ENFORCING A DRM / IPMP AGREEMENT IN A MULTIMEDIA CONTENT DISTRIBUTION NETWORK
FIELD OF THE INVENTION
[0001] The present invention relates to distribution of data over a network to a device configured to receive the data. More particularly, the present invention relates to automatically enforcing an agreement between a distributor and a user of the data.
BACKGROUND OF THE INVENTION [0002] Distributors of analog or digital data (e.g., movies, television programs, live telecasts, sound recordings, software, computer games, pictures, etc.) over a network typically desire to maintain some level of control over the subsequent use or further distribution of the data. For instance, generally the user is prohibited from copying and distributing the data to another person. [0003] Additionally, some distributors may limit the time in which the data is transmitted to a terminal for a user. For example, cable companies that offer a video-on-demand (VOD) service generally allow a person to view a program within a twenty-four hour time period. After this time period, the cable company no longer transmits the program. This is problematic for some users because they may be unable to view the program within twenty four hours. A user is then charged a second time to reorder the same program. Distributors of cable services are also not benefited by this limited time period. Some users may forgo obtaining a program through the VOD service since they may be unable to view the program within twenty four hours. Additionally, downloading a program during peak hours may be problematic due to the limited available bandwidth. It is therefore desirable to have a method that addresses these disadvantages.
BRIEF DESCRIPTION OF THE DRAWINGS [0004] The present invention will become more fully understood from the detailed description and the accompanying drawings, wherein:
[0005] Figure 1 is a block diagram of a network system that ensures
automatic enforcement of an agreement in accordance with one embodiment of the present invention;
[0006] Figure 2 is a block diagram of a peer-to-peer system that ensures automatic enforcement of an agreement in accordance with one embodiment of the present invention;
[0007] Figure 3A is a block diagram of a client/server system that ensures automatic enforcement of an agreement in accordance with one embodiment of the present invention;
[0008] Figure 3B is a block diagram of a virtual network that ensures automatic enforcement of an agreement in accordance with one embodiment of the present invention;
[0009] Figure 4 is a functional block diagram illustrating an analog cable network for transferring a work from a distributor to a receiving device in accordance with one embodiment of the present invention; [0010] Figure 5 is a functional block diagram illustrating a digital cable network for transferring a work from a distributor to a receiving device in accordance with one embodiment of the present invention;
[0011] Figure 6 is a schematic diagram of a receiving device in accordance with one embodiment of the present invention; [0012] Figure 7 is a flow diagram of one method of enforcing at least one condition of an agreement in accordance with one embodiment of the present invention;
[0013] Figure 8 is a flow diagram demonstrating encryption and decryption of a data file according to the present invention; [0014] Figure 9 is a flow diagram showing encryption of a data file with a master key according to one embodiment of the present invention;
[0015] Figure 10 is a flow diagram showing encryption of selected blocks with secondary keys according to one embodiment of the present invention; [0016] Figure 11 is a flow diagram showing the generation of dual- encrypted blocks according to one embodiment of the present invention;
[0017] Figure 12 is an flow diagram showing the encryption of a data
file in accordance with one embodiment of the present invention;
[0018] Figure 13 is a block diagram demonstrating access of a digital file during a third use in accordance with one embodiment of the present invention; [0019] Figure 14 is a block diagram demonstrating the use of footprint files and footprint data according to one embodiment of the present invention; and
[0020] Figure 15 is a block diagram showing the use of pirated e-mails to prevent unauthorized use of a digital file according to one embodiment of the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS [0021] The present invention uses a computer-implemented method to automatically enforce an agreement between a distributor and a user of a work (e.g., a movie, etc.). The work is sent from a distributor to a receiving device over a network. A copy of the work is stored on a storage medium associated with the receiving device. A user activates a play function on the receiving device to play the work. A request to play the work is then sent from the receiving device to the distributor over a network. A determination is made as to whether a user is entitled to play a work on the receiving device. If the work has been played a maximum number of times or for a maximum time period, the request to play the work is denied. In contrast, if the work has not reached a pre-established limit, an enabler is sent from the distributor to the receiving device. The enabler allows the work to be played. By implementing techniques of the invention, a user is able to download and view the work at his leisure which encourages more users to rent or purchase more works from the distributor.
[0022] To better understand the present invention, an agreement, a condition, and a work are defined. An agreement is a manifestation of mutual assent on the part of two or more persons. Although the term agreement is typically associated with the term "contract," agreement is generally interpreted more broadly. For example, an agreement may lack an essential term of a
contract. A variety of information may be included in an agreement such as data related to a terminal (e.g., a receiving device, a recorder/player, etc.) that receives the work, a description of the work, the distributor's account number for a user, the cost to the user for renting or purchasing the work, a statement prohibiting copying and distributing the work to other parties, and/or a variety of other conditions.
[0023] A condition may be a future event, a restriction, a qualification, a limitation, or the like. A condition of an agreement may relate to, for example, playing or presenting the work on a terminal based upon a time period, a number of times to play the work, limited to a particular terminal, or any combination thereof.
[0024] A work is data (e.g., analog or digital data). The work, typically fixed in a storage medium, includes an audiovisual work (e.g., movies, computer games etc.), an audio work (e.g., sound recording etc.), or a visual work (e.g., picture, a computer program etc.). While a work is generally protected by copyright law, the scope of the definition of a work may include data that may not be protected by copyright law.
[0025] Details of the present invention are set forth such that Section I describes the systems that are used to enforce agreements; Section Il describes the rental and purchase models for the agreements and enforcement of at least one condition of the agreement; Section III presents one method of enforcing at least one condition of the agreement; and, Section IV describes limiting the play, the use, or the presentment of a work based upon the number of times the work is played or used. [0026] Headings are used to present the description in a manner that is easier to follow and should not be interpreted as limiting the present invention in any way. Additionally, the description of the preferred embodiments is merely exemplary in nature and is in no way intended to limit the present invention, its application, or uses. I. SYSTEMS FORENFORCINGAN AGREEMENT
[0027] Figure 1 is a block diagram of a system 5 that is used to enforce at least one condition of an agreement between a distributor and a user
of the work. A distributor is a person, an entity, or a business. A distributor of a work is exemplified by the service providers (SP) 10A-10D or the ISP 20. The SP 10A-10D create, license, or sell works to the ISP 20. The SP 10A-10D are configured to transfer audio, visual, or audiovisual content of a work over communication links 15A-15D to the ISP 20. For example, BLOCKBUSTER VIDEO 10B provides DVDs or videos whereas the game provider 10C provides games that are able to be distributed by the network 40. The SP 10A-10D also may include music providers (e.g., Sony, BMG, etc.), television program providers (e.g., cable companies etc.), Internet service providers (e.g., America Online, MSN, etc.), satellite companies, or other like businesses, entities, or parties.
[0028] The ISP 20 unifies the SP 10A-10D. The ISP 20 creates, owns or is able to license or to sell at least one copy of a work to a user. The ISP 20 includes a VOD server 25, an electronic programming guide (EPG) server 30, a database 23, and a network 40.
[0029] The VOD server 25 and the EPG server 30, coupled to the network 40 through the communication link 22, perform a variety of controlling operations. For example, the EPG server 30 transfers data onto the communication link 22 to the network 40 to allow an EPG to be presented on a graphical user interface (GUI) of one of the terminals 50A-50E. From the EPG, a user is able to determine and then select a program that he or she wishes to view. In comparison, the VOD server 25 provides a program (e.g., movie, television show, etc.) that is transferred via the network 40 to one of the terminals 50A-50E (e.g., a set-top box (STB), a recorder, a player, a recorder/player, an integrated television (TV) etc.).
[0030] The ISP 20 and/or the SP 10A-10D may include a database 23 to store data (e.g., the agreement, etc.). Alternatively, the ISP 20 may embed data (e.g. the agreement, copy control information etc.) into the work itself before the work is transferred to a terminal 50A-50E. The network 40 such as a head- end is configured to receive, store, or transfer data (e.g., a work, an agreement, etc.) over a communication link 160 to the terminals 50A-50E. A head-end is the facility at a local cable TV business that originates and communicates cable TV
services and cable modem services to users of the terminals 50A-50E. The network 40 may also poll terminals 50A-50E for data. Polling for data is a form of requesting or checking for information from the terminals 50A-50E. For example, the network 40 may need to determine how many times a work has been locally activated at one of the terminals 50A-50E.
[0031] The network 40 may be an analog cable network 105 illustrated in Figure 4, a digital cable network 145 illustrated in Figure 5, a wide area network (WAN), the Internet, a terrestrial or a satellite network. The analog cable network 105 in Figure 4 includes a distributor 110 that generates cable signals over cable 118. The cable drops 122A, 122B, 122C, 122D ..., and 122N provide the cable signals to cable boxes 126A, 126B, 126C, 126D and 126N at customer locations. In addition to the use of an analog cable, the work may be transferred over a digital cable network 145 and channels as shown in Figure 5 by using, for example, a cable standard such as the OpenCable™ standard. OpenCable™ is a standard that has been defined by cable operators to provide digital cable-ready devices using a common platform.
[0032] A typical terminal or receiving device 152D, shown in Figure 6, may include a recorder 190 that stores the work on a storage medium. A storage medium includes fixed, networked, or a portable storage medium. Some examples of a portable storage medium include a secure digital (SD) card, a memory stick, a memory card, a DVD, a CD, smart card, a pluggable security module (PSM) 187 such as a POD or a cableCARD etc. The receiving device 152D also includes a GUI 182, a front panel 184, a PSM slot 186 configured to receive a PSM 187 and a radio frequency (RF) input 188. A decoder 189, shown in ghost lines, may be used to enforce an agreement through enabling or disabling a work as described in greater detail below.
[0033] The PSM 158 and the PSM 187 shown in Figures 5 and 6, provide security and authentication of the user, the terminal, and the agreement. Referring to Figure 5, the PSM 158 communicates data to the distributor 110 using an out-of-band (OOB) channel 164C over the cable 164A to the distributor 110. Alternatively, the PSM 158 passes data to the devices such as the STB 152B, the integrated TV 152C, the receiving device 152D, or the host 152E. The
security component 159, embedded into the STB 152A, also performs security and user authentication. The STBs 152A and 152B, the receiving device 152D, the integrated TV 152C, and the host 152E are described in greater detail below.
[0034] The STB 152A and 152B are commonly used to receive and decode digital television broadcasts. The STB 152A and 152B also interface with a network such as the Internet. The STB 152B falls into several categories from the simplest that receive and unscramble incoming television signals to the more complex that function as multimedia desktop computers that can run a variety of advanced services such videoconferencing, home networking, IP telephony, VOD, and high-speed Internet TV services.
[0035] The integrated TV 152C also includes a STB (not shown). Additionally, the host 152E is either a STB or a receiving device configured to store and to execute a DTV middleware platform such as the OpenCable™ Application Platform implementation. [0036] The recorder/player 154, coupled to the STB 152B, is configured to record and/or to play (or present) the work to a user. In another embodiment, the recorder/player 154 is configured to store data such as the agreement, or a key.
[0037] In addition to the system 5 illustrated in Figure 1 , techniques of the present invention may be implemented through various other networks, such as a peer-to-peer network (Figure 2), a client/server network (Figure 3A) and a virtual network (Figure 3B). The peer-to-peer network such as the system 300, represented in Figure 2, includes a first client 310, a communication link 302, and a second client 313. The first and second clients 310, 313 possess similar or the same capabilities. For example, the first and the second clients 310, 313 are computers (e.g., laptop computer, a personal digital assistant, a cellular phone, or other like device) or a playing device (e.g., a recording device, a legacy device such as Walkman, etc.) that are able to perform either wireless (e.g., Bluetooth, Ethernet, WIFI, etc.) or wired communication to connect with communication link 302. Either the first or the second client 310, 313 initiates a session with the other client. Communication link 302 may be a point-to-point link, a network link, or it may be a line that transfers data alone. Additionally,
skilled artisans appreciate that either the first or the second clients 310, 313 may represent a virtual public kiosk, which is not typically associated with a user.
[0038] Figure 3A represents a client/server network 357 that may also be used to implement techniques of the present invention. The work, the agreement, and the enabler are sent from the server 165 over the communication link 302 to the client 310 provided the conditions described herein are present.
[0039] Figure 3B illustrates a private virtual network 359 with a first LAN 360 located in one area (e.g. an office area etc.) controlled by the user and a second LAN 362 located in another area (e.g. a home of the user). The first and the second LANs 360, 362 each include a plurality of terminals 50A-50E. In this embodiment, one of the terminals 50A-50E of the first LAN 360 downloads the work and the enabler from the network 40. The work and the enabler is communicated to one of the terminals 50A-50E on the second network 362 through wireless or wired connections.
A. Authentication and Authorization of the User or the Terminal [0040] Before a work is transferred by the network 40 to one of the terminals 50A-50E of Figure 1 , the user or the terminal 50A-50E is authenticated. Authentication by the network 40 uses conventional techniques to verify the identity of a user or the terminals 50A-50E in Figure 1. Authentication may involve validating data. Validating data typically involves using a password, a personal identification number (PIN), a cryptographic key provided by a user or a unique identification number associated with the terminal 50A-50E. Authorization is the process of establishing and enforcing a user's rights and/or privileges to access a work. Logical access controls are utilized to authorize and enforce a user's access to and actions towards specified resources. After the user and/or the terminal 50A-50E has been validated and authorized, an agreement to purchase or rent a work is executed between the distributor and the user of the work. B. Execution of an Agreement
[0041] Execution of an agreement is a process of completing the formalities of entering into a binding agreement. Specifically, an ISP 20
transmits an agreement over the communication link 160 to the terminals 50A- 5OE. The user of one of the terminals 50A-50E or an intelligent agent acting on behalf of the user reviews the agreement. The user is then presented with an option of either accepting or rejecting the agreement. Once the user or the intelligent agent accepts the agreement, the work is then is downloaded to a storage medium in or connected to one of the terminals 50A-50E. C. Validation of the Agreement
[0042] Generally, before a terminal 50A-50E is able to receive a work or an enabler to use the work, the agreement may undergo a validation process. The network 40 uses conventional techniques to determine that the rental agreement is associated with a particular terminal and/or user. The rental agreement may undergo a validation process before or at the time a user attempts to use the work. In one embodiment, rent-to-purchase agreements may also be validated at the time the work is purchased by the user. In another embodiment, a sublicensing agreement is validated at the time the work is transferred to the sublicensee. Once the agreement is validated, the work is transferred to one of the terminals 50A-50E. II. AGREEMENT MODELS
[0043] Given this description of the systems, the following discussion describes techniques of the present invention related to a rental model and to a purchase model. The rental model involves a temporary use, presentment, or playing of the work whereas the purchase model involves an actual conveyance of at least one copy of the work. Each of these models is described below. A. Rental Model [0044] The rental model includes a rental agreement, a rental convertible agreement (i.e., rent-to-purchase agreement), and a sublicensing agreement (i.e., a third party in privity with either the licensee or licensor). The rental model allows a consumer to play, use, or present a work during a rental period in exchange for some type of compensation. The rental period is exceeded once a condition is met. The condition may be based upon time (e.g., a time-period extending from the date the work is delivered until some maximum time limit), the number of times the work is presented, a combination of these
two conditions, or limiting the use of the work on one of the terminals 50A-50E. Other suitable conditions may also be used. In exchange for complying with these conditions, a user is allowed to make a local copy of the work in one of the terminals 50A-50E. [0045] The rental model encompasses at least two scenarios for enforcing an agreement. In the first scenario, enforcement of the agreement occurs in a system in which the terminals such as the receiving device 152D of Figure 6 is continuously coupled to the network 40 through wireless or wired connections the communication link 160 in Figure 1. In this embodiment, the ISP 20 through the network 40 may require a continuous pulse that verifies a continuous connection with one of the terminals 50A-50E. In the second scenario, enforcement of the agreement occurs in a system in which one of the terminals 50A-50E is not continuously coupled to the network 40. In this latter scenario, the work may be delivered either when the network 40 is temporarily established between one of the terminals 50A-50E and the network 40 or the work is delivered through some other means not involving the network 40.
1. The Terminal is Continuously Coupled to the Integrated Services Provider
[0046] There are numerous ways to enforce an agreement between a distributor and a user when a terminal 50A-50E is continuously connected to an
ISP 20. First, the work may be downloaded to one of the terminals 50A-50E and the agreement may be stored at the ISP 20. In this embodiment, one of the terminals 50A-50E sends a request to use or to play a work over the communication link 160 to the ISP 20. The ISP 20 determines whether the user is entitled to the work and then responds with rejecting the request or providing an enabler to one of the terminals 50A-50E. The enabler allows the work to be used by a user of one of the terminals 50A-50E. The enabler may be uniquely identified with the work, the terminal, and/or the decoder 189 of the receiving device 152D. The types of enablers is discussed in greater detail below. [0047] Whether the rental period has been exceeded may be accomplished, for example, by linking the rental agreement for the terminal 50A-
5OE to a register at a particular address in the database 23 of the ISP 20 shown
in Figure 1. In this method, the register, which is associated with that particular receiving device 152D through a unique identifier (e.g., user identification number), is initially set to "0" indicating that the rental period has not yet been exceeded. Once the rental period is exceeded, the network 40 changes the register value from "0" to "1 " and then stores this data in database 23. If the user again attempts to play a locally stored work, the network 40 rejects the request from the terminal 50A-50E.
[0048] A second way in which to enforce the agreement involves storing the agreement in the PSM 187 or in an encrypted format at the terminal. The work is stored in another medium at the terminal. In this embodiment, enforcement of the agreement or of an encrypted agreement is performed by the terminal 50A-50E. Specifically, the terminal 50A-50E determines through a trusted element (e.g., a decoder 189 of Figure 6, a security module, a trusted computing module, etc.) whether the work has been activated k times or has exceeded the time period for that particular work.
[0049] Third, an agreement and the work may be locally stored in an encrypted or an unencrypted format at one of the terminals 50A-50E. In this embodiment, the user activates a play function on the terminal 50A-50E where the work is locally stored. The terminal 50A-50E accesses the encrypted agreement to determine whether the rental period is exceeded.
[0050] Fourth, the work may be stored at the ISP 20 whereas the encrypted agreement is stored at one of the terminals 50A-50E. In this embodiment, the user activates a play function on the terminal 50A-50E. The terminal 50A-50E determines whether the rental period is exceeded. If it is not exceeded, the terminal 50A-50E requests that the ISP 20 send the work over the communication link 160 to one of the terminals 50A-50E. Additionally, the terminal 50A-50E enforces the terms of the encrypted agreement such as by maintaining copy control over the work. For example, the terminal 50A-50E prevents additional copies from being made on terminal 50A-50E. [0051] Fifth, an extension of the fourth embodiment includes peer-to- peer authentication process. In this embodiment, one of the terminals 50A-50E is connected to another terminal of the terminals 50A-50E. An encrypted
agreement is stored along with an enabler in the first terminal. The work may be stored in the first terminal or at another terminal 50A-50E. In this embodiment, the first terminal prevents the second terminal from making further copies by not sending an enabler after the second terminal used a single enabler. In another embodiment, the first terminal customizes the enabler for the second terminal. For example, the enabler may include the IP address of the second terminal, a key exchange process, a certificate exchange process, or any other suitable process that limits the enabler to a single use. Additionally, since the enabler may be configured to operate solely on the second terminal, there is no incentive to make copies of the work for use on other terminals.
[0052] The enablers used in the preceding discussion may be configured to be unique to the work, the terminal, the decoder of the terminal, the agreement, and/or an intelligent agent. Enablers include, but are not limited to, a mapping table, a content key(s), metadata (e.g., a table of contents, indexes, etc.), or a program_clock_reference (PCR) off-set.
[0053] A mapping table such as a presentation time stamp (PTS) mapping table or a PCR mapping table is used to enable the content of a work. An interference such as a jitter is intentionally created in the PTS of the audio or the video by adding a random offset in the PTS mapping table. Such content, when played back, has a lip-sync problem. The lip-sync problem is related to a system time clock (STC) of the encoder and the STC of the decoder of one of the terminals 50A-50E failing to match.
[0054] In order to resolve the problem, a PTS mapping table or offset table is obtained from the network 40 (e.g., head-end) and passed to the decoder 189 of the receiving device 152D. The decoder 189 can search for the PTS value that requires modification by using the former PTS value in the offset table.
[0055] For example, a PCR that has a 42-bit value may be used to lock the decoder and the encoder's 27 megahertz (MHz) clocks disposed in a terminal 50A-50E such as receiving device 152D. This action requires the decoder's STC to be exactly synchronized to match the encoder's STC. In order to accomplish this task, a real-time clock is coupled to the decoder 189.
[0056] To ensure proper synchronization, the PCR is typically sent at least 10 times a second. The PCR may be carried by a video, an audio, or a data elementary stream. All timing calculations to determine whether the STCs from the encoder and the decoder match are based upon the PCR. The PCR offset may be a list of 1 to n random offsets. A specified value may be used to determine when to apply it to the stream. The PCR value is either replaced with the new one or applied to a PCR new offset.
[0057] After it is determined that the user is no longer entitled to use or to play the work, the mapping table can no longer be accessed by the receiving device 152D. Therefore, the lip-sync problem returns and the work cannot be properly used.
[0058] In another embodiment, the enabler is an encrypted content key. The content key may be used k times, as described in greater detail in Section IV. In still yet another embodiment, the content key is personalized for a particular receiving device 152D such that the content key is not operable at another terminal in a different environment.
[0059] In another embodiment, metadata is used as the enabler. The metadata information (e.g., table of contents, indexes, etc.) that is necessary to enable the content of the work is stored at the network 40 (e.g., head-end). When a user wishes to view the content in a work, the user activates the play function on the receiving device 152D. This causes the metadata information to be downloaded to the receiving device 152D so that the audio/video may be played back. Once it is determined that the user has exceeded his time period that the work may be used or the number of uses, the metadata can no longer be accessed over the network 40. Without metadata information, the work locally stored is useless.
[0060] In yet another embodiment, when a local copy is made, the network 40 (e.g., the head-end) sends a randomized program clock reference (PCR)-offset in the audio data. In a MPEG stream, the video stream generally carries the PCR data. The audio stream references the PCR values which are in the video stream. The MPEG decoder generates PTS from these PCR values. These values are used to synchronize the video with the audio. If the audio PCR
values are given a random offset, then at the time of the play back, there will be a lip-sync problem which will annoy the viewer. The only way for a "hacker" to fix this problem would be to play an audiovisual work frame-by-frame and regenerate the PCR values. At the time of playback, after authentication, the network 40 (e.g., the head-end) sends a correct PCR mapping table that removes the PCR offset so that the audiovisual work is synchronized properly. Once it is determined that the user is no longer entitled to use or to play the work, the receiving device 152D cannot access the PCR offset over the network 40. [0061] The work or the enabler may be disabled after the rental period in a variety of ways. For example, the work or the enabler may be disabled by incorporating a subroutine in the work that counts the number of times the work has been viewed. Once the maximum number of times has been met, the subroutine prevents the work from being used or presented on the terminal 50A- 5OE. In another embodiment, a work and/or an enabler, stored on a hard disk of one of the terminals 50A-50E, is automatically deleted using conventional techniques once the rental period has been exceeded.
2. The Terminal is Not Continuously Coupled to the Integrated Services Provider
[0062] In the second scenario of the rental model, the player 154 is not continuously coupled with a network 40. For example, the STB 152B in the player 154 is not electrically coupled to the network 40 at the time that the playback feature of the terminal 50A-50E is activated. Instead, at the time of the rental, the ISP 20 delivers to one of the terminals 50A-50E an encrypted agreement, an enabler, and the work. The terminal 50A-50E enforces the terms of the encrypted agreement. For example, the terminal 50A-50E prevents a copy of the work from being made because the terminal includes a decoder that tracks the number of times or a period of time that the work has been enabled. [0063] In another embodiment, the ISP 20 sends the work, an encrypted agreement, and the enabler to one of the terminals 50A-50E. In this embodiment, the terminal 50A-50E does not enable the work if the rental
condition is exceeded. Other embodiments may also be used to enforce the agreement. For example, the first, second, and fifth embodiments from the first scenario may apply when the terminal is disconnected from the network 40.
B. A Purchase Model [0064] Under the purchase model, the distributor 110 sells the work to the user of the terminal 50A-50E. The work, the enabler and the agreement are then sent over the network 40 to one of the terminals 50A-50E. The work is locally stored on any DVD player, a networked storage medium, a stand-alone device, or any other suitable device. An enabler required for playback of the work is stored on the media itself in an encrypted form.
[0065] The purchase model may be implemented in either the first or the second scenarios described above for the rental model. Additionally, the terminal 50A-50E enforces the terms of the encrypted agreement such as by maintaining copy control over the work. For example, the terminal 50A-50E prevents additional copies from being made on terminal 50A-50E, as described above.
[0066] In another embodiment, a user (also referred to as the first user) buys the work along with a service agreement to assist in operating the work. Subsequently, the user decides to sell the work and the service agreement to another user (also referred to as the second user). The service agreement may be limited by a time period, the number of times to access the service, or some other agreed upon condition. In one embodiment, the first user connects with the network 40 and provides data indicating that his or her obligations under the original agreement have been transferred to the second user. This data may include personal information of the second user, the second agreement, or other suitable information. The network 40 stores this data in the database 23. The network 40 then provides any services to the second user. The second user may then enforce the agreement against the distributor 110 and vice versa. [0067] In another embodiment, the user of the copy of the work may require a second copy of the work from the network 40. For example, the user of the work may lose the copy of the work along with a product key that is
associated with the work. The product key is a uniquely assigned number by the distributor 110 for each copy of each work. Presently, the network 40 requires the user to supply the product key in order to obtain a second copy of the work. The product key may have 25 alphanumeric elements, which is not easily memorized by the user. Accordingly, in one embodiment, the user is able to obtain a second copy of the work by merely providing personal data to the network 40. For example, the user may supply his or her full legal name and address. The user may also supply his social security number to the network 40. All of this data is easily known by the user. This method allows the user to easily obtain a second copy without locating the product key code. III. A METHOD OF ENFORCING AN AGREEMENT
[0068] Figure 7 illustrates one method of enforcing at least one condition of an agreement between a distributor of a work and a user of a receiving device. An agreement is electronically presented to a user at operation 425. The agreement is then electronically executed between the distributor and the user at operation 410. A copy of the work is stored on a storage medium of the receiving device at operation 420.
[0069] A user activates a play function in the receiving device to play the work at operation 425. A request to play the work is sent from the receiving device to the distributor at operation 430. The distributor determines whether the user is entitled to play or to use the work based upon the conditions in the executed agreement at operation 440. If the user is entitled to use the work, the request to play or to use the work is granted and an enabler is sent from the distributor to the user over a communication link at operation 450. The work is then played, presented or used through the enabler being decoded at the receiving device at operation 460. If the user is not entitled to use the work, the request to play or to use the work is rejected at operation 470.
[0070] In another embodiment, presenting the work to a user is based upon a starting and ending point of the work. Once the user passes these points, a counter that is coupled to the work increments one time to indicate that the user has viewed or listened to the work at least once. The counter increments from one to two if the user surpasses the start and end point again.
IV. AN ENCRYPTION SCHEME FOR LIMITING THE MAXIMUM NUMBER OF ACCESSES TO A DIGITAL FILE OF PREDETERMINED CONTENT
[0071] Figures 8-15 illustrate techniques that may be used to ensure that a work such as a movie is not viewed beyond the rental period. Figure 8 relates to a method for encrypting and decrypting a data file 520 (e.g., a work).
Generally, the provider of the data file 520 engages in the activities located on the "server side," while the authorized user engages in the activities located on the "client side" of the diagram. The provider of the data file 520 desires to limit the number of times the user can access the data file 520 with a driver 574 (or other device).
[0072] One embodiment of the invention involves encrypting the data file 520 with a master key to create encrypted data file Cmk at operation 522.
One or more dual-encrypted blocks are generated at operation 524 based on a set of secondary keys. The dual-encrypted blocks 526 are contained within the final encrypted data file 528 (Csmk). The encrypted data file 528 and an attachment file 530 (S ) are then provided to an authorized user at operation 532, where the attachment file 530 enables a device to access the data file content once for each secondary key. [0073] Once the user receives the encrypted data file 528 and the attachment file 530, a mechanism is provided for accessing the file content. Generally, at operation 534, single-encrypted blocks of the data file are decrypted with a master key. At operation 536, dual-encrypted blocks of the data file are decrypted with the master key and a secondary key. The decryption operations are repeated at operation 538 for a set of secondary keys such that the device is able to access the data file content once for each secondary key in the set.
ENCRYPTING THE DATA FILE [0074] Turning now to Figure 9, the preferred approach to operation 522 is shown. The data file 520 is encrypted by randomly generating the master key 540 and hiding the master key 540 within a data structure of the attachment file 530 at operation 542. In one embodiment, random generation of the master
key 540 is achieved by creating a logarithmic bit integer log (mk ) " at operation 544. At operations 546 and 548 the integer n is incremented by two until a prime number is found. By using the master key 540, the content of the data file 520 can be encrypted on a block-by-block basis at operation 550. [0075] With regard to operation 542, a nondeterministic polynomial
(NP)-hard problem is used to hide the master key 540 within the data structure of the attachment file 530. A NP hard problem is an algorithm for solving a problem that can be translated into one for solving any other nondeterministic polynomial time. To make a decompilation or static data-flow attack very difficult and to add to the difficulties of a dynamic flow trace attack, it is preferable to hide the master key in a data structure. In order to use a NP-hard problem to hide the master key 540, let X be a set of integers where each x} e X is tagged with a 0 or a 1. Now randomly generate a knapsack of size m and use some exact or approximation algorithm to attain a (or exact) solution for the problem. The objects in the solution set and their respective order sorted by size can be used to define key mk , either directly or by representing an integer n less than mk such that no other prime number lies between n and mk . The first master key 540 is sent as the data structure that stores the problem and algorithms for finding the solution and is included in S . For subsequent master keys mknext the executable S creates the appropriate NP-hard problem whose solution will provide mknext .
[0076] As a possible extension, S can begin with a relatively small NP- hard problem that can be quickly solved. Then, after each iteration of content use, S could add to the size of the problem. This would eventually lead to a problem that takes a great amount of computing time to solve. This could not be used to attain exactly k uses but would provide an extra level of protection against a hacker who has somehow defeated the "count down" secondary key scheme. After approximately 2k uses the content would become unusable because the time to compute the current master key would be too great. [0077] Turning now to Figure 10, the preferred approach to operation
524 is shown in greater detail. Specifically, at operation 552 one or more continuous blocks 554 are selected to be dual-encrypted. At operation 556, the
secondary keys 558 are randomly generated. Note that there is one secondary key for each planned access of the data file content.
[0078] At operation 560 a duplicate selected block is generated for each secondary key in the set. Thus, dual-encrypted blocks 526 can be generated based on the duplicate selected continuous blocks 554 and the secondary keys 558 at operation 562. At operation 564 the dual-encrypted blocks 526 are inserted into the encrypted data file 528. It can, therefore, be seen that former block x2 has now been replaced with dual-encrypted blocks yx .
The first time the user accesses the content of the encrypted data file 528, the user will access blocks X1 and x3 - xs with the master key 540, and the first dual-encrypted block 526a with both the master key 540 and the first secondary key skv If the user does not have the first secondary key skx , the first dual- encrypted block 526a will be inaccessible.
[0079] Figure 11 shows the preferred approach to operation 562 (generating dual-encrypted blocks) in greater detail. It can be seen that at operation 566 the secondary keys 558 are encrypted with the master key 540. The encrypted secondary keys are then formatted as a data structure 558' at operation 568. At operation 570 the data structure 558' is stored in the attachment file 530. The above process can be outlined as follows: (1 ) Let Y be the set of all chosen continuous subsections of Cmk
(2) Let y . e Y be a continuous subsection of Cmk
(3) Duplicate y .k times, y\...,yk and encrypt each / with key sk, G SK
(4) Insert the encrypted copies into Cmk , replacing >-,. and expanding Cmk as necessary
(5) Repeat until all elements of Y have been encrypted
(6) Encrypt skj with all secondary keys with prefixes <j , starting with key skj_λ and ending with key Sk1
(7) Encrypt key skx with master key mk (8) Store the encrypted keys skx ,...,skk as a data structure DS sk and
then store DSsk in S
Thus, it can be seen that the secondary keys are encrypted by encrypting the first secondary key with the master key at operation (7). Subsequent secondary keys are encrypted with all preceding secondary keys in the set at operation (6). [0080] Figure 12 provides an alternative view of the invention at 572.
In this example, the data file is well known "clip art". It can be seen that the creation of the master key and the secondary keys can be parallel functions resulting in the creation of s and smk .
ACCESSING THE DATA FILE
[0081] Returning now to Figure 13, it can be seen that the blocks are decrypted on a block-by-block basis such that the device only has access to the data file content one block at a time. Figure 13 further illustrates in diagram 576 that after decryption, the blocks are re-encrypted with a new master key. The new master key is generated and hidden in accordance with the techniques discussed above. The invention further provides for discarding the dual- encrypted blocks after decryption with the secondary keys. It will be appreciated that diagram 576 demonstrates operation of the invention at a larger scale than the example discussed above. Thus, smk is shown as having a larger number of blocks. The concepts, however, are the same.
[0082] It is important to note that during decryption care must be taken to never create a completely decrypted version of C and to hide the current master and secondary keys mk and sk; . The following outlines the operations taken during decryption where we are processing the j'h use of C :
(1 ) S randomly creates a new master key mkmn (this is performed by randomly selecting an integer n with \oq (mk) bits and then finding the smallest prime that is larger than n , as described above)
(2) Using mk , decrypt the current secondary key skj
(3) Let Y = {yλ ,...,ym ) be the subsections of Cmk that were encrypted with the secondary keys ski ,...,skk and {x, ,...,xn } an ordered partitioning of the
bits in Cmk - Y where the log(x, )= log(wfc) (note that Cmk can be padded with extra bits to ensure that log(*n ) = log(m&) )
(4) Starting at the top of Csmk , repeat the following until all of Csmk is processed: (a) if the Csmk pointer is pointing to a block of data from set Y , then decrypt block j of the appropriate y e Y with key skj followed by key mk else the Csmk pointer points to some x e X . Decrypt x with key mk .
(b) Pass the decrypted data along to the appropriate device/driver (c) If the decrypted data was from set Y , destroy/overwrite block j of y else encrypt x with mknext to create x and store x at location x in
^ smk
(5) Store mkneM as described above
(6) Increment and store counter j c [0083] Notice that a new smk is created by the above and that this process should always be processed through to completion. Halting S during operations (4)-(6) will create a state in which ^ can no longer properly decrypt
C C smk because smk will be in an intermediate state that is partial encrypted with m next . One can easily check for this state, so in the unfortunate case that a user's system crashes during these operations the original content provider could be contacted for a replacement/new ((^ ~ J )+1 ) - times copy of C . Also note that if a hacker were to find and then alter the counter value J that ^ would cease to be able to decrypt the continuous subsections of set Y . Furthermore, all to none of mk can be in set Y . [0084] The encryption keys mk , skj and mknexi are potentially attainable from a debugger trace attack so our scheme includes the use of software tampering methods to hide the keys throughout memory and to periodically determine whether the code is being traced by a debugger. Since S
resides on the user's machine, this kind of attack is almost unstoppable against an expert hacker. With some of the latest techniques, however, one can test for this attack while S is executing and then take appropriate actions (like erasing the content of C ). Thus, protection of mk , skj and mknai against most users is possible.
[0085] Turning now to Figures 14 and 15, it can be seen that the invention provides additional protection against copying and other piracy activities. Note that while the following describes a method for deterring repeated use of copies of S and Csmk , the scenario of a user attaining a copy of the original, decrypted version of C does not apply here.
[0086] A common attack on the approach described herein would be to simply make a copy of S and Csmk . When the current version reaches its k'h use one merely moves on to the next copy. To thwart illegal copies we must add to S footprinting and Internet access checks. Figure 14 demonstrates the preferred footprinting approach. Simply put, footprinting is a standard method that adds files 578 to a host system 580 when an executable attachment file 530 is in use. In our case, S would add these files 578 and then update them with its current state. To ensure effective footprinting, the hidden files 578 should be scattered about various subdirectories. Furthermore, one can add data 582 to known existing system files 584, a method that is quite difficult for hackers to track (although this does require an extra bit of care when designing S ). Thus, when S is executed it first checks for a footprint which, if found, will cause S to know that it is a copy and, consequently, cause S to delete itself (or cause some other halting state). [0087] Next, as shown in Figure 15, we propose to use the Internet
586 (or other type of network) to keep copies from being passed to other machines where no footprints will exist until after the copy has been executed. After footprinting, executable S will determine whether the machine 588 (or client) that it is executing upon is currently connected to the Internet 586. If a connection is found, then a message 592 will be sent to the specified IP address that relays 5"s current state and ID. The server 590 can then check a status database 594 to determine whether S has already attained the relayed state. If
so, the server 590 can take appropriate actions, such as responding to S that it is a copy or transmitting various commands. Although we cannot expect that each user with an illegal copy is connected to the Internet 586 at the time of execution, this approach should help deter the copying of S and Csmk over the Internet 586. This is important since it is far easier to pass material over the Internet 586 than by hand on a floppy disk, CD, or DVD. Furthermore, the trend is for machines to become "always on." Therefore, this should provide adequate copy protection.
[0088] It will be appreciated that more or fewer processes may be incorporated into the methods described herein without departing from the scope of the invention and that no particular order is implied by the arrangement of blocks shown and described herein. Skilled artisans will appreciate that the methods described herein may be embodied in machine-executable instructions (e.g., software). The instructions can be used to cause a general-purpose or special-purpose processor that is programmed with the instructions to perform the operations described. Alternatively, the operations may be performed by specific hardware components that contain hard-wired logic for performing the operations, or by any combination of programmed computer components and custom hardware components. The methods may be provided as a computer program product that may include a machine-readable medium having stored thereon instructions that may be used to program a computer (or other electronic devices) to perform the methods. For the purposes of this specification, the term "machine-readable medium" includes any medium that is capable of storing or encoding a sequence of instructions for execution by the machine and that cause the machine to perform any one of the methodologies of the invention. The term "machine-readable medium" includes, but is not be limited to, solid- state memories, optical and magnetic disks, and carrier wave signals. Furthermore, it is common in the art to speak of software, in one form or another (e.g., program, procedure, process, application, module, logic, etc.), as taking an action or causing a result. Such expressions are merely a shorthand way of saying that the execution of the software by a computer causes the processor of the computer to perform an action or a produce a result.
[0089] Further areas of applicability of the invention will become apparent from the detailed description provided hereinafter. It should be understood that the detailed description and specific examples, while indicating the preferred embodiment of the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention.