Cryptography – Key management – Key distribution
Reexamination Certificate
1999-12-20
2004-09-14
Smithers, Matthew (Department: 2134)
Cryptography
Key management
Key distribution
C705S057000
Reexamination Certificate
active
06792113
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to systems for restricting unauthorized access to digital data and, in particular, to a mechanism for limiting access to such digital data to either a particular machine or a particular user and to a mechanism for converting limited access from a particular machine to a particular user.
BACKGROUND OF THE INVENTION
Protection of digital data from unauthorized access has been a primary concern of software vendors from the time software vendors first began delivering computer software on portable data storage media. Such protection has taken on new significance since other forms of digital data are now also transported on portable data storage media. For example, current personal computers read and write data storage media that is also used for ubiquitous audiovisual entertainment such as audio compact discs (CDs) and digital video discs (DVDs). Thus, common personal computers are capable of replicating very valuable data such that exact copies of the original data can easily be distributed to acquaintances.
One recent development has greatly expanded the threat to commercial value of easily copyable digital data: the Internet. Now, individuals can, and frequently do, post valuable digital data for free copying by millions of people. Such posting represents a catastrophic failure of any attempts to prevent unauthorized copying.
One early attempt at preventing unauthorized copying of software was to require a hardware device to be attached to a computer for the software to execute. Such devices were commonly referred to as “dongles.” A dongle either included identification data checked by the software prior to execution or included encryption data and/or logic to decrypt software prior to execution. Dongles were typically externally attachable such that software could be transferred to another computer by attaching the dongle to the other computer.
Dongles never realized much success in the marketplace. One reason is that multiple software products can be installed in each computer. As a result, many dongles would have to be attached to each computer. Another reason is that adding a new hardware device to a computer could have unintended results, interfering with the normal operation of the computer. A third reason is that many people have multiple computers and moving one of multiple dongles from one computer to another on a regular basis was a significant inconvenience. In general, users preferred not to attach new hardware to their computers to run software if a competing software vendor did not require such additional hardware.
Machine binding, for example, by use of dongles, is generally unacceptable to people purchasing audiovisual content rather than computer software. Perhaps as a result of the portable nature of historical distribution media of audiovisual content (e.g., vinyl albums, audio CDs, video tape, DVDs, etc.), the consuming public seems to expect that audiovisual content is permitted to be played on any devices owned by the purchaser. For example, a purchaser of a video cassette tape of a particular movie expects to be able to view the movie on any video cassette player of a compatible format. Thus, strict machine binding of audiovisual content is generally unacceptable by the consuming public.
Another mechanism by which software vendors attempt to thwart unauthorized copying of software is binding the software to a specific user. For example, successful execution of the software can be made contingent upon entering a password by the specific user. Such generally provides insufficient security since the user can communicate the password to a friend or associate along with an unauthorized copy of the software. In addition, requiring a user to remember passwords for each software product and/or each audiovisual work accessed by the user represents a considerable inconvenience to the user.
In general, it should be remembered that copy protection benefits the vendor of digital data, e.g., software and/or audiovisual works, and does not benefit the purchaser. Accordingly, purchasers of such digital data have a relatively low tolerance for inconvenience. As a result, the consuming public tends to purchase data from vendors employing less copy protection.
What is needed is a mechanism by which copyrightable content of digital storage media is protected against unauthorized copying while affording the owner of such digital storage reasonable unimpeded convenience of use and enjoyment of the content.
SUMMARY OF THE INVENTION
In accordance with the present invention, content can converted from a machine-bound state to user-bound state without modification to the data itself. Instead, keys used to access the content are converted from the machine-bound state to the user-bound state. In particular, the keys are kept in a passport data structure which can represent either a machine-binding or a user-binding.
In the machine-binding, the passport contains a private key and a certificate that includes a public key which is the reciprocal of the private key. The private key is encrypted using a hardware identifier specific to the computer system to which the passport is bound. The hardware identifier is specific to one or more hardware devices and is preferably unique with respect to computer systems capable of accessing the content intended to be bound. The public key is used to encrypt a master key with which the content is encrypted and to create therefrom a media key which is included with the content along with the certificate of the machine-bound passport. As a result, the private key is required to decrypt the media and to recover the master key and therefore to decrypt the content. By encrypting the private key with the hardware identifier of a particular computer system, the content is effectively bound to that computer system since the hardware identifier of that computer is required to recover the master key.
In user-binding, the passport also contains a private key and a certificate that includes a public key which is the reciprocal of the private key. The user-bound passport secures the private key in largely the same manner as does a machine-bound passport except that the user-bound passport encrypts the private key with a user-supplied password. Accordingly, the password is required to decrypt the private key which in turn is required to decrypt the master key from the media key, and the master key is required to decrypt the content. By requiring the password, the content is bound to the user in possession of the password.
Since copy protection benefits the owner of copyrights and inconveniences the consumer of copyrighted works, a disincentive to sharing one's password is included in the user-bound passport. Specifically, the user-bound passport includes information which is expected to be carefully guarded by the user. For example, the user-passport can include credit card information of the user sufficient to charge funds to the credit card, e.g., credit card number, expiration, and cardholder name. A billing address can also be included. During playback of content, the private user information is displayed. Therefore, sharing one's passport includes sharing one's credit.
The user is provided with the option to have either a machine-bound passport or a user-bound passport. The machine-bound passport is more limited since content can only be played back on a specific machine. Such would be suitable for a person having access to only a single computer or to a person who is generally unsure of the entire process of purchasing copyrighted works through a computer network. The user-bound passport is less limited and can be moved from computer system to computer system. However, the user-bound passport requires that the user provide more sensitive, private information. It is expected that new users will opt for the machine-bound passport and will later wish to upgrade to the user-bound passport. Such can be required, for example, if the user sells or modifies the computer system to which the content
Allard Edward J.
Ansell Steven T.
Brownell Jason S.
Cannon Susan A.
Cherenson Andrew R.
Klarquist & Sparkman, LLP
Microsoft Corporation
Nalven Andrew
Smithers Matthew
LandOfFree
Adaptable security mechanism for preventing unauthorized... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Adaptable security mechanism for preventing unauthorized..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Adaptable security mechanism for preventing unauthorized... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3203766