System and method for secure distribution of digital content via a network

US 20030204738A1
Filed: 04/30/2002
Published: 10/30/2003
Est. Priority Date: 04/30/2002
Status: Abandoned Application

First Claim

Patent Images

1. A system for the secure distribution of digital content, comprising:

encrypted control information including a data key and a time code defining a window-of-opportunity;

an encrypted digital content stream; and

a tamper-resistant environment providing means for decrypting the encrypted control information, for using a secure local clock to verify the window-of-opportunity with the time code, and for using the decrypted data key to decrypt the encrypted digital content stream and convert the decrypted stream to an analog output stream, whereby the encrypted digital content stream is convertible to an analog output stream only during the window-of-opportunity by a system having means for decrypting the encrypted control information and for verifying the window-of-opportunity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention defines a system and method for broadcasting high quality, digitally encoded music and/or video (hereinafter called “content”) such that the content, once received, cannot be further redistributed in digital form. The content may be played as received on a receiving means (hereinafter called a “receiver”) or may be recorded digitally for later play-back on the same receiver. In one embodiment incorporating transportable ‘smart tokens’, the content may later be played back on a different receiver. The invention is directed primarily to preventing the piracy of content broadcast in support of services such as digital radio or television. In one preferred embodiment the invention may also be used to prevent piracy in the retail distribution of digital content.

Citations

42 Claims

1. A system for the secure distribution of digital content, comprising:
- encrypted control information including a data key and a time code defining a window-of-opportunity;
  
  an encrypted digital content stream; and
  
  a tamper-resistant environment providing means for decrypting the encrypted control information, for using a secure local clock to verify the window-of-opportunity with the time code, and for using the decrypted data key to decrypt the encrypted digital content stream and convert the decrypted stream to an analog output stream, whereby the encrypted digital content stream is convertible to an analog output stream only during the window-of-opportunity by a system having means for decrypting the encrypted control information and for verifying the window-of-opportunity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 42)
- - 2. The system as set forth in claim 1, wherein the tamper-resistant environment includes and protects the following:
    - (a) means for receiving the encrypted control information;
      
      (b) a private key;
      
      (c) means for using the private key to decrypt the received control information to obtain a clear version of the data key and the time code;
      
      (d) a local clock providing a local real time;
      
      (e) means for comparing the local real time with the received time code and for deciding whether the local real time is within the defined window-of-opportunity;
      
      (f) means for receiving the encrypted digital content stream;
      
      (g) means for decrypting the received digital content stream using the data key when the local real time is within the defined window-of-opportunity;
      
      (h) means for converting the decrypted digital content stream to analog signals; and
      
      (i) means for providing the analog signals outside the tamper-resistant environment.
  - 3. The system as set forth in claim 2, further including:
    - (a) an unencrypted handle identifying a specific private key for decrypting the control information; and
      
      (b) the tamper-resistant environment further including, (1) private key storage and retrieval means, (2) a plurality of private keys stored in the private key storage and retrieval means, (3) means for receiving the unencrypted handle, and (4) means for using the unencrypted handle to retrieve a specific private key from the storage and retrieval means for use in decrypting the received encrypted control information.
  - 4. The system as set forth in claim 3, wherein the private key storage and retrieval means is implemented using non-volatile memory.
  - 5. The system as set forth in claim 4, wherein the private keys are placed into the non-volatile memory by a trusted entity at time of manufacture of the tamper-resistant environment.
  - 6. The system as set forth in claim 2, further including:
    - (a) the encrypted control information including a code specifying an algorithm for use in decrypting the encrypted digital content stream; and
      
      (b) the tamper-resistant environment further including, (1) means for using the private key to decrypt the algorithm specifying code, and (2) the digital content stream decrypting means of the tamper-resistant environment further including, (i) means for decrypting using a plurality of decryption algorithms, and (ii) means for using the algorithm specifying code to select a decryption algorithm and decrypting the encrypted digital content stream using the selected algorithm.
  - 7. The system as set forth in claim 2, wherein the encrypted control information defines a session establishment message
  - 8. The system as set forth in claim 2, wherein the encrypted control information is included as a header preceding the encrypted digital content stream.
  - 9. The system as set forth in claim 2, further including:
    - (a) local digital content stream storage and retrieval means; and
      
      (b) the tamper-resistant environment further including, (1) means for locally encrypting the decrypted digital content stream, (2) means for storing the locally encrypted digital content stream on the local digital content stream storage and retrieval means, (3) means for retrieving the encrypted digital content stream from the local digital content stream storage and retrieval means, (4) means for decrypting the retrieved locally encrypted digital content stream, and (5) means for connecting the decrypted digital content stream for analog output conversion.
  - 10. The system as set forth in claim 2, further including means for distributing the encrypted control information.
  - 11. The system as set forth in claim 10, further including means for distributing the encrypted digital content stream.
  - 12. The system as set forth in claim 11, further including the means for distributing the encrypted digital content stream including means for distributing the encrypted control information.
  - 13. The system as set forth in claim 10, further including means for distributing the encrypted digital content stream via a communications network.
  - 14. The system as set forth in claim 13, wherein the communications network includes the Internet.
  - 15. The system as set forth in claim 2, further including:
    - (1) means for distributing the encrypted digital content stream via a communications network; and
      
      (2) wherein the encrypted control information is distributed via a trusted entity.
  - 16. The system as set forth in claim 15, wherein the communications network includes the Internet.
  - 17. The system as set forth in claim 15, wherein the means for distributing the encrypted digital content stream defines a transmitter including:
    - (1) means for receiving an unencrypted digital content stream;
      
      (2) a copy of the data key; and
      
      (3) means for encrypting the digital content stream using the data key.
  - 18. The system as set forth in claim 17, wherein the defined transmitter further includes:
    - (1) data key storage and retrieval means;
      
      (2) a plurality of data keys stored in the data key storage and retrieval means;
      
      (3) means for selecting and retrieving a stored data key for use in encrypting the received digital content stream; and
      
      (4) means for providing a copy of the selected data key to a trusted key distribution entity.
  - 19. The system as set forth in claim 18, wherein the transmitter further includes the trusted key distribution entity for receiving the copy of the selected data key and for distributing an encrypted data key as part of encrypted control information.
  - 20. The system as set forth in claim 17, further including transmitter digital content stream storage and retrieval means permitting the transmitter to store and retrieve a copy of the digital content stream, and means permitting the transmitter to use a retrieved copy of a digital content stream in the same manner as a received digital content stream.
  - 21. The system as set forth in claim 2, wherein the time code defining a window of opportunity includes a start time and date, a stop time and date, and a maximum-allowable-clock-skew.
  - 22. The system as set forth in claim 21, wherein the local clock is initialized to a universal real time at time of manufacture.
  - 23. The system as set forth in claim 21, wherein the local clock has a predetermined maximum allowable time drift rate defined with respect to a trusted time standard.
  - 24. The system as set forth in claim 22, wherein the means for comparing the local real time with the received time code for deciding whether the local real time is within the window of opportunity for enabling decryption of the received digital content stream insures that decryption is enabled only when local real time is within the window defined by the start time and date, and the stop time and date as adjusted for the maximum-allowable-clock-skew since initialization, and further wherein the universal real time defining both a time and date.
  - 42. A computer program product storing a method executable by a digital platform having a network connection and defining a transmitter as set forth in claim 19, the method defining the steps of:
    - (a) receiving the unencrypted digital content stream;
      
      (b) selecting a data key;
      
      (c) encrypting a copy of the selected data key;
      
      (d) distributing via network connection the encrypted control information including the selected data key and the defined window-of-opportunity;
      
      (e) using the selected data key to encrypt the received unencrypted digital content stream; and
      
      (f) distributing via the network connection the encrypted digital control stream.

25. A method for securely distributing a digital content stream via a communications network, the method comprising the steps of:
- (a) providing encrypted control information including a data key and a time code defining a window-of-opportunity;
  
  (b) providing an encrypted digital content stream via a communications network;
  
  (c) the data key being valid for decrypting the encrypted digital content stream during the window-of-opportunity;
  
  (d) providing a tamper-resistant environment for carrying out the following steps, the tamper-resistant environment including a private key and a local clock providing a local real time, (1) receiving the encrypted control information, (2) using the private key to decrypt the received encrypted control information, (3) comparing the local real time with the time code to determine whether the local real time is within the window-of-opportunity, (4) receiving the encrypted digital content stream, (5) enabling decryption of the received encrypted digital content stream by the data key when the local real time is within the window-of-opportunity, (6) converting the decrypted digital content stream to analog signals, and (7) providing the analog signals outside the tamper-resistant environment; and
  
  (e) outputting the analog signals representing the digital content stream.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 26. The method as set forth in claim 25, further including the steps of:
    - (a) providing an unencrypted handle identifying a specific private key for decrypting the encrypted control information;
      
      (b) the provided tamper-resistant environment also including a plurality of private keys, including the specified private key, and private key storage and retrieval means for containing the private keys; and
      
      (c) the following steps carried out within the tamper-resistant environment, (1) receiving the unencrypted handle, and (2) the using-the-private-key-to-decrypt step including the steps of (i) using the unencrypted handle to select and retrieve a specific private key from the private key storage and retrieval means, and (ii) using the selected and retrieved private key to decrypt the encrypted control information.
  - 27. The method as set forth in claim 26, wherein the provided private key storage and retrieval means is implemented using non-volatile storage.
  - 28. The method as set forth in claim 27, wherein the private keys are placed into the provided private key storage and retrieval means by a trusted entity.
  - 29. The method as set forth in claim 25, wherein the provided encrypted control information includes a code identifying a specific encryption algorithm, and wherein the provided tamper-resistant environment includes means for decrypting the algorithm selection code and for using the data key and the selected algorithm for decrypting the received digital content stream, the method further including the steps of:
    - (a) using the private key to decrypt the algorithm selection code; and
      
      (b) using the data key and the selected algorithm to decrypt the received encrypted digital content stream.
  - 30. The method as set forth in claim 25, further including the steps of:
    - (a) providing the encrypted control information as a header preceding the encrypted digital content stream, and (b) providing the combined stream and header via the communications network.
  - 31. The method as set forth in claim 25, further including the steps of:
    - (a) providing local digital content stream storage and retrieval means;
      
      (b) the provided tamper-resistant environment including means for re-encrypting and storing the decrypted digital content stream on the local digital content stream storage and retrieval means;
      
      (c) the provided tamper-resistant environment including means for retrieving and decrypting the stored digital content stream from the local digital content stream storage and retrieval means;
      
      (d) the provided tamper-resistant environment including means for converting the retrieved and decrypted digital content stream to analog signals for output;
      
      (e) re-encrypting the decrypted digital content stream and storing the result on the local digital content stream storage and retrieval means; and
      
      (f) retrieving, decrypting, and converting to analog signals a previously stored digital content stream.
  - 32. The method as set forth in claim 25, wherein the communications network is the Internet.
  - 33. The method as set forth in claim 25, wherein the providing encrypted control information step is carried out by a trusted entity.
  - 34. The method as set forth in claim 25, wherein the providing an encrypted digital content stream step further includes the steps of:
    - (a) providing a transmitter having a communication network connection for transmitting the encrypted digital content stream;
      
      (b) the provided transmitter further including means for receiving an unencrypted digital content stream, a copy of the data key, and means for encrypting the received unencrypted digital content stream using the data key; and
      
      (c) the transmitter receiving the unencrypted digital content stream, encrypting the received stream using the copy of the data key, and transmitting the encrypted digital content stream via the communication network connection.
  - 35. The method as set forth in claim 34, further including the steps of:
    - (a) the provided transmitter further including, (1) data key storage and retrieval means, (2) a plurality of data keys stored in the data key storage and retrieval means, (3) means for selecting and retrieving a stored data key for use in encrypting the received digital content stream, and (4) means for providing a copy of the selected data key to a trusted key distribution entity;
      
      (b) selecting and retrieving a stored data key from the data key storage and retrieval means;
      
      (c) using the selected data key to encrypt the received unencrypted digital content stream;
      
      (d) transmitting the encrypted digital content stream via the network connection; and
      
      (e) providing a copy of the selected data key to a trusted key distribution entity.
  - 36. The method as set forth in claim 35, further including the steps of:
    - (a) the provided transmitter further including the trusted key distribution entity; and
      
      (b) distributing an encrypted data key as part of the encrypted control information.
  - 37. The method as set forth in claim 34, further including the steps of:
    - (a) the provided transmitter further including digital content stream storage and retrieval means;
      
      (b) storing the received unencrypted digital content stream for later use;
      
      (c) retrieving a previously stored unencrypted digital content stream; and
      
      (d) using the retrieved stream in the same manner as a received stream.
  - 38. The method as set forth in claim 25, wherein the step of providing an encrypted time code defining a window-of-opportunity further includes the steps of:
    - (a) providing a start time and date, a stop time and date, and a maximum-allowable-clock-skew;
      
      (b) the start time and date defining a time following which a provided data key is valid for decrypting the received encrypted digital content stream;
      
      (c) the stop time and date defining a time following which the provided data key is no longer valid for decrypting the received encrypted digital content stream; and
      
      (d) the maximum-allowable-clock-skew defining a margin-of-error between the provided start and stop times and the local real time.
  - 39. The method as set forth in claim 38, wherein the step of comparing the local real time with the time code further includes the steps of:
    - (a) extending a leading edge of the window-of-opportunity by comparing the local real time with the difference of the start time and the maximum-allowable-clock-skew;
      
      (b) extending the trailing edge of the window-of-opportunity by comparing the local real time with the sum of the stop time and the maximum-allowable-clock-skew; and
      
      (c) determining whether the local real time is within the extended window-of-opportunity.

40. A computer program product storing a method executable by a digital platform for carrying out the following steps:
- (a) providing encrypted control information including a data key and a time code defining a window-of-opportunity;
  
  (b) providing an encrypted digital content stream via a communications network;
  
  (c) the data key being valid for decrypting the encrypted digital content stream during the window-of-opportunity;
  
  (d) providing a tamper-resistant environment for carrying out the following steps, the tamper-resistant environment including a private key and a local clock providing a local real time, (1) receiving the encrypted control information, (2) using the private key to decrypt the received encrypted control information, (3) comparing the local real time with the time code to determine whether the local real time is within the window-of-opportunity, (4) receiving the encrypted digital content stream, (5) enabling decryption of the received encrypted digital content stream by the data key when the local real time is within the window-of-opportunity, (6) converting the decrypted digital content stream to analog signals, and (7) providing the analog signals outside the tamper-resistant environment; and
  
  (e) outputting the analog signals representing the digital content stream.
- View Dependent Claims (41)
- - 41. A combination of a computer program product and a tamper-resistant environment defining a receiver for use with a personal computer, comprising:
    - (a) a computer program product as defined by claim 40;
      
      and (b) a tamper-resistant receiver for use with a digital platform having a network connection, as defined by claim 5.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Morgan, Stephen Paul

Application Number

US10/136,828
Publication Number

US 20030204738A1
Time in Patent Office

Days
Field of Search
US Class Current

713/194
CPC Class Codes

H04L 2463/062   applying encryption of the ...

H04L 2463/101   applying security measures ...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/0853   using an additional device,...

System and method for secure distribution of digital content via a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure distribution of digital content via a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links