The invention relates to ways of limiting the ability of a terminal of a user device to replay content.
Many user devices, such as set-top boxes, wireless telephones and personal digital assistants (PDAs), laptop computers, and PCs have the capability of rendering content. The term “content” is used in the broadcast and communications industries to denote digital files, such as, for example, video files (e.g., movies, video games, etc.), audio files (e.g., music, audio books, audio news articles, etc.), image files, and text files. Content is distributed by a content provider to wireless user devices over wireless networks. The wireless user devices typically have one or more content renderers on them, such as media player application programs, which render the content (e.g., display the content on a display device and/or playback the content on an audio playback device). For example, a cable television provider or multiple service operator (MSO) may allow a user (typically a paying customer) to download or stream a movie that the user then watches on a wireless telephone. Similarly, an Internet online service may allow a user (typically a paying customer) to download content files, such as new articles, video games, music, etc., to a wireless device for playback or rendering by an appropriate media player program residing on the wireless device.
Content providers manage the distribution of content (e.g., downloading, streaming, etc.) by using one or more of a variety of digital rights management (DRM) techniques. DRM techniques are used to prevent unauthorized users from gaining access to content while allowing authorized users to access the content. This is typically accomplished by encrypting the content when it is distributed to the authorized user, and providing the user with a key or keys, which allow the user's device to decrypt the content so that it can be rendered. DRM, however, encompasses more than securing content from unauthorized access. It also encompasses describing, identifying, trading, monitoring, and tracking of all forms of rights usages over both tangible and intangible assets. The term “tangible assets” refers to physical content, whereas the term “intangible assets” generally refers to copyrights in the content held by copyrights holders.
A typical conditional access (CA) system uses Entitlement Management Messages (EMMs), Entitlement Control Messages (ECMs) transmitted over the communications channel to provide DRM protection. A key stored in a Universal Integrated Circuit Card (UICC), such as a Subscriber Identity Module (SIM) integrated circuit (IC) card, for example, is used to obtain a service key from an EMM. This service key is then used by the UICC to obtain a Control Word (CW) from an ECM, which the UICC delivers to the terminal of the user device that contains the UICC. The terminal of the user device stores the CW and subsequently uses it to decrypt content files. The terminal of the user device typically never has access to the service key.
Although the CWs are provided to the user device, various techniques are used or have been proposed to prevent the CWs from being accessible by the user. For example, Patent Application Publication No. US 2004/0157584 discloses a method for establishing and managing a trust relationship between a subscriber identity module (SIM) integrated circuit (IC) of a mobile device and the terminal of the mobile device. A trust key is used to encrypt exchanges between the SIM IC and the terminal. These exchanges include exchanges of the decryption keys (i.e., the CWs) that are used by the terminal to decrypt protected content. The trust key is stored in the SIM IC memory and in the terminal memory. Prior to any messages being exchanged between the SIM IC and the terminal memory, an authentication process is used to authenticate the terminal to ensure that the SIM IC only exchanges with an authorized terminal. Encrypting the messages that are sent from the SIM IC to the terminal prevents users from being able to access the CWs contained in the messages. For further protection, the trust keys have a lifetime such that they expire after a particular limit date in time has been reached. After a trust key expires, it must be updated in order to enable the SIM IC and the terminal to communicate with each other.
While expiration of the trust key prevents the SIM IC and the terminal from being able to communicate with each other, this does not prevent the terminal from using a CW previously received from the SIM IC to decrypt and replay content that is already in the terminal. Thus, simply removing the SIM IC will not prevent the decrypting and replaying of content by the terminal.
In many cases, it is undesirable to allow the terminal to have the ability to replay content for an indefinite period of time after. It would be useful to provide a way to limit the ability of a terminal to replay protected content. However, limiting the ability of the terminal to replay protected content should not limit the ability of the terminal to replay unprotected content. Accordingly, a need exists for a way to limit the ability of a terminal to replay protected content without limiting the ability of the terminal to replay unprotected content.
The invention provides a method and an apparatus for use in a user device for limiting the ability of the user device to replay protected content. The apparatus comprises at least a first processor configured to perform an algorithm that limits the ability of the user device to use a low-level key to decrypt protected content, at least a first memory element accessible by the first processor, and a decryption component configured to receive a valid low-level key from the first processor and use the valid low-level key to decrypt protected content. The low-level key is valid until at least one predetermined expiration criteria is met and can be used to decrypt protected content while the key is valid. The low-level key expires and becomes invalid after the predetermined expiration criteria is met and cannot be used to decrypt protected content while the key is invalid.
The method comprises performing an algorithm that limits the ability of the user device to use a low-level key to decrypt protected content. The low-level key is valid until at least one predetermined expiration criteria is met and can be used to decrypt protected content while the key is valid. The low-level key expires and thus becomes invalid after the predetermined expiration criteria is met and cannot be used to decrypt protected content while the key is invalid.
These and other features and advantages of the invention will become apparent from the following description, drawings and claims.
In accordance with the invention, the ability of a terminal of a user device to replay protected content is limited by using one or more techniques. The low-level key that is used by the decryption component of the terminal to decrypt content is transient in that it expires if at least one predetermined expiration criteria is met. After the key has expired, it is no longer valid and thus cannot be used by the decryption component to decrypt protected content. Limiting the ability of the terminal to replay protected content is preferably accomplished in a way that does not affect the ability of the terminal to play and replay unprotected content.
The user device 1 comprises a terminal 10 and a UICC 40, which may be, for example, a SIM IC contained on a SIM card. The terminal 10 includes a processor 20, a memory element 30 an input/output (I/O) device 21, and a decryption component 22. The UICC 40 includes a processor 50, a memory element 60 and an I/O device 51. The terminal 10 and the UICC 40 communicate with each other via a UICC interface 61.
An example of the manner in which the user device 1 operates on protected content will now be described. The UICC 40 includes a key that is either coded in the processor 50 and/or stored in memory element 60 at the time of manufacture of the UICC 40 or at some other time prior to distribution of the UICC 40. During an authorization session with a content service provider (not shown), this key is used by the UICC 40 in the known manner described above to obtain a service key or program key from an appropriate EMM. Alternatively, as is known in the art, a shared secret value embedded in the UICC 40 prior to distribution of the UICC 40 is used to bootstrap this key. This has the advantage that a plurality of content service providers can use the identical UICC 40 without learning one another's keys and without embedding content service provider-specific keys in the UICC 40 prior to its distribution. The distribution and use of EMMs can be independent of the particular mechanism by which the UICC 40 obtains access to the key used to process those EMMs, and thereby to obtain access to service or program keys. As is known in the art, a service key is obtained when the content corresponds to a particular service offered by the service provider whereas a program key is obtained when the content corresponds to a particular program offered by the service provider. More particularly, content corresponding to a particular program may be associated with a program key, where a user may have a choice of paying for the individual program or subscribing to a service that includes access to that program. In the latter case, the service key may be used to access the program key. For ease of demonstrating the principles and concepts of the invention, both service keys and program keys will be referred to simply as high-level keys.
Once the UICC 40 has obtained the high-level key, the UICC 40 uses the high-level key in the known manner described above to obtain a CW from an ECM. The UICC 40 then stores the CW in memory element 60. The CW is a low-level key that is later used by the terminal 10 to unlock (i.e., decrypt) protected content or application programs in order to enable the content to be rendered or the application program to be executed by the user device 1. The CW is referred to hereinafter as the “low-level key”. For ease of illustration and discussion, the term “protected content”, as that term is used herein, is intended to denote encrypted content and/or encrypted application programs.
After the decryption has been stored in the memory device 60 of the UICC 40, one or more techniques of the invention are used by the terminal 10 and/or the UICC 40 to limit the ability of the terminal 10 to replay protected content. These techniques will now be described with reference to a few exemplary embodiments. It should be noted, however, that the invention is not limited to these exemplary embodiments, as will be understood by persons skilled in the art in view of the description being provided herein.
In addition to the low-level key being transient, every time the terminal needs to decrypt protected content, the terminal must first obtain the associated low-level key from the UICC. After the low-level key has been used to decrypt protected content, the low-level key is not retained by the terminal, and thus cannot subsequently be used by the terminal to decrypt protected content. Because the terminal must obtain the low-level key every time it needs to decrypt protected content, and because the low-level key is transient, the ability of the terminal to replay protected content is limited. The degree to which the ability of the terminal to decrypt content is limited is controllable in that it depends on the predetermined expiration criteria.
With reference to
A determination is made by the terminal as to whether any protected content is to be decrypted, as indicated by block 203 in
The terminal receives the low-level key from the UICC, as indicated by block 205 in
Known techniques exist for establishing a secure session between the UICC and the terminal. For example, the method disclosed in Patent Application Publication No. US 2004/0157584 for establishing and managing a trust relationship between a SIM and a terminal of a mobile device may be used for this purpose. In accordance with the exemplary embodiment described above with reference to
By only transmitting the key during a secure session, the possibility of an unauthorized person accessing of the key is eliminated or at least greatly reduced. The secure session channel between the UICC and terminal can be configured to prevent undetected replay of the key to the terminal. Such replay may be unauthorized by the UICC. Furthermore, the UICC may be oblivious of such replay attempts. A correctly implemented secure session can, however, result in the terminal rejecting such unauthorized messaging attempts regardless of their source. In addition, the secure channel may also be used to authenticate the origin and authenticity of keys and their association with specific applications or data sets, as authorized by the UICC.
It should be noted that various modifications may be made to the algorithms represented by the flowcharts shown in
Furthermore, in accordance with this exemplary embodiment, any attempt to substitute or alter expiration-setting data without knowledge of the low-level key is assured to not result in delivery of correct low-level keys to the terminal. In a particular instantiation of this exemplary embodiment, a public key of a public-and-private key-pair associated with the terminal is used by the UICC to encrypt the matched low-level keys and expiration-setting data, which assures confidentiality of the low-level keys against eavesdropping on the channel between the UICC and terminal. While the use in this manner of the terminal public key does not provide for authentication of the source of the key-delivery data or of the origin and integrity of the keys and their association to specific applications or data sets, it is known in the art to have the UICC relay such authentication on behalf of the content service provider. The use of content service provider-generated digital signatures in this regard prevents the UICC from undetectably altering or substituting/counterfeiting such authentication.
It is also known that expiration-setting data may directly include date-time parameters or may be based on monotone-increasing sequence numbers. In the latter case, reused sequence numbers are rejected by the terminal as stale. The terminal uses the low-level key in each accepted message for a pre-determined period of time before expiring the associated sequence number as invalid. As with the embodiment described above with reference to
With reference to
A determination is made by the terminal as to whether any protected content is to be decrypted, as indicated by block 403 in
The terminal receives the low-level key from the UICC, as indicated by block 405 in
Although not explicitly shown in
With reference again to
The processor 20, memory element 30, and I/O device 21 are typically, but not necessarily, contained in a single IC in the terminal 10. The decryption component 22 may be contained in the same IC with the processor 20, memory element 30 and I/O device 21, or in a separate IC. The UICC 40 is typically a single IC that contains the processor 50, I/O device 51 and the memory element 60. The processors 20 and 50 may be any type of computational devices including, for example, microprocessors, application specific integrated circuits (ASICs), microcontrollers, logic gate arrays, etc.
Also, while the exemplary embodiments of the invention described above with reference to
It should be noted that while the algorithms represented by
It should be noted that the invention has been described with reference to particular example embodiments for the purposes of demonstrating the principles and concepts of the invention. The invention is not limited to these exemplary embodiments. Those skilled in the art will understand, in view of the description provided herein, that modifications may be made to the embodiments described herein and that all such modifications are within the scope of the invention.
This application claims priority to provisional application Ser. No. 60/764,017, entitled “A SECURE METHOD FOR CONTROLLING CONTENT KEY OR APPLICATION KEY EXPIRATION”, filed on Feb. 1, 2006, which is incorporated herein by reference in its entirety.
Number | Date | Country | |
---|---|---|---|
60764017 | Feb 2006 | US |