Patent Application
20080292103
This application claims the benefit of Korean Patent Application No. 10-2007-0050253, filed on May 23, 2007, in the Korean Intellectual Property Office, the disclosure of which is incorporated herein in its entirety by reference.
1. Field of the Invention
The present invention relates to a method and apparatus for encrypting contents and transmitting the encrypted contents, and a method and apparatus for receiving and decrypting the encrypted contents, and more particularly, to a method and apparatus for encrypting and decrypting contents using a device key and a software key, in which various content protection software is installed in a content device so that security such as authority of use of contents is improved in an environment using contents.
2. Description of the Related Art
Due to widespread illegal copying of digital contents, various technologies for protecting content have been studied and developed. These technologies include Conditional Access System (CAS) for broadcasting contents protection, Digital Rights Management (DRM) for determining whether to use the contents according to authority of use of contents, and Content Scrambling System (CSS), Content Protection for Recordable Media (CPRM), and Advanced Access Content System (AACS) for protection of storage media.
Such content protection technologies use an encryption technology, and allow content use only by users or devices which have the right to use content in an appropriate way.
Most conventional content devices have their own specific content protection systems initially. In the case of these specific content protection systems, since the types of usable content are initially determined, users are restricted in using the content and selecting a service freely.
In other words, when contents are used in a specific device, contents in which DRM, that is not supported by the device, is applied cannot be used and contents that have been used in the device cannot be moved to another device that supports DRM, to be used. For example, contents in which a DRM solution manufactured by A cannot be used in a device in which a DRM solution manufactured by B is realized. Accordingly, such a predetermined content protection system limits the types of content which can be used in a device, thereby inconveniencing a user.
Such inconvenience increases when networking of content devices is accelerated. In an environment where a broadcasting service through the Internet is provided as in Internet TV (Internet Protocol Television (IPTV)) and also various services are provided through wire/wireless network in other content devices, if a particular content protection technology such as a specific DRM is implemented in a specific device, users are more restricted in using the services.
One method of overcoming this problem is to provide a content protection system in the form of software or firmware so that the content protection system can be installed in the device dynamically. That is, in order for a user to use desired contents, the content protection system applied to the corresponding contents is freely installed in a user's device in a software form so that the user can use various contents regardless of the type of the content protection system.
Meanwhile, most content protection systems such as DRM, CAS, and CSS that is a DVD content protection system protect the contents based on encryption. The content protection system encrypts the contents to distribute or sell to a user and allows only a trusted user to access a content key which can decode the contents, thereby protecting the contents.
Here, in general, data is encrypted using a secret key or a public key of another party and is transmitted. However, in the case of multimedia data, since the amount of such data is large, encrypting the contents for each user by allocating different keys to each user is inefficient because a large amount of content is encrypted with each of the different keys at separate times. Thus, in most cases, the content protection system uses a two-step encryption method in which identical contents are encrypted using a single content key and the content key is encrypted using a user's key possessed by each user.
The user's key may be a key included in various devices using contents such as a digital TV, a set top box, an MP3 player, a portable video player, a DVD player, and a Blu-ray player, or a software key included in content playing software.
In the case of various content protection systems, the content key is encrypted using the key in the content devices so as to control the contents to be used in a specific content device. That is, the contents are encrypted using the content key and are distributed and the content key is encrypted using the device key and is distributed. Thus, the content device receives the encrypted contents and the content key so that the content key is firstly decrypted using the device key and then the contents are decrypted using the decrypted content key.
In addition, in a software execution environment such as a PC, the content playing software functions as the content device, decrypts the content key using a key included in software, and decrypts the contents using the decrypted content key.
However, in an environment in which various content protection software is executed in the content device, when the content protection software possesses a key and the content key is encrypted using the key of the content protection software so as to be transmitted, if the software is copied to another device, the contents can be used in the other device.
On the other hand, when the content device possesses the key and the content key is encrypted using the device key so as to be transmitted, in other software which can be executed in the content device, the content key may be exposed to other unauthorized software.
The present invention provides a method and apparatus for encrypting/transmitting and decrypting contents using a device key and a software key in a content device environment in which various content protection software is executed and thus various formats of content can be used, in order to improve security of a content key.
According to an aspect of the present invention, there is provided a method of encrypting and transmitting contents, including: encrypting contents to be transmitted using a content key which is an encryption key according to the received contents; encrypting the content key using an external device key of an external device which is permitted to receive the encrypted contents to be used and a software key of a software program which is executed in the external device and permitted to decrypt the encrypted contents; and transmitting the encrypted contents and the encrypted content key to the external device.
The encrypting the content key may include encrypting the content key using the external device key and then encrypting the encrypted result using the software key.
The encrypting the content key may include encrypting the content key using the software key and then encrypting the encrypted result using the external device key.
The external device key and the software key may comprise a secret key or a public key.
According to another aspect of the present invention, there is provided a method of decrypting encrypted contents, including: receiving encrypted contents to be played and an encrypted content key according to the received encrypted contents; decrypting the encrypted content key using a device key of a device which receives the encrypted contents and the a software key of a software program which is permitted to decrypt the encrypted contents; and decrypting the encrypted contents using the decrypted content key.
The decrypting the encrypted content key may include decrypting the encrypted content key using the device key and then decrypting the decrypted result using the software key.
The decrypting the encrypted content key may include decrypting the encrypted content key using the software key and then decrypting the decrypted result using the device key.
The device key and the software key that are used for decrypting the encrypted content key may include a secret key or a private key.
According to another aspect of the present invention, there is provided an apparatus for encrypting and transmitting contents, including: an input unit which receives contents to be transmitted; a first encryption unit which encrypts the contents using a content key which is an encryption key according to the contents received by the input unit; a second encryption unit which encrypts the content key using an external device key of an external device which is permitted to receive the encrypted contents to be used and a software key of a software program which is executed in the external device and permitted to decrypt the encrypted contents; and a transmitting unit which transmits the encrypted contents and the encrypted content key to the external device.
The second encryption unit may further include a device encryption unit which encrypts the content key using the external device key and a software encryption unit which encrypts the content key encrypted in the device encryption unit using the software key.
The second encryption unit may further include a software encryption unit which encrypts the content key using the software key and a device encryption unit which encrypts the content key encrypted in the software encryption unit using the external device key.
The external device key and the software key in the second encryption unit may include a secret key or a public key.
According to another aspect of the present invention, there is provided an apparatus for decrypting encrypted contents, including: a receiving unit which receives encrypted contents to be played and an encrypted content key according to the received encrypted contents; a first decryption unit which decrypts the encrypted content key using a device key of a device which receives the encrypted contents and the encrypted content key and a software key of a software program which is permitted to decrypt the encrypted contents; and a second decryption unit which decrypts the encrypted contents using the content key decrypted in the first decryption unit.
The first decryption unit may further include a software decryption unit which decrypts the encrypted content key using the software key and a device decryption unit which decrypts the content key decrypted in the software decryption unit using the device key.
The first decryption unit may further include a device decryption unit which decrypts the encrypted content key using the device key and a software decryption unit which decrypts the content key decrypted in the device decryption unit using the software key.
The device key and the software key in the first decryption unit may include a secret key or a private key.
According to another aspect of the present invention, there is provided a computer readable recording medium having embodied thereon a computer program for executing the method described above.
According to another aspect of the present invention, there is provided a content playing device comprising the apparatus described above.
The above and other features and advantages of the present invention will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings in which:
Hereinafter, the present invention will be described more fully with reference to the accompanying drawings, in which exemplary embodiments of the invention are shown.
Referring to
More specifically, the contents are received in operation 110. That is, content data to which a content protection system is applied is received and then the content data is encrypted and transmitted in the next operation.
In operation 120, the received contents are encrypted. Here, it is assumed that an encryption key used is a content key Kc according to the contents C and identical contents have identical content keys. As described above, since encrypting a large amount of contents using different user keys is inefficient, one amount of content is encrypted using one content key. In addition, a content key according to each amount of content can be obtained using an identifier id which classifies the contents and each content is encrypted using the content key.
In operation 130, the content key Kc is encrypted using the external device key and the software key. That is, in encrypting the content key Kc, instead of the content C itself, both the external device key and software key are used. Here, the external device is referred to a device which is previously permitted to receive the transmitted contents and to use the contents and software is referred to software which is permitted to decrypt the received contents from among various content protection software executed in the device. That is, the content key is encrypted using both the external device key and the software key. Accordingly, a content usable device and software can be determined in an encryption stage so that other devices and other software in the device can be prevented from accessing the contents, thereby increasing security to use the contents.
As described above, in operation 140, the encrypted contents and the encrypted content key are transmitted to the external device.
Referring to
In order to easily understand the encryption process of the content key illustrated in
Referring to
That is, a decryption operation for the contents is performed by content protection software and the contents are decrypted as in the decryption method that corresponds to the encryption method for the content key in an encryption process for the contents. In other words, the content key is decrypted by using both the device key and software key and the contents are decrypted using the decrypted content key.
More specifically, the contents to be played are firstly received in an encrypted form and the content key used to encrypt the contents is received in operation 310.
In order to decrypt and play the contents, the content key should be firstly decrypted. The content key is decrypted using both the device key of the device which receives the encrypted contents and the software key of the software executed to play the contents in operation 320.
When the content key is decrypted, the contents that are to be substantially played are finally decrypted using the decrypted content key in operation 330.
Referring to
That is, after encrypted contents to be played and an encrypted content key are received in operation 410, it is determined whether a device which receives the encrypted content and the encrypted content key is permitted to use the content in operation 420. According to the determination result, if the device is permitted to use the content, the content key is firstly decrypted using a key of the device in operation 430. Then, it is determined in operation 440 whether the software is permitted to perform a decryption operation. Only when it is permitted to use the content, is the content key secondly decrypted using a software key in operation 450. Finally, the encrypted contents are decrypted using the content key generated due to decryption in operation 460.
In order to understand a conceptual flow of the decryption operation illustrated in
The encrypted content key is firstly decrypted using the device key in operation 810. The decrypted resultant is secondly decrypted using a software key in the software program 800-2. That is, decryption using the device key in operation 810 and decryption using the software key in operation 820 are sequentially performed. The contents are finally decrypted using the decrypted content key and the software program 800-2 of the device 800-1 can play the decrypted contents. Here, according to the order of applying the key in an encryption operation, the order of decryption can be also changed. In addition, a secret key or a private key can be used during decrypting according to an encryption method applied to an encryption operation. That is, when the secret key is used in an encryption operation, the secret key is also used in a decryption operation and the content key is decrypted (secret key-secret key). Also, when the public key is used in an encryption operation, the private key is used in a decryption operation and the content key is decrypted (public key-private key).
Referring to
The input unit 510 receives contents to be transmitted. That is, data of the contents to which a contents protection system is applied is received and then is transmitted to the first and second encryption units 520 and 530.
The first encryption unit 520 encrypts the contents using a content key which is an encryption key according to the contents input to the input unit 510. Here, the content key which can be expressed as Kc is used as the encryption key.
The second encryption unit 530 receives the content key from the input unit 510 and encrypts the content key. Here, the content key is encrypted using an external device key of an external device which is permitted to receive and use the encrypted contents and a software key of a software program which is executed in the external device and permitted to decrypt the encrypted contents.
The transmitting unit 540 receives the encrypted contents and the content key to transmit to the external device.
Referring to
The second encryption unit 530 may further include internal encryption units such as a device encryption unit 531 and a software encryption unit 532. The device encryption unit 531 firstly encrypts the content key using the external device key and transmits the encrypted resultant to the software encryption unit 532. The software encryption unit 532 secondly encrypts the encrypted resultant received from the device encryption unit 531, using the permitted software key. As described above, the order of the encryption operation can be changed and the external device key and the software key can comprise a secret key or a public key.
The apparatus 700 for decrypting contents according to the current embodiment of the present invention includes a receiving unit 710 and first and second decryption units 720 and 730. The functions of each element are as follows.
The receiving unit 710 receives encrypted contents to be played and an encrypted content key for the encrypted contents and transmits the encrypted contents and the encrypted content key to the first and second decryption units 720 and 730.
The first decryption unit 720 decrypts the encrypted content key using a device key of a device which has embodied therein the apparatus 700 and receives the encrypted contents and the encrypted content key, and also using a software key of a software program which is permitted to decrypt the contents. In addition, the first decryption unit 720 may further include a software decryption unit (not illustrated) which decrypts the content key using the software key, and a device decryption unit (not illustrated) which decrypts again the content key decrypted in the software decryption unit using the device key. As a matter of fact, the order of the decryption operation between the software decryption unit and the device decryption unit can be changed mutually.
The second decryption unit 730 decrypts the encrypted contents using the decrypted content key obtained as the result in the first decryption unit 720.
Referring to
In a decryption operation, decryption using a device key in operation 810 and decryption using a software key in operation 820 are sequentially performed. That is, the encrypted content key is firstly decrypted by using the device key in operation 810 and the decrypted resultant is secondly decrypted using the software key in the software program 800-2 in operation 820. The contents are finally decrypted using the decrypted content key in operation 830 and the software of the device can play, output and store the decrypted contents.
Here, according to the order of applying the key in an encryption operation, the order of decryption can be also changed. In addition, a secret key or a private key can be used during decrypting according to an encryption method applied to an encryption operation. That is, when a secret key is used in an encryption operation, the secret key is also used to decrypt the content key and when a public key is used in an encryption operation, the private key is used to decrypt the content key.
The method of encrypting/transmitting the contents and the method of decrypting the contents can be written as computer programs and can be implemented in general-use digital computers that execute the programs using a computer readable recording medium.
Also, a data structure used in the present invention can be written to a computer readable recording medium through various means.
Examples of the computer readable recording medium include magnetic storage media (e.g., ROM, floppy disks, hard disks, etc.) and optical recording media (e.g., CD-ROMs, or DVDs).
As described above, according to methods and apparatuses for encrypting and transmitting contents and decrypting the encrypted contents of the present invention, various content protection software is installed in one content device so that security for authority of use of the contents is improved in a content used environment. In particular, since security for the content key is improved, illegal distribution of the contents can be prevented.
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present invention as defined by the following claims.
| Number | Date | Country | Kind |
|---|---|---|---|
| 10-2007-0050253 | May 2007 | KR | national |
