Digital rights management (DRM) provides access control technologies that can be used by hardware manufacturers, publishers, copyright holders and individuals to limit the usage of content and devices. The DRM associated with a particular piece of digital data may provide: a set of access rights, e.g., can the receiver of the digital data access the digital data, and if so, how many times; and a set of copy rights, e.g., can the receiver of the digital data copy the digital data, and if so, how many times. DRM is deployed to prevent the unauthorized viewing, copying and/or distribution of digital content.
For communication systems, providing DRM for multiple devices seeking access to the same content during the same timeframe may result in rejection of access until completion of the content transfer to a device which may result in delays associated with the rejection of digital rights. Additionally, digital rights may be unnecessarily allocated to a device as a result of a failure in the transfer of the content and impede authorized devices access to content.
What is needed is a method and system for properly maintaining digital rights during secure transfer of content for communication systems.
The present invention provides for secure content transmission for a communication system while maintaining digital rights during the transmission of the content.
In accordance with an aspect of the present invention, a domain controller is provided for use with a content source and a media device. The content source can provide encrypted content and rights data corresponding to the encrypted content. The media device can provide a request for the encrypted content and the rights data. The domain controller includes a communication portion, a digital rights management portion and a memory portion. The communication portion can engage in a first bi-directional communication with the content source and can engage in a second bi-directional communication with the media device. The digital rights management portion can receive the rights data. The memory portion can store the encrypted content. The second bi-directional communication includes an authorization and authentication communication between the communication portion and the media device, a secure move message exchange between the communication portion and the media device and a content download from the communication portion to the media device.
Additional advantages and novel features of the invention are set forth in part in the description which follows, and in part will become apparent to those skilled in the art upon examination of the following or may be learned by practice of the invention. The advantages of the invention may be realized and attained by means of the instrumentalities and combinations particularly pointed out in the appended claims.
The accompanying drawings, which are incorporated in and form a part of the specification, illustrate an exemplary embodiment of the present invention and, together with the description, serve to explain the principles of the invention. In the drawings:
An aspect of the present invention is drawn to secure content transmission within a communication system while maintaining digital rights during the transmission of the content. Non-limiting examples of operations which may be securely performed include initiating, committing, recovering and canceling transfers of content. Furthermore, secure transfer of content may be performed without requiring content re-encryption.
Digital rights may be reserved during transmission of content with transfer of digital rights completed following the successful completion of content transmission thereby preventing unnecessary rejection of access to the content by secondary requestors of the content.
Another aspect of the present invention is drawn to implementing a timeout mechanism for secure content transmission within a communication system while maintaining digital rights during the transmission of the content.
A timeout mechanism may indicate a failure in transferring content, thereby preventing unnecessary allocation of digital rights. The timeout mechanism enables recovery of digital rights as a result of a failure in transferring content. This will be described in more detail below with reference to
Communication system 100 includes a media device 102, a domain controller 104 and a server device 106. Each of the elements of communication system 100 are illustrated as individual devices, however, in some embodiments of the present invention at least two of media device 102, domain controller 104 and server device 106 may be combined as a unitary device. Further, in some embodiments, at least one of media device 102, domain controller 104 and server device 106 may be contained as a utility, program, or subprogram, in any desired tangible computer readable storage medium. In addition, the operations may be embodied by computer programs, which can exist in a variety of forms both active and inactive. For example, they may exist as software program(s) comprised of program instructions in source code, object code, executable code or other formats. Any of the above may be embodied on a tangible computer readable storage medium, which include storage devices. Exemplary computer readable storage media include conventional computer system RAM, ROM, EPROM, EEPROM, and magnetic or optical disks or tapes. Concrete examples of the foregoing include distribution of the programs on a CD ROM or via Internet download. It is therefore to be understood that any electronic device capable of executing the above-described functions may perform those functions enumerated above. When information is transferred or provided over a network or another communications connection (either hardwired, wireless, or a combination of hardwired or wireless) to a computer, the computer properly views the connection as a tangible computer-readable storage medium. Thus, any such connection is properly termed a tangible computer-readable storage medium. Combinations of the above should also be included within the scope of computer-readable storage media.
Media device 102 may request, receive, display and manage encrypted content processed and communicated by domain controller 104 with source for encrypted content provided by server device 106.
Media device 102 includes a digital rights management portion (DRM portion) 107 and a player portion 108. Each of DRM portion 107 and player portion 108 are illustrated as individual devices, however, in some embodiments they may be combined as a unitary device. At least one of DRM portion 107 and player portion 108 may be contained as a utility, program, or subprogram, in any desired tangible computer readable storage medium. In addition, the operations may be embodied by computer programs, which can exist in a variety of forms both active and inactive.
DRM portion 107 may transmit, receive and manage information related to data rights associated with encrypted and/or encoded content. Furthermore, DRM portion 107 may request, receive and process encrypted and encoded content for generation of unencrypted decoded content.
Player portion 108 may receive unencrypted decoded content and display unencrypted decoded content for viewing by a user (not shown).
As an example for purposes of discussion, media device 102 may request and/or receive content. Received or requested content may processed for display by player portion 108. Received content for display by player portion 108 may contain associated data rights which may be received, processed and maintained by DRM portion 107. As a result of receiving data rights information, DRM portion 107 may process, and maintain the data rights information as denoted by a rights data 126. Rights data 126 may be created as a result of an exchange of information as denoted by a communication exchange 138. Non-limiting examples of information which communication exchange 138 may communicate include authorization and authentication. Rights data 126 may be maintained for the associated information as exchanged by communication exchange 138 and for content as received, transmitted, processed by player portion 108.
Domain controller 104 includes a digital rights management portion 109 and a mover portion 110.
Digital rights management portion 109 may transmit, receive and manage information related to data rights associated with encrypted and encoded content. Furthermore, DRM portion 107 may request, receive and process encrypted and/or encoded content.
Mover portion 110 may process content. Non-limit examples of processing performed by mover portion 110 include receive, store, transmit, decrypt, decode, encrypt and encode content.
As an example for purposes of discussion, domain controller 104 may request, transmit and/or receive content. Received or requested content may be maintained for reception, transmission and storage by mover portion 110. Received content for storage and transmission by mover portion 110 may contain associated data rights which may be received, processed and maintained by digital rights management portion 109. As a result of receiving data rights information, digital rights management portion 109 may process and maintain the data rights information as denoted by a rights data 120. Rights data 120 may be created as a result of an exchange of information as denoted by a communication exchange 140. Non-limiting examples of information which communication exchange 140 may communicate include authorization, authentication and key exchange. Rights data 120 may be maintained for the associated information as exchanged by communication exchange 140 and for content as received, transmitted, processed and stored by mover portion 110.
Server device 106 includes a digital rights management portion 111 and a content source 112.
Digital rights management portion 111 may transmit, receive and manage information related to data rights associated with content. Non-limiting examples for types of content include decrypted, decoded, encrypted and/or encoded content. Furthermore, digital rights management portion 111 may request, receive, process and transmit content. Non-limiting examples for types of content include decrypted, decoded, encrypted and/or encoded content.
Content source 112 may transmit, receive and store content. Non-limiting formats for storage of content include encrypted, decrypted, encoded, decoded. Furthermore, server device 106 may transmit, receive and store content. Non-limiting examples for the types of content include encrypted and encoded.
As an example for purposes of discussion, server device 106 may request and/or receive a content 114. Non-limiting examples of the format for content 114 include encrypted, encoded, decrypted or decoded. Furthermore, content 114 may be encoded and encrypted. Received or requested content 114 may be maintained for storage by content source 112. Received content 114 for storage by content source 112 may contain associated data rights which may be received, processed and maintained by digital rights management portion 111. As a result of receiving data rights information, digital rights management portion 111 may process, and maintain the data rights information as denoted by a rights data 116. Rights data 116 may be maintained for the associated content 114 as received, transmitted, processed and stored by content source 112.
Elements of
As an example for purposes of discussion, a user (not shown) via player portion 108 may request access to information as denoted by content 114 and maintained by server device 106. Request for access to content 114 may be processed by DRM portion 107. DRM portion 107 may communicate a request for access to content 114 with digital rights management portion 109 of domain controller 104 via a secure move message exchange 136. Furthermore, rights data 126 and rights data 120 may be updated to reflect the request for content 114 as performed by player portion 108.
Elements of
Continuing with the example as initiated with respect to
Elements of
Continuing with the example initiated with
Elements of
Continuing with the example initiated with
Elements of
Continuing with the example for further discussion as initiated with respect to
An x-axis 202 represents exchanges of communication between media device 102 and domain controller 104 of communication system 100 and a y-axis 204 represents time with units of time.
Media device 102 may communicate a key request to domain controller 104 via a key request 206.
Domain controller 104 may receive and process key request 206. Furthermore, domain controller 104 may search for and update rights data associated with request. Furthermore, domain controller 104 may reply to key request 206 by communicating a key reply 208 to media device 102.
Media device 102 may examine key reply 208. Furthermore, if the copy protection rules as communicated by key reply 208 indicate copying of the content not allowed, media device may create a rights data object with a state indicating a “move pending.”
Media device 102 may communicate a key request 210 to domain controller 104 with information indicating initiation of a transfer associated with content to be transferred.
Domain controller 104 may receive and process key request 210. For a determination of correct information provided in key request 210, domain controller may open a rights data file for verifying the allowance of the initiation of transfer as provided by key request 210. Furthermore, domain controller 104 may update rights data state with an indication of move pending. Still further, domain controller 104 may initiate a timer for determining if content transfer does not complete successfully within the time frame for the timer. A value for a timer may be configured for a time value larger than required for transfer of content from domain controller 104 to media device 102.
Domain controller 104 may communicate a key reply 212 to media device 102 indicating an acknowledgement for the initiation of transfer.
Media device 102 may receive and processes key reply 212. Non-limiting examples of processing performed by media device 102 includes verifying correctness of key reply 212 and verifying content denoted as move pending. Media device 102 may initiate transfer of content from domain controller 104.
Following successful transfer of content from domain controller 104 to media device 102, media device 102 may communicate a key request 214 to domain controller 104 indicating a transfer commit request.
Domain controller 104 may receive and process key request 214. Non-limiting examples of processing includes verifying key request 214 for correctness and verifying the state denoted as move pending. Furthermore, domain controller 104 may cancel timer for successful content transfer and update the state to disabled. Denoting state as disabled prevents domain controller from sharing content with other devices or from providing local access to the content.
Domain controller 104 may communicate a key reply 216 to media device 102. Information provided by key reply 216 may communicate a transfer commit acknowledgement. Furthermore, domain controller 104 may maintain persistent storage of rights data object associated with content.
Media device 102 may receive and process key reply 216. Non-limiting examples of processing includes verifying for correctness. Media device 102 may update state of local rights data to “active” which may enable local display of content and/or sharing the content with other devices in compliance with the associated rights data for the content. Furthermore, media device 102 performs persistent storage of the rights data object associated with the content.
Non-limiting examples of error conditions which may occur and be processed by media device 102 and domain controller 104 include time outs, interruptions and requests for content by a multiplicity of devices.
Domain controller 104 includes a communication portion 302, a processor portion 304, a security portion 306, a transcoder portion 308, a digital rights management portion 310 and a memory portion 312. Each of the elements of domain controller 104 are illustrated as individual devices, however, in some embodiments at least two of communication portion 302, processor portion 304, security portion 306, transcoder portion 308, digital rights management portion 310 and memory portion 312 may be combined as a unitary device. Further, in some embodiments at least one of communication portion 302, processor portion 304, security portion 306, transcoder portion 308, digital rights management portion 310 and memory portion 312 may be implemented as computer-readable media for carrying or having computer-executable instructions or data structures stored thereon.
Communication portion 302 may communicate bi-directionally with external entities. Non-limiting examples of external devices include media players, server devices, computers and computer network equipment.
Processor portion 304 may receive, transmit and process information. Furthermore, processor portion 304 may access and perform operational instructions stored in memory portion 312.
Security portion 306 may perform encryption and decryption of digital information.
Transcoder portion 308 may perform conversion of information from one code format to a different code format.
Digital rights management portion 310 may operate receive, transmit and process rights data. Non-limiting examples of processing performed by digital rights management portion include performing transfer timeout monitoring, verification, confirmation, denial, acknowledgement, storing, deleting, updating and modifying information related to rights data.
Memory portion 312 may receive, transmit and store information. Non-limiting examples of information received, transmitted and stored by memory portion 312 include data and instruction codes.
Communication portion 302 may communicate bi-directionally with external entities via a communication channel 314 and a communication channel 316. Furthermore, communication portion 302 may communicate bi-directionally with processor portion 304 via a communication channel 318. Processor portion 304 may communicate bi-directionally with security portion 306 via a communication channel 320, transcoder portion 308 via a communication channel 322, digital rights management portion 310 via a communication channel 324 and memory portion 312 via a communication channel 326.
Processor portion 304 may retrieve operational codes from memory portion 312 for determining operation of processor portion 304. Furthermore, processor portion 304 may receive and process information from communication portion 302 for storage in memory portion 312. Processor portion 304 may request and retrieve information from memory portion 312 for external transmission to domain controller 104 via communication portion 302. Processor portion 304 may transmit data to security portion 306 for encryption or decryption. Processor portion 304 may transmit data to transcoder portion 308 for converting content from one coding format to another coding format. Processor portion 304 may transmit and receive configuration and data rights information to digital rights management portion 310. Non-limiting examples of configuration information transmitted and received from digital rights management portion 310 includes information related to initiating, deleting, modifying and updating of data rights.
Starting with
Domain controller 104 and server device 106 may exchange information related to communication between the devices and associated data rights.
Media device 102 and domain controller 104 may perform communication exchange 138, wherein authorization and authentication may be performed between media device 102 and domain controller 104 (S406).
Media device 102 and domain controller 104 may exchange information related to communication between the devices and associated data rights.
Domain controller 104 configures digital rights management portion 109 based upon exchange of information performed between domain controller 104 and server device 106 (S408).
Media device 102 configures DRM portion 107 based upon exchange of information performed between media device 102 and domain controller 104 (S410).
Referring now to
Domain controller 104 verifies request for content 114 by media device 102 and communicates data rights associated with content 114 via key reply 208 (S414).
Referring now to
As illustrated in
For a determination of acceptance for request for content 114 (S416), media device 102 may communicate key request 210, as illustrated in
Referring now to
With additional reference to
Referring now to
For a determination of performing a transcode operation of content 114 (S424), a transcode operation may be performed (S426) to generate transcoded content 118.
With additional reference to
It may be determined whether an encryption and/or decryption operation may be performed by domain controller 104 (S428) following the determination for performing a transcode operation (S424). For a determination of performing an encryption and/or decryption operation (S428), an encryption and/or decryption operation may be performed (S430) to generate encrypted/decrypted content 118.
Domain controller 104 may retrieve content 114 from memory portion 312 and transfer content 114 via communication channel 326 and communication channel 320 to security portion 306 for applying encryption and/or decryption operation to generate content 118.
Referring now to
Domain controller 104 may delete content 118 from memory of domain controller 104, update rights data 120 for removal of content 118 and communicate key reply 216 indicating a transfer commit acknowledgement (S434).
Referring now to
A system and method in accordance with aspects of the present invention provides benefits over prior art content transfer systems and methods. A communication system in accordance with the present invention may securely transfer and process content and the associated rights data for the content to allow authorized access to the content and prevent unauthorized access to the content. Multiple devices may simultaneously request and initiate secure download of content even though only a single device may be granted access and the capability to utilize the content during a given timeframe. Furthermore, a transfer timeout mechanism may be implemented to allow relinquishment of rights data such that secondary entities may gain access to the content when a first device encounters a failure in the transmission of the content. In the case of a timeout, the secondary device granted access may have already transferred the content and be able to immediately utilize the content.
The foregoing description of various preferred embodiments of the invention have been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise forms disclosed, and obviously many modifications and variations are possible in light of the above teaching. The example embodiments, as described above, were chosen and described to best explain the principles of the invention and its practical application to thereby enable others skilled in the art to best utilize the invention in various embodiments and with various modifications as are suited to the particular use contemplated. It is intended that the scope of the invention be defined by the claims appended hereto.