Electrical computers and digital processing systems: support – Data processing protection using cryptography – By stored data protection
Reexamination Certificate
1999-10-07
2003-04-15
Barron, Gilberto (Department: 2134)
Electrical computers and digital processing systems: support
Data processing protection using cryptography
By stored data protection
C380S279000, C365S052000, C705S039000, C705S054000, C705S065000
Reexamination Certificate
active
06550011
ABSTRACT:
TECHNICAL FIELD
The present invention relates to the protection, distribution, acquisition, and utilization of content, such as digital music content, and more particularly to systems and methods for providing distribution of such content over unsecure communication channels, including open systems such as the Internet, and establishing a robust set of rules for the authorized utilization of such content.
BACKGROUND
Currently there are various schemes in place for providing controlled or secure access to content such as may be recorded on bulk media and/or communicated from bulk media to user devices, such as user bulk media storage devices, content players, and the like. Specifically, computers and unprotected networks are currently used for distribution of copyrighted material, and such use is expected to grow rapidly in the future.
However, a computer is typically not a closed system, as it is generally composed of components, i.e., motherboard, video display adaptor, sound card, disk drive controller card, etcetera, made from many manufacturers. Accordingly, these components, as well as a network of the computers themselves, typically communicate, both internally and externally, over well documented interfaces. These interfaces include both hardware and software, e.g., application programing interface (API). Because there are many unprotected points in such systems, content that is to be protected is often encrypted.
Schemes have been developed, utilizing the above mentioned encryption, to protect content so that the owners of content can make content available to authorized users, while restricting unauthorized use, such as preventing the making of additional copies by an otherwise authorized user. However, these schemes often suffer disadvantages in requiring that the schemes themselves be kept secret in order to maintain security. Accordingly, the schemes may be implemented only by trusted parties in order to maintain the secret. Likewise, these schemes often rely on the total secrecy of cryptographic keys used by the scheme, as publication of such a key may result in loss of security for all or multiple parties using the scheme. Additionally, transfer schemes that are in place today suffer from problems with interception of the content, such as between components of a compliant system, in such a way as to allow its unrestricted or unauthorized use.
The relatively recent advent, and subsequent seemingly ubiquitous acceptance, of personal general purpose computers the Internet, and other wide spread data networks, and digital devices, such as portable digital media players, has spawned the proliferation of new scenarios for the distribution and utilization of digital content, such as music content. Accordingly, one area of particular concern with respect to controlling the transmission, reception, and/or use of content is the distribution of music content. However, it should be appreciated that other specific content infrastructures, such as those available for video content, suffer from all or some of the shortcomings described herein.
Most existing implementations existing today with respect to the distribution of music content are not very secure in that they can be intercepted at levels that are beyond the encryption. For example, most systems are currently based on proprietary protocols that are not necessarily very secure, i.e., they rely on the secrecy of the algorithm to be secure.
Other systems are susceptible to problems such as record and replay, where a conversation is watched and then later reproduced in order to counterfeit another authorization, such as to another machine not originally privy to the conversation. Such techniques are facilitated as the encrypted data in many of the present systems is sent in a single direction, i.e., little or no bilateral communication and no bilateral secure communication. Accordingly, a parasitic system may be deployed on a legitimate communication link to simply record what is being communicated between the systems communicating according to the particular security technique, i.e., record the conversation. For example, if it were desired to download music content to playback machine A and B, it is often possible to establish a legitimate dialogue between playback machine A and a service host system for receipt of a copy, via encrypted methods, of the music content which has been paid for. However, if a computer or other system is coupled to the link, it may record this conversation, although it does not understand the actual information being exchanged. Thereafter, this conversation may be replayed from the computer to playback device B to convince playback device B it has received an authorized copy of the music content.
Moreover, a significant portion of the software which handles the transfer or playback of such content is vulnerable to just snooping the data after a decryption step has been done on a host system. In this regard, one unauthorized access (“hacking”) technique that is very common is to develop a piece of code that emulates, or otherwise pretends to be, a device used according to a legitimate use of the content, such as a sound card used in a playback of music content. However, rather than, or in addition to, performing the authorized function, such pieces of code may in fact syphon the data off into an unprotected file, or other destination, to allow its unrestricted subsequent access. These techniques take advantage of steps in which the content is not closely controlled.
These techniques have been accepted in the past, in spite of their inherent shortcomings, as the provision of content over unsecured communication links has been relatively insignificant as compared to more mainstream distribution, acquisition, and utilization methods. However, the online music industry has been growing to a point where controlling the unauthorized use of content is becoming a significant issue. Specifically, as the distribution of content through such means expands to include major studios, adoption of a secure protocol for the exchange and utilization of content has become more important.
The adoption of different security techniques is complicated by the fact that such content is often downloaded to or utilized by general purpose computers as described above. However, most of the components within such a computer are shared by a wide variety of applications, many of which require some level of protection for data. Implementing a separate protection scheme for different data types is an expensive proposition. Furthermore, requiring that individual general purpose devices, whether individually operable or operably with a general purpose computer, understand anything about the content it is holding is highly infeasible. Specifically, the processing power required to understand the content would be extremely expensive. Moreover, accurately understanding the content would be unreliable, as unrelated content may resemble protected information, particularly as the amount of content protected grows to include more and more works and/or types of content.
Schemes to block access to the main data of the information are highly impractical in a computer environment. Storage devices cannot typically identify what process is requesting information. For example, the current definition of the content scrambling scheme (CSS) for protecting DVD video requires that DVD-ROM drives disallow access to protected sectors until the DVD-ROM drive has verified that there is a compliant decoder in the system. However, once that identification has taken place, any process can read the protected data. This requirement has added expense and complexity to implementations for almost no extra protection.
In order for the exchange and utilization of music or other content to become as widely accepted as the media and distribution techniques it is replacing, the rules provided for its authorized transfer and use according to the security techniques should be robust. Specifically, it would be desirable to provide rules to allow for use of the content
Barron Gilberto
Callahan Paul E.
Hewlett -Packard Development Company, L.P.
LandOfFree
Media content protection utilizing public key cryptography does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Media content protection utilizing public key cryptography, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Media content protection utilizing public key cryptography will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3003006