WO2008021594A2 - Secure storage digital kiosk distribution - Google Patents

Secure storage digital kiosk distribution Download PDF

Info

Publication number
WO2008021594A2
WO2008021594A2 PCT/US2007/067910 US2007067910W WO2008021594A2 WO 2008021594 A2 WO2008021594 A2 WO 2008021594A2 US 2007067910 W US2007067910 W US 2007067910W WO 2008021594 A2 WO2008021594 A2 WO 2008021594A2
Authority
WO
WIPO (PCT)
Prior art keywords
content
player
storage device
mass storage
kiosk
Prior art date
Application number
PCT/US2007/067910
Other languages
French (fr)
Other versions
WO2008021594A3 (en
Inventor
Eran Shen
Reuven Elhamias
Original Assignee
Sandisk Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/382,184 external-priority patent/US20070260615A1/en
Application filed by Sandisk Corporation filed Critical Sandisk Corporation
Publication of WO2008021594A2 publication Critical patent/WO2008021594A2/en
Publication of WO2008021594A3 publication Critical patent/WO2008021594A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]

Definitions

  • the present application is generally related to the usage of flash based mass storage devices for delivering, storing, and reproducing encoded and copy protected movies and other content in a secure fashion.
  • movies are recorded on a medium such as a DVD or a videocassette, and the movies are then distributed upon the medium. For example, a consumer will travel to a store and rent a movie, or more recently, a DVD containing a movie is mailed to the consumer. While for quite some time now, although digital content has been available to download over the internet to home computers, the copyright owners of major movies have not allowed the movies to be purchased or rented for home download. This is primarily because of fears of unauthorized duplication and the associated loss of revenue.
  • one aspect of the present invention relates to a system and method of supplying content to an individual.
  • a memory card or USB flash drive is received at a (std. or contactless) receptacle of a kiosk for distributing the content.
  • a first verification is then performed, the first verification of the authenticity of the memory card, and occurring while at the receptacle of the kiosk, by comparing first and second keys of an RSA key pair.
  • a second verification is then performed, the second verification of the memory card and the user, by verifying a public key certificate chain issued by a certificate authority. Then if both the first and second verification are successful a container file is created, and a media file is placed in the container file together with a pluggable decoding module. The container file is then transferred from the kiosk to the memory card.
  • one aspect of the present invention relates to supplying content to an individual in an encoding format that is supported by a user's player.
  • An indication of one or more encoding formats supported by a player used with the memory card is stored in the memory card when it is connected with the user's player.
  • a first verification is performed.
  • the first verification is of the authenticity of the memory card and takes place while connected to the kiosk by comparing first and second keys of an RSA key pair.
  • a second verification is then performed, the second verification is of the memory card and the user and involves verifying a public key certificate chain issued by a certificate authority.
  • the content is transferred from the kiosk to the memory card in one or more of the supported content encoding formats. In this way, the problem where the content is provided in a format that cannot be decoded by the user's hardware is eliminated.
  • FIG. IA is block diagram of distribution and rendering system 5.
  • FIG. IB is a schematic diagram of MSD 10 seen in FIG. IA.
  • FIG. 1C is a block diagram of authentication entities coupled to network 50.
  • FIG. 2A is a high level flowchart of a method 200A of providing content according to an embodiment of the present invention.
  • FIG. 2B is a high level flowchart of a method 200B of providing content according to an embodiment of the present invention.
  • FIG. 3A is flowchart of a method 300 of providing content according to an embodiment of the present invention.
  • FIG. 3B is a flowchart of an embodiment of an encryption/decryption process than can be used in the kiosk and card/player.
  • FIG. 4 is a flowchart illustrating an embodiment of step 230 of FIG. 2 A.
  • FIG. 5 is a schematic diagram illustrating a container file with the media file and the codec file as it is transferred from the kiosk.
  • FIG. 6 is a flowchart illustrating an embodiment of step 250 of FIG. 2 A. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • FIG. IA is block diagram of distribution and rendering system 5.
  • MSD 10 is used as a medium to store content received from a secure digital kiosk.
  • MSD 10 may be a memory card or universal serial bus (“USB”) flash drive, and comprises connector 12.
  • USB universal serial bus
  • mass storage memory cards such as the Compact Flash (“CF) Card, Secure Digital (“SD”) Card, Multi Media Card (“MMC”), mini SD card, micro SD card, various forms of memory sticks, XD card etc.
  • CF Compact Flash
  • SD Secure Digital
  • MMC Multi Media Card
  • mini SD card mini SD card
  • micro SD card various forms of memory sticks
  • XD card various forms of memory sticks
  • XD card XD card etc.
  • Connector 12 comprises the contacts and contact pattern of a USB connector or memory card depending upon the embodiment.
  • the kiosk may communicate with the MSD through near field communications ("NFC") rather than through the connector 12.
  • Kiosk 40 also comprises a compatible connector to receive MSD 10. It therefore also comprises an NFC capable transceiver (not shown). Kiosk 40 is a distribution point for content. That is to say that someone desirous of content can travel to the kiosk and load the content onto MSD 10. Later, that user can then render or "playback" the content from MSD 10 with player 30. Player 30 also has a connector 32 compatible with connector 12 to interface with MSD 10.
  • Kiosk 40 may comprise conventional computing components such as a microprocessor, display, human interface devices, and storage devices (not shown) but is not a personal computer ("PC"), but rather a publicly available computer, preferably, but not necessarily, dedicated to providing content and performing the transaction for the content, whether as a sale or limited duration license.
  • the kiosk may also comprise a credit card reader or means for accepting cash payments, including debits from the MSD itself if it is equipped to act as an "electronic wallet” and carry out transactions.
  • kiosk 40 and player 30 are connected to network 50 which has access to the Internet and various entities that can be accessed via the Internet. Security mechanisms within the kiosk, storage device, and player, as well as the entities accessed via the Internet, will ensure that content is only provided to authorized users and/or devices, as will be described later.
  • MSD small form factor
  • movies could be loaded onto MSD 10 rather than on DVD's or video tapes for that matter.
  • FIG. IB illustrates the main components of an embodiment of MSD 10.
  • MSD 10 comprises a memory controller 18, which controls read/write operations from flash EEPROM 16 via bus 24.
  • An optional ROM 14 may also be included for storage of microcode.
  • Host interface bus 26 communicates with a host device such as kiosk 40 or player 30.
  • memory controller 18 comprises a hardware based encryption engine 40 and a firmware integrity circuit 21. These are used, among other things, to encrypt the firmware when it is stored in flash EEPROM 16 and may therefore otherwise be vulnerable to tampering or replacement with fraudulent firmware that circumvents copy protection mechanisms.
  • U.S. Patent Application No. 11/285,600 Hardware Driver Integrity Check Of Memory Card Controller Firmware to M. Holtzman et al.
  • Certain embodiments of the MSD may also comprise NFC circuitry including and NFC controller and antenna in order to transmit data with various hosts without using the contacts of the MSD.
  • NFC circuitry including and NFC controller and antenna in order to transmit data with various hosts without using the contacts of the MSD.
  • NFC hardware for further information on incorporation of NFC hardware in MSD 100, please refer to U.S. Patent Application No. 11/321,833 to F. Jogand Coulomb, entitled "Methods Used in a Nested Memory System With Near Field Communications Capability.”
  • FIG. 1C is a block diagram of authentication entities coupled to network 50.
  • PKI public key infrastructure
  • arrangements enable users to be authenticated to each other, and to use the information in identity certificates (i.e., each other's public keys) to encrypt and decrypt messages travelling to and fro.
  • identity certificates i.e., each other's public keys
  • the foundation or framework for the PKI is defined in the ITU-T X.509 Recommendation which is incorporated by this reference it is entirety.
  • a PKI consists of client software, server software such as a certificate authority, hardware and operational procedures.
  • a user may digitally sign messages using his private key, and another user can check that signature (using the public key contained in that user's certificate issued by a certificate authority within the PKI). This enables two (or more) communicating parties to establish confidentiality, message integrity and user authentication without having to exchange any secret information in advance.
  • FIG. 1C shows one possible implementation of the embodiment that utilizes the public key infrastructure for verification/authorization of credentials.
  • End Entities are sometimes thought of as end-users. Although this is often the case, the term End Entity is meant to be much more generic.
  • An End Entity can be an end-user, a device such as a router or a server, a process, or anything that can be identified in the subject name of a public key certificate.
  • End Entities can also be thought of as consumers of the PKI -related services.
  • the end entity may be any of: mass storage device 10, alone or together with player 30; player 30; and kiosk 40 or users of any of these pieces of hardware.
  • Public keys are distributed in the form of public key certificates by CA 52.
  • a certificate may be required from MSD 10 before KIOSK 40 or validating entity would allow a user of MSD 10 to receive content from KIOSK 40.
  • Public key certificates are digitally signed by the issuing CA 53 (which effectively binds the subject name to the public key) and stored in repository 61.
  • CAs are also responsible for issuing certificate revocation lists ("CRLs") unless this has been delegated to a separate CRL Issuer. CAs may also be involved in a number of administrative tasks such as end-user registration, but these are often delegated to a separate registration authority (“RA”) which is optional and not shown in FIG. 1C.
  • RA registration authority
  • CA 52 or another CA can also serve as the key backup and recovery facility although this function can also be delegated to a separate component.
  • CAs are often thought of as the "source of trust" in a PKI.
  • End Entities are configured with one or more "trust anchors" which are then used as the starting point to validate a given certification path.
  • trust anchors Once trust is established via the PKI interface between kiosk 40 and MSD 10, alone or in combination with player 30, loading into the MSD can take place.
  • PKI authentication between MSD 10 and player 30 may also be required in some embodiments before rendering or playback can take place.
  • FIG. 2A is a flowchart of method 200A.
  • step 210 the codecs supported by a user's player are determined. The player can be instructed, through menus of the player, to save an indication of the supported codecs to the card. Then an indication of the supported codecs is written to the mass storage device.
  • step 230 the user selected content is loaded into the portable flash mass storage device in one of the supported encoding formats, as determined in step 210.
  • the MSD will be loaded into or otherwise connected to the kiosk when this takes place.
  • the stored indication will be read by the kiosk in order to select the proper encoding format for the content.
  • step 250 when the MSD is coupled or inserted into the player, the content on the MSD will be rendered (decoded) using the appropriate codec.
  • the content can first be copied to a memory of the player, and decoded from that memory, given that the player and card have mutually authenticated each other and determined that the player has adequate copy protection safeguards.
  • FIG. 2B is a flowchart of method 200B, according to another embodiment of the present invention.
  • step 215 content encoded in a given format will be packaged with the appropriate codec required to later decode it when playback is desired. In this way, the situation where the player does not have the proper decoder to decode the encoded content is avoided.
  • step 235 the packaged content and codec are loaded into the mass storage device.
  • step 245 the codec is transferred from the mass storage device into the player and stored in the appropriate location so that it may be accessed as necessary. This is preferably in a library of a media player application and will be described below in more detail with regard to FIG. 5.
  • FIG. 3 A is a flowchart of method 300.
  • the user connects the MSD with a player, typically by plugging the MSD into a receptacle of the player. As mentioned earlier, connection may alternatively be through near field communications.
  • the player stores its credentials, preferably in the form of a certificate chain, along with an indication of the codecs supported by the player, in a memory of the MSD. The player may also store the bit rates that it supports.
  • the kiosk may store an indication that it supports the MP4 video format at bit rates up to 60 fps and/or the MP3 audio format at bit rates up to 128 kbps.
  • the kiosk reads the player credentials stored in the card and authenticates the player. If the player is not authenticated, the process will not go forward, in order to avoid providing content to a source that may duplicate or distribute the content in an unauthorized manner.
  • step 312 the player is authenticated, i.e. the certificate chain is verified, the process will then go forward.
  • step 316 the kiosk will then display a list of movies available in the codec supported by the player.
  • the list will preferably contain movies that can be provided at the appropriate bit rate. In order to do this it reads an indication of the supported codecs/formats from the memory of the MSD.
  • step 320 the user then selects the movie(s) he wishes to receive (rent or buy) from the kiosk.
  • step 324 the selected movie(s) are downloaded to the player encrypted in a way only the player can decipher or decrypt.
  • the file containing the movie is encrypted using the public key of the player.
  • a certificate is also provided with the movie and loaded into the MSD.
  • the certificate preferably includes an indication of the validity period of the movie.
  • the movie may only be playable for a finite period of time (e.g. 90 days) from the date it was loaded into the MSD.
  • the player checks the certificate validity and plays the movie if within the validity period.
  • FIG. 3B is a flowchart of an embodiment of an encryption/decryption process than can be used in the kiosk and card/player.
  • the content is encrypted with a product of the RSA key pair.
  • an AES content key is encrypted with the public key of the RSA key pair. This occurs on the kiosk side.
  • the content key is decrypted with the private key of the RSA key pair in step 356. Once this takes, place, in step 360 the content itself is decrypted with the decrypted content key.
  • FIG. 4 is a flowchart illustrating one embodiment of step 230 of FIG. 2A.
  • the user inserts the MSD into a receptacle of the digital kiosk.
  • step 408 the kiosk and MSD mutually authenticate each other as trusted devices.
  • Step 408 is optional and is performed according to the well known SD card authentication protocol, in embodiments where the MSD employs the SD protocol.
  • step 412 RSA keys of the MSD and kiosk are compared. Of course, before they are compared they would have been stored in each of the respective devices. If the RSA keypair comparison is not successful, then the process will terminate. If a match is determined, the process will proceed to step 420, and the kiosk will verify the MSD certificate by accessing a trusted authority (e.g. CA 52 or repository 61). In step 424, the kiosk will then check the indication on the MSD of the supported codecs, and the preferred bit rates if present.
  • a trusted authority e.g. CA 52 or repository 61
  • Steps 408, 412, and 420 may all be considered authentication processes.
  • the kiosk will load the content in the supported format, and at a preferred bit rate if such indication was present, along with an indication of the validity period of the content, into the MSD.
  • the kiosk may also check a certificate revocation list to ensure that the certificate of the MSD has not been revoked, as will be discussed later with regard to FIG. 6.
  • FIG. 5 is a schematic diagram illustrating a container file with the media file and the codec file as it is transferred from the kiosk in some embodiments.
  • the content whether it be a movie or some other type of content, will be in the form of a media file.
  • the media file 501 will be placed in container file 523.
  • the media file will be encoded, as mentioned earlier, in a specific format dependent upon what type of encoder was utilized to encode the media file.
  • the codec 521 necessary to decode the media file 501 is also placed in container file 523.
  • the container file 523 is then loaded into MSD 10, which is eventually placed in player 30.
  • Codec 521 which is preferably a plug-in type codec is then transferred to the code library 511 of media application 507.
  • Media application 507 is the software application of player 30 that is used to render or play back content, and optionally to encode content depending upon the nature of player 30.
  • a device 30 capable of recording audio or video would also include an encoder to digitally encode the content before it is recorded.
  • Application 507 outputs the content which is eventually reproduced by a screen and/or speakers of device 30, or devices coupled thereto, as represented by arrow 525.
  • FIG. 6 illustrates one possible embodiment of steps that may take place as part or playing content, as depicted in step 250 of FIG. 2A.
  • the player checks the validity period of the content the user wishes to play.
  • the player checks if the content is still within the validity period. If it is not, in step 610, an error condition will be present and may be displayed to the user. If, however, the content is still within the validity period, in step 612, the player optionally checks a certificate revocation list.
  • the revocation list may be stored in a memory of the player or MSD, or if the player has access to the Internet, it may be instantaneously checked with a trusted authority.
  • step 614 If, as seen in step 614, the certificate of the content has been revoked, the player will not play the content, but an error condition will again be present and indicated as represented by step 610. If, however, the certificate has not been revoked, in step 618 the player will decrypt the content using a private key of the player.

Abstract

A method and system of providing movies or other content is provided where a flash drive or flash memory card is used in place of DVD's or other formats. A user receives the content on the flash drive from a kiosk. The system ensures that a codec supported by the player of the user will be utilized to encode the content, or in certain embodiments a corresponding codec is provided along with the movie. Authentication and encryption mechanisms ensure that the movie is only provided to an authentic card and/or player from a kiosk, so that the movies cannot be provided to flash devices that do not have proper security mechanisms to safeguard the content or to those not authorized to otherwise receive the movie.

Description

SECURE STORAGE DIGITAL KIOSK DISTRIBUTION FIELD OF THE INVENTION
The present application is generally related to the usage of flash based mass storage devices for delivering, storing, and reproducing encoded and copy protected movies and other content in a secure fashion.
BACKGROUND OF THE INVENTION
Traditionally, movies are recorded on a medium such as a DVD or a videocassette, and the movies are then distributed upon the medium. For example, a consumer will travel to a store and rent a movie, or more recently, a DVD containing a movie is mailed to the consumer. While for quite some time now, although digital content has been available to download over the internet to home computers, the copyright owners of major movies have not allowed the movies to be purchased or rented for home download. This is primarily because of fears of unauthorized duplication and the associated loss of revenue.
While audio files are now available for sale/license to home consumers, these audio files are only a fraction of the size of movies and other large video clips. Thus, the size of video files in comparison to the size of portable storage devices has also provided a hurdle to downloading of movies.
Also, many competing encoding formats for video are available, and there is often a problem decoding video content because it may have been encoded in a format or bit rate that a user's player is not capable of decoding.
SUMMARY OF INVENTION
According to an embodiment of the present invention, one aspect of the present invention relates to a system and method of supplying content to an individual. A memory card or USB flash drive is received at a (std. or contactless) receptacle of a kiosk for distributing the content. A first verification is then performed, the first verification of the authenticity of the memory card, and occurring while at the receptacle of the kiosk, by comparing first and second keys of an RSA key pair. A second verification is then performed, the second verification of the memory card and the user, by verifying a public key certificate chain issued by a certificate authority. Then if both the first and second verification are successful a container file is created, and a media file is placed in the container file together with a pluggable decoding module. The container file is then transferred from the kiosk to the memory card.
According to another embodiment of the present invention, one aspect of the present invention relates to supplying content to an individual in an encoding format that is supported by a user's player. An indication of one or more encoding formats supported by a player used with the memory card is stored in the memory card when it is connected with the user's player. Then, when the card is connected to a kiosk for distributing the content, a first verification is performed. The first verification is of the authenticity of the memory card and takes place while connected to the kiosk by comparing first and second keys of an RSA key pair. A second verification is then performed, the second verification is of the memory card and the user and involves verifying a public key certificate chain issued by a certificate authority. If both the first and second verification are successful, the content is transferred from the kiosk to the memory card in one or more of the supported content encoding formats. In this way, the problem where the content is provided in a format that cannot be decoded by the user's hardware is eliminated.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. IA is block diagram of distribution and rendering system 5. FIG. IB is a schematic diagram of MSD 10 seen in FIG. IA.
FIG. 1C is a block diagram of authentication entities coupled to network 50. FIG. 2A is a high level flowchart of a method 200A of providing content according to an embodiment of the present invention.
FIG. 2B is a high level flowchart of a method 200B of providing content according to an embodiment of the present invention.
FIG. 3A is flowchart of a method 300 of providing content according to an embodiment of the present invention.
FIG. 3B is a flowchart of an embodiment of an encryption/decryption process than can be used in the kiosk and card/player. FIG. 4 is a flowchart illustrating an embodiment of step 230 of FIG. 2 A.
FIG. 5 is a schematic diagram illustrating a container file with the media file and the codec file as it is transferred from the kiosk.
FIG. 6 is a flowchart illustrating an embodiment of step 250 of FIG. 2 A. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
FIG. IA is block diagram of distribution and rendering system 5. A portable flash memory based mass storage device ("MSD") 10 is used as a medium to store content received from a secure digital kiosk. MSD 10 may be a memory card or universal serial bus ("USB") flash drive, and comprises connector 12. There are many well known formats of mass storage memory cards such as the Compact Flash ("CF) Card, Secure Digital ("SD") Card, Multi Media Card ("MMC"), mini SD card, micro SD card, various forms of memory sticks, XD card etc. For the purposes of this application, the term memory card shall also encompass a USB flash drive. Connector 12 comprises the contacts and contact pattern of a USB connector or memory card depending upon the embodiment. In some embodiments, the kiosk may communicate with the MSD through near field communications ("NFC") rather than through the connector 12. Kiosk 40 also comprises a compatible connector to receive MSD 10. It therefore also comprises an NFC capable transceiver (not shown). Kiosk 40 is a distribution point for content. That is to say that someone desirous of content can travel to the kiosk and load the content onto MSD 10. Later, that user can then render or "playback" the content from MSD 10 with player 30. Player 30 also has a connector 32 compatible with connector 12 to interface with MSD 10. Kiosk 40 may comprise conventional computing components such as a microprocessor, display, human interface devices, and storage devices (not shown) but is not a personal computer ("PC"), but rather a publicly available computer, preferably, but not necessarily, dedicated to providing content and performing the transaction for the content, whether as a sale or limited duration license. Thus in certain embodiments, the kiosk may also comprise a credit card reader or means for accepting cash payments, including debits from the MSD itself if it is equipped to act as an "electronic wallet" and carry out transactions.
All media content, when it exists in digital form, whether it be audio or video, is digitally encoded in a particular format. Therefore, in order to play it back or render it, it must be decoded. Often times, the user's player is not capable of decoding content because it does not have the proper decoder, sometimes referred to simply as a codec (coder-decoder). This is not surprising given that there are numerous competing codecs on the market, and the providers of the codecs are in very fierce competition to establish themselves and gain market share at the cost of the other providers. One example is the incompatibility of the Windows Media Player ® and Real Player ® codecs. The present invention alleviates this problem, such that material provided by the kiosk 40 to the MSD 10 will always be suitable for playback on or in player 30.
Another problem encountered with digital media content is unauthorized duplication. As can be seen in FIG. IA, kiosk 40 and player 30 are connected to network 50 which has access to the Internet and various entities that can be accessed via the Internet. Security mechanisms within the kiosk, storage device, and player, as well as the entities accessed via the Internet, will ensure that content is only provided to authorized users and/or devices, as will be described later.
Many consumers already have a flash drive or memory card that they use with a digital camera, music player, PDA, phone or other device that they own. As the capacity of those storage devices has increased, and encoding technology has become much more efficient resulting in smaller file sizes, it is now becoming feasible to encode and store a full length movie in a readily available pocket sized mass storage device.
This will allow the small form factor MSD to become an accepted media for delivering protected content. For instance, movies could be loaded onto MSD 10 rather than on DVD's or video tapes for that matter.
The features of the present invention that assure codec compatibility will increase the ease of use for the consumer, while the security mechanisms will ease the fears of content owners and providers and result in greater availability of copyrighted media for consumers. A new distribution methodology can therefore be established.
FIG. IB illustrates the main components of an embodiment of MSD 10. MSD 10 comprises a memory controller 18, which controls read/write operations from flash EEPROM 16 via bus 24. An optional ROM 14 may also be included for storage of microcode. Host interface bus 26 communicates with a host device such as kiosk 40 or player 30. In certain embodiments, memory controller 18 comprises a hardware based encryption engine 40 and a firmware integrity circuit 21. These are used, among other things, to encrypt the firmware when it is stored in flash EEPROM 16 and may therefore otherwise be vulnerable to tampering or replacement with fraudulent firmware that circumvents copy protection mechanisms. For more information on this, please refer to U.S. Patent Application No. 11/285,600 Hardware Driver Integrity Check Of Memory Card Controller Firmware" to M. Holtzman et al.
For more information on other security mechanisms and techniques present in MSD 100, please refer to the following patent applications and patents, all of which are hereby incorporated by reference in the entirety: "Secure Yet Flexible System Architecture for Secure Devices With Flash Mass Storage Memory" to M. Holtzman et al., Application No. 11/317,339; "Secure Memory Card With Life Cycle Phases" to M. Holtzman et al., Application No. 11/317,862; "In Stream Data Encryption/Decryption and Error Correction Method" to M. Holtzman et al., Application No. 11/313,447; "Control Structure for Versatile Content Control" to F. Jogand-Coulomb et al., Application No. 11/313,536; "System for Creating Control Structure for Versatile Content Control" to F. Jogand-Coulomb et al.., Application No. 11/314,055; "Mobile Memory System for Secure Storage and Delivery of Media Content" to B. Qawami et al., Application No. 11/322,766; and "In Stream Data Encryption/Decryption Method" to M. Holtzman et al., Application No. 11/314,030.
Certain embodiments of the MSD may also comprise NFC circuitry including and NFC controller and antenna in order to transmit data with various hosts without using the contacts of the MSD. For further information on incorporation of NFC hardware in MSD 100, please refer to U.S. Patent Application No. 11/321,833 to F. Jogand Coulomb, entitled "Methods Used in a Nested Memory System With Near Field Communications Capability."
FIG. 1C is a block diagram of authentication entities coupled to network 50. In a public key infrastructure ("PKI"), arrangements enable users to be authenticated to each other, and to use the information in identity certificates (i.e., each other's public keys) to encrypt and decrypt messages travelling to and fro. The foundation or framework for the PKI is defined in the ITU-T X.509 Recommendation which is incorporated by this reference it is entirety.
In general, a PKI consists of client software, server software such as a certificate authority, hardware and operational procedures. A user may digitally sign messages using his private key, and another user can check that signature (using the public key contained in that user's certificate issued by a certificate authority within the PKI). This enables two (or more) communicating parties to establish confidentiality, message integrity and user authentication without having to exchange any secret information in advance.
FIG. 1C shows one possible implementation of the embodiment that utilizes the public key infrastructure for verification/authorization of credentials. End Entities are sometimes thought of as end-users. Although this is often the case, the term End Entity is meant to be much more generic. An End Entity can be an end-user, a device such as a router or a server, a process, or anything that can be identified in the subject name of a public key certificate. End Entities can also be thought of as consumers of the PKI -related services. In the present invention, as seen in the embodiment shown in FIG. 1C, the end entity may be any of: mass storage device 10, alone or together with player 30; player 30; and kiosk 40 or users of any of these pieces of hardware.
Public keys are distributed in the form of public key certificates by CA 52. In some embodiments, a certificate may be required from MSD 10 before KIOSK 40 or validating entity would allow a user of MSD 10 to receive content from KIOSK 40. Public key certificates are digitally signed by the issuing CA 53 (which effectively binds the subject name to the public key) and stored in repository 61. CAs are also responsible for issuing certificate revocation lists ("CRLs") unless this has been delegated to a separate CRL Issuer. CAs may also be involved in a number of administrative tasks such as end-user registration, but these are often delegated to a separate registration authority ("RA") which is optional and not shown in FIG. 1C. In practice, CA 52 or another CA can also serve as the key backup and recovery facility although this function can also be delegated to a separate component. CAs are often thought of as the "source of trust" in a PKI. Typically, End Entities are configured with one or more "trust anchors" which are then used as the starting point to validate a given certification path. Once trust is established via the PKI interface between kiosk 40 and MSD 10, alone or in combination with player 30, loading into the MSD can take place. PKI authentication between MSD 10 and player 30 may also be required in some embodiments before rendering or playback can take place.
FIG. 2A is a flowchart of method 200A. In step 210, the codecs supported by a user's player are determined. The player can be instructed, through menus of the player, to save an indication of the supported codecs to the card. Then an indication of the supported codecs is written to the mass storage device. Next, in step 230, the user selected content is loaded into the portable flash mass storage device in one of the supported encoding formats, as determined in step 210. The MSD will be loaded into or otherwise connected to the kiosk when this takes place. The stored indication will be read by the kiosk in order to select the proper encoding format for the content. Next in step 250, when the MSD is coupled or inserted into the player, the content on the MSD will be rendered (decoded) using the appropriate codec. Alternatively, the content can first be copied to a memory of the player, and decoded from that memory, given that the player and card have mutually authenticated each other and determined that the player has adequate copy protection safeguards.
FIG. 2B is a flowchart of method 200B, according to another embodiment of the present invention. In step 215, content encoded in a given format will be packaged with the appropriate codec required to later decode it when playback is desired. In this way, the situation where the player does not have the proper decoder to decode the encoded content is avoided. In step 235, the packaged content and codec are loaded into the mass storage device. Next, in step 245, the codec is transferred from the mass storage device into the player and stored in the appropriate location so that it may be accessed as necessary. This is preferably in a library of a media player application and will be described below in more detail with regard to FIG. 5. The content itself may also be transferred to a memory of the player at this time, if as mentioned above, the player has the proper security mechanisms and is authenticated. Finally, in step 255, the content is decoded and rendered with the decoder of the supplied codec. FIG. 3 A is a flowchart of method 300. In step 304, the user connects the MSD with a player, typically by plugging the MSD into a receptacle of the player. As mentioned earlier, connection may alternatively be through near field communications. Next, in step 308, the player stores its credentials, preferably in the form of a certificate chain, along with an indication of the codecs supported by the player, in a memory of the MSD. The player may also store the bit rates that it supports. For example, it may store an indication that it supports the MP4 video format at bit rates up to 60 fps and/or the MP3 audio format at bit rates up to 128 kbps. Once the MSD is coupled with the kiosk the kiosk reads the player credentials stored in the card and authenticates the player. If the player is not authenticated, the process will not go forward, in order to avoid providing content to a source that may duplicate or distribute the content in an unauthorized manner.
If however, in step 312 the player is authenticated, i.e. the certificate chain is verified, the process will then go forward. In step 316, the kiosk will then display a list of movies available in the codec supported by the player. In the case where the bit rate information is stored in the card, the list will preferably contain movies that can be provided at the appropriate bit rate. In order to do this it reads an indication of the supported codecs/formats from the memory of the MSD. In step 320, the user then selects the movie(s) he wishes to receive (rent or buy) from the kiosk. Next, in step 324, the selected movie(s) are downloaded to the player encrypted in a way only the player can decipher or decrypt. Preferably, the file containing the movie is encrypted using the public key of the player. A certificate is also provided with the movie and loaded into the MSD. The certificate preferably includes an indication of the validity period of the movie. For example, the movie may only be playable for a finite period of time (e.g. 90 days) from the date it was loaded into the MSD. Finally, in step 328, the player checks the certificate validity and plays the movie if within the validity period.
FIG. 3B is a flowchart of an embodiment of an encryption/decryption process than can be used in the kiosk and card/player. In step 352, the content is encrypted with a product of the RSA key pair. Preferably, an AES content key is encrypted with the public key of the RSA key pair. This occurs on the kiosk side. Then after the encrypted content is transferred to the MSD, the content key is decrypted with the private key of the RSA key pair in step 356. Once this takes, place, in step 360 the content itself is decrypted with the decrypted content key. FIG. 4 is a flowchart illustrating one embodiment of step 230 of FIG. 2A. In step 404, the user inserts the MSD into a receptacle of the digital kiosk. Then, in step 408, the kiosk and MSD mutually authenticate each other as trusted devices. Step 408 is optional and is performed according to the well known SD card authentication protocol, in embodiments where the MSD employs the SD protocol. Next in step 412, RSA keys of the MSD and kiosk are compared. Of course, before they are compared they would have been stored in each of the respective devices. If the RSA keypair comparison is not successful, then the process will terminate. If a match is determined, the process will proceed to step 420, and the kiosk will verify the MSD certificate by accessing a trusted authority (e.g. CA 52 or repository 61). In step 424, the kiosk will then check the indication on the MSD of the supported codecs, and the preferred bit rates if present. Steps 408, 412, and 420 may all be considered authentication processes. Then, in step 428, the kiosk will load the content in the supported format, and at a preferred bit rate if such indication was present, along with an indication of the validity period of the content, into the MSD. In some embodiments, the kiosk may also check a certificate revocation list to ensure that the certificate of the MSD has not been revoked, as will be discussed later with regard to FIG. 6.
FIG. 5 is a schematic diagram illustrating a container file with the media file and the codec file as it is transferred from the kiosk in some embodiments. Within kiosk 40, the content, whether it be a movie or some other type of content, will be in the form of a media file. The media file 501 will be placed in container file 523. The media file will be encoded, as mentioned earlier, in a specific format dependent upon what type of encoder was utilized to encode the media file. The codec 521 necessary to decode the media file 501 is also placed in container file 523. The container file 523 is then loaded into MSD 10, which is eventually placed in player 30. Codec 521, which is preferably a plug-in type codec is then transferred to the code library 511 of media application 507. Media application 507 is the software application of player 30 that is used to render or play back content, and optionally to encode content depending upon the nature of player 30. For example, a device 30 capable of recording audio or video would also include an encoder to digitally encode the content before it is recorded. Application 507 outputs the content which is eventually reproduced by a screen and/or speakers of device 30, or devices coupled thereto, as represented by arrow 525.
FIG. 6 illustrates one possible embodiment of steps that may take place as part or playing content, as depicted in step 250 of FIG. 2A. In step 604, the player checks the validity period of the content the user wishes to play. In step 608, the player then checks if the content is still within the validity period. If it is not, in step 610, an error condition will be present and may be displayed to the user. If, however, the content is still within the validity period, in step 612, the player optionally checks a certificate revocation list. The revocation list may be stored in a memory of the player or MSD, or if the player has access to the Internet, it may be instantaneously checked with a trusted authority. If, as seen in step 614, the certificate of the content has been revoked, the player will not play the content, but an error condition will again be present and indicated as represented by step 610. If, however, the certificate has not been revoked, in step 618 the player will decrypt the content using a private key of the player.
Although the various aspects of the present invention have been described with respect to exemplary embodiments thereof, it will be understood that the present invention is entitled to protection within the full scope of the appended claims.
Also, all patents, patent applications, articles, books, specifications, other publications, documents and things referenced herein are hereby incorporated herein by this reference in their entirety for all purposes. To the extent of any inconsistency or conflict in the definition or use of a term between any of the incorporated publications, documents or things and the text of the present document, the definition or use of the term in the present document shall prevail.

Claims

THE CLAIMSWhat is claimed is:
1. A method of supplying content to an individual, the method comprising: receiving a memory card in a receptacle of a kiosk for distributing the content; performing a first verification, the first verification of the authenticity of the memory card, and occurring while in the receptacle of the kiosk, by comparing first and second keys of an RSA key pair; performing a second verification, the second verification of the memory card and the user, by verifying a public key certificate chain issued by a certificate authority, and if both the first and second verification are successful, thereafter, creating a container file; placing the content within a media file in the container file; placing a pluggable decoding module in the container file; and transferring the container file from the kiosk to the memory card.
2. The method of claim 1 , further comprising storing the RSA key pair, a first key of the key pair in the kiosk and a second key of the key pair in the memory card or a player used with the memory card.
3. The method of claim 1, wherein a public key of the public key certificate is stored in the memory card by the player.
4. The method of claim 3, wherein the transferred content is encrypted using the public key of the player.
5. The method of claim 4, wherein the transferred content is encrypted using a key of the kiosk.
6. The method of claim 1 , further comprising receiving payment at the kiosk for the content.
7. The method of claim 1, further comprising checking a validity period of the content, and if playback of the content is requested during the validity period, playing the content on the card.
8. The method of claim 4, further comprising checking a validity period of the content, and decrypting the content with a private key of the player if playback of the content is requested during the validity period, but not if the content is requested outside of the validity period.
9. A method of supplying digitally encoded content to an individual, the method comprising: storing, in a memory of a transportable flash memory mass storage device, an indication of the encoding formats supported by a player for use with the mass storage device; monitoring, for an insertion of the mass storage device within a receptacle of a digital kiosk, and when insertion is detected; performing a first verification, the first verification of the mass storage device, and occurring while in the receptacle of the kiosk, by comparing first and second keys of an RSA key pair; performing a second verification, the second verification of a player of the user, by verifying a public key certificate chain issued by a certificate authority, and if both the first and second verification are successful, transferring, from the kiosk to the mass storage device, the content in one or more of the supported content encoding formats; and performing a third verification, the third verification taking place while the mass storage device is coupled to the player, the third verification verifying that content selected for playback is within a validity period associated with the content.
10. The method of claim 9 further comprising encrypting the content prior to transfer with a product of the RSA key pair.
11. The method of claim 9 wherein the product comprises a content key encrypted with a public key of the RSA keypair.
12. The method of claim 10, further comprising decrypting the content post transfer with a product of the RSA key pair.
13. The method of claim 11 , further comprising decrypting the content key with a private key of the RSA keypair.
14. The method of claim 13, further comprising decrypting the content post transfer with the decrypted content key.
15. A method of supplying content to an individual, the method comprising: storing, in a memory of a memory card, an indication of one or more encoding formats supported by a player used with the memory card; receiving the memory card in a receptacle of a kiosk for distributing the content; performing a first verification, the first verification of the authenticity of the memory card, and occurring while in the receptacle of the kiosk, by comparing first and second keys of an RSA key pair; performing a second verification, the second verification of the memory card and the user, by verifying a public key certificate chain issued by a certificate authority; and, if both the first and second verification are successful, transferring, from the kiosk to the memory card, the content in one or more of the supported content encoding formats.
16. The method of claim 15, further comprising storing the RSA key pair, a first key of the key pair in the kiosk and a second key of the key pair in the player or the memory card.
17. The method of claim 15, wherein a public key of the public key certificate is stored in the memory card by the player.
18. The method of claim 17, wherein the transferred content is encrypted using the public key of the player.
19. The method of claim 18, wherein the transferred content is encrypted using a key of the kiosk.
20. The method of claim 15, further comprising receiving payment at the kiosk for the content.
21. The method of claim 15, further comprising transferring an indication of the validity period of the content, from the kiosk to the card.
22. The method of claim 21, further comprising checking the validity period of the content, and if playback of the content is requested during the validity period, playing the content on the card.
23. The method of claim 21 , further comprising checking the validity period of the content, and decrypting the content with a private key of the player if playback of the content is requested during the validity period.
24. The method of claim 15, wherein the card is a micro SD card format or an SD card format.
25. A digital repository of digitally encoded content, the digitally encoded content of the type to be protected from unauthorized distribution, the repository located in a publicly accessible establishment and comprising: a hardware interface for making a direct connection of a portable flash memory mass storage device; and an authentication mechanism that verifies that the mass storage device is a genuine approved type of mass storage device with security measures that restrict unauthorized duplication of content residing in the mass storage device, wherein the repository communicates with the mass storage device and reads an indication of encoding formats suitable for use with a player that has previously interfaced with the mass storage device.
26. The digital repository of claim 25 wherein the hardware interface comprises a receptacle.
27. The digital repository of claim 25 wherein the hardware interface comprises a near field communications transceiver.
28. The digital repository of claim 25 wherein the authentication mechanism utilizes a public key infrastructure.
29. The digital repository of claim 25, wherein the repository is operable to transfer a portion of the digitally encoded content from the repository to the mass storage device, in a format it has determined is supported by the player.
30. The digital repository of claim 25, wherein the repository further provides a decoder to the mass storage device in order to playback the content with the player.
31. The digital repository of claim 26, wherein the repository is further operable to transfer an indication of a validity period of the content.
32. The digital repository of claim 27, wherein the indication of the validity period is contained within a PKI certificate.
33. A digital repository of digitally encoded content, the digitally encoded content of the type to be protected from unauthorized distribution, the repository located in a publicly accessible establishment and comprising: a hardware interface for making a direct connection of a portable flash memory mass storage device; and an authentication mechanism, utilizing a public key infrastructure, that verifies that the mass storage device is a genuine approved type of mass storage device with security measures that restrict unauthorized duplication of content residing in the mass storage device, wherein the repository queries the mass storage device for information regarding encoding formats suitable for use with a player to be used with the mass storage device.
34. A system for distributing digitally encoded movies, the system comprising: a portable flash memory mass storage device; a player operable to play back the movie from the portable flash memory mass storage device; and a kiosk comprising a receptacle or radio frequency interface compatible with the portable flash memory mass storage device, the kiosk operable to connect with the portable flash memory mass storage device via the receptacle or radio frequency interface and authenticate the mass storage device using a public key certificate issued by a PKI certificate authority, the kiosk further operable, if the mass storage device is authenticated, to load the movie into the mass storage device, encrypted with a public key of the public key certificate, together with an indication of a validity period of the movie, the player operable to verify that the movie is within the validity period as a prerequisite to decrypting the movie with the player private key and playing back the movie.
PCT/US2007/067910 2006-05-08 2007-05-01 Secure storage digital kiosk distribution WO2008021594A2 (en)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US11/382,184 2006-05-08
US11/382,184 US20070260615A1 (en) 2006-05-08 2006-05-08 Media with Pluggable Codec
US11/532,420 US20070282747A1 (en) 2006-05-08 2006-09-15 Secure storage digital kiosk distribution
US11/532,431 US20070267474A1 (en) 2006-05-08 2006-09-15 Secure storage digital kiosk distribution methods
US11/532,431 2006-09-15
US11/532,420 2006-09-15

Publications (2)

Publication Number Publication Date
WO2008021594A2 true WO2008021594A2 (en) 2008-02-21
WO2008021594A3 WO2008021594A3 (en) 2008-04-17

Family

ID=38969335

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/067910 WO2008021594A2 (en) 2006-05-08 2007-05-01 Secure storage digital kiosk distribution

Country Status (1)

Country Link
WO (1) WO2008021594A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010141175A1 (en) * 2009-06-04 2010-12-09 Sandisk Corporation Method and system for content replication control
EP2428908A1 (en) * 2010-09-14 2012-03-14 NCR Corporation Multi-media content at a digital download kiosk
US8761402B2 (en) 2007-09-28 2014-06-24 Sandisk Technologies Inc. System and methods for digital content distribution
US8875283B2 (en) 2012-04-10 2014-10-28 Blackberry Limited Restricted access memory device providing short range communication-based security features and related methods

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001014981A1 (en) * 1999-08-19 2001-03-01 Audiobase, Inc. A system and method for providing audio/video content delivery over a network
WO2003023676A1 (en) * 2001-09-07 2003-03-20 Entriq Limited Bvi A distributed digital rights network (drn), and methods to access, operate and implement the same
US6647389B1 (en) * 1999-08-30 2003-11-11 3Com Corporation Search engine to verify streaming audio sources
US20050132209A1 (en) * 2003-12-14 2005-06-16 Hug Joshua D. Certificate based digital rights management

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001014981A1 (en) * 1999-08-19 2001-03-01 Audiobase, Inc. A system and method for providing audio/video content delivery over a network
US6647389B1 (en) * 1999-08-30 2003-11-11 3Com Corporation Search engine to verify streaming audio sources
WO2003023676A1 (en) * 2001-09-07 2003-03-20 Entriq Limited Bvi A distributed digital rights network (drn), and methods to access, operate and implement the same
US20050132209A1 (en) * 2003-12-14 2005-06-16 Hug Joshua D. Certificate based digital rights management

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"Matsushita electric, Sandisk and Toshiba agree to join forces to develop and promote next generation secure memory card - SD (secure digital) memory card expected to unleash wave of new digital AV (audio/video) consumer products and enable internet and wireless e-commerce" INTERNET CITATION, [Online] 2001, XP002989940 Retrieved from the Internet: URL:http://web.archive.org/web/20010210202809/www.sdcard.org/news-5.htm> [retrieved on 2003-08-04] *
BECKER M ET AL: "A study of the DVD content scrambling system (CSS) algorithm" SIGNAL PROCESSING AND INFORMATION TECHNOLOGY, 2004. PROCEEDINGS OF THE FOURTH IEEE INTERNATIONAL SYMPOSIUM ON ROME, ITALY DEC. 18-21, 2004, PISCATAWAY, NJ, USA,IEEE, 18 December 2004 (2004-12-18), pages 353-356, XP010800526 ISBN: 0-7803-8689-2 *
MENEZES ET AL: "HANDBOOK OF APPLIED CRYPTOGRAPHY" HANDBOOK OF APPLIED CRYPTOGRAPHY, CRC PRESS SERIES ON DISCRETE MATHEMATICES AND ITS APPLICATIONS, BOCA RATON, FL, CRC PRESS, US, 1997, pages 403-405,506-515,570, XP002165287 ISBN: 0-8493-8523-7 *
SCHNEIER B: "APPLIED CRYPTOGRAPHY" APPLIED CRYPTOGRAPHY. PROTOCOLS, ALGORITHMS, AND SOURCE CODE IN C, NEW YORK, JOHN WILEY & SONS, US, 1996, pages 574-577, XP002922914 ISBN: 0-471-11709-9 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8761402B2 (en) 2007-09-28 2014-06-24 Sandisk Technologies Inc. System and methods for digital content distribution
WO2010141175A1 (en) * 2009-06-04 2010-12-09 Sandisk Corporation Method and system for content replication control
US9083685B2 (en) 2009-06-04 2015-07-14 Sandisk Technologies Inc. Method and system for content replication control
EP2428908A1 (en) * 2010-09-14 2012-03-14 NCR Corporation Multi-media content at a digital download kiosk
US10296726B2 (en) 2010-09-14 2019-05-21 Ncr Corporation Multi-media content at a digital download kiosk
US8875283B2 (en) 2012-04-10 2014-10-28 Blackberry Limited Restricted access memory device providing short range communication-based security features and related methods

Also Published As

Publication number Publication date
WO2008021594A3 (en) 2008-04-17

Similar Documents

Publication Publication Date Title
US20070267474A1 (en) Secure storage digital kiosk distribution methods
TW514845B (en) Data storage regenerator and data storage processing method and program providing media
US6950941B1 (en) Copy protection system for portable storage media
US7124443B2 (en) Information transaction system
KR101362380B1 (en) Method and device for Digital Rights Management
CN101903889B (en) Device and method for digital right management
JP4740157B2 (en) Protect digital data content
KR100434634B1 (en) Production protection system dealing with contents that are digital production
EP2158716B1 (en) Binding content licenses to portable storage devices
CN101714195A (en) Digital certificate-based novel digital copyright protection method and device
US20040243488A1 (en) Storage medium rental system
JP2003115163A (en) Delivery of electronic content over network using hybrid optical disk for authentication
US20050027991A1 (en) System and method for digital rights management
JP4455053B2 (en) Device and method for selectively accessing services encrypted using control word and smart card
US20050033956A1 (en) Method and system for the authorised decoding of encoded data
KR20050094316A (en) Method and apparatus for digital rights management by using certificate revocation list
JP2004362547A (en) Method for constituting home domain through device authentication using smart card, and smart card for constituting home domain
JP2010267240A (en) Recording device
JP2001094554A (en) Information transmission system, information transmission device, information reception device, and information transmitting method
US20030217271A1 (en) Use of smart card technology in the protection of fixed storage entertainment assets
US20040243815A1 (en) System and method of distributing and controlling rights of digital content
WO2008021594A2 (en) Secure storage digital kiosk distribution
KR101858562B1 (en) Security system for selling and using e-training contents
JP3684179B2 (en) Memory card with security function
KR100996992B1 (en) Portable Memory Media for Recording and Using Contents applied DRM and Method and System for Realizing It Thereby

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07840160

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07840160

Country of ref document: EP

Kind code of ref document: A2