WO2008021594A2 - Secure storage digital kiosk distribution - Google Patents
Secure storage digital kiosk distribution Download PDFInfo
- Publication number
- WO2008021594A2 WO2008021594A2 PCT/US2007/067910 US2007067910W WO2008021594A2 WO 2008021594 A2 WO2008021594 A2 WO 2008021594A2 US 2007067910 W US2007067910 W US 2007067910W WO 2008021594 A2 WO2008021594 A2 WO 2008021594A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- content
- player
- storage device
- mass storage
- kiosk
- Prior art date
Links
- 238000000034 method Methods 0.000 claims abstract description 49
- 230000007246 mechanism Effects 0.000 claims abstract description 10
- 238000012795 verification Methods 0.000 claims description 29
- 238000004891 communication Methods 0.000 claims description 4
- 238000012546 transfer Methods 0.000 claims 5
- 238000003780 insertion Methods 0.000 claims 2
- 230000037431 insertion Effects 0.000 claims 2
- 238000012544 monitoring process Methods 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 7
- 238000009877 rendering Methods 0.000 description 3
- 102000036364 Cullin Ring E3 Ligases Human genes 0.000 description 2
- 108091007045 Cullin Ring E3 Ligases Proteins 0.000 description 2
- 206010016275 Fear Diseases 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000010348 incorporation Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
Definitions
- the present application is generally related to the usage of flash based mass storage devices for delivering, storing, and reproducing encoded and copy protected movies and other content in a secure fashion.
- movies are recorded on a medium such as a DVD or a videocassette, and the movies are then distributed upon the medium. For example, a consumer will travel to a store and rent a movie, or more recently, a DVD containing a movie is mailed to the consumer. While for quite some time now, although digital content has been available to download over the internet to home computers, the copyright owners of major movies have not allowed the movies to be purchased or rented for home download. This is primarily because of fears of unauthorized duplication and the associated loss of revenue.
- one aspect of the present invention relates to a system and method of supplying content to an individual.
- a memory card or USB flash drive is received at a (std. or contactless) receptacle of a kiosk for distributing the content.
- a first verification is then performed, the first verification of the authenticity of the memory card, and occurring while at the receptacle of the kiosk, by comparing first and second keys of an RSA key pair.
- a second verification is then performed, the second verification of the memory card and the user, by verifying a public key certificate chain issued by a certificate authority. Then if both the first and second verification are successful a container file is created, and a media file is placed in the container file together with a pluggable decoding module. The container file is then transferred from the kiosk to the memory card.
- one aspect of the present invention relates to supplying content to an individual in an encoding format that is supported by a user's player.
- An indication of one or more encoding formats supported by a player used with the memory card is stored in the memory card when it is connected with the user's player.
- a first verification is performed.
- the first verification is of the authenticity of the memory card and takes place while connected to the kiosk by comparing first and second keys of an RSA key pair.
- a second verification is then performed, the second verification is of the memory card and the user and involves verifying a public key certificate chain issued by a certificate authority.
- the content is transferred from the kiosk to the memory card in one or more of the supported content encoding formats. In this way, the problem where the content is provided in a format that cannot be decoded by the user's hardware is eliminated.
- FIG. IA is block diagram of distribution and rendering system 5.
- FIG. IB is a schematic diagram of MSD 10 seen in FIG. IA.
- FIG. 1C is a block diagram of authentication entities coupled to network 50.
- FIG. 2A is a high level flowchart of a method 200A of providing content according to an embodiment of the present invention.
- FIG. 2B is a high level flowchart of a method 200B of providing content according to an embodiment of the present invention.
- FIG. 3A is flowchart of a method 300 of providing content according to an embodiment of the present invention.
- FIG. 3B is a flowchart of an embodiment of an encryption/decryption process than can be used in the kiosk and card/player.
- FIG. 4 is a flowchart illustrating an embodiment of step 230 of FIG. 2 A.
- FIG. 5 is a schematic diagram illustrating a container file with the media file and the codec file as it is transferred from the kiosk.
- FIG. 6 is a flowchart illustrating an embodiment of step 250 of FIG. 2 A. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
- FIG. IA is block diagram of distribution and rendering system 5.
- MSD 10 is used as a medium to store content received from a secure digital kiosk.
- MSD 10 may be a memory card or universal serial bus (“USB”) flash drive, and comprises connector 12.
- USB universal serial bus
- mass storage memory cards such as the Compact Flash (“CF) Card, Secure Digital (“SD”) Card, Multi Media Card (“MMC”), mini SD card, micro SD card, various forms of memory sticks, XD card etc.
- CF Compact Flash
- SD Secure Digital
- MMC Multi Media Card
- mini SD card mini SD card
- micro SD card various forms of memory sticks
- XD card various forms of memory sticks
- XD card XD card etc.
- Connector 12 comprises the contacts and contact pattern of a USB connector or memory card depending upon the embodiment.
- the kiosk may communicate with the MSD through near field communications ("NFC") rather than through the connector 12.
- Kiosk 40 also comprises a compatible connector to receive MSD 10. It therefore also comprises an NFC capable transceiver (not shown). Kiosk 40 is a distribution point for content. That is to say that someone desirous of content can travel to the kiosk and load the content onto MSD 10. Later, that user can then render or "playback" the content from MSD 10 with player 30. Player 30 also has a connector 32 compatible with connector 12 to interface with MSD 10.
- Kiosk 40 may comprise conventional computing components such as a microprocessor, display, human interface devices, and storage devices (not shown) but is not a personal computer ("PC"), but rather a publicly available computer, preferably, but not necessarily, dedicated to providing content and performing the transaction for the content, whether as a sale or limited duration license.
- the kiosk may also comprise a credit card reader or means for accepting cash payments, including debits from the MSD itself if it is equipped to act as an "electronic wallet” and carry out transactions.
- kiosk 40 and player 30 are connected to network 50 which has access to the Internet and various entities that can be accessed via the Internet. Security mechanisms within the kiosk, storage device, and player, as well as the entities accessed via the Internet, will ensure that content is only provided to authorized users and/or devices, as will be described later.
- MSD small form factor
- movies could be loaded onto MSD 10 rather than on DVD's or video tapes for that matter.
- FIG. IB illustrates the main components of an embodiment of MSD 10.
- MSD 10 comprises a memory controller 18, which controls read/write operations from flash EEPROM 16 via bus 24.
- An optional ROM 14 may also be included for storage of microcode.
- Host interface bus 26 communicates with a host device such as kiosk 40 or player 30.
- memory controller 18 comprises a hardware based encryption engine 40 and a firmware integrity circuit 21. These are used, among other things, to encrypt the firmware when it is stored in flash EEPROM 16 and may therefore otherwise be vulnerable to tampering or replacement with fraudulent firmware that circumvents copy protection mechanisms.
- U.S. Patent Application No. 11/285,600 Hardware Driver Integrity Check Of Memory Card Controller Firmware to M. Holtzman et al.
- Certain embodiments of the MSD may also comprise NFC circuitry including and NFC controller and antenna in order to transmit data with various hosts without using the contacts of the MSD.
- NFC circuitry including and NFC controller and antenna in order to transmit data with various hosts without using the contacts of the MSD.
- NFC hardware for further information on incorporation of NFC hardware in MSD 100, please refer to U.S. Patent Application No. 11/321,833 to F. Jogand Coulomb, entitled "Methods Used in a Nested Memory System With Near Field Communications Capability.”
- FIG. 1C is a block diagram of authentication entities coupled to network 50.
- PKI public key infrastructure
- arrangements enable users to be authenticated to each other, and to use the information in identity certificates (i.e., each other's public keys) to encrypt and decrypt messages travelling to and fro.
- identity certificates i.e., each other's public keys
- the foundation or framework for the PKI is defined in the ITU-T X.509 Recommendation which is incorporated by this reference it is entirety.
- a PKI consists of client software, server software such as a certificate authority, hardware and operational procedures.
- a user may digitally sign messages using his private key, and another user can check that signature (using the public key contained in that user's certificate issued by a certificate authority within the PKI). This enables two (or more) communicating parties to establish confidentiality, message integrity and user authentication without having to exchange any secret information in advance.
- FIG. 1C shows one possible implementation of the embodiment that utilizes the public key infrastructure for verification/authorization of credentials.
- End Entities are sometimes thought of as end-users. Although this is often the case, the term End Entity is meant to be much more generic.
- An End Entity can be an end-user, a device such as a router or a server, a process, or anything that can be identified in the subject name of a public key certificate.
- End Entities can also be thought of as consumers of the PKI -related services.
- the end entity may be any of: mass storage device 10, alone or together with player 30; player 30; and kiosk 40 or users of any of these pieces of hardware.
- Public keys are distributed in the form of public key certificates by CA 52.
- a certificate may be required from MSD 10 before KIOSK 40 or validating entity would allow a user of MSD 10 to receive content from KIOSK 40.
- Public key certificates are digitally signed by the issuing CA 53 (which effectively binds the subject name to the public key) and stored in repository 61.
- CAs are also responsible for issuing certificate revocation lists ("CRLs") unless this has been delegated to a separate CRL Issuer. CAs may also be involved in a number of administrative tasks such as end-user registration, but these are often delegated to a separate registration authority (“RA”) which is optional and not shown in FIG. 1C.
- RA registration authority
- CA 52 or another CA can also serve as the key backup and recovery facility although this function can also be delegated to a separate component.
- CAs are often thought of as the "source of trust" in a PKI.
- End Entities are configured with one or more "trust anchors" which are then used as the starting point to validate a given certification path.
- trust anchors Once trust is established via the PKI interface between kiosk 40 and MSD 10, alone or in combination with player 30, loading into the MSD can take place.
- PKI authentication between MSD 10 and player 30 may also be required in some embodiments before rendering or playback can take place.
- FIG. 2A is a flowchart of method 200A.
- step 210 the codecs supported by a user's player are determined. The player can be instructed, through menus of the player, to save an indication of the supported codecs to the card. Then an indication of the supported codecs is written to the mass storage device.
- step 230 the user selected content is loaded into the portable flash mass storage device in one of the supported encoding formats, as determined in step 210.
- the MSD will be loaded into or otherwise connected to the kiosk when this takes place.
- the stored indication will be read by the kiosk in order to select the proper encoding format for the content.
- step 250 when the MSD is coupled or inserted into the player, the content on the MSD will be rendered (decoded) using the appropriate codec.
- the content can first be copied to a memory of the player, and decoded from that memory, given that the player and card have mutually authenticated each other and determined that the player has adequate copy protection safeguards.
- FIG. 2B is a flowchart of method 200B, according to another embodiment of the present invention.
- step 215 content encoded in a given format will be packaged with the appropriate codec required to later decode it when playback is desired. In this way, the situation where the player does not have the proper decoder to decode the encoded content is avoided.
- step 235 the packaged content and codec are loaded into the mass storage device.
- step 245 the codec is transferred from the mass storage device into the player and stored in the appropriate location so that it may be accessed as necessary. This is preferably in a library of a media player application and will be described below in more detail with regard to FIG. 5.
- FIG. 3 A is a flowchart of method 300.
- the user connects the MSD with a player, typically by plugging the MSD into a receptacle of the player. As mentioned earlier, connection may alternatively be through near field communications.
- the player stores its credentials, preferably in the form of a certificate chain, along with an indication of the codecs supported by the player, in a memory of the MSD. The player may also store the bit rates that it supports.
- the kiosk may store an indication that it supports the MP4 video format at bit rates up to 60 fps and/or the MP3 audio format at bit rates up to 128 kbps.
- the kiosk reads the player credentials stored in the card and authenticates the player. If the player is not authenticated, the process will not go forward, in order to avoid providing content to a source that may duplicate or distribute the content in an unauthorized manner.
- step 312 the player is authenticated, i.e. the certificate chain is verified, the process will then go forward.
- step 316 the kiosk will then display a list of movies available in the codec supported by the player.
- the list will preferably contain movies that can be provided at the appropriate bit rate. In order to do this it reads an indication of the supported codecs/formats from the memory of the MSD.
- step 320 the user then selects the movie(s) he wishes to receive (rent or buy) from the kiosk.
- step 324 the selected movie(s) are downloaded to the player encrypted in a way only the player can decipher or decrypt.
- the file containing the movie is encrypted using the public key of the player.
- a certificate is also provided with the movie and loaded into the MSD.
- the certificate preferably includes an indication of the validity period of the movie.
- the movie may only be playable for a finite period of time (e.g. 90 days) from the date it was loaded into the MSD.
- the player checks the certificate validity and plays the movie if within the validity period.
- FIG. 3B is a flowchart of an embodiment of an encryption/decryption process than can be used in the kiosk and card/player.
- the content is encrypted with a product of the RSA key pair.
- an AES content key is encrypted with the public key of the RSA key pair. This occurs on the kiosk side.
- the content key is decrypted with the private key of the RSA key pair in step 356. Once this takes, place, in step 360 the content itself is decrypted with the decrypted content key.
- FIG. 4 is a flowchart illustrating one embodiment of step 230 of FIG. 2A.
- the user inserts the MSD into a receptacle of the digital kiosk.
- step 408 the kiosk and MSD mutually authenticate each other as trusted devices.
- Step 408 is optional and is performed according to the well known SD card authentication protocol, in embodiments where the MSD employs the SD protocol.
- step 412 RSA keys of the MSD and kiosk are compared. Of course, before they are compared they would have been stored in each of the respective devices. If the RSA keypair comparison is not successful, then the process will terminate. If a match is determined, the process will proceed to step 420, and the kiosk will verify the MSD certificate by accessing a trusted authority (e.g. CA 52 or repository 61). In step 424, the kiosk will then check the indication on the MSD of the supported codecs, and the preferred bit rates if present.
- a trusted authority e.g. CA 52 or repository 61
- Steps 408, 412, and 420 may all be considered authentication processes.
- the kiosk will load the content in the supported format, and at a preferred bit rate if such indication was present, along with an indication of the validity period of the content, into the MSD.
- the kiosk may also check a certificate revocation list to ensure that the certificate of the MSD has not been revoked, as will be discussed later with regard to FIG. 6.
- FIG. 5 is a schematic diagram illustrating a container file with the media file and the codec file as it is transferred from the kiosk in some embodiments.
- the content whether it be a movie or some other type of content, will be in the form of a media file.
- the media file 501 will be placed in container file 523.
- the media file will be encoded, as mentioned earlier, in a specific format dependent upon what type of encoder was utilized to encode the media file.
- the codec 521 necessary to decode the media file 501 is also placed in container file 523.
- the container file 523 is then loaded into MSD 10, which is eventually placed in player 30.
- Codec 521 which is preferably a plug-in type codec is then transferred to the code library 511 of media application 507.
- Media application 507 is the software application of player 30 that is used to render or play back content, and optionally to encode content depending upon the nature of player 30.
- a device 30 capable of recording audio or video would also include an encoder to digitally encode the content before it is recorded.
- Application 507 outputs the content which is eventually reproduced by a screen and/or speakers of device 30, or devices coupled thereto, as represented by arrow 525.
- FIG. 6 illustrates one possible embodiment of steps that may take place as part or playing content, as depicted in step 250 of FIG. 2A.
- the player checks the validity period of the content the user wishes to play.
- the player checks if the content is still within the validity period. If it is not, in step 610, an error condition will be present and may be displayed to the user. If, however, the content is still within the validity period, in step 612, the player optionally checks a certificate revocation list.
- the revocation list may be stored in a memory of the player or MSD, or if the player has access to the Internet, it may be instantaneously checked with a trusted authority.
- step 614 If, as seen in step 614, the certificate of the content has been revoked, the player will not play the content, but an error condition will again be present and indicated as represented by step 610. If, however, the certificate has not been revoked, in step 618 the player will decrypt the content using a private key of the player.
Abstract
A method and system of providing movies or other content is provided where a flash drive or flash memory card is used in place of DVD's or other formats. A user receives the content on the flash drive from a kiosk. The system ensures that a codec supported by the player of the user will be utilized to encode the content, or in certain embodiments a corresponding codec is provided along with the movie. Authentication and encryption mechanisms ensure that the movie is only provided to an authentic card and/or player from a kiosk, so that the movies cannot be provided to flash devices that do not have proper security mechanisms to safeguard the content or to those not authorized to otherwise receive the movie.
Description
SECURE STORAGE DIGITAL KIOSK DISTRIBUTION FIELD OF THE INVENTION
The present application is generally related to the usage of flash based mass storage devices for delivering, storing, and reproducing encoded and copy protected movies and other content in a secure fashion.
BACKGROUND OF THE INVENTION
Traditionally, movies are recorded on a medium such as a DVD or a videocassette, and the movies are then distributed upon the medium. For example, a consumer will travel to a store and rent a movie, or more recently, a DVD containing a movie is mailed to the consumer. While for quite some time now, although digital content has been available to download over the internet to home computers, the copyright owners of major movies have not allowed the movies to be purchased or rented for home download. This is primarily because of fears of unauthorized duplication and the associated loss of revenue.
While audio files are now available for sale/license to home consumers, these audio files are only a fraction of the size of movies and other large video clips. Thus, the size of video files in comparison to the size of portable storage devices has also provided a hurdle to downloading of movies.
Also, many competing encoding formats for video are available, and there is often a problem decoding video content because it may have been encoded in a format or bit rate that a user's player is not capable of decoding.
SUMMARY OF INVENTION
According to an embodiment of the present invention, one aspect of the present invention relates to a system and method of supplying content to an individual. A memory card or USB flash drive is received at a (std. or contactless) receptacle of a kiosk for distributing the content. A first verification is then performed, the first verification of the authenticity of the memory card, and occurring while at the receptacle of the kiosk, by comparing first and second keys of an RSA key pair. A second verification is then performed, the second verification of the memory card and the user, by verifying a public key certificate chain issued by a certificate authority. Then if both the first and second verification are successful a container file is created, and a media file is placed in the container file together
with a pluggable decoding module. The container file is then transferred from the kiosk to the memory card.
According to another embodiment of the present invention, one aspect of the present invention relates to supplying content to an individual in an encoding format that is supported by a user's player. An indication of one or more encoding formats supported by a player used with the memory card is stored in the memory card when it is connected with the user's player. Then, when the card is connected to a kiosk for distributing the content, a first verification is performed. The first verification is of the authenticity of the memory card and takes place while connected to the kiosk by comparing first and second keys of an RSA key pair. A second verification is then performed, the second verification is of the memory card and the user and involves verifying a public key certificate chain issued by a certificate authority. If both the first and second verification are successful, the content is transferred from the kiosk to the memory card in one or more of the supported content encoding formats. In this way, the problem where the content is provided in a format that cannot be decoded by the user's hardware is eliminated.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. IA is block diagram of distribution and rendering system 5. FIG. IB is a schematic diagram of MSD 10 seen in FIG. IA.
FIG. 1C is a block diagram of authentication entities coupled to network 50. FIG. 2A is a high level flowchart of a method 200A of providing content according to an embodiment of the present invention.
FIG. 2B is a high level flowchart of a method 200B of providing content according to an embodiment of the present invention.
FIG. 3A is flowchart of a method 300 of providing content according to an embodiment of the present invention.
FIG. 3B is a flowchart of an embodiment of an encryption/decryption process than can be used in the kiosk and card/player. FIG. 4 is a flowchart illustrating an embodiment of step 230 of FIG. 2 A.
FIG. 5 is a schematic diagram illustrating a container file with the media file and the codec file as it is transferred from the kiosk.
FIG. 6 is a flowchart illustrating an embodiment of step 250 of FIG. 2 A.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
FIG. IA is block diagram of distribution and rendering system 5. A portable flash memory based mass storage device ("MSD") 10 is used as a medium to store content received from a secure digital kiosk. MSD 10 may be a memory card or universal serial bus ("USB") flash drive, and comprises connector 12. There are many well known formats of mass storage memory cards such as the Compact Flash ("CF) Card, Secure Digital ("SD") Card, Multi Media Card ("MMC"), mini SD card, micro SD card, various forms of memory sticks, XD card etc. For the purposes of this application, the term memory card shall also encompass a USB flash drive. Connector 12 comprises the contacts and contact pattern of a USB connector or memory card depending upon the embodiment. In some embodiments, the kiosk may communicate with the MSD through near field communications ("NFC") rather than through the connector 12. Kiosk 40 also comprises a compatible connector to receive MSD 10. It therefore also comprises an NFC capable transceiver (not shown). Kiosk 40 is a distribution point for content. That is to say that someone desirous of content can travel to the kiosk and load the content onto MSD 10. Later, that user can then render or "playback" the content from MSD 10 with player 30. Player 30 also has a connector 32 compatible with connector 12 to interface with MSD 10. Kiosk 40 may comprise conventional computing components such as a microprocessor, display, human interface devices, and storage devices (not shown) but is not a personal computer ("PC"), but rather a publicly available computer, preferably, but not necessarily, dedicated to providing content and performing the transaction for the content, whether as a sale or limited duration license. Thus in certain embodiments, the kiosk may also comprise a credit card reader or means for accepting cash payments, including debits from the MSD itself if it is equipped to act as an "electronic wallet" and carry out transactions.
All media content, when it exists in digital form, whether it be audio or video, is digitally encoded in a particular format. Therefore, in order to play it back or render it, it must be decoded. Often times, the user's player is not capable of decoding content because it does not have the proper decoder, sometimes referred to simply as a codec (coder-decoder). This is not surprising given that there are numerous competing codecs on the market, and the providers of the codecs are in very fierce competition to establish themselves and gain market share at the cost of the other providers. One example is the incompatibility of the Windows Media Player ® and Real Player ® codecs.
The present invention alleviates this problem, such that material provided by the kiosk 40 to the MSD 10 will always be suitable for playback on or in player 30.
Another problem encountered with digital media content is unauthorized duplication. As can be seen in FIG. IA, kiosk 40 and player 30 are connected to network 50 which has access to the Internet and various entities that can be accessed via the Internet. Security mechanisms within the kiosk, storage device, and player, as well as the entities accessed via the Internet, will ensure that content is only provided to authorized users and/or devices, as will be described later.
Many consumers already have a flash drive or memory card that they use with a digital camera, music player, PDA, phone or other device that they own. As the capacity of those storage devices has increased, and encoding technology has become much more efficient resulting in smaller file sizes, it is now becoming feasible to encode and store a full length movie in a readily available pocket sized mass storage device.
This will allow the small form factor MSD to become an accepted media for delivering protected content. For instance, movies could be loaded onto MSD 10 rather than on DVD's or video tapes for that matter.
The features of the present invention that assure codec compatibility will increase the ease of use for the consumer, while the security mechanisms will ease the fears of content owners and providers and result in greater availability of copyrighted media for consumers. A new distribution methodology can therefore be established.
FIG. IB illustrates the main components of an embodiment of MSD 10. MSD 10 comprises a memory controller 18, which controls read/write operations from flash EEPROM 16 via bus 24. An optional ROM 14 may also be included for storage of microcode. Host interface bus 26 communicates with a host device such as kiosk 40 or player 30. In certain embodiments, memory controller 18 comprises a hardware based encryption engine 40 and a firmware integrity circuit 21. These are used, among other things, to encrypt the firmware when it is stored in flash EEPROM 16 and may therefore otherwise be vulnerable to tampering or replacement with fraudulent firmware that circumvents copy protection mechanisms. For more information on this, please refer to U.S. Patent Application No. 11/285,600 Hardware Driver Integrity Check Of Memory Card Controller Firmware" to M. Holtzman et al.
For more information on other security mechanisms and techniques present in MSD 100, please refer to the following patent applications and patents, all of which are hereby
incorporated by reference in the entirety: "Secure Yet Flexible System Architecture for Secure Devices With Flash Mass Storage Memory" to M. Holtzman et al., Application No. 11/317,339; "Secure Memory Card With Life Cycle Phases" to M. Holtzman et al., Application No. 11/317,862; "In Stream Data Encryption/Decryption and Error Correction Method" to M. Holtzman et al., Application No. 11/313,447; "Control Structure for Versatile Content Control" to F. Jogand-Coulomb et al., Application No. 11/313,536; "System for Creating Control Structure for Versatile Content Control" to F. Jogand-Coulomb et al.., Application No. 11/314,055; "Mobile Memory System for Secure Storage and Delivery of Media Content" to B. Qawami et al., Application No. 11/322,766; and "In Stream Data Encryption/Decryption Method" to M. Holtzman et al., Application No. 11/314,030.
Certain embodiments of the MSD may also comprise NFC circuitry including and NFC controller and antenna in order to transmit data with various hosts without using the contacts of the MSD. For further information on incorporation of NFC hardware in MSD 100, please refer to U.S. Patent Application No. 11/321,833 to F. Jogand Coulomb, entitled "Methods Used in a Nested Memory System With Near Field Communications Capability."
FIG. 1C is a block diagram of authentication entities coupled to network 50. In a public key infrastructure ("PKI"), arrangements enable users to be authenticated to each other, and to use the information in identity certificates (i.e., each other's public keys) to encrypt and decrypt messages travelling to and fro. The foundation or framework for the PKI is defined in the ITU-T X.509 Recommendation which is incorporated by this reference it is entirety.
In general, a PKI consists of client software, server software such as a certificate authority, hardware and operational procedures. A user may digitally sign messages using his private key, and another user can check that signature (using the public key contained in that user's certificate issued by a certificate authority within the PKI). This enables two (or more) communicating parties to establish confidentiality, message integrity and user authentication without having to exchange any secret information in advance.
FIG. 1C shows one possible implementation of the embodiment that utilizes the public key infrastructure for verification/authorization of credentials. End Entities are sometimes thought of as end-users. Although this is often the case, the term End Entity is meant to be much more generic. An End Entity can be an end-user, a device such as a router or a server, a process, or anything that can be identified in the subject name of a public key certificate. End Entities can also be thought of as consumers of the PKI -related services. In the present invention, as seen in the embodiment shown in FIG. 1C, the end entity may be any of: mass
storage device 10, alone or together with player 30; player 30; and kiosk 40 or users of any of these pieces of hardware.
Public keys are distributed in the form of public key certificates by CA 52. In some embodiments, a certificate may be required from MSD 10 before KIOSK 40 or validating entity would allow a user of MSD 10 to receive content from KIOSK 40. Public key certificates are digitally signed by the issuing CA 53 (which effectively binds the subject name to the public key) and stored in repository 61. CAs are also responsible for issuing certificate revocation lists ("CRLs") unless this has been delegated to a separate CRL Issuer. CAs may also be involved in a number of administrative tasks such as end-user registration, but these are often delegated to a separate registration authority ("RA") which is optional and not shown in FIG. 1C. In practice, CA 52 or another CA can also serve as the key backup and recovery facility although this function can also be delegated to a separate component. CAs are often thought of as the "source of trust" in a PKI. Typically, End Entities are configured with one or more "trust anchors" which are then used as the starting point to validate a given certification path. Once trust is established via the PKI interface between kiosk 40 and MSD 10, alone or in combination with player 30, loading into the MSD can take place. PKI authentication between MSD 10 and player 30 may also be required in some embodiments before rendering or playback can take place.
FIG. 2A is a flowchart of method 200A. In step 210, the codecs supported by a user's player are determined. The player can be instructed, through menus of the player, to save an indication of the supported codecs to the card. Then an indication of the supported codecs is written to the mass storage device. Next, in step 230, the user selected content is loaded into the portable flash mass storage device in one of the supported encoding formats, as determined in step 210. The MSD will be loaded into or otherwise connected to the kiosk when this takes place. The stored indication will be read by the kiosk in order to select the proper encoding format for the content. Next in step 250, when the MSD is coupled or inserted into the player, the content on the MSD will be rendered (decoded) using the appropriate codec. Alternatively, the content can first be copied to a memory of the player, and decoded from that memory, given that the player and card have mutually authenticated each other and determined that the player has adequate copy protection safeguards.
FIG. 2B is a flowchart of method 200B, according to another embodiment of the present invention. In step 215, content encoded in a given format will be packaged with the appropriate codec required to later decode it when playback is desired. In this way, the
situation where the player does not have the proper decoder to decode the encoded content is avoided. In step 235, the packaged content and codec are loaded into the mass storage device. Next, in step 245, the codec is transferred from the mass storage device into the player and stored in the appropriate location so that it may be accessed as necessary. This is preferably in a library of a media player application and will be described below in more detail with regard to FIG. 5. The content itself may also be transferred to a memory of the player at this time, if as mentioned above, the player has the proper security mechanisms and is authenticated. Finally, in step 255, the content is decoded and rendered with the decoder of the supplied codec. FIG. 3 A is a flowchart of method 300. In step 304, the user connects the MSD with a player, typically by plugging the MSD into a receptacle of the player. As mentioned earlier, connection may alternatively be through near field communications. Next, in step 308, the player stores its credentials, preferably in the form of a certificate chain, along with an indication of the codecs supported by the player, in a memory of the MSD. The player may also store the bit rates that it supports. For example, it may store an indication that it supports the MP4 video format at bit rates up to 60 fps and/or the MP3 audio format at bit rates up to 128 kbps. Once the MSD is coupled with the kiosk the kiosk reads the player credentials stored in the card and authenticates the player. If the player is not authenticated, the process will not go forward, in order to avoid providing content to a source that may duplicate or distribute the content in an unauthorized manner.
If however, in step 312 the player is authenticated, i.e. the certificate chain is verified, the process will then go forward. In step 316, the kiosk will then display a list of movies available in the codec supported by the player. In the case where the bit rate information is stored in the card, the list will preferably contain movies that can be provided at the appropriate bit rate. In order to do this it reads an indication of the supported codecs/formats from the memory of the MSD. In step 320, the user then selects the movie(s) he wishes to receive (rent or buy) from the kiosk. Next, in step 324, the selected movie(s) are downloaded to the player encrypted in a way only the player can decipher or decrypt. Preferably, the file containing the movie is encrypted using the public key of the player. A certificate is also provided with the movie and loaded into the MSD. The certificate preferably includes an indication of the validity period of the movie. For example, the movie may only be playable for a finite period of time (e.g. 90 days) from the date it was loaded into the MSD. Finally, in
step 328, the player checks the certificate validity and plays the movie if within the validity period.
FIG. 3B is a flowchart of an embodiment of an encryption/decryption process than can be used in the kiosk and card/player. In step 352, the content is encrypted with a product of the RSA key pair. Preferably, an AES content key is encrypted with the public key of the RSA key pair. This occurs on the kiosk side. Then after the encrypted content is transferred to the MSD, the content key is decrypted with the private key of the RSA key pair in step 356. Once this takes, place, in step 360 the content itself is decrypted with the decrypted content key. FIG. 4 is a flowchart illustrating one embodiment of step 230 of FIG. 2A. In step 404, the user inserts the MSD into a receptacle of the digital kiosk. Then, in step 408, the kiosk and MSD mutually authenticate each other as trusted devices. Step 408 is optional and is performed according to the well known SD card authentication protocol, in embodiments where the MSD employs the SD protocol. Next in step 412, RSA keys of the MSD and kiosk are compared. Of course, before they are compared they would have been stored in each of the respective devices. If the RSA keypair comparison is not successful, then the process will terminate. If a match is determined, the process will proceed to step 420, and the kiosk will verify the MSD certificate by accessing a trusted authority (e.g. CA 52 or repository 61). In step 424, the kiosk will then check the indication on the MSD of the supported codecs, and the preferred bit rates if present. Steps 408, 412, and 420 may all be considered authentication processes. Then, in step 428, the kiosk will load the content in the supported format, and at a preferred bit rate if such indication was present, along with an indication of the validity period of the content, into the MSD. In some embodiments, the kiosk may also check a certificate revocation list to ensure that the certificate of the MSD has not been revoked, as will be discussed later with regard to FIG. 6.
FIG. 5 is a schematic diagram illustrating a container file with the media file and the codec file as it is transferred from the kiosk in some embodiments. Within kiosk 40, the content, whether it be a movie or some other type of content, will be in the form of a media file. The media file 501 will be placed in container file 523. The media file will be encoded, as mentioned earlier, in a specific format dependent upon what type of encoder was utilized to encode the media file. The codec 521 necessary to decode the media file 501 is also placed in container file 523. The container file 523 is then loaded into MSD 10, which is eventually placed in player 30. Codec 521, which is preferably a plug-in type codec is then transferred to
the code library 511 of media application 507. Media application 507 is the software application of player 30 that is used to render or play back content, and optionally to encode content depending upon the nature of player 30. For example, a device 30 capable of recording audio or video would also include an encoder to digitally encode the content before it is recorded. Application 507 outputs the content which is eventually reproduced by a screen and/or speakers of device 30, or devices coupled thereto, as represented by arrow 525.
FIG. 6 illustrates one possible embodiment of steps that may take place as part or playing content, as depicted in step 250 of FIG. 2A. In step 604, the player checks the validity period of the content the user wishes to play. In step 608, the player then checks if the content is still within the validity period. If it is not, in step 610, an error condition will be present and may be displayed to the user. If, however, the content is still within the validity period, in step 612, the player optionally checks a certificate revocation list. The revocation list may be stored in a memory of the player or MSD, or if the player has access to the Internet, it may be instantaneously checked with a trusted authority. If, as seen in step 614, the certificate of the content has been revoked, the player will not play the content, but an error condition will again be present and indicated as represented by step 610. If, however, the certificate has not been revoked, in step 618 the player will decrypt the content using a private key of the player.
Although the various aspects of the present invention have been described with respect to exemplary embodiments thereof, it will be understood that the present invention is entitled to protection within the full scope of the appended claims.
Also, all patents, patent applications, articles, books, specifications, other publications, documents and things referenced herein are hereby incorporated herein by this reference in their entirety for all purposes. To the extent of any inconsistency or conflict in the definition or use of a term between any of the incorporated publications, documents or things and the text of the present document, the definition or use of the term in the present document shall prevail.
Claims
1. A method of supplying content to an individual, the method comprising: receiving a memory card in a receptacle of a kiosk for distributing the content; performing a first verification, the first verification of the authenticity of the memory card, and occurring while in the receptacle of the kiosk, by comparing first and second keys of an RSA key pair; performing a second verification, the second verification of the memory card and the user, by verifying a public key certificate chain issued by a certificate authority, and if both the first and second verification are successful, thereafter, creating a container file; placing the content within a media file in the container file; placing a pluggable decoding module in the container file; and transferring the container file from the kiosk to the memory card.
2. The method of claim 1 , further comprising storing the RSA key pair, a first key of the key pair in the kiosk and a second key of the key pair in the memory card or a player used with the memory card.
3. The method of claim 1, wherein a public key of the public key certificate is stored in the memory card by the player.
4. The method of claim 3, wherein the transferred content is encrypted using the public key of the player.
5. The method of claim 4, wherein the transferred content is encrypted using a key of the kiosk.
6. The method of claim 1 , further comprising receiving payment at the kiosk for the content.
7. The method of claim 1, further comprising checking a validity period of the content, and if playback of the content is requested during the validity period, playing the content on the card.
8. The method of claim 4, further comprising checking a validity period of the content, and decrypting the content with a private key of the player if playback of the content is requested during the validity period, but not if the content is requested outside of the validity period.
9. A method of supplying digitally encoded content to an individual, the method comprising: storing, in a memory of a transportable flash memory mass storage device, an indication of the encoding formats supported by a player for use with the mass storage device; monitoring, for an insertion of the mass storage device within a receptacle of a digital kiosk, and when insertion is detected; performing a first verification, the first verification of the mass storage device, and occurring while in the receptacle of the kiosk, by comparing first and second keys of an RSA key pair; performing a second verification, the second verification of a player of the user, by verifying a public key certificate chain issued by a certificate authority, and if both the first and second verification are successful, transferring, from the kiosk to the mass storage device, the content in one or more of the supported content encoding formats; and performing a third verification, the third verification taking place while the mass storage device is coupled to the player, the third verification verifying that content selected for playback is within a validity period associated with the content.
10. The method of claim 9 further comprising encrypting the content prior to transfer with a product of the RSA key pair.
11. The method of claim 9 wherein the product comprises a content key encrypted with a public key of the RSA keypair.
12. The method of claim 10, further comprising decrypting the content post transfer with a product of the RSA key pair.
13. The method of claim 11 , further comprising decrypting the content key with a private key of the RSA keypair.
14. The method of claim 13, further comprising decrypting the content post transfer with the decrypted content key.
15. A method of supplying content to an individual, the method comprising: storing, in a memory of a memory card, an indication of one or more encoding formats supported by a player used with the memory card; receiving the memory card in a receptacle of a kiosk for distributing the content; performing a first verification, the first verification of the authenticity of the memory card, and occurring while in the receptacle of the kiosk, by comparing first and second keys of an RSA key pair; performing a second verification, the second verification of the memory card and the user, by verifying a public key certificate chain issued by a certificate authority; and, if both the first and second verification are successful, transferring, from the kiosk to the memory card, the content in one or more of the supported content encoding formats.
16. The method of claim 15, further comprising storing the RSA key pair, a first key of the key pair in the kiosk and a second key of the key pair in the player or the memory card.
17. The method of claim 15, wherein a public key of the public key certificate is stored in the memory card by the player.
18. The method of claim 17, wherein the transferred content is encrypted using the public key of the player.
19. The method of claim 18, wherein the transferred content is encrypted using a key of the kiosk.
20. The method of claim 15, further comprising receiving payment at the kiosk for the content.
21. The method of claim 15, further comprising transferring an indication of the validity period of the content, from the kiosk to the card.
22. The method of claim 21, further comprising checking the validity period of the content, and if playback of the content is requested during the validity period, playing the content on the card.
23. The method of claim 21 , further comprising checking the validity period of the content, and decrypting the content with a private key of the player if playback of the content is requested during the validity period.
24. The method of claim 15, wherein the card is a micro SD card format or an SD card format.
25. A digital repository of digitally encoded content, the digitally encoded content of the type to be protected from unauthorized distribution, the repository located in a publicly accessible establishment and comprising: a hardware interface for making a direct connection of a portable flash memory mass storage device; and an authentication mechanism that verifies that the mass storage device is a genuine approved type of mass storage device with security measures that restrict unauthorized duplication of content residing in the mass storage device, wherein the repository communicates with the mass storage device and reads an indication of encoding formats suitable for use with a player that has previously interfaced with the mass storage device.
26. The digital repository of claim 25 wherein the hardware interface comprises a receptacle.
27. The digital repository of claim 25 wherein the hardware interface comprises a near field communications transceiver.
28. The digital repository of claim 25 wherein the authentication mechanism utilizes a public key infrastructure.
29. The digital repository of claim 25, wherein the repository is operable to transfer a portion of the digitally encoded content from the repository to the mass storage device, in a format it has determined is supported by the player.
30. The digital repository of claim 25, wherein the repository further provides a decoder to the mass storage device in order to playback the content with the player.
31. The digital repository of claim 26, wherein the repository is further operable to transfer an indication of a validity period of the content.
32. The digital repository of claim 27, wherein the indication of the validity period is contained within a PKI certificate.
33. A digital repository of digitally encoded content, the digitally encoded content of the type to be protected from unauthorized distribution, the repository located in a publicly accessible establishment and comprising: a hardware interface for making a direct connection of a portable flash memory mass storage device; and an authentication mechanism, utilizing a public key infrastructure, that verifies that the mass storage device is a genuine approved type of mass storage device with security measures that restrict unauthorized duplication of content residing in the mass storage device, wherein the repository queries the mass storage device for information regarding encoding formats suitable for use with a player to be used with the mass storage device.
34. A system for distributing digitally encoded movies, the system comprising: a portable flash memory mass storage device; a player operable to play back the movie from the portable flash memory mass storage device; and a kiosk comprising a receptacle or radio frequency interface compatible with the portable flash memory mass storage device, the kiosk operable to connect with the portable flash memory mass storage device via the receptacle or radio frequency interface and authenticate the mass storage device using a public key certificate issued by a PKI certificate authority, the kiosk further operable, if the mass storage device is authenticated, to load the movie into the mass storage device, encrypted with a public key of the public key certificate, together with an indication of a validity period of the movie, the player operable to verify that the movie is within the validity period as a prerequisite to decrypting the movie with the player private key and playing back the movie.
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/382,184 | 2006-05-08 | ||
US11/382,184 US20070260615A1 (en) | 2006-05-08 | 2006-05-08 | Media with Pluggable Codec |
US11/532,420 US20070282747A1 (en) | 2006-05-08 | 2006-09-15 | Secure storage digital kiosk distribution |
US11/532,431 US20070267474A1 (en) | 2006-05-08 | 2006-09-15 | Secure storage digital kiosk distribution methods |
US11/532,431 | 2006-09-15 | ||
US11/532,420 | 2006-09-15 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2008021594A2 true WO2008021594A2 (en) | 2008-02-21 |
WO2008021594A3 WO2008021594A3 (en) | 2008-04-17 |
Family
ID=38969335
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2007/067910 WO2008021594A2 (en) | 2006-05-08 | 2007-05-01 | Secure storage digital kiosk distribution |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2008021594A2 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2010141175A1 (en) * | 2009-06-04 | 2010-12-09 | Sandisk Corporation | Method and system for content replication control |
EP2428908A1 (en) * | 2010-09-14 | 2012-03-14 | NCR Corporation | Multi-media content at a digital download kiosk |
US8761402B2 (en) | 2007-09-28 | 2014-06-24 | Sandisk Technologies Inc. | System and methods for digital content distribution |
US8875283B2 (en) | 2012-04-10 | 2014-10-28 | Blackberry Limited | Restricted access memory device providing short range communication-based security features and related methods |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001014981A1 (en) * | 1999-08-19 | 2001-03-01 | Audiobase, Inc. | A system and method for providing audio/video content delivery over a network |
WO2003023676A1 (en) * | 2001-09-07 | 2003-03-20 | Entriq Limited Bvi | A distributed digital rights network (drn), and methods to access, operate and implement the same |
US6647389B1 (en) * | 1999-08-30 | 2003-11-11 | 3Com Corporation | Search engine to verify streaming audio sources |
US20050132209A1 (en) * | 2003-12-14 | 2005-06-16 | Hug Joshua D. | Certificate based digital rights management |
-
2007
- 2007-05-01 WO PCT/US2007/067910 patent/WO2008021594A2/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001014981A1 (en) * | 1999-08-19 | 2001-03-01 | Audiobase, Inc. | A system and method for providing audio/video content delivery over a network |
US6647389B1 (en) * | 1999-08-30 | 2003-11-11 | 3Com Corporation | Search engine to verify streaming audio sources |
WO2003023676A1 (en) * | 2001-09-07 | 2003-03-20 | Entriq Limited Bvi | A distributed digital rights network (drn), and methods to access, operate and implement the same |
US20050132209A1 (en) * | 2003-12-14 | 2005-06-16 | Hug Joshua D. | Certificate based digital rights management |
Non-Patent Citations (4)
Title |
---|
"Matsushita electric, Sandisk and Toshiba agree to join forces to develop and promote next generation secure memory card - SD (secure digital) memory card expected to unleash wave of new digital AV (audio/video) consumer products and enable internet and wireless e-commerce" INTERNET CITATION, [Online] 2001, XP002989940 Retrieved from the Internet: URL:http://web.archive.org/web/20010210202809/www.sdcard.org/news-5.htm> [retrieved on 2003-08-04] * |
BECKER M ET AL: "A study of the DVD content scrambling system (CSS) algorithm" SIGNAL PROCESSING AND INFORMATION TECHNOLOGY, 2004. PROCEEDINGS OF THE FOURTH IEEE INTERNATIONAL SYMPOSIUM ON ROME, ITALY DEC. 18-21, 2004, PISCATAWAY, NJ, USA,IEEE, 18 December 2004 (2004-12-18), pages 353-356, XP010800526 ISBN: 0-7803-8689-2 * |
MENEZES ET AL: "HANDBOOK OF APPLIED CRYPTOGRAPHY" HANDBOOK OF APPLIED CRYPTOGRAPHY, CRC PRESS SERIES ON DISCRETE MATHEMATICES AND ITS APPLICATIONS, BOCA RATON, FL, CRC PRESS, US, 1997, pages 403-405,506-515,570, XP002165287 ISBN: 0-8493-8523-7 * |
SCHNEIER B: "APPLIED CRYPTOGRAPHY" APPLIED CRYPTOGRAPHY. PROTOCOLS, ALGORITHMS, AND SOURCE CODE IN C, NEW YORK, JOHN WILEY & SONS, US, 1996, pages 574-577, XP002922914 ISBN: 0-471-11709-9 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8761402B2 (en) | 2007-09-28 | 2014-06-24 | Sandisk Technologies Inc. | System and methods for digital content distribution |
WO2010141175A1 (en) * | 2009-06-04 | 2010-12-09 | Sandisk Corporation | Method and system for content replication control |
US9083685B2 (en) | 2009-06-04 | 2015-07-14 | Sandisk Technologies Inc. | Method and system for content replication control |
EP2428908A1 (en) * | 2010-09-14 | 2012-03-14 | NCR Corporation | Multi-media content at a digital download kiosk |
US10296726B2 (en) | 2010-09-14 | 2019-05-21 | Ncr Corporation | Multi-media content at a digital download kiosk |
US8875283B2 (en) | 2012-04-10 | 2014-10-28 | Blackberry Limited | Restricted access memory device providing short range communication-based security features and related methods |
Also Published As
Publication number | Publication date |
---|---|
WO2008021594A3 (en) | 2008-04-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20070267474A1 (en) | Secure storage digital kiosk distribution methods | |
TW514845B (en) | Data storage regenerator and data storage processing method and program providing media | |
US6950941B1 (en) | Copy protection system for portable storage media | |
US7124443B2 (en) | Information transaction system | |
KR101362380B1 (en) | Method and device for Digital Rights Management | |
CN101903889B (en) | Device and method for digital right management | |
JP4740157B2 (en) | Protect digital data content | |
KR100434634B1 (en) | Production protection system dealing with contents that are digital production | |
EP2158716B1 (en) | Binding content licenses to portable storage devices | |
CN101714195A (en) | Digital certificate-based novel digital copyright protection method and device | |
US20040243488A1 (en) | Storage medium rental system | |
JP2003115163A (en) | Delivery of electronic content over network using hybrid optical disk for authentication | |
US20050027991A1 (en) | System and method for digital rights management | |
JP4455053B2 (en) | Device and method for selectively accessing services encrypted using control word and smart card | |
US20050033956A1 (en) | Method and system for the authorised decoding of encoded data | |
KR20050094316A (en) | Method and apparatus for digital rights management by using certificate revocation list | |
JP2004362547A (en) | Method for constituting home domain through device authentication using smart card, and smart card for constituting home domain | |
JP2010267240A (en) | Recording device | |
JP2001094554A (en) | Information transmission system, information transmission device, information reception device, and information transmitting method | |
US20030217271A1 (en) | Use of smart card technology in the protection of fixed storage entertainment assets | |
US20040243815A1 (en) | System and method of distributing and controlling rights of digital content | |
WO2008021594A2 (en) | Secure storage digital kiosk distribution | |
KR101858562B1 (en) | Security system for selling and using e-training contents | |
JP3684179B2 (en) | Memory card with security function | |
KR100996992B1 (en) | Portable Memory Media for Recording and Using Contents applied DRM and Method and System for Realizing It Thereby |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 07840160 Country of ref document: EP Kind code of ref document: A2 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 07840160 Country of ref document: EP Kind code of ref document: A2 |