IRLPACMLTUPBCL-KQYNXXCUSA-N 0.000 description 1
- 241001463014 Chazara briseis Species 0.000 description 1
- 241001269238 Data Species 0.000 description 1
- 230000033228 biological regulation Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000012010 growth Effects 0.000 description 1
- 230000033001 locomotion Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000001338 self-assembly Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/108—Transfer of content, software, digital rights or licenses
- G06F21/1084—Transfer of content, software, digital rights or licenses via third party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
- H04N21/2541—Rights Management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25808—Management of client data
- H04N21/25816—Management of client data involving client authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/414—Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance
- H04N21/41407—Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance embedded in a portable device, e.g. video client on a mobile phone, PDA, laptop
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/43615—Interfacing a Home Network, e.g. for connecting the client to a plurality of peripherals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/4367—Establishing a secure communication between the client and a peripheral device or smart card
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
- H04N21/4405—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/633—Control signals issued by server directed to the network components or client
- H04N21/6332—Control signals issued by server directed to the network components or client directed to client
- H04N21/6334—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
- H04N21/63345—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
- H04N21/835—Generation of protective data, e.g. certificates
- H04N21/8355—Generation of protective data, e.g. certificates involving usage data, e.g. number of copies or viewings allowed
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/101—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Multimedia (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Computer Graphics (AREA)
- Technology Law (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Facsimiles In General (AREA)
Abstract
A controller (900) for transferring media content rights between media devices comprising a memory (906), a user interface (910) and a transceiver (902). The memory (906) stores a list of media devices (914) capable of receiving the permissions associated with the media content from an originating device and an encryption key (920) that may be used to encrypt the permissions. The user interface (910) detects a user selection of a target device from the list of media devices (914). The transceiver (902) communicates an address (916) associated with the target device and the encryption key (920) to the originating device. Thus, the originating device is able to encrypt the permissions using the encryption key (920) and send the encrypted permissions to the address (916) associated with the target device.
Description
Technical field
The present invention relates generally to field of security schemes, it is used to protect the content that is sent to media device.More specifically, the present invention relates to digital rights management scheme, it is used to protect the media content that between the equipment of LAN, transmits.
Background technology
Digital content supplier comprises record company and books and periodicals publisher, owing to piracy has been lost a lot of incomes.Copyright protection technology such as the digital copyright management (DRM) of Open Mobile Alliance (OMA) is escorting digital Age expulsion content stealer.DRM is through preventing that bootlegging to content from coming that digital content is produced its life termination from it and protecting.
DRM is one group of technology, distribution and consumption that it provides means to come the control figure media object.In the typical case of DRM realized, copyright publisher (RI) authorized equipment the digital license that calls right objects (RO) according to specific authority set, so that equipment is used for consume digital media content object (CO).Usually use the document specification normative language,, come authority is stipulated like XrML or other similar language throughout.Because the extensive protection that DRM provided can be used it for various types of LANs.
One type LAN, i.e. home network, it is under a management domain.Particularly, home network is by the operated equipment of single tissue or administrative authority and the set of subnet.The assembly of supposing the territory is that mutual trust ground carries out interoperability between them, is to carry out interoperability with the mode of low degree of belief with other territories still.This and network domains model form contrast, and it possibly be under a plurality of management domains.
Home network is used any technology or service that can housed device be interconnected or make its robotization.Home network equipment can be fixing or move, just, can leave or add network at any time.Also can open or close each equipment at different time.Home network defines more specifically and comprises: consumer-elcetronics devices, computing machine and the peripheral hardware in the connection family forms the environment of an interconnection.Home network makes electronic equipment and the household electrical appliances in the family interconnect.These equipment also can seamlessly be connected to the Internet, and the advantage that increases content source is provided.But from the angle of entertainment company, the Internet access is also given should be with having brought huge threat at least.
Some home network are used the safety that the existence that relies on the home network server provides home network.Server is responsible for: memory contents, management be used for content safety ground be distributed to the key of housed device, with home network to content copyright publisher authentication and management and execution authority.Server normally is independent of the central equipment of other housed devices.The equipment that server is normally relatively heavier, it needs complicated configuration and setting.In addition, as central equipment, Single Point of Faliure possibly appear in server.If it breaks down, home network can not be visited any shielded content so.In addition, the user possibly be exactly that an equipment managing other equipment spends a large amount of expenses to unique function.Because these problems just need a solution to avoid the use of central server.
Other home network are used, and such as OMA DRM, need each home network equipment establishment and medium supplier's (entity of CO and RO promptly is provided) independently security association.So contact media supplier can cause traffic storm to obtain content between home network and medium supplier.This storm need carry out repetition to each media server that home network will be visited.To these application, do not need the webserver in the home network, and should use and use common Public Key Infrastructure (PKI).Yet the medium supplier can offer home network with the service of the webserver.Home network equipment must use these services, and what accompany with it is the forfeiture of home network privacy.
Also have other home network to use and use smart card to make home network and any DRM scheme cooperate.To these application, need two cards: transition card and terminal card.Transition card is deciphered RO from RI; The authority that receives is converted into the authority that has defined; The key that use is created by transition card comes contents encryption key is encrypted again, with secret key safety send to terminal card, and the contents encryption key that will encrypt again sends to terminal card.Terminal card is deciphered key, and uses it to come contents encryption key is deciphered.According to authority, terminal card possibly also need be published to the terminal that card is installed with password (challenge).
But, a lot of defectives are arranged based on the application of smart card.All equipment must have the ability that is connected with smart card, so can not comprise the equipment that those do not support smart card.This solution supposes that also all equipment all fixes, so can not extendability be provided to wireless device.So, do not support group management, and the mechanism of authentication or mandate in remote domain not.In addition, from the angle of authority, this application based on smart card is very limited.All authorities all are mapped to the limited authority set of definition, so RI also can be restricted in regulation offers user's permission type.
Description of drawings
Fig. 1 illustrates consistently with the present invention, is used for the diagrammatic sketch of the digital safety system of media content delivery system.
Fig. 2 is the diagrammatic sketch that illustrates with the significant components of the corresponding to digital safety system of the present invention.
Fig. 3 is another diagrammatic sketch that the digital safety system of Fig. 1 is shown.
Fig. 4 be illustrate with the present invention consistent, mutual procedure chart between communication facilities and publisher.
Fig. 5 illustrates with the present invention consistently, is used for the diagrammatic sketch of another digital safety system of media content delivery system.
Fig. 6 is another diagrammatic sketch of specific function that the media content delivery system of Fig. 5 is shown.
Fig. 7 be illustrate with the present invention consistent, the procedure chart of copyright publisher and media device.
Fig. 8 illustrates with the present invention consistently, is used to use the diagrammatic sketch of controller digital safety system of transfers media content copyright between networked media equipment.
Fig. 9 is the block diagram that the example components of Fig. 8 controller is shown.
Figure 10 is the process flow diagram that a kind of running of Fig. 8 digital safety system is shown.
Figure 11 is the process flow diagram that the another kind running of Fig. 8 digital safety system is shown.
Embodiment
The present invention has defined the framework and the agreement of the safety management that is used for LAN.For example, this framework can be applicable to the digital copyright management (DRM) that home network is used with agreement.Equipment is used as server logic, distributed, limited function, the function of its co-simulation webserver.Server capability is the value-added service in the equipment, rather than the major function of equipment.Server capability only is responsible for key management and authentication.
Different with the solution of other safety managements in LAN, our solution is used media device as webserver logic, distributed, limited function.Through with two primary clusterings; Be that key management is coordinated with issue; Add media device to, do not need independently, under the situation of server special-purpose, that concentrate, equipment has solved problem relevant with safety management in the LAN with distributed, cooperation way.
This framework has carried out balance with agreement to the needs of supplier's control and the needs of owner's privacy.And this framework and agreement are based on distributed system and method, and it has avoided the use private server.In addition, this framework allows when the home network received content, to close mobile phone with agreement.In addition, this framework and agreement be not except needing user's intervention from medium supplier chosen content.All all carry out on the backstage alternately automatically.Especially, the user does not need network is configured or any media device is programmed.
One side of the present invention is to be used for media content rights is sent to the controller of second media device from first media device, and first media device has the one or more authorities that are associated with media content therein.Controller comprises storer, user interface and transceiver.Memory configurations be can storage media devices tabulation, this media device can receive the authority that is associated with media content from first media device, and storer can be stored and is used for encryption key that authority is encrypted.Be configured to detect user's selection to second media device from list of media devices to user interface.Be sent to first media device to transceiver configuration for the address and the encryption key that will be associated with second media device; So that first media device can use encryption key to come authority is encrypted, and the authority after will encrypting sends to the address that is associated with second media device.
Another aspect of the present invention is the controller method that is used for media content rights is sent to from first media device second media device.First media device has the one or more authorities that are associated with media content.Confirm to receive from first media device tabulation of the media device of the authority that is associated with media content.Then, detect user's selection to second media device from list of media devices.Definite address that is associated with second media device.Then, address and encryption key are offered first media device.Therefore, first media device can use encryption key to come authority is encrypted, and the authority after will encrypting sends to the address that is associated with second media device.
With reference to Fig. 1, the corresponding to exemplary numbers security system 100 with the present invention is shown.System 100 comprises the wide area network (WAN) 102 of interconnection, is used for communicating with Local Area Network 104.Wide area network 102 typically is based on public and Internet Protocol (IP), and WAN has the mechanism that some are connected to LAN104.LAN104 and the nonessential IP that is based on.The instance of LAN104 is aforesaid home network.Details and the present invention of WAN102 being connected to the mechanism of LAN104 have nothing to do, but we suppose that WAN102 can communicate with at least one public ip address of mechanism.As shown in Figure 1, to an embodiment, WAN102 comprises that a plurality of wired and wireless communication networks transmit data on the Internet, and LAN104 is the home network with media device, and this media device can communicate through the Internet.
WAN102 comprises the medium supplier, or particularly, medium supplier's media server 106.Can obtain media content and creative work from media server 106, the user can visit media server 106 through using WAN102.The potential user can use remote agent or communication facilities 108, for example mobile phone or PDA(Personal Digital Assistant)) browse by medium supplier and content that media server provided thereof.Remote agent 108 can be a wireline equipment, but wireless device is more convenient for the purposes of the present disclosure.The instance of Wireless Telecom Equipment includes but not limited to, the computing equipment of mobile phone, PDA and one of use or multinomial following technology: analogue communication (using AMPS), digital communication (using CDMA, TDMA, GSM, iDEN, GRRS or EDGE) and next generation communication (using UMTS or WCDMA) and growth thereof; Equity or group (ad hoc) communication certainly, for example HomeRF, bluetooth and IEEE802.11 (a, b or g); And other wireless forms of communication.
Have mobile device 108, be labeled as supvr (Majordomo) in the drawings, the user can leave user's LAN104, and can the browsing media supplier, the media catalog that promptly on media server 106, provides.The user can determine to buy the content of multimedia such as film, play with the special time after the user goes home, but the user possibly want the different piece of content of multimedia is turned to the different media devices of LAN104.For example, the user possibly want display video part on such as the video media device 110 of flat panel TV; Audio plays part on such as the audio media device 112 of stero set; Videotex on such as the text media device 114 of computing machine.In addition, the user possibly want on audio media device 112, after the audio plays part, on the recording medium equipment 116 such as digital video recorder (DVR), to catch audio-frequency unit.
Can explain with reference to Fig. 1 and be used to realize that the user is the particular step of distribute media content to the aforesaid operations of LAN104.The user can use communication facilities 108 to communicate by letter with media server 106, and browses the various media contents or the content object that can obtain from the medium supplier.Then, communication facilities 108 can send to media server 106 with request and buys selected content object (CO), for example film from the medium supplier.In step 118, content object can comprise several compositions, for example video composition, audio frequency component and text composition.And request can comprise the request time that content object is offered user's LAN104.Then, in step 120, the medium supplier can be through confirming that sending to communication facilities 108 from media server 106 acknowledges receipt of order.At step 122-126, at request time, the medium supplier can with three independently object or stream offer LAN104 from media server 106, it can appear within the same number of frames or be synchronized with each other.For example, in step 122, the medium supplier can send to video media device 110 with the video composition, in step 124, audio frequency component is sent to audio frequency apparatus 112, and in step 126, the text composition is sent to text media device 114.If the user of communication facilities 108 hopes to store this one or more objects or stream, then LAN104 can comprise recording medium equipment 116, and it receives these objects or stream simultaneously, perhaps after other media devices 110-114, receives.For example, in step 128, the time after request time, audio media device 112 can be transmitted to recording medium equipment 116 with audio frequency component and record.
In Fig. 1, can be classified as three types: supvr (Majordomos), recluse (Recluse) and anonymous device (Hermit) with user-dependent equipment.The supvr, promptly communication facilities 108, are subscriber equipmenies, and it has the necessary assembly of the communications infrastructure of direct visit LAN104, and it enables the basis instrument with visit LAN by lan management person; It has the necessary assembly of visit WAN102, and its keeper by LAN enables with visit WAN; And it has the digital encryption certificate.Recluse, such as text media device 114, except it only allows the equipment among the LAN104 is received and sends the safe key, it has the characteristic the same with the supvr.Anonymous device such as equipment 110,112 and 116, is the media device among the LAN104, and it does not have the digital encryption certificate.
The embodiments of the invention balance requirement of two kinds of potential conflicts: supplier's control requires and possessory privacy requirement.From supplier's control requirement, which equipment the medium supplier must be able to control and consume shielded content.This requirement needs, because possibly safety defect arranged more known equipment, and the medium supplier possibly not hope to come content of consumption by these equipment.From possessory privacy requirement, the home network owner will those details that belong to the equipment of home network not reveal to the medium supplier.This requirement needs, to be used for guaranteeing the possessory privacy of home network.
With reference to Fig. 2, it illustrates the corresponding to exemplary numbers security system 200 with the present invention.Content owner 202 creates media content, and media content is offered content packager and/or distributor 204.Even should be appreciated that in Fig. 2 content packager and/or distributor 204 are shown single entity, but the function of content packager and/or distributor can be by sharing more than an entity.Content packager and/or distributor 204 offer LAN206 with media content, and the license location relevant with media content offered communication facilities 208.The media device of LAN206 can not use the media content that receives under licence 210 situation that media content are not fit to.So communication facilities 208 is retrieval licence 210 at the license location place, and licence is offered LAN206, receive media content so that the media device on the LAN can use from content packager and/or distributor.
Especially, content owner 202 creates or obtains digital document 212.Then, content owner 202 uses scrambler 214 that digital document 212 is encoded to the expressible form of media player, and promptly player can be used (player-ready) file 216.Content owner 202 offers content packager and distributor 204 with player file available 216.Content packager and/or distributor 204 use encryption device 218, through using contents encryption key or object encryption key formatted file are encrypted, so form content encrypted file 220.Content encrypted file is offered LAN206, or particularly, the media device of LAN.Content packager and/or distributor 204 are also confirmed address 222; The one or more positions that can find the licence relevant with content encrypted file 210 can be discerned in this address 222, and content packager and/or distributor 204 offer communication facilities 208 with this address.For example, the address can be URL (uniform resource locator), and it has stipulated to buy the position of the licence that comprises content decryption key.
If content encrypted file 220 is not found licence 210, communication facilities 208 is followed licence address 222 card that asks for permission so.Licence 210 comprises authority or authority set 224, that is, the type of service that the content owner allows also comprises content decryption key 226.Then, communication facilities 208 can be encrypted the known network privacy of one or more assemblies of content decryption key 226 usefulness LAN206, and the key after will encrypting offers LAN.In case receive the key after the encryption from communication facilities 208, the media device of LAN206 can use the content decryption key after network privacy is come enabling decryption of encrypted, and consumes media content according to the authority 224 of certificate 210.
About communication facilities 208, communication facilities comprises storer 228, transceiver 230 and is connected to storer and the processor of transceiver 232.The digital security certificate that storer 228 storages are associated with communication facilities, the certificate information that is associated with media device and the network privacy to the visit of media device is provided.Transceiver 230 sends digital security certificate and certificate information to the medium supplier, and receives and media content associated content key from the medium supplier.Processor 232 comes content key is encrypted according to network privacy, and the indication transceiver offers media device with encrypted content key.
With reference to Fig. 3, digital safety system 300 of the present invention comprises WAN302 and LAN304, and is based on public/private key encryption.WAN302 comprises the medium supplier, or particularly, medium supplier's media server 306.Communication facilities 308, promptly the media device 310-316 of supvr and LAN304 shares a network privacy, for example LAN decruption key or home network group key (HNGK).Group key is as the private key of between media device 310-316, sharing.Even in LAN304 inside a plurality of independent physical equipment 310-316 are arranged, copyright publisher (RI) and content publisher (CI) only need TSM Security Agent of authentication, and for example communication facilities 308.Communication facilities and publisher mutual only is the address of authentication LAN304, define objective LAN media device 310-316 and obtains content decryption key from RI.Communication facilities 302 need not stored any right objects (RO) or content object (CO) project.Should be noted that CI by medium supplier representative, but RI maybe be by medium supplier or the third party's representative that is associated with the medium supplier.
Still with reference to Fig. 3, in step 318, communication facilities or supvr 308 will send to media server 306 to the request of content object, and wherein request can comprise the transmission requests for content time.As response, in step 320, media server 306 sends to communication facilities 308 receiving Confirmation of Orders.Then, in step 322, communication facilities 308 is created the security association with media server 306, and obtains content decryption key from media server.In step 324; Communication facilities 308 obtains and media content associated content decruption key; Use the network privacy that is associated with the media device of LAN304 that content decryption key is encrypted, and the content decryption key after will encrypting send to one or more equipment of LAN.At request time, media server 306 can send to media device 310-316 with encrypted media content.For example, media server 306 sends to the video section of encrypting video media device 310, the audio-frequency unit of encrypting is sent to audio media device 312 and the textual portions of encrypting is sent to text media device 314.And recording medium equipment 316 can be recorded one or more parts.
With reference to Fig. 4, exemplary sequential chart 400 is provided, be illustrated in communication facilities of the present invention or supvr 402 and publisher 404, contingent signaling between 406.As stated, CI is by medium supplier representative, but RI can be by medium supplier or the third party's representative that is associated with the medium supplier.In step 408, communication facilities 402 sends to the content publisher with content object sign (COID), common apparatus title and LAN address.Because equipment can be selected from a plurality of media contents, so CO ID identification communication equipment 402 needed specific media content.Generic device name is called to transmit selectes media content and recognition objective equipment, for example dull and stereotyped TV, stero set and notebook computer.The LAN address is that LAN reaches media device identification transfer address, for example the IP address that is associated with it.In step 410, in response to request, CI404 returns order and identifies and confirm an order.
After CI receives affirmation, communication facilities 402 obtains the licence that is associated with the media content of LAN.In step 412, except the common apparatus title with the LAN address, communication facilities 402 also provides certificate that is associated with himself and the certificate that is associated with each media device, with himself with these equipment to the RI406 authentication.So communication facilities 402 also offers RI406 with the certificate information of media device.The certificate information that is associated with media device is the tabulation or the digital security certificate itself of the digital security certificate of a plurality of media devices of identification.This makes RI406 can check the voucher of media device.Notice that this step has been safeguarded the possessory privacy of LAN, is that which network equipment is associated with certificate because communication facilities 402 can not revealed.In step 414, if RI406 confirms that all certificates that are associated with communication facilities 402 and media device all are effectively, RI returns security association acceptance so.On the other hand, be effectively if RI406 fails to confirm the certificate that is associated with communication facilities 402, the failure of the security association between communication facilities and the RI so.Even the certificate that is associated with communication facilities 402 is effectively, if but finding that the certificate of one or more media devices is invalid, RI406 can confirm the security association failure, this depends on the mode of RI configuration.
In case the RI406 authentication communication device certificate and media device certificates, in step 416, communication facilities 402 is from RI406 request object key.In step 418, RI406 is with object key, and for example content decryption key sends to communication facilities 402, and will not send to communication facilities by RO.Then, communication facilities 402 is encrypted through using network privacy key to hold decruption key, and it is sent to the media device of LAN with affairs ID (transaction ID).
With reference to Fig. 5, provide with corresponding to another of the present invention to be used for the digital safety system 500 of media content delivery system.Digital safety system 500 of the present invention comprises WAN502 and LAN504, and is based on public/private key encryption.WAN502 comprises the medium supplier, or particularly, medium supplier's media server 506.Communication facilities 508, promptly the media device 510-516 of supvr and LAN504 shares a network privacy.Even a plurality of independently physical equipment 510-516 are arranged in LAN504 inside, but copyright publisher (RI) and content publisher (CI) only need TSM Security Agent of authentication, for example communication facilities 508.Communication facilities and publisher mutual only is the address of authentication LAN504, define objective LAN media device 510-516 and obtains content decryption key from RI.
For example, in step 518,508 pairs of content objects of communication facilities (CO), for example film sends request.Communication facilities 508 is the common apparatus title, and for example α, β and δ send to medium supplier's media server 506.Medium supplier and its media server 506 are not known the ability of media device alpha, β and δ, so the possessory privacy of LAN504 obtains maximization.Communication facilities 508 also offers RI to the certificate information of media device 504-516.This allows RI to check the voucher of media device 504-516.The certificate information of media device is the tabulation or the digital security certificate itself of the digital security certificate of a plurality of media devices of identification.In response to request, in step 520,506 pairs of communication facilitiess of medium supplier's media server 508 are confirmed to accept an order.
Then, in step 522, communication facilities 508 is created the security association with media server 506.Then, in step 524, communication facilities 508 obtains the object encryption key from media server 506, or particularly, content decryption key.And in step 524, communication facilities 508 uses network privacy, and for example home network group key (HNGK) is encrypted the object encryption key, and sends it to the mandate media device among the LAN504.After this, shown in step 526, medium supplier's media server 506 sends to media device 510-516 at request time with the encrypted media content.For example, media server 506 can send to the video section of encrypting video media device 510, the audio-frequency unit of encrypting is sent to audio media device 512 and the textual portions of encrypting is sent to text media device 514.
Digital safety system 500 shown in Figure 5 has several places different with system shown in the preceding figure.The main concern is module 528, and it is called agency network and inserts converter (proxy NAT).Module 528 is positioned among the gateway or router that is present among the LAN504.Should be noted that LAN504 can be a kind of among following three types of networks: public ip address is used based on IP and to equipment in (1), and private IP address is used based on IP and to equipment in (2), and perhaps (3) are non-based on IP.Shall also be noted that WAN502 is preferably IP-based.To the LAN504 of type (2) or (3), LAN must have gateway or the router that is connected to WAN502.To type (2), gateway or router are changed between the public ip address of the private IP address of LAN and WAN.To type (3), gateway or router are interconnected to employed technology among the LAN with IP-based WAN.So, act on behalf of in the existing gateway and router that NAT modular cartridge 528 can join the LAN504 that uses network type (2) or (3) configuration.Only in type (1), LAN possibly not have router or gateway.So the LAN with type (1) configuration need increase router or gateway support is acted on behalf of NAT module 528.
With reference to Fig. 6, can scheme to understand the function of acting on behalf of NAT module 528,628 with reference to this.As stated, communication facilities 608 is the common apparatus title, and for example α, β and δ send to medium supplier's media server 606.The medium supplier does not know the address of these media devices 610-614, but knows the address of the LAN604 that they belong to.So the medium supplier can link together the network address and common apparatus title, and the NAT module 628 of acting on behalf of that depends among the LAN604 is a physical device address with this address translation.Then, act on behalf of NAT module 628 and convert generic device names alpha, β and δ into physical address, and will be from the relays messages of medium supplier's media server 606 to media device 610-614.This process has been hidden the inner structure of LAN604 to medium supplier and its media server 606, and allows the user to name its media device and needn't consider the medium supplier.
For example, in step 618, communication facilities or supvr 608 be the common apparatus title, and for example α, β and δ send to medium supplier's media server 606.At this moment, the medium supplier does not know the ability of media device alpha, β and δ.Then, in step 620, medium supplier's media server 606 sends to the ability that LAN604 inquires media device alpha, β and δ with inquiry.Then, in step 622, each media device replys its ability to media server 606.For example, media device alpha 610 can be only to support the equipment of analog video to reply through indicating its ability.After this, in step 624, medium supplier's media server 606 was customized to CO the ability of each medium media device 610-614 before suitable content object (CO) being sent to corresponding media device.
With reference to Fig. 7, when copyright publisher (RI) 702 is ready to right objects (RO) when sending to media device 706, the ability of RI inquiry media device.Note because all media devices 706 and the shared identical network privacy of communication facilities, so equipment not need to RI702 come authentication himself.So in step 708,710, RI702 sends to each media device 706 to trigger messages (triggermessage), wherein trigger messages comprises affairs ID.Affairs ID will communicate by letter and the special object encryption key connects.In the step 418 of Fig. 4, affairs ID is exactly the ID that RI406 sends to supvr 402.In case media device 706 has been located affairs ID, in step 712,714, media device uses the description to the media device ability to respond RI702.This is described and allows RI702 to media device 706 customization CO.Then, in step 716,718, RI702 encrypts RO, and sends it to media device 706.
To other embodiment, act on behalf of NAT module 528,628 and can comprise and be used for form that media device is associated with particular address and/or ability.For example, acting on behalf of NAT module 528,628 can comprise media device identification and form corresponding to the address of media device.So the medium supplier can only know device identification to each media device of LAN, and does not know the complete characteristic or the ability of each media device.Yet acting on behalf of NAT module 528,628 can be through searching device characteristics in form, and each device identifier that the medium supplier is inquired about and the address of media device connect, so communication is sent to suitable equipment.
Act on behalf of NAT module 528,628 and can comprise form, this form comprises the ability of each media device, so when the medium supplier asks, need not inquire about each media device.For example, when the ability of medium supplier's media server request particular media device, act on behalf of NAT module 528,628 and can only in table, search the respective capabilities that device characteristics find media device.Refer again to Fig. 7, to this embodiment, because NAT module 528,628 do not need contact media equipment, so 710 in the step, 714 and 718 parts also no longer need.Certainly, in proper working order, acting on behalf of the form that NAT module 528,628 relied on need install additional in advance, and/or be updated periodically the ability of each media device.
The instance of the ability of media device includes but not limited to: video, picture, audio frequency and text capabilities.In each example, for example, ability comprises the expressible media formats of equipment.The instance of video format comprises: pure simulation, MPEG-2, MPEG-4, DivX, MJPEG, MJPEG2000, H.263, H.264, Sorenson etc.The instance of audio format comprises: monophony, stereo, surround sound, MP3, AAC, Ogg Vorbis etc.The instance of text formatting comprises: language, closed caption (closed-captioning), comment etc.
The present invention provides benefit to user, content provider and device manufacturers.The user can be benefited from the simplicity of using and disposing.Each user only needs configuration management person, and does not need configure user possibly join other equipment in the home network.Accomplish every other mutual between CI or RI and home network through the assembly of having implemented our solutions.Each user also enjoys multimedia and experiences.The user can buy any equipment and with any way that it is liked it named, and under the situation that does not have customer-side to play an active part in, the user can buy and use and it is play on various home network devices.
Content provider's copyright is through guaranteeing to use the home network key to come right objects and content object are encrypted, guaranteed home network process authentication, guarantee publisher's process authentication and guarantee that the authority of observing content is protected.In a sense, even when content was physically located on the subscriber equipment, the content provider continued controlling content.The real consumption that the DRM agency follows the trail of medium in the home network, and the authority of execution copyright owner defined.
The content provider also can provide content of multimedia, and wherein they charge separately to each part of content.They can charge to audio frequency, video and textual portions, if on the equipment that these contents are being separated, be used.In a sense, the supplier can be by the content charging of program request, rather than whole contents is carried out primary charging.Other instances comprise subscription business models, and wherein the user needs regularly to pay in its family, to keep content.
Device manufacturers also can benefit, because be used for the simple protocol of housed device low processing and storage overhead is provided, so to equipment lower cost is provided.The device access content is only needed simple configuration, and this has brought the property accepted extensively of product in user and content provider.
With reference to Fig. 8, digital safety system 800 is shown, be similar to other above-mentioned embodiment, the wide area network (WAN) 802 that it comprises interconnection is used for communicating with Local Area Network 804.WAN802 comprises the medium supplier, or particularly, medium supplier's media server 806.Can obtain media content and creative work from media server 106, the user can visit media server 106 through using WAN102.Media server 806 offers LAN804 with media content and/or creative work, so that the different piece of content of multimedia turns to the different media devices among the LAN.For example, can video section 808 be offered the video media device 810 such as flat panel TV; Audio-frequency unit 812 is offered the audio media device 814 such as stero set; Textual portions 816 is offered the text media device 818 such as computing machine.In addition, on audio media device 814 after the audio plays part, can be through catching audio-frequency unit such as the recording medium equipment 820 of digital video recorder (DVR).
The digital safety system 800 of Fig. 8 also comprises controller 822, can use it for and between audio and video medium equipment 814, networked media equipment 810, come transfers media content copyright 824.In Fig. 8, controller 822 is shown Wireless Telecom Equipment, such as above-described Wireless Telecom Equipment, it connects to come through radio communication and one or more media devices 810,814,818,820 communicate.Although controller 822 can be mobile phone, PDA or the computing equipment that uses various wireless communication technologys; But controller 822 is preferably used for equity or self-assembly; For example HomeRF, bluetooth and IEEE 802.11 (a, b or g); And the radio communication of other types, for example infrared and the technology of using non-permission/non-control frequency range.Although not shown in Fig. 8, should be appreciated that also and can controller 822 be connected to one or more media devices, or be integrated among these equipment.
For the digital safety system 800 of Fig. 8, can media content and/or one or more authority that is associated with media content be sent to target device from inchoation equipment.For example, but the audio-frequency unit 812 that user's listening to audio media device 814 of controller 822 is play, and possibly hope to come the listening to audio part through the loudspeaker of video media device 810 (it is actually the multimedia media device).Audio-frequency unit 812 can be stored on the audio media device 814, perhaps can it be flowed into audio media device in real time.If audio-frequency unit 812 is to be stored on the audio media device 814, controller 822 indicative audio media devices 814 are sent to video media device 810 with the authority of audio plays part so.If need, but controller 822 also indicative audio media device 814 audio-frequency unit 812 is sent to video media part 810, perhaps indicate media server 806 that streaming medium content is offered target device, perhaps as above example offers video media device 810.
When with media content or its part when a media device is sent to another media device, the user possibly hope that target device collects media content in the place that inchoation equipment suspends.For example, the user possibly hope to make a start media content when the midpoint one of media content stops to play, and target device just begins to play in the midpoint of media content.And, when with a part of media content when a media device is sent to another media device, the user possibly hope that target device carries out the translator unit and the remainder of media content synchronously.For example, when with audio-frequency unit 812 when audio media device 814 is sent to video media device 810, video media device should be carried out the execution of audio-frequency unit 812 with the corresponding video and/or the execution of textual portions 808,816 synchronously.From these reasons, if desired, also should synchronous and interim point information be offered target device.
Fig. 9 is the block scheme of example components 900 that the controller 822 of Fig. 8 is shown.Example components 900 comprises: one or more wired or wireless transceiver 902, processor 904, storer 906, one or more output device 908 and one or more input equipment 910.Each embodiment can comprise user interface, and it comprises one or more output devices 908 and one or more input equipments 910.Intraware 900 also can comprise the power supply 912 such as battery, is used for electric energy is offered other assemblies, and when controller 822 is mutually not integrated with one or more media devices, and making that controller 822 becomes can be portable.
The input and output device 908,910 of assembly 900 can comprise various video, audio frequency and/or machinery output.For example, output device 908 can comprise: picture output device, for example LCD and light emitting diode indicator; Audio output apparatus, for example loudspeaker, warning horn and/or hummer; And/or mechanical output device, for example vibrating mechanism.Likewise, for instance, input equipment 910 can comprise: video input apparatus, for example optical sensor (for example, camera); Audio input device, for example microphone; And mechanical input equipment, for example tilt sensor (flipsensor), keyboard, keypad, selector button, touch pad, touch-screen, capacitance type sensor, motion sensor and switch.Through using one or more these equipment 908,910, user interface detects the user to being stored in the selection of one or more media devices in the list of media devices in the storer 906.
Processor 904 can use the storer 906 of assembly 900 to store and retrieving information.Storer 906 storable information include but not limited to: operating system, application program and data.Particularly, storer 906 storage particular datas comprise: the address 916 of the tabulation 914 of media device, one or more equipment and safe key 918.914 pairs of media devices of list of media devices identify, and this media device can receive the authority that is associated with interested media content from a particular media device.Particularly, when inchoation equipment consumption media content or its part, if inchoation equipment sends list of media devices, so 914 pairs of list of media devices in LAN804 any or all other can consume media content or its part media device discern.The network address of address 916 identification medium equipment comprises inchoation equipment, if necessary, and target device.When from external unit, the for example acting server of other media devices, LAN804 (for example Fig. 5 act on behalf of NAT module) or media server 806, when receiving address 916, controller 822 is memory address 916 for good and all, or with its temporary transient storage.Can key 918, especially encryption key safe in utilization, the authority of the current media equipment that will be associated with media content is encrypted, and when being sent to other media devices to authority with box lunch, any possible security breach is minimized.Also can be on receiving media equipment, key 918, especially decruption key safe in utilization, it can be identical with encryption key or corresponding with it, comes authority is deciphered.
One or more transceivers 902 can be sent to inchoation equipment with address that is associated with target device and encryption key.After doing like this, inchoation equipment can use encryption key to come authority is encrypted, and the authority after will encrypting sends to the address that is associated with target device.Address that transceiver 902 will be associated with target device and safety or encryption key 918 are sent to the address that is associated with inchoation equipment, and also can decruption key 918 be sent to and make a start or target device.Transceiver 902 directly offers target device with decruption key 918, perhaps offers target device indirectly through inchoation equipment, so inchoation equipment can be transmitted to target device with decruption key.Transceiver also can offer inchoation equipment with signal, and this inchoation equipment can offer target device with the intermediate point of media content.
Perhaps, storer 906 also can be with storing with the authority 920 of media content or its part correlation couplet.For other embodiment, controller 822 need not stored the authority to any media device.To this alternate embodiment, if one or more media device can not be stored such information, controller 822 can be the central equipment that is used to store authority.And if these media devices can not carry out safe transmission, then controller can temporarily be stored from the authority that inchoation equipment receives, and it is forwarded to target device.
Be to be understood that Fig. 9 only is used for illustration purpose, and be the assembly that is used to explain the controller consistent 822, and be not intended to become the complete synoptic diagram of the desired various assemblies of controller with the present invention.So controller 822 can comprise not shown in Fig. 9 but still various other assemblies within the scope of the present invention.
Figure 10 is the process flow diagram that a kind of running 1000 of digital safety system 800 is shown.To this running, the user of controller 822 possibly hope that promptly inchoation equipment is sent to another media device, i.e. target device with media content or its a part media device from LAN804.In step 1010, when the user has expressed this hope to controller 822, controller is at its output device 908, and its display for example provides the tabulation of possible target device.Then, in step 1020, controller 822 waits for that the user selects particular target device from tabulation.Then, in step 1030, the address of 822 pairs of inchoation equipments of controller and selected target equipment is discerned.As stated, controller 822 can store the addresses in its storer 906,916, perhaps retrieves one or more addresses from external unit.Then, in step 1040, controller 822 can send to encryption key the address of inchoation equipment, and if decruption key different with encryption key, decruption key is sent to the address of target device.
In case slave controller 822 receives above-mentioned information, in step 1050, the encryption key that inchoation equipment can use slave controller to receive comes encrypting with one or more authorities of media content or its part correlation couplet.Then, in step 1060, inchoation equipment can be sent to target device with the authority with media content or its part correlation couplet.Inchoation equipment must means safe in utilization be sent to target device with authority, for example key encryption scheme or dedicated communication line.To an embodiment, as above-mentioned said with reference to Fig. 8, inchoation equipment also can send synchronizing information or interim point information to target device.
In step 1070; In response to the above-mentioned information that slave controller 822 and inchoation equipment receive, decruption key or public keys that target device can use slave controller to receive are deciphered the authority with media content or its part correlation couplet that receives from target device.After this, in step 1080, target device can be consumed media content or its part of deciphering.If the synchronizing information of receiving and/or interim point information, target device can use this information to confirm starting point and/or timing as content of consumption or its part so.
Figure 11 is the process flow diagram that the another kind running 1100 of digital safety system 800 is shown.In step 1110, same, at output device 908 places of controller, controller provides the tabulation of possible target device.Then, in step 1120, controller 822 waits for that the user selects particular target device from tabulation.Then, in step 1130, the address of controller 822 identification inchoation equipments, and if desired, the address of identification selected target equipment.As stated, controller 822 can store the addresses in its storer 906,916, perhaps retrieves one or more addresses from external unit.Then, in step 1140, controller 822 can send to encryption key and decruption key (if decruption key is different with encryption key) address of inchoation equipment.If inchoation equipment has, maybe can confirm, the address of target device, controller 822 can be only to inchoation equipment recognition objective equipment so.If inchoation equipment does not have, or be not sure of, the address of target device, controller 822 can offer inchoation equipment with the address of target device so.
In case slave controller 822 receives above-mentioned information, in step 1150, the encryption key that inchoation equipment can use slave controller to receive comes encrypting with one or more authorities of media content or its part correlation couplet.Then, in step 1160, inchoation equipment can be with the authority that joins with media content or its part correlation, and decruption key, and it maybe be identical or different with encryption key, is sent to target device.Inchoation equipment must means safe in utilization be sent to target device with authority, for example key encryption scheme or dedicated communication line.To an embodiment, as above-mentioned said with reference to Fig. 8, inchoation equipment also can send synchronizing information or interim point information to target device.
In step 1170, in response to the above-mentioned information that receives from inchoation equipment, target device can use the decruption key that receives from inchoation equipment or public keys that the authority that joins with media content or its part correlation is deciphered.After this, in step 1180, target device can be consumed media content or its part of deciphering.If the synchronizing information of receiving and/or interim point information, target device can use this information to confirm starting point and/or timing as content of consumption or its part so.
Although illustrated and described the preferred embodiments of the present invention, should be appreciated that the present invention is not limited to this.Do not departing under the prerequisite of liking the defined the spirit and scope of the present invention of claim enclosed, those those skilled in the art can implement various modifications, change, variation, replacement and equivalent.
Claims (10)
1. one kind is used for media content rights is sent to the controller of second media device from first media device, and said first media device has the authority that is associated with media content, and said controller comprises:
Storer is configured to the tabulation and the encryption key that can be used for said authority is encrypted of storage media devices, and wherein said media device can receive the authority that is associated with said media content from said first media device;
User interface is configured to detect user's selection to said second media device from the tabulation of said media device; And
Transceiver; The address and the said encryption key that are configured to be associated with said second media device are sent to said first media device; So that said first media device can use said encryption key to come said authority is encrypted, and the authority after will encrypting sends to the address that is associated with said second media device.
2. controller as claimed in claim 1, wherein said transceiver further are configured to is sent to the address that is associated with said first media device with said address and said encryption key.
3. controller as claimed in claim 1, wherein said transceiver further are configured to offers said second media device with decruption key.
4. controller as claimed in claim 1, wherein said transceiver further are configured to offers said first media device with decruption key, so that said first media device can be transmitted to said second media device with said decruption key.
5. controller as claimed in claim 1, wherein said transceiver further are configured to offers said first media device with signal, so that can the intermediate point of said media content be offered said second media device.
6. one kind is used for media content rights is sent to the method for second media device from first media device, and said first media device has the authority that is associated with media content, and said method comprises:
The tabulation of identification media device, wherein said media device can receive the authority that is associated with said media content from said first media device;
Detect user's selection to said second media device from the tabulation of said media device;
Definite address that is associated with said second media device; And
Said address and encryption key are offered said first media device, so that said first media device can use said encryption key to come said authority is encrypted, and the authority after will encrypting sends to the address that is associated with said second media device.
7. method as claimed in claim 6 also comprises the step of the address of confirming to be associated with said first media device.
8. method as claimed in claim 6 wherein offers said first media device with said address and encryption key and comprises decruption key is offered said second media device.
9. method as claimed in claim 6; Said first media device wherein said address and encryption key offered said first media device and comprises decruption key is offered said first media device, so that can be transmitted to said second media device with said decruption key.
10. method as claimed in claim 6 wherein offers said first media device with said address and encryption key and comprises that the intermediate point that makes it possible to said media content offers said second media device.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US27135305A | 2005-11-10 | 2005-11-10 | |
| US11/271,353 | 2005-11-10 | ||
| PCT/US2006/060430 WO2007059377A2 (en) | 2005-11-10 | 2006-11-01 | Transferring rights to media content between networked media devices |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101305394A CN101305394A (en) | 2008-11-12 |
| CN101305394B true CN101305394B (en) | 2012-10-10 |
Family
ID=38049341
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2006800421061A Active CN101305394B (en) | 2005-11-10 | 2006-11-01 | Transferring rights to media content between networked media devices |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101305394B (en) |
| WO (1) | WO2007059377A2 (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8458454B2 (en) | 2007-08-24 | 2013-06-04 | Mitsubishi Electric Corporation | Conditional access apparatus |
| CN101458747B (en) * | 2008-12-24 | 2011-09-14 | 华为终端有限公司 | Method and apparatus for providing digital copyright list |
| CN104067590A (en) | 2012-01-27 | 2014-09-24 | 惠普发展公司,有限责任合伙企业 | Permissions for exploitable content |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6385596B1 (en) * | 1998-02-06 | 2002-05-07 | Liquid Audio, Inc. | Secure online music distribution system |
| CN1645797A (en) * | 2005-01-28 | 2005-07-27 | 南望信息产业集团有限公司 | Method for optimizing safety data transmission in digital copyright managing system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2002019134A1 (en) * | 2000-08-28 | 2002-03-07 | Digitalowl.Com, Inc. | System and methods for the flexible usage of electronic content in heterogeneous distributed environments |
| CA2527668A1 (en) * | 2003-06-02 | 2004-12-16 | Liquid Machines, Inc. | Managing data objects in dynamic, distributed and collaborative contexts |
-
2006
- 2006-11-01 WO PCT/US2006/060430 patent/WO2007059377A2/en active Application Filing
- 2006-11-01 CN CN2006800421061A patent/CN101305394B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6385596B1 (en) * | 1998-02-06 | 2002-05-07 | Liquid Audio, Inc. | Secure online music distribution system |
| CN1645797A (en) * | 2005-01-28 | 2005-07-27 | 南望信息产业集团有限公司 | Method for optimizing safety data transmission in digital copyright managing system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2007059377A2 (en) | 2007-05-24 |
| WO2007059377A3 (en) | 2008-04-03 |
| CN101305394A (en) | 2008-11-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101310544A (en) | A device and method for tracking usage of content distributed to media devices of a local area network | |
| CN101288082A (en) | Digital security for distributing media content to a local area network | |
| US8751800B1 (en) | DRM provider interoperability | |
| CN104471913B (en) | Indicate and process content is transmitted and the content-encrypt in transmission and rights management | |
| CN102546176B (en) | DNS security is supported in multiagent environment | |
| CN102318257B (en) | For the cipher key distribution scheme of information network | |
| US7770229B2 (en) | System and method for the propagation of DRM protected content | |
| US20060259852A1 (en) | System, method and framework for universal access to content and services | |
| US20070271106A1 (en) | System and method for secure internet channeling agent | |
| US20120303967A1 (en) | Digital rights management system and method for protecting digital content | |
| CN101288285A (en) | Privacy proxy of a digital security system for distributing media content to a local area network | |
| WO2007018711A2 (en) | Method and apparatus for providing protected digital content | |
| CN104365127B (en) | Method for following the trail of mobile device in remote display unit | |
| US20070104104A1 (en) | Method for managing security keys utilized by media devices in a local area network | |
| WO2007099609A1 (en) | Device authentication system, mobile terminal device, information device, device authenticating server, and device authenticating method | |
| JP2010531511A (en) | Content sharing method and system using removable storage | |
| EP1955279B1 (en) | Transferring rights to media content between networked media devices | |
| CN101305394B (en) | Transferring rights to media content between networked media devices | |
| CN101218587B (en) | Method, system and devices for digital content protection | |
| JP2006099415A (en) | Content distribution system, content distribution method, equipment authentication server and method for controlling equipment authentication server | |
| US20060218260A1 (en) | Device and method for network information accessing | |
| JP2008011097A (en) | Attribute authentication method, key management apparatus, service provision destination apparatus, service provision source apparatus, and attribute authentication system | |
| WO2007059378A2 (en) | A method for managing security keys utilized by media devices in a local area network | |
| CN117528150A (en) | GB35114-2017 protocol-based security system and method | |
| KR100808617B1 (en) | Internet media channel broadcasting system using media internet channel station connecting media server assigned media domain name based media channel ip and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: MOTOROLA MOBILE CO., LTD. Free format text: FORMER OWNER: MOTOROLA INC. Effective date: 20110107 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20110107 Address after: Illinois State Applicant after: MOTOROLA MOBILITY, Inc. Address before: Illinois State Applicant before: Motorola, Inc. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| C56 | Change in the name or address of the patentee | ||
| CP01 | Change in the name or title of a patent holder |
Address after: Illinois State Patentee after: MOTOROLA MOBILITY LLC Address before: Illinois State Patentee before: MOTOROLA MOBILITY, Inc. |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20160707 Address after: California, USA Patentee after: Google Technology Holdings LLC Address before: Illinois State Patentee before: MOTOROLA MOBILITY LLC |