Content presentation

Abstract

There are a base station and at least one end station which can communicate with each other. The end station generates an access request when wishing to present content. The access request is transferred from the end station to the base station. The base station provides an agent in response to the received access request. The agent is installed in the end station before being implemented by the end station. The implemented agent determines end station data indicative of an identity of the end station. The end station data is transferred from the end station to the base station. The base station authenticates the end station in response to the received end station data for an allowance of the presentation of the content.

Description

BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates to a method of presenting content, a method of authenticating an end station for an allowance of the presentation of content, a digital right management system, a method of decrypting content for presentation, and a method of encrypting content for presentation.

2. Description of the Related Art

Conventionally, content owners sell premium content in tapes, CDs, and DVDs through traditional outlets. However, due to the success of more powerful personal computers, high speed Internet connections, and superior compression technologies, the way that digital media content, for instance, music or video is produced, distributed, and consumed has been dramatically changed.

Downloading encoded digital audio-visual content files via HTTP, FTP, etc, has gained favour among Internet users because of the immediate access to desired content and no need of a trip to a store or reliance on a physical medium, for instance, a tape, a CD, or a DVD. Content owners now have the opportunity to generate additional sales and revenue by means of distributing digital audio-visual content through the Internet. However, digital audio-visual content that is available for sale on the Internet is still limited because content owners, artists, and publishers are concerned about protecting their copyright works from illegal use.

Some other on-line multi-media services become available at the same time, for instance, VOD (Video-On-Demand), live broadcasting, and live streaming for surveillance through the Internet. In these services, the content providers are also much concerned about protecting their contents, especially for those highly security-sensitive ones, from unauthorised users.

Unfortunately, Internet piracy and illegal global distribution have been always a headache to the entertainment industry. In order to reduce the risk of piracy and gain the benefit of a huge market of potential Internet customers, content should be protected throughout the production, distribution, and consumption processes. Before owners of digital audio-visual content offer their valuable content for sale or promotion on the Internet, a secure e-commerce system that protects digital audio-visual content from illegal use should be established.

A critical component of any such e-commerce system is digital rights management (DRM), which consists of a set of technologies that can protect content owners' copyrights. In general, DRM distributes digital audio-visual content and limits access to only those people who have acquired a proper license to play the content. Although 100-percent security is not possible, DRM can prevent naive attackers from bypassing such a DRM system and make it difficult and costly for skilled attackers to compromise such a DRM system. In addition, DRM can minimise the scope of breaks and limit commercial opportunities for professional attackers. However, while DRM adds persistent security to digital audio-visual content to be protected, it also adds extra steps to the process of acquiring the digital audio-visual content. There is always a trade-off between usability and security, which is dependent on the content owner to establish a balance.

Typically, the majority of DRM solutions are complicated and expensive to implement, such as a Microsoft Corporation's Media Player system, or Macrovision's systems. Currently there does not exist a low cost and easy implemented solution providing satisfactory performance.

SUMMARY OF THE INVENTION

It is a first object of this invention to provide an improved method of presenting content.

It is a second object of this invention to provide an improved method of authenticating an end station for an allowance of the presentation of content.

It is a third object of this invention to provide an improved digital right management system.

It is a fourth object of this invention to provide an improved method of decrypting content for presentation.

It is a fifth object of this invention to provide an improved method of encrypting content for presentation.

A first aspect of this invention provides a method of presenting content in an end station. The method comprises the steps of generating an access request; transferring the access request to a base station; receiving an agent from the base station as a response to the access request; implementing the agent, wherein the implemented agent determines end station data indicative of an identity of the end station and transfers the end station data to the base station, wherein the base station authenticates the end station in response to the end station data and decides whether the authentication is successful; and presenting the content when the base station decides that the authentication is successful.

A second aspect of this invention is based on the first aspect thereof, and provides a method wherein the implemented agent generates the end station data using at least one of i) an indication of the content to be presented; ii) an end station identifier uniquely indicative of the identity of the end station; iii) a user identifier uniquely indicative of a user of the end station; iv) an agent identifier uniquely indicative of the agent; and v) a licence.

A third aspect of this invention is based on the first aspect thereof, and provides a method wherein the content is encrypted using an encryption algorithm. The method further comprises the steps of receiving decryption data inclusive of at least one of a decryption algorithm and a decryption key from the base station, decrypting the encrypted content using the decryption data, and presenting the decrypted content.

A fourth aspect of this invention is based on the third aspect thereof, and provides a method wherein the decryption data is encrypted using a predetermined public key of a private/public key pair. The method further comprises the step of decrypting the decryption data using a private key of the private/public key pair.

A fifth aspect of this invention is based on the third aspect thereof, and provides a method wherein the decryption data includes first and second keys and the content includes one or more data packets each having an encrypted payload, and wherein the decrypting step comprises determining the payload in each data packet, decrypting a first portion of the determined payload using the first key, and decrypting a second portion of the determined payload using the second key, the first and second payload portions being arranged such that at least a part of the determined payload is encrypted using both the first and second keys.

A sixth aspect of this invention is based on the third aspect thereof, and provides a method wherein the decryption data includes first and second keys and the content includes one or more data packets each having an encrypted payload, and wherein the decrypting step comprises determining the payload in each data packet, determining an arbitrary value using the first key, determining a cipher text by encrypting the arbitrary value using the second key, and decrypting the determined payload using the cipher text, the encrypted payload being formed from a logical combination of the unencrypted payload and the cipher text.

A seventh aspect of this invention is based on the third aspect thereof, and provides a method wherein the decryption data includes first and second keys, and the decrypting step comprises segmenting the content into content portions each including at least one data packet, decrypting the data packets in the content portions using the first and second keys to get decrypted content portions, and combining the decrypted content portions to form the content to be presented.

An eighth aspect of this invention provides, in a base station, a method of authenticating an end station for an allowance of the presentation of content. The method comprises the steps of receiving an access request from the end station; transferring an agent to the end station, wherein the end station implements the agent and the implemented agent determines end station data indicative of an identity of the end station and transfers the end station data to the base station; receiving the end station data from the base station; authenticating the end station for an allowance of the presentation of content in response to the end station data; deciding whether the authentication is successful; and authorizing the end station to perform the presentation of content when it is decided that the authentication is successful.

A ninth aspect of this invention is based on the eighth aspect thereof, and provides a method further comprising the steps of encrypting the content using an encryption algorithm, generating decryption data inclusive at least one of a decryption algorithm and a decryption key, and transferring the decryption data to the end station, wherein the end station decrypts the content in response to the decryption data.

A tenth aspect of this invention is based on the ninth aspect thereof, and provides a method further comprising the steps of determining a public key of a public/private key pair in accordance with the end station data, and encrypting the decryption data using the public key.

An eleventh aspect of this invention is based on the ninth aspect thereof, and provides a method wherein the decryption data includes first and second keys and the content includes one or more data packets each having a payload, and wherein the encrypting step comprises determining the payload in each data packet, encrypting a first portion of the determined payload using the first key, and encrypting a second portion of the determined payload using the second key, the first and second payload portions being arranged such that at least a part of the payload is encrypted using both the first and second keys.

A twelfth aspect of this invention is based on the ninth aspect thereof, and provides a method wherein the decryption data includes first and second keys and the content includes one or more data packets each having a payload, and wherein the encrypting step comprises determining the payload in each data packet, determining an arbitrary value using the first key, determining a cipher text by encrypting the arbitrary value using the second key, and encrypting the determined payload using the cipher text, the encrypted payload being formed from a logical combination of the unencrypted payload and the cipher text.

A thirteenth aspect of this invention is based on the ninth aspect thereof, and provides a method wherein the decryption data includes first and second keys and the encrypting step comprises segmenting the content into content portions each including at least one data packet, and encrypting the data packets in the content portions using the first and second keys.

A fourteenth aspect of this invention provides a digital right management system for managing the presentation of content, comprising a base station, at least one end station, and a communications network for interconnecting the base station and the end station. The base station includes a processor for a1) receiving an access request from an end station via the communications network; a2) generating an agent in response to the access request; a3) transferring the agent to the end station via the communications network, wherein the end station implements the agent and the implemented agent determines end station data indicative of an identity of the end station and transfers the end station data to the base station via the communications network; a4) authenticating the end station in response to the end station data; a5) deciding whether the authentication is successful; and a6) authorizing the end station to perform the presentation of content when the authentication is successful. The end station includes a display; and a processor for b21) generating an access request; b22) transferring the access request to the base station via the communications network; b23) receiving the agent from the base station via the communications network; b24) implementing the agent, wherein the implemented agent determines the end station data and transfers the end station data to the base station via the communications network, and wherein the base station authenticates the end station in response to the end station data and decides whether the authentication is successful; and b25) presenting the content by use of the display when the base station decides that the authentication is successful.

A fifteenth aspect of this invention provides a method of decrypting content for presentation. The content includes one or more data packets each having an encrypted payload. The method comprises the steps of receiving encrypted content; determining the payload in each data packet; decrypting the determined payload using first and second keys; and combining the decrypted payloads of the one or more data packets to form decrypted content.

A sixteenth aspect of this invention is based on the fifteenth aspect thereof, and provides a method wherein the decrypting step comprises decrypting a first portion of the determined payload using the first key; and decrypting a second portion of the determined payload using the second key, the first and second payload portions being arranged such that at least a part of the determined payload is encrypted using both the first and second keys.

A seventeenth aspect of this invention is based on the fifteenth aspect thereof, and provides a method wherein the decrypting step comprises determining an arbitrary value using the first key; determining a cipher text by encrypting the arbitrary value using the second key; and decrypting the determined payload using the cipher text, the encrypted payload being formed from a logical combination of the unencrypted payload and the cipher text.

An eighteenth aspect of this invention is based on the fifteenth aspect thereof, and provides a method further comprising the steps of receiving decryption data from an end station, the decryption data including the first and second keys; and decrypting the decryption data using a private key of a public/private key pair to recover the first and second keys.

A nineteenth aspect of this invention provides a method of encrypting content for presentation. The content includes one or more data packets each having a payload. The method comprises the steps of determining the payload in each data packet; encrypting the determined payload using first and second keys; and combining the encrypted payloads of the one or more data packets to form encrypted content.

A twentieth aspect of this invention is based on the nineteenth aspect thereof, and provides a method wherein the encrypting step comprises encrypting a first portion of the determined payload using the first key; and encrypting a second portion of the determined payload using the second key, the first and second payload portions being arranged such that at least a part of the determined payload is encrypted using both the first and second keys.

A twenty-first aspect of this invention is based on the nineteenth aspect thereof, and provides a method wherein the encrypting step comprises determining an arbitrary value using the first key; determining a cipher text by encrypting the arbitrary value using the second key; and encrypting the determined payload using the cipher text, the encrypted payload being formed from a logical combination of the unencrypted payload and the cipher text.

A twenty-second aspect of this invention is based on the nineteenth aspect thereof, and provides a method further comprising the steps of generating decryption data including the first and second keys; encrypting the decryption data using a public key of a public/private key pair; and transferring the encrypted decryption data to an end station, wherein the end station decrypts the received decryption data using a private key of the public/private key pair.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a DRM system according to a first specific embodiment of this invention.

FIG. 2 is a block diagram of a DRM system according to a second specific embodiment of this invention.

FIG. 3 is a diagram of an encryption method in the first or second specific embodiment of this invention.

FIG. 4 is a diagram of additional details of the encryption method in FIG. 3.

FIG. 5 is a diagram of a first specific example of the encryption of a payload in FIG. 4.

FIG. 6 is a diagram of a second specific example of the encryption of a payload in FIG. 4.

FIG. 7 is a diagram of a decryption method in the first or second specific embodiment of this invention.

FIG. 8 is a diagram of additional details of the decryption method in FIG. 7.

FIG. 9 is a diagram of a first specific example of the decryption of a payload in FIG. 8.

FIG. 10 is a diagram of a second specific example of the decryption of a payload in FIG. 8.

FIG. 11 is a block diagram of the structure of an encipheror in FIG. 1 or 2.

FIG. 12 is a block diagram of the structure of a decipherer in FIG. 1 or 2.

FIG. 13 is a diagram of key package management in the first or second specific embodiment of this invention.

FIG. 14 is a diagram of the updating of a key for a key package in the first or second specific embodiment of this invention.

FIG. 15 is a flowchart of the main processes of registering an end station and license distribution in the first or second specific embodiment of this invention.

FIG. 16 is a flowchart of the main processes of user authentication and key distribution in the first or second specific embodiment of this invention.

FIG. 17 is a flowchart of the main processes of license transfer in the first or second specific embodiment of this invention.

DETAILED DESCRIPTION OF THE INVENTION

Basic Embodiments

According to a first basic embodiment of this invention, there are a base station and at least one end station. The base station and the end station can communicate with each other. A method of presenting content is carried out in the end station. The method includes the steps of generating an access request, transferring the access request to the base station, receiving an agent from the base station, and implementing the agent. The implemented agent determines end station data indicative of an identity of the end station. The implemented agent transfers the determined end station data to the base station. The base station authenticates the end station in response to the received end station data for an allowance of the presentation of the content. The base station decides whether the authentication is successful. The method further includes the step of presenting the content when the base station decides that the authentication is successful.

Preferably, the method includes a step carried out in the implemented agent. The step is of generating the end station data using at least one of (1) an indication of the content to be presented, (2) an end station identifier uniquely indicative of the identity of the end station, (3) a user identifier uniquely indicative of a user of the end station, (4) an agent identifier uniquely indicative of the agent, and (5) a licence.

Also preferably, the method includes a step carried out in the implemented agent. The step is of determining the end station identifier using at least one of (1) a network interface card (NIC) number, (2) a media access control (MAC) address, (3) a CPU identifier, and (4) a hard drive identifier.

It is also preferable that the method further includes the steps of receiving the content, determining indicating data indicative of the content, and generating the access request using the indicating data.

Preferably, the method includes the step of receiving the content on a physical storage medium.

It is also preferable that the method includes steps carried out when the base station decides that the authentication is successful. The steps are of receiving the content, and presenting the received content.

It is preferable that the end station is coupled to the base station via a communications network. In this case, the method includes the step of transferring, via the communications network, at least one of the content, the end station data, the access request, and the agent.

Preferably, the content is encrypted using an encryption algorithm. In this case, the method includes the steps of receiving decryption data from the base station, decrypting the encrypted content using the decryption data, and presenting the decrypted content.

It is preferable that the decryption data includes at least one of a decryption algorithm and a decryption key.

It is also preferable that the decryption data is encrypted using a public key of a private/public key pair. In this case, the method includes the step of decrypting the decryption data using a private key of the private/public key pair.

Preferably, the private key is encrypted using a block cipher key. In this case, the method includes steps carried out in the implemented agent. The steps are of receiving the block cipher key from the base station, and decrypting the private key using the block cipher key.

It is also preferable that the decryption data includes first and second keys, and the content includes one or more data packets. Each data packet has an encrypted payload. In this case, the method includes the steps of determining the payload in each data packet, decrypting a first portion of the determined payload using the first key, and decrypting a second portion of the determined payload using the second key. The first and second payload portions are arranged such that at least a part of the determined payload is encrypted using both the first and second keys.

Preferably, the decryption data includes first and second keys, and the content includes one or more data packets. Each data packet has an encrypted payload. In this case, the method includes the steps of determining the payload in each data packet, determining an arbitrary value using the first key, determining a cipher text by encrypting the arbitrary value using the second key, and decrypting the determined payload using the cipher text. The encrypted payload is formed from a logical combination of the unencrypted payload and the cipher text.

It is preferable that the logical combination is an XOR (Exclusive-OR) combination.

It is also preferable that the content includes two or more content portions. In this case, the method includes the steps of segmenting the content into content portions each inclusive of one or more data packets, decrypting the data packet or packets of each content portion using first and second keys, and combining the decrypted content portions to form the decrypted content to be presented.

In addition, it is preferable that the content portion corresponds to a data stream.

Also preferably, the content includes at least one of audio information, visual information, graphical information, multi-media information, music, and video.

It is preferable that the end station data includes a licence indicative of one or more media types. The licence is encoded using a predetermined algorithm.

It is also preferable that the agent is a software application. In this case, the method includes the step of implementing the agent by executing the software application.

Preferably, the implemented agent terminates on the end station at least one of after the authentication, after the content presentation, and after the end station disconnects from the base station.

According to a second basic embodiment of this invention, there are a base station and at least one end station. The base station and the end station can communicate with each other. A method of authenticating the end station for an allowance of the presentation of content is carried out in the base station. The method includes the steps of receiving an access request from the end station, and transferring an agent to the end station. The agent is implemented in the end station. The implemented agent determines end station data indicative of an identity of the end station, and transfers the end station data to the base station. The method further includes the steps of authenticating the end station in response to the received end station data for an allowance of the presentation of content, deciding whether the authentication is successful, and authorizing the end station to execute the presentation of content when it is decided that the authentication is successful.

It is preferable that the method includes the step of determining, from the end station data, at least one of (1) an end station identifier uniquely indicative of the identity of the end station, (2) a user identifier uniquely indicative of a user of the end station, (3) an agent identifier uniquely indicative of the agent, and (4) a licence.

Preferably, the method includes the step of determining at least one of (1) a network interface card (NIC) number, (2) a media access control (MAC) address, (3) a CPU identifier, and (4) a hard drive identifier.

It is also preferable that the method includes the step of transferring the content to the end station on a physical storage medium.

Preferably, the method includes the step of comparing the end station data to authentication data stored in a data store. The authentication data is indicative of the end station and other end stations. The method further includes the step of authenticating the end station in response to the result of the comparison between the end station data and the authentication data.

Also preferably, the method further includes steps carried out when it is decided that the authentication is successful. The steps are of determining the content to be presented, comparing the content to authorization data indicative of the content that may be presented by the end station, and authorizing the end station to execute the presentation of the content in response to the result of the comparison.

Preferably, the base station is coupled to the end station via a communications network. In this case, the method includes the step of transferring at least one of the content, the end station data, the access request, and the agent via the communications network.

It is preferable that the content is encrypted using an encryption algorithm. In this case, the method includes the steps of encrypting the content, generating decryption data, and transferring the decryption data to the end station. The end station decrypts the encrypted content in response to the received decryption data.

It is also preferable that the decryption data includes at least one of a decryption algorithm and a decryption key.

Preferably, the method includes the steps of determining a public key of a public/private key pair in accordance with the identity of the end station data, and encrypting the decryption data using the public key.

It is preferable that the method further includes the step of transferring a block cipher key to the implemented agent. The implemented agent decrypts the private key in response to the block cipher key.

Also preferably, the decryption data includes first and second keys, and the content includes one or more data packets. In this case, the method includes the steps of determining a payload in each data packet, encrypting a first portion of the determined payload using the first key; and encrypting a second portion of the determined payload using the second key. The first and second payload portions are arranged such that at least a part of the determined payload is encrypted using both the first and second keys.

Preferably, the decryption data includes first and second keys, and the content includes one or more data packets. In this case, the method includes the steps of determining a payload in each data packet, determining an arbitrary value using the first key, determining a cipher text by encrypting the arbitrary value using the second key, and encrypting the determined payload using the cipher text. The encrypted payload is formed from a logical combination of the unencrypted payload and the cipher text.

It is preferable that the logical combination is an XOR (Exclusive-OR) combination.

Preferably, the content includes two or more content portions. In this case, the method includes the steps of segmenting the content into content portions each inclusive of one or more data packets, and encrypting the data packets of the content portions using first and second keys.

It is also preferable that each content portion corresponds to a data stream.

In addition, it is preferable that the content includes at least one of audio information, visual information, graphical information, multi-media information, music, and video.

According to a third basic embodiment of this invention, there are a base station and at least one end station. The base station and the end station can communicate with each other. The end station is used for the presentation of content. The end station includes a display and a processor. The processor operates for generating an access request, transferring the access request to the base station, receiving an agent from the base station, and implementing the agent. The implemented agent determines end station data indicative of an identity of the end station, and transfers the determined end station data to the base station. The base station authenticates the end station in response to the received end station data for an allowance of the presentation of the content. The base station decides whether the authentication is successful. The processor in the end station operates for controlling the display to present the content when the base station decides that the authentication is successful.

According to a fourth basic embodiment of this invention, there are a base station and at least one end station. The base station and the end station can communicate with each other. The base station is used for authorizing the end station to execute the presentation of content. The base station includes a processor for receiving an access request from an end station, and transferring an agent to the end station in response to the access request. The transferred agent is implemented in the end station. The implemented agent determines end station data indicative of an identity of the end station, and transfers the determined end station data to the base station. The processor in the base station operates for authenticating the end station in response to the received end station data, deciding whether the authentication is successful, and authorizing the end station to execute the presentation of content when it is decided that the authentication is successful.

According to a fifth basic embodiment of this invention, there are a digital right management system, a base station, and at least one end station. The base station and the end station can communicate with each other. The digital right management system operates for managing the presentation of content. The digital right management system includes the base station and the end station. The base station includes a processor for receiving an access request from the end station, and transferring an agent to the end station in response to the access request. The transferred agent is implemented in the end station. The implemented agent determines end station data indicative of an identity of the end station, and transfers the determined end station data to the base station. The processor in the base station operates for authenticating the end station in response to the end station data, deciding whether the authentication is successful, and authorizing the end station to execute the presentation of content when it is decided that the authentication is successful. The end station includes a display and a processor. The processor in the end station operates for generating the access request, transferring the access request to the base station, receiving the agent from the base station, and implementing the agent. In the end station, the presentation of content is executed through the display. The digital right management system includes a communications network for interconnecting the base station and the end station. The communications network allows the communications between the base station and the end station.

According to a sixth basic embodiment of this invention, there are a base station and at least one end station. The base station and the end station can communicate with each other. A method of decrypting content for presentation is carried out in the end station. The content includes one or more data packets each having an encrypted payload. The method includes the step of receiving encrypted content. The method further includes the steps of determining the payload in each data packet, and decrypting the determined payload using first and second keys. The method also includes the step of combining the decrypted payloads of the one or more data packets to form the decrypted content.

It is preferable that the method includes the steps of decrypting a first portion of the determined payload using the first key, and decrypting a second portion of the determined payload using the second key. The first and second payload portions are arranged such that at least a part of the determined payload is encrypted using both the first and second keys.

Preferably, the method includes the steps of determining an arbitrary value using the first key, determining a cipher text by encrypting the arbitrary value using the second key, and decrypting the determined payload using the cipher text. The encrypted payload is formed from a logical combination of the unencrypted payload and the cipher text.

It is also preferable that the logical combination is an XOR (Exclusive-OR) combination.

Preferably, the content includes two or more content portions. In this case, the method includes the steps of segmenting the content into content portions each including one or more data packets, decrypting the data packets of the content portions using first and second keys, and combining the decrypted content portions to form the decrypted content to be presented.

It is preferable that the method includes the step of receiving decryption data from the base station. The decryption data includes the first and second keys. The method further includes the step of decrypting the decryption data using a private key of a public/private key pair.

It is also preferable that the private key is encrypted using a block cipher key. In this case, the method includes the steps of receiving the block cipher key from the base station, and decrypting the private key using the block cipher key.

According to a seventh basic embodiment of this invention, there is an end station for decrypting content for presentation. The content includes one or more data packets each having an encrypted payload. The end station includes a processor for receiving encrypted content. The processor operates for determining the payload in each data packet, and decrypting the determined payload using first and second keys. The processor operates for combining the decrypted payloads of the one or more data packets to form the decrypted content.

According to an eighth basic embodiment of this invention, there is a base station. A method of encrypting content for presentation is carried out in the base station. The content includes one or more data packets each having a payload. The method includes the steps of determining the payload in each data packet, and encrypting the determined payload using first and second keys. The method further includes the steps of combining the encrypted payloads of the one or more data packets to form the encrypted content.

It is preferable that the method includes the steps of encrypting a first portion of the determined payload using the first key, and encrypting a second portion of the determined payload using the second key. The first and second payload portions are arranged such that at least a part of the determined payload is encrypted using both the first and second keys.

Preferably, the method includes the steps of determining an arbitrary value using the first key, determining a cipher text by encrypting the arbitrary value using the second key, and encrypting the determined payload using the cipher text. The encrypted payload is formed from a logical combination of the unencrypted payload and the cipher text.

It is preferable that the logical combination is an XOR (Exclusive-OR) combination.

It is also preferable that the method includes the steps of segmenting the content into two or more content portions each including one or more data packets, encrypting the data packets of the content portions using the first and second keys, and combining the encrypted data packets to form the encrypted content.

Preferably, the method includes the steps of generating decryption data including the first and second keys, encrypting the decryption data using the public key of a public/private key pair, and transferring the decryption data to an end station. The end station operates to decrypt the decryption data using the private key in the public/private key pair.

According to a ninth basic embodiment of this invention, there is a base station for encrypting content for presentation. The content includes one or more data packets each having a payload. The base station includes a processor. The processor operates for determining the payload in each data packet, and encrypting the determined payload using first and second keys. The processor operates for combining the encrypted payloads of the one or more data packets to form the encrypted content.

First Specific Embodiment

FIG. 1 shows a DRM (digital rights management) system according to a first specific embodiment of this invention. With reference to FIG. 1, the DRM system includes a session resource manager (SRM) 5 coupled via a suitable connection, such as an SSL (secure sockets layer) connection, to a web server 13. In turn, the web server 13 is used to allow a client 23, such as a user's end station, to access the features provided by the SRM 5 via an appropriate web browser 15 and/or an SSL connection. A server agent platform 14 is implemented and provided in the web server 13.

The client 23 forms an end station or an end device also referred to as a client device. The client 23 is coupled to, or includes a playback device for displaying content. The playback device includes an AV (audio-visual) decoder 16 and an AV renderer 17. The AV renderer 17 includes a display.

It should be noted that there may be another client or other clients similar in structure to the client 23.

The SRM 5 includes a key escrow module 6 coupled to a database 7. The database 7 is also coupled to a user account management module 8. The user account management module 8 is connected with a server agent management module 9, a license management module 10, and a trust authentication module 11.

The SRM 5 is coupled to an encipheror 3 which operates to perform encryption of content (digital audio-visual content) 2 in accordance with an encryption strategy 1 inclusive of encryption keys. The encipheror 3 is also coupled to a file/data server 4 which has a content repository 12 used to store the encrypted content.

The client 23 includes a data store (storage) 18 coupled to a decipherer 19. The decipherer 19 is also coupled to a rights manager module 21. The rights manager module 21 is connected with a secure registry 20 and a server security agent 22 implemented in the client 23.

The content 2 is encrypted by the encipheror 3 using the encryption strategy 1 inclusive of the encryption keys. The encrypted content 2 is transferred from the encipheror 3 to the file/data server 4 before being stored in the content repository 12 therein. The encipheror 3 provides an indication of the encryption keys used in the encryption process to the key escrow module 6 in the SRM 5. In the SRM 5, the key escrow module 6 stores the encryption keys in the database 7 as a key package.

A client 23 wishing to view content undergoes a registration procedure with the SRM 5, during which the client 23 registers with the SRM 5 via the web browser 15 and the web server 13. The registration allows the client 23 to obtain a license allowing desired content to be presented on the playback device and/or the client 23 as will be described in more detail below.

When a user wishes to present content, the user is required to obtain authorisation from the SRM 5. In order to achieve this, the end station (the client) 23 is adapted to generate an access request which is transferred to the SRM 5 via, for example, the web server 13. The SRM 5 responds to the access request by providing a server security agent which is transferred to and implemented by the client 23 as shown at 22. The transfer of the server security agent 22 from the SRM 5 to the client 23 is via, for example, the web server 13.

The server security agent 22 in the client 23 collects predetermined information regarding the client 23, and transfers the collected information back to the SRM 5 via, for example, the web server 13. Preferably, the predetermined information is indicative of an identity of the client 23. The SRM 5 authenticates the client 23 in response to the predetermined information therefrom. The SRM 5 decides whether the authentication is successful. Thus, the SRM 5 gets the result of the authentication. In response to the predetermined information from the client 23, the SRM 5 determines a list of the content which the client 23 is authorized to present. The authentication result and the determined content list are used to allow the client 23 to present the content.

Preferably, in response to the predetermined information from the client 23, the SRM 5 performs trust authentication using the trust authentication module 11. Provided that the authentication is successful, the SRM 5 transfers keys from the database 7 to the client 23 via, for example, the web server 13. These keys can then be used by the client 23 to decrypt the content which is transferred to the client 23 from the content repository 12 in the file/data server 4.

It will be appreciated by persons skilled in the art that any one or more of the SRM 5, the web server 13, the encipheror 3, and the file/data server 4 may be provided at a centralised base station which can then be coupled to one or more end stations inclusive of the client device 23 via a suitable communications network. Examples of the communications network are the Internet, one or more WANs (wide area networks), and LANs (local area networks).

In this sense, the base station is a collection of one or more processing systems providing the functionality outlined above.

Thus, the DRM system in FIG. 1 is designed for network streaming and distribution of digital audio-visual content. The DRM system allows highly security-sensitive or high-value content to be securely prepared, delivered, and presented.

The DRM-system's elements described above with respect to FIG. 1 can include so-called general-purpose computers, workstations, or personal computers, as well as network connectable information-processing devices, for instance, digital home electric appliances, portable terminals, PDAs, or cellular phones.

It should be noted that the procedure described below may be performed by a software product and that a part of the procedure may be done on a hardware unit.

Second Specific Embodiment

FIG. 2 shows a DRM system according to a second specific embodiment of this invention. The DRM system in FIG. 2 is based on that in FIG. 1. With reference to FIG. 2, the DRM system includes an SRM 5.

The SRM 5 includes a key escrow module 6, a database 7, a security agent manager 31, a user authentication module 32, a user account manager module 35, a license manager 34, a web server 13, and a program schedule manager 33.

The DRM system also includes means for encoding audio and video received at 24 in the form of an encoder server 30. The encoder server 30 includes a software/hardware encoder 25, a schedule manager 26, a content network archiving manager 27, a unicast/multicast live streaming server 28, a content manager 29, and an encipheror 3. The software/hardware encoder 25 receives the audio and video 24. The software/hardware encoder 25 is coupled to the encipheror 3. The encipheror 3 is in turn coupled to the streaming server 28 and the content manager 29. The content manager 29 is connected with the content network archiving manager 27. The schedule manager 26 is coupled to the encoder 25. The software/hardware encoder 25 and the encipheror 3 perform the encryption of the audio and video 24 in accordance with a schedule provided by the schedule manager 26.

The encoder server 30 and the SRM 5 are coupled via a network 36 such as the Internet, a LAN, or a WAN. It should be noted that connections to the network 36, and the network 36 itself may be wired or wireless.

Also, a file/data server 4, a video server 48, and a client 23 are coupled to the network 36. The file/data server 4 includes an archive server 39, an FTP (file transfer protocol) server 40, a backup server 41, a cache server 42, and a content repository 12, as well as an encipheror/decipherer module 38 and an content importer/exporter module 37.

The video server 48 includes a cache server 45, a VOD (video-on-demand) server 46, and a scheduled multicast streaming server 47.

The client 23 forms an end station or an end device also referred to as a client device. The end device (the client) 23 includes an AV decoder 16, a decipherer 19, a rights manager 21, a network streaming client module 49, a content importer module 50, a CD/DVD reader 51, a video renderer (an AV renderer) 52, and a sound card 53. The video renderer 52 includes a display. The decipherer 19 is coupled via the AV decoder 16 to the video renderer 52 and the sound card 53. The decipherer 19 is also coupled to the network streaming client module 49. The decipherer 19 is coupled via the content importer module 50 to the CD/DVD reader 51. The rights manager 21 is suitably provided in the client 23.

A part of the client 23 is implemented by an application program running on a computer system in the client 23. This application program is also referred to as the application of the client 23. The application of the client 23 is installed in the computer system in a suitable way. The application of the client 23 may be downloaded into the computer system from the web server 13 or other devices.

It should be noted that there may be another client or other clients similar in structure to the client 23.

One or more of the file/data server 4, the SRM 5, the encoder server 30, and the video server 48 form a base station which can serve as a content provider.

Content is encoded or encrypted using the encoder server 30, and is then transferred to the file/data server 4 via the network 36 before being stored in the file/data server 4. The content may then be transferred from the file/data server 4 to the client 23 either in the form of a physical medium 43 via, for example, a retail shop 44, or by download from the network 36.

In the encoder server 30, the software/hardware encoder 25 and the encipheror 3 perform the encryption of the audio and video 24 to get encrypted content. The encrypted content is transferred from the encoder server 30 to the file/data server 4 via the network 36.

Details of the encryption mechanism used for encrypting the content by the encoder server 30 are stored in the SRM 5. When wishing to receive the content, the client 23 transfers an access request to the SRM 5 via the network 36. The transferred access request causes the previously-mentioned authentication process to be performed. Once the client 23 has been authenticated, encryption keys are transferred to the client 23 to allow the content to be presented.

Thus, the DRM system in FIG. 2 forms a multi-media system of digital audio-visual content distribution to which digital rights management (DRM) for network streaming and distribution of digital audio-visual content can be applied. This allows highly security-sensitive or high-value content to be securely prepared, delivered, and consumed.

The function of each of the elements composing the DRM system in FIG. 2 will now be described in more detail.

In the encoder server 30, the software/hardware encoder 25 includes a software encoder or a hardware encoder 25 which generates the digital audio-visual content, for instance, MPEG-1/2/4 content or Windows-Media content, from the analog audio-visual inputs 24 in real-time according to a prescribed record schedule or a certain record schedule controlled by the schedule manager 26 or an administrator. The schedule manager 26 performs record schedule management. The digital audio-visual content is fed from the software/hardware encoder 25 to the encipheror 3 in the form of stream data. The encipheror 3 encrypts the stream data in real-time according to a prescribed encryption strategy inclusive of encryption keys. The encipheror 3 feeds the encrypted stream data (the encrypted digital audio-visual content) to the content manager 29 and the content network archiving manager 27. The encipheror 3 packages the encryption keys, and passes the encryption key package to the SRM 5. The content manager 29 backs up and manages the digital audio-visual content data locally, and/or provides the exporting point to the administrator to copy the digital audio-visual content to another location upon/after the finish of the encoding process. The content network archiving manager 27 pushes the real-time digital audio-visual content data to the file/data server 4 through the network 36 for real-time data archiving. In this case, the network 36 is, for instance, a LAN (local area network) or the Internet. The unicast/multicast live streaming server 28 provides legal users on the network 36 with the real-time access to the encrypted digital audio-visual content by either unicast or multicast.

In the file/data server 4, the archive server 39 archives the digital audio-visual content(s) that is/are from the encoder server 30 by either real-time streaming or administrator's operation. The FTP server 40 provides an FTP file downloading service to legal users. The backup server 41 allows the digital audio-visual content to be backed up to additional storage media, for instance, CDs, DVDs, or tapes, either automatically or on request of the administrator. The cache server 42 provides a content cache to the video server 48 that provides a streaming service to a user, for instance, VOD (video on demand) or broadcasting. The content repository 12 stores the archived digital audio-visual content. A content importer in the importer/exporter module 37 and an encipheror in the encipheror/decipherer module 38 allow the administrator to import digital audio-visual content(s) to the file/data server 4, and to encrypt the digital audio-visual content(s) in real-time during the importing process. The imported digital audio-visual content(s) is/are not generated by the encoder server 30. A content exporter in the importer/exporter module 37 and a decipherer in the encipheror/decipherer module 38 allow the administrator to export digital audio-visual content(s) from the file/data server 4 to physical media, for instance, CDs or DVDs. The physical media are placed on the shelf of the retail shop 44, and are sold there. Preferably, the exported digital audio-visual content is in its original data format that is generated through real-time decryption by the decipherer in the encipheror/decipherer module 38 during the exporting process. The exported digital audio-visual content may be in its secure format that keeps its data encrypted.

In the video server 48, the elements operate as follows. The VOD server 46 provides VOD services to the client device(s) 23. The cache server 45 downloads the requested digital audio-visual content from the file/data server 4 via the network 36 when stream caching is necessary. The scheduled multicast streaming server 47 provides broadcasting programs.

The SRM 5 manages the system resources. In this regard, the elements in the SRM 5 operate as follows. The program schedule manager 33 defines an encoding schedule for the encoder server 30, and a broadcasting program schedule for the video server 48. The web server 13 handles web accesses and transactions, and distributes a server security agent 22 (see FIG. 1) by implementing a server agent platform 14 (see FIG. 1) with a software agent technology. The database 7 stores all system information. The key escrow module 6 manages the digital audio-visual content encryption key package. The security agent manager 31 manages the server security agent 22 (see FIG. 1) that roams to the client 23, and that performs the security task on behalf of the SRM 5. The user authentication module 32 is responsible for user authentication. The user account manager 35 manages user's or client's account. The license manager 34 manages the license issuing and verification.

The client 23 plays back digital audio-visual content from either the network streaming or the physical medium 43. In this regard, the elements in the client 23 operate as follows. The network streaming client module 49 receives digital audio-visual content data from the network 36. The network streaming client module 49 feeds the received digital audio-visual content data to the decipherer 19. The CD/DVD reader 51 gets digital audio-visual content data from the physical medium 43. The content importer module 50 receives the digital audio-visual content data from the CD/DVD reader 51. The content importer module 50 passes the digital audio-visual content data to the decipherer 19. The rights manager 21 protects the digital right of a content owner. The decipherer 19 decrypts the digital audio-visual content data while being controlled by the rights manager 21. The decipherer 19 feeds the decrypted audio-visual content data to the AV decoder 16. The AV decoder 16 and the AV rendering devices (the video renderer and the sound card) 52 and 53 decode and render the decrypted digital audio-visual content.

In one example, digital audio-visual content can be generated by the encoder server 30, where the content is encrypted in real-time. Digital audio-visual content may also be imported by the administrator using the content importer in the content importer/exporter module 37 in the file/data server 4, where the digital audio-visual content is encrypted during the importing process. This allows the administrator or even an authorized user to define an encryption strategy for initialization of the encipheror 3 or the encipheror in the encipheror/decipherer module 38 for specific digital audio-visual content.

The encipheror 3 or the encipheror in the encipheror/decipherer module 38 defines a block cipher algorithm, e.g., DES (data encryption standard), AES (advanced encryption standard), or Blowfish. The encipheror 3 or the encipheror in the encipheror/decipherer module 38 also defines the seeds for generating random keys, the preferred key length for the block cipher algorithm that accepts variable length keys, the preferred plaintext block size, e.g., 64 bits, 128 bits, or 256 bits. Otherwise, a default encryption strategy is to be used.

The encipheror 3 or the encipheror in the encipheror/decipherer module 38 employs an encryption method, referred to as the equal payload length digital audio-visual content encryption mechanism, which implements a block cipher algorithm to encrypt content portions or streams of data. The equal payload length digital audio-visual content encryption mechanism only encrypts the audio-visual frame payload/raw data with leaving the data packet headers untouched. These headers include, for instance, a system header, a GOP (group of packet) header, a VOP (video object plane) header, a video packet header, an audio packet header, and an ASF (advanced system format) data packet header. The headers will be described in more detail below.

The encrypted digital audio-visual content is stored in the content repository 12 of the file/data server 4, where the digital audio-visual content can be exported to a physical medium 43 such as a CD or a DVD. The physical medium 43 can be sold in the retail shop 44. Additionally, the digital audio-visual content on the physical medium 43 can be accessed directly through the Internet via VOD, broadcasting, and FTP services.

The key escrow module 6 in the SRM 5 can be solely responsible for the maintenance and management of the encryption key package for digital audio-visual content. The encryption key package is transmitted through a pre-established SSL link from the encipheror 3 or the encipheror in the encipheror/decipherer module 38 to the key escrow module 6, and is protected by using an asymmetric cipher (or a public key cryptographic algorithm, e.g., RSA). Here, RSA is short for Rivest-Shamir-Adelman.

A content provider is designed to include the SRM 5. A user of the client 23 can access the content provider's E-commerce web site or the web server 13 by use of a web browser 15 (see FIG. 1) to register him or her with the SRM 5 as a legal user of some or all of the services that the content provider offers. After this step, the client 23 receives a license and a key package from the content provider. The received license and key package allow the client 23 to present the content.

In one example, the web server 13 is used to transfer user's personal information from the client 23 to the SRM 5 through a pre-established SSL link. The user's personal information includes user's log-in ID and password. The user account manager 35 in the SRM 5 maintains and manages all the user's personal information.

An SSL connection is established upon user registration between the client 23 and the web server 13 for secure transaction on the Internet. The SSL connection allows the server security agent 22, which employs the software agent technology, to dynamically roam and be transferred to the client 23.

The server security agent 22 is implemented by the client 23. The implemented server security agent 22 collects local unique information relating to the client 23 for the SRM 5. The local unique information includes one or more of a NIC (network interface card) number, a MAC (media access control) address, a CPU identifier, and a hard disk identifier.

The local unique information is sent back to the web server 13 by the implemented server security agent 22, and is then forwarded to the SRM 5 to construct a unique end station identifier (referred to as a user ID hereafter). The user ID, together with user's log-in ID and password, is used to authenticate the user of the client 23. The user ID, together with user's log-in ID and password, is stored in the database 7.

Furthermore, working with the web server 13, the server security agent 22 acts as a middleman for message exchange between the client 23 and the SRM 5 in later transactions. It is preferable that the server security agent 22 has no right to write data into the local hard disk of the client 23 or change any local configurations. Moreover, the server security agent 22 preferably terminates before the application of the client 23 quits.

It should be noted that the server security agent 22 may also terminate after the issue of an authorization to present the content or after the presentation of the content on the end device 23.

Once the client registration (the user registration) is successful, the SRM 5 generates a pair of public and private keys for the user. The SRM 5 encrypts the private key using a cipher key (a client secure registry key) K_csr. The SRM 5 sends the encrypted private key to the user or the client 23 by use of the server security agent 22.

A specific license is also generated by the SRM 5 for the user to define the corresponding service type and content usage rules. The license is stored in the database 7. The license is also encrypted in the SRM 5 before being sent to the user or the client 23 via the server security agent 22.

The application of the client 23 obtains the encrypted private key and license from the server security agent 22, and saves them in a secure registry 20 (see FIG. 1) for later transactions. The secure registry 20 may be a special place in the local hard disk or the system registry of the client 23.

When a legal user wants to present the content, the client 23 is operated to access the content provider's E-commerce web site or the web server 13 by use of the web browser 13. In response to the access, a new server security agent 22 is generated by the web server 13 or the SRM 5 before being transferred therefrom to the application of the client 23. The new server security agent 22 is implemented by the application of the client 23.

After the user's log-in ID and password have been validated, the new server security agent 22 in the client 23 determines the unique local information of the user's device in the client 23. The new server security agent 22 forwards the unique local device information to the SRM 5, where a unique user ID is generated based on the received unique local device information.

In the SRM 5, the generated user ID is compared to the user ID that has been stored in the database 7 during the registration process. Only when the two user IDs match, the user passes the authentication of the user ID.

When the two user IDs match, the server security agent 22 transfers the encrypted license from the application of the client 23 to the SRM 5. In the SRM 5, the received license is decrypted, and the decrypted license is compared to the one that has been stored in the SRM database 7 during the registration process. Only when the two licenses match, the user passes the authentication of the user license.

After the user is authenticated, the SRM 5 parses the license code and returns the corresponding encrypted digital audio-visual content key package to the client 23 by use of the server security agent 22. The server security agent 22 decrypts the key package, and transfers the decrypted key package to the rights manager 21 in the application of the client 23. The rights manger 21 analyses the license and feeds the key package to the decipherer 19, where the digital audio-visual content is decrypted in response to the key package. The decrypted content is then fed to the AV decoder 16, the video renderer 52, and the sound card 53 for presentation.

A user of the client 23 can transfer the license to another client device, for instance, a PC, or pocket PC. Moreover, a user is allowed to apply multiple licenses to different devices at the same time.

In one example, a method of encryption and decryption of content is provided that seeks to not introduce redundant bits into the content after it is encrypted. It should be noted that additional bits mean greater modifications on the original digital audio-visual content. The encryption/decryption method only encrypts the audio-visual frame payload/raw data while keeping unencrypted the headers of the payloads.

The encrypted content can be manipulated by the existing streaming protocols, for instance, an RTP (real-time transport protocol), an RTSP (real-time streaming protocol), and a specification of ISMA (Internet streaming media alliance) without any additional components or modifications on those protocols. In general, the encryption-based protection of the payload data, which contains the real content information, is sufficient to prevent an illegal access to the content since the header can only be decoded while the payload can not be presented.

FIG. 3 is a diagram schematically illustrating an encryption scheme in the equal payload length digital audio-visual content encryption mechanism. According to this mechanism, after the payload is encrypted, there is no change in the number of bits contained within the content.

For digital audio-visual coding standards, for instance, MPEG (Moving Picture Experts Group)-1/2/4, Windows Media, and H.263/264, digital audio-visual content 54 can be divided into one or more data packets, for instance, video packets, audio packets, and metadata packets, with packet headers and corresponding packet payloads.

With reference to FIG. 3, an encryption algorithm 56 is applied only to each packet payload without any changes of the number of bits contained within that packet payload. For instance, headers 57 remain untouched during the encryption. On the other hand, payloads 58 are passed through the encryption algorithm 56, resulting in the encrypted payloads 59. Accordingly, digital audio-visual content packets 54 are converted into encrypted digital audio-visual content packets 55 through the encryption of the payloads 58.

FIG. 4 is a diagram briefly showing the result of applying the encryption algorithm to the digital audio-visual content 60. The digital audio-visual content 60 usually has multiple elementary streams, e.g., video stream(s) 62, audio stream(s) 63, script stream(s) 64, and metadata 65.

Accordingly, in order to enhance the security and introduce more flexibility, different elementary streams are preferably encrypted with different encryption keys and/or algorithms.

With reference to FIG. 4, the digital audio-visual content 60 is demultiplexed into individual elementary streams 62, 63, 64, and 65 by a demultiplexer 61 before the encryption. The elementary streams 62, 63, 64, and 65 are encrypted through the encryption of the payload. The encrypted elementary streams 66, 67, 68, and 69 are multiplexed into a single stream by a multiplexer 70 to construct new encrypted digital audio-visual content 71.

The encryption procedure will now be described in more detail. It is assumed that a predetermined encryption strategy is selected which defines the block cipher algorithm, e.g., DES, AES, or Blowfish, the seeds for generating random keys, the preferred key length for the block cipher algorithm that accepts variable length keys, and the preferred plaintext block size, e.g., 64 bits, 128 bits, or 256 bits. It is also assumed that the plaintext block size is N_b bits, the key length is N_k bits, the stream packet header length is N_h bits, and the stream packet payload length is N_p bits.

According to one example, two keys are applied to the stream packet payload at the same time, which are expressed as (K₁, K₂)_i where K₁ and K₂ denote the respective keys and “i” represents a different elementary stream. For any elementary stream, the encryption is applied to each packet payload independently although the key pair is the same for the same elementary stream.

There are several cases when the encryption mechanism is applied. The first case is when N_p>=N_b. In this case, according to the requirement of the block cipher algorithm, the total length of the plaintext should be a multiple of N_b. On the other hand, most of the time, this is not true for N_p.

One way to solve this problem is to add some dummy bits (N_d) to the end of the packet payload so that the (N_p+N_d) will be a multiple of N_b. However, the addition of the dummy bits introduces disadvantages such as increasing the length of the content.

Accordingly, in another example, all of the packet payloads in a stream are considered as a whole with some bytes (N_s) being selected from the successive packet payload to ensure that (N_p+N_s) will be a multiple of N_b. However, this design may cause some delays by waiting for the next one or more packets especially during real-time streaming. Moreover, the design causes different data packets to be related during encryption/decryption.

Some additional bytes as indicators in the encrypted stream are necessary for the above-mentioned methods to indicate N_p and N_d/N_s for the decryption process. Also, changing of the final packet length is required. Therefore, the modification of the headers occurs.

In a further example, these problems are avoided by adding any additional bits to the encrypted data by employing one pair of keys, i.e., (K₁, K₂).

FIG. 5 shows the details of the block cipher algorithm which includes the following steps.

a) The content is segmented or demultiplexed into individual elementary streams which are analyzed to classify the header and the payload data 72, whereas the header is not encrypted as S1 shows.

b) The payload data of each packet is put into an encryption buffer.

c) The numbers N_p and N_b are compared. If N_p>=N_b, the first N_b bits of the payload data in the encryption buffer are encrypted with the key K₁ as S2 shows. Then, the plaintext is replaced with the corresponding ciphertext in the encryption buffer while the rest (N_p−N_b) bits of the payload data are untouched as S3 shows.

d) A modulus calculation is performed such that z=N_p mod N_b and n=N_p−zN_b where “z” is an integer value and “n” is the remainder of the modulus calculation.

e) The first “n” bits in the encryption buffer are skipped, which are a part of the ciphertext generated by the above steps and encrypted with the key K₁ as S5 shows.

f) The rest zN_b bits in the encryption buffer are encrypted with the key K₂, and the plaintext is replaced with the corresponding ciphertext as S6 shows.

g) The encrypted packet 74 is reconstructed by combining the original header and the encrypted payload data without any additional bits.

h) The encrypted packet 74 is fed to the multiplexer 70 to be multiplexed with other elementary streams to construct the encrypted digital audio-visual content 71.

The extreme case is that n=0. Then, the first N_b bits of the payload data are encrypted with the keys K₁ and K₂. Because K₁≠K₂, the first N_b bits are not recovered but encrypted twice.

In the situation where N_p is less than N_b, a different method is used. Normally N_b is 64 (e.g., DES), 128 (e.g., AES), or 256 (e.g., AES), and hence this case is seldom happening for digital audio-visual contents with N_p being only 8, 16, or 32 bytes. For such a case, it is typical to implement the cipher feedback (CFB) operation mode of a block cipher algorithm. In this mode, the plaintext itself is not actually passed through the block cipher algorithm, but is merely XORed with an output block.

FIG. 6 shows the details of the CFB operation mode of the block cipher algorithm which includes the following steps.

a) An N_b-bit block called a shift register 75, which is initially set to some arbitrary value, is used as the input plaintext to the block cipher algorithm.

b) The ciphertext is then passed through an extra component called an M box 76 which simply selects the left-most M bits of the ciphertext, where M is the number of bits in the data block that are required to be encrypted, i.e., N_p.

c) The selected M bits are XORed with the real plaintext that is to be encrypted as S11 shows.

d) The output of the XOR operation is the final ciphertext.

In one example, the key K₁ shown at 77 is used as the initial shift register value V_r. If the length N_k of the keys is less than N_b, a number of dummy bits are added to the end of the key K₁ to make V_r have the same length as that of N_b. This step is shown in S7. The dummy bits are set to “0”. If N_k is equal to or greater than N_b, then only the left-most N_b bits of the key K₁ (the key 77) are used as the initial shift register value Vr. This step is shown in S8. The next step involves encrypting the initial shift register value V_r with the key K₂ as shown at S9. Consequently, the ciphertext V_c is produced as shown at 78.

Then, as shown in S10, the left-most N_p bits of the ciphertext V_c are selected. As shown at S11, the selected N_p bits of the ciphertext V_c are XORed with the N_p bits of payload data in the data packet 72. The result of the XOR operation is the final ciphertext. As shown at S12, combining the final ciphertext with the original header constructs the encrypted data packet 74.

In order to access the digital audio-visual content, the user is required to get the encryption key pairs for the encrypted content data. After getting the encryption key pairs is successfully completed, the user can access the digital audio-visual content by any means, for instance, VOD, FTP, or live streaming on the Internet, or buying a CD or a DVD from the retail shop 44 (see FIG. 2) while decrypting the encrypted content data by use of the encryption key pairs. Those procedures will be described later.

Before being decoded and rendered, the digital audio-visual content is decrypted at first. The decryption process is inverse or reverse with respect to the encryption process. The decryption of a stream uses a strategy inverse or reverse with respect to that defined in the encryption mechanism. As known in the art of block cipher algorithms, which are also called symmetric encryption algorithms, decryption keys are the same as encryption keys.

FIG. 7 shows a decryption scheme for encrypted content generated by the equal payload length digital audio-visual content encryption mechanism. With reference to FIG. 7, the content 55 is divided into one or more packets, for instance, video packets, audio packets, and metadata packets, with packet headers and corresponding packet payloads. A decryption algorithm 80 is applied only to each packet payload without any changes in the number of bits contained within the payload. For instance, headers 57 remain untouched during the decryption. On the other hand, payloads 59 are inputted to the decryption algorithm 80 from which the decrypted payloads 58 are outputted.

FIG. 8 shows the details of the decryption scheme in FIG. 7. With reference to FIG. 8, before the decryption, a demultiplexer (a segmenting device) 61 demultiplexes or segments encrypted content 71 into individual encrypted elementary streams such as encrypted video stream(s) 66, encrypted audio stream(s) 67, encrypted script stream(s) 68, and encrypted metadata 69.

Each encrypted elementary stream consists of one or more data packets 55 with corresponding headers and payloads. Only the payloads are inputted to the decryption algorithm 80, undergoing the decryption to recover the original payload data. The decrypted payload data and the unchanged headers are combined to reconstruct the original data packets 54 composing the original elementary stream. Thus, the original video stream(s) 62, the original audio stream(s) 63, the original script stream(s) 64, and the original metadata 65 are restored from the encrypted video stream(s) 66, the encrypted audio stream(s) 67, the encrypted script stream(s) 68, and the encrypted metadata 69, respectively. Then, the multiplexer 70 multiplexes the original elementary streams 62, 63, 64, and 65 to restore the original digital audio-visual content 60.

The decryption scheme will be described below in more detail. It is assumed that a predetermined encryption/decryption strategy is selected which defines the block cipher algorithm, e.g., DES, AES, or Blowfish, the seeds for generating random keys, the preferred key length for the block cipher algorithm that accepts variable length keys, and the preferred plaintext block size, e.g., 64 bits, 128 bits, or 256 bits.

Again, it is assumed that the plaintext block size is N_b bits, the key length is N_k bits, the stream packet header length is N_h bits, and the stream packet payload length is N_p bits. Two keys are applied to the stream packet payload at the same time, which are expressed as (K₁, K₂)_i where K₁ and K₂ denote the respective keys and “i” represents a different elementary stream. For any elementary stream, the encryption is applied to each packet payload independently although the key pair is the same for the same elementary stream. Accordingly, the decryption is also applied to each packet payload independently, and different elementary streams are likely to use different key pairs.

For the decryption, there are the same cases as those for the encryption. FIG. 9 shows the details of the decryption scheme which is implemented when N_p is greater than or equal to N_b. With reference to FIG. 9, the decryption scheme includes the following steps.

a) After being demultiplexed, each individual encrypted elementary stream is analyzed to data packets 74 with classifying the headers and the (encrypted) payload data whereas the headers are not decrypted as S13 shows.

b) The (encrypted) payload data of each data packet is inputted to a decryption buffer.

c) The numbers N_p and N_b are compared. If N_p>=N_b, then the modulus calculation is performed such that z=N_p mod N_b and n=N_p−zN_b where “z” is an integer value and “n” is the remainder of the modulus calculation.

d) The number “n” satisfies conditions as nε[0, N_b]. As shown at S14, the first “n” bits in the decryption buffer are skipped which are a part of the ciphertext that is encrypted with the key K₁.

e) The rest zN_b bits in the decryption buffer are decrypted with the key K₂, and the ciphertext is replaced with the corresponding plaintext as S15 shows.

f) Then, as S16 shows, the header is unchanged again. As S17 shows, the last (N_p−N_b) bits of the payload data in the decryption buffer are also untouched. As shown at S18, the first N_b bits of the payload data in the decryption buffer are decrypted with the key K₁. Then, the ciphertext is replaced with the corresponding plaintext in the decryption buffer.

g) The decrypted packet 72 is reconstructed by combining the original header and the decrypted payload data without any additional bits. The decrypted packet 72 is fed to the multiplexer 70 to be multiplexed with other elementary streams to reconstruct the original digital audio-visual content 60.

The extreme case is that n=0. Then, the first N_b bits of the payload data are decrypted with the keys K₂ and K₁.

In the situation where N_p is less than N_b, a different method is used. According to this method, the ciphertext is merely XORed with the output block from an M box to get the plaintext.

FIG. 10 shows the decryption scheme for the situation where N_p is less than N_b. The decryption scheme in FIG. 10 includes the following steps.

a) An N_b-bit block called a shift register 75, which is initially set to some arbitrary value, is used as the input plaintext to the block cipher algorithm.

b) The key K₁ shown at 77 is used as the initial shift register value V_r. If the length N_k of the keys is less than N_b, several dummy bits are simply added to the end of the key K₁ to make V_r have the same length as that of N_b. This step is shown in S19. The dummy bits are set to “0”. If N_k is equal to or greater than N_b, the left-most N_b bits are taken from the key K₁ as the initial shift register value V_r. This step is shown in S20.

c) As S21 shows, the initial shift register value V_r is encrypted with the key K₂ to get the ciphertext V_c illustrated at 78. The ciphertext V_c is then passed through the M box 76.

d) As shown at S22, the left-most M bits of the ciphertext V_c are selected by the M box 76, where M is the number of bits in the data block that are required to be decrypted, i.e., N_p.

e) As shown at S23, the selected M bits are XORed with the payload data that are required to be decrypted. The XOR operation decrypts the payload data.

f) The output of the XOR operation is the final plaintext.

g) As S24 shows, the header is not decrypted. By combing the original header and the decrypted payload data, the original data packet 72 is reconstructed.

FIG. 11 shows the details of the encipheror 3. As shown in FIG. 11, the encipheror 3 includes the demultiplexer 61 receiving digital content. The demultiplexer 61 divides the digital content into elementary streams (1), (2), . . . , (i). The demultiplexer 61 feeds the elementary streams (1), (2), . . . , (i) to stream analyzers 84, respectively. The devices 84 analyze the elementary streams (1), (2), . . . , (i) to get analyzation results, respectively. The analyzation results are sent from the analyzers 84 to a block cipher encryption engine 82 through encryption buffers 85 respectively.

The encipheror 3 further includes an encryption key generator 83 notified of the encryption strategy. The demultiplexer 61 supplies the encryption key generator 83 with information related to the elementary streams (1), (2), . . . , (i). The encryption key generator 83 produces key pairs (K₁, K₂)₁, (K₁, K₂)₂, . . . , (K₁, K₂)_i for the respective elementary streams (1), (2), . . . , (i) in response to the encryption strategy and the information from the demultiplexer 61. The key pairs (K₁, K₂)₁, (K₁, K₂)₂, . . . , (K₁, K₂)_i compose a stream key package. The encryption key generator 83 feeds the key pairs to the block cipher encryption engine 82. In addition, the encryption key generator 83 sends the key pairs to the key escrow module 6 in the SRM 5 (see FIGS. 1 and 2). Preferably, the key pairs are encrypted by the encryption key generator 83 before being sent to the key escrow module 6.

In the encipheror 3, the block cipher encryption engine 82 subjects the analyzation results to the block cipher encryption to get encrypted elementary streams. The block cipher encryption engine 82 feeds the encrypted elementary streams to the multiplexer 70. The multiplexer 70 combines the encrypted elementary streams into encrypted digital content. The multiplexer 70 sends the encrypted digital content to the content repository 12 in the file/data server 4 (see FIGS. 1 and 2).

FIG. 12 shows the details of the decipherer 19. As shown in FIG. 12, the decipherer 19 includes the demultiplexer 61 which receives encrypted digital content. The demultiplexer 61 divides the encrypted digital content into encrypted elementary streams (1), (2), . . . , (i). The demultiplexer 61 feeds the encrypted elementary streams (1), (2), . . . , (i) to stream analyzers 84, respectively. The devices 84 analyze the encrypted elementary streams (1), (2), . . . , (i) to get analyzation results, respectively. The analyzation results are sent from the analyzers 84 to a block cipher decryption engine 87 through decryption buffers 86 respectively.

The block cipher decryption engine 87 is notified of the encryption strategy. The block cipher decryption engine 87 receives the stream key package composed of the key pairs (K₁, K₂)₁, (K₁, K₂)₂, . . . , (K₁, K₂)_i. The block cipher decryption engine 87 subjects the analyzation results to the block cipher decryption to get decrypted elementary streams. The block cipher decryption engine 87 feeds the decrypted elementary streams to the multiplexer 70. The multiplexer 70 combines the decrypted elementary streams into decrypted digital content. The multiplexer 70 sends the decrypted digital content to the AV decoder 16 (see FIGS. 1 and 2).

The content may contain one or several elementary streams, for instance, an audio stream, a video stream, and a script stream. Each elementary stream is encrypted by a pair of block cipher keys, i.e., (K₁, K₂)_i, where K₁ and K₂ denote the respective keys and “i” represents the stream ID number in the digital audio-visual content. Therefore, the content is associated with a key package {(K₁, K₂)₁, (K₁, K₂)₂, . . . , (K₁, K₂)_i} which consists of all the key pairs for all the elementary streams.

The content is stored in the content repository 12 in the file/data server 4. It should be noted that the corresponding key package does not reside at the same location as the content for security purposes.

The encipheror in the encipheror/decipherer module 38 may be similar in structure to the encipheror 3 in FIG. 11. The decipherer in the encipheror/decipherer module 38 may be similar in structure to the decipherer 19 in FIG. 12.

FIG. 13 shows the management of the key package. With reference to FIG. 13, when the user registers with the base station, the SRM 5 exchanges its public key with the encipheror 3 and/or the encipheror in the encipheror/decipherer module 38 according to the Diffie-Hellman key exchange mechanism. Then, by using an asymmetric cipher (or a public key cryptographic algorithm, e.g., RSA (Rivest-Shamir-Adelman)), the key package is encrypted with the public key K_SRM—pub of the SRM 5 by the encryption key generator 83 in the encipheror 3 and/or that in the encipheror of the encipheror/decipherer module 38. The encrypted key package is sent to the key escrow module 6 of the SRM 5 through a network connection implementing an SSL protocol.

At the SRM 5, the database 7 stores the key package. After receiving the encrypted key package, the key escrow module 6 decrypts the received key package with the private key K_SRM—pte of the SRM 5. Then, the key escrow module 6 encrypts the decrypted key package again with a secure storage key K_ss by using a block cipher, e.g., DES or AES. The encrypted key package is saved into the database 7. The secure storage key K_ss is solely managed by the SRM 5, and may be changed from time to time.

FIG. 14 shows the updating of the keys for the key package. With reference to FIG. 14, an administrator 88 of the SRM 5 feeds a new secure storage key K′_ss to the key escrow module 6 in the SRM 5 which should replace the old secure storage key K_ss. The key escrow module 6 reads out the encrypted key package from the database 7 in the SRM 5. The key escrow module 6 decrypts the read-out key package with the old secure storage key K_ss. Then, the key escrow module 6 encrypts the decrypted key package again with the new secure storage key K′_ss by using the block cipher. The key escrow module 6 saves the encrypted key package in the database 7. As a result, the key package in the database 7 is updated.

FIG. 15 shows the main processes of client register and license distribution. A client 23 accesses the content provider's E-commerce web site to register the desired services, for instance, VOD and live broadcasting.

A dedicated web server 13 provides the E-commerce web site to the client 23. Preferably, the web server 13 is in the SRM 5. Alternatively, the web server 13 may be separate from the SRM 5. A secured connection implementing SSL protocol may be established between the web server 13 and the SRM 5. Furthermore, once the client 23 starts the registration process, an SSL connection may be established between the client 23 and the web server 13 to protect client's personal information.

When the registration process is successful, the client's personal information is recorded in the SRM database 7, where all the records should be encrypted with a secure database entry key K_sse by using a block cipher, e.g., DES or AES. The secure database entry key K_sse is solely managed by the SRM 5, and may be changed from time to time by the administrator of the SRM 5.

With reference to FIG. 15, the registration process and the license distribution process include the following steps.

a) The web server 13 and the SRM 5 establish an SSL link as S25 shows.

b) A user of the client 23 accesses a content provider's E-commence web site by using a web browser to register certain service(s) as S26 shows.

c) With the agreement of the user, an application of the client 23 is downloaded from the web server 13 as S27 shows. The application is, for example, a Java applet. The user installs the application on the end station as S28 shows. Thus, the application of the client 23 is implemented.

d) With the agreement of the user, the application of the client 23 establishes an SSL connection (an SSL link) with the web server 13 for further transactions as S29 shows.

e) As shown at S30, S31, and S32, the user information is sent from the client 23 to the web server 13 through the SSL link. The user information is then transferred to the SRM 5 by the web server 13 through either local transactions or an SSL connection. The user account manager 35 in the SRM 5 encrypts the user information with the secure database entry key K_sse. The user account manager 35 places the encrypted user information into a user account section of the database 7. Any change of the secure database entry key K_sse which is carried out by the administrator triggers the decryption and re-encryption processes for all the records in the user account section of the database 7.

f) The user accepts an agreement to allow a program for a server security agent 22, which originates from the web server 13 and is transferred through the SSL connection, to be implemented by the client 23. The server security agent 22 carries out the software agent technology, and determines or collects some unique information of the user's local machine (the user's local device) on behalf of the SRM 5. Once being implemented, the server security agent 22 shares the SSL connection that has been established between the client 23 and the web server 13. By providing its unique agent ID, the server security agent 22 is authenticated by the SRM 5. All the collected local device information is relayed by the web server 13 before being transmitted to the SRM 5. In the SRM, the local device information is encrypted with the secure database entry key K_sse, and the encrypted local device information is saved in a user ID section of the database 7 that is related to the user account section of the database 7. The aforesaid steps are shown at S33, S34, S35, S36, and S37.

g) The SRM 5 generates a public/private key pair for the user, that is, a pair of a user public key K_user—PUB and a user private key K_user—PTE. These two keys are encrypted with the secure database entry key K_sse, and the encrypted keys are saved in a transaction key section of the database 7 which is related to the user account section of the database 7. Moreover, the SRM 5 generates another client secure registry key K_csr which is a block cipher key. The SRM 5 encrypts the user private key K_user—PTE with the client secure registry key K_csr according to a predetermined block cipher algorithm, e.g., AES or Blowfish. The client secure registry key K_csr is also encrypted with the secure database entry key K_sse before being saved in the transaction key section of the database 7. Then, the encrypted user private key K_user—PTE and the client secure registry key K_csr are sent from the SRM 5 to the web server 13, then to the server security agent 22 in the client 23 through the SSL links. The aforesaid steps are shown at S38, S39, and S40.

h) The server security agent 22 passes the encrypted key K_user—PTE to the application of the client 23. Then, the application of the client 23 writes the encrypted key K_user—PTE into the secure registry 20 in the client 23. On the other hand, the server security agent 22 does not pass the client secure registry key K_csr to the application of the client 23. The client secure registry key K_csr is kept at the server security agent 22 as long as the server security agent 22 is implemented by the end station. When the application of the client 23 needs the original key K_user—PTE, it is necessary for the application of the client 23 to pass the encrypted key K_user—PTE to the server security agent 22. In the server security agent 22, the encrypted key K_user—PTE is decrypted with the client secure registry key K_csr. The server security agent 22 returns the decrypted key K_user—PTE back to the application of the client 23 for further transactions. The aforesaid step is shown at S41.

i) The server security agent 22 may update the client secure registry key K_csr on request from the SRM 5. In such a case, the server security agent 22 is notified of a new client secure registry key K_csr and the application of the client 23 is required to pass the encrypted K_user—PTE to the server security agent 22. In the server security agent 22, the encrypted key K_user—PTE is decrypted with the old client secure registry key K_csr before the decrypted key K_user—PTE is re-encrypted with the new client secure registry key K_csr. Thus, a new encrypted key K_user—PTE is generated in the server security agent 22. The new encrypted key K_user—PTE is returned from the server security agent 22 to the application of the client 23. Subsequently, the application of the client 23 overwrites the old encrypted K_user—PTE with the new one in the secure registry 20.

j) According to the registered services from the user, different license codes are generated by the SRM 5. Each license code defines the service type and the usage rule under which the content should be used. A generated license code is stored in a license section of the database 7 after being encrypted with the secure database entry key K_sse. The license section of the database 7 is related to the user account section thereof. The aforesaid step is shown at S42.

k) The license code is also encrypted with the client secure registry key K_csr before being sent from the SRM 5 to the client 23 via the server security agent 22 along with the client secure registry key K_csr. The server security agent 22 passes the encrypted license code to the application of the client 23. Then, the application of the client 23 writes the encrypted license code into the end station's secure registry 20. The server security agent 22 does not pass the client secure registry key K_csr to the application of the client 23. The client secure registry key K_csr is kept at the server security agent 22 as long as the server security agent 22 is alive. When the application of the client 23 needs the original license code, the application of the client 23 is required to pass the encrypted license code to the server security agent 22. In the server security agent 22, the encrypted license code is decrypted with the client secure registry key K_csr. The server security agent 22 returns the decrypted license code (the original license code) back to the application of the client 23 for further transactions. The aforesaid steps are shown at S43 and S44.

l) The server security agent 22 may update the client secure registry key K_csr on request from the SRM 5. In such a case, the server security agent 22 is notified of a new client secure registry key K_csr and the application of the client 23 is required to pass the encrypted license code to the server security agent 22. In the server security agent 22, the encrypted license code is decrypted with the old client secure registry key K_csr before the decrypted license code is re-encrypted with the new client secure registry key K_csr. Thus, a new encrypted license code is generated in the server security agent 22. The new encrypted license code is returned from the server security agent 22 to the application of the client 23. Subsequently, the application of the client 23 overwrites the old encrypted license code with the new one in the secure registry 20.

m) The server security agent 22 terminates when the application of the client 23 is closed or when the presentation of the content is finished.

FIG. 16 shows a method of user authentication and digital audio-visual content encryption key(s) distribution. Each time a registered user wants to enjoy the services from the content provider, the user may be authenticated.

With reference to FIG. 16, the method of user authentication and digital audio-visual content encryption key(s) distribution includes the following steps.

1) At steps S45, S46, S47, and S48, a user of the client 23 accesses the content provider's web site (the web server 13) through the web browser 15 by providing user's log-in ID and password. When the log-in has been successful, the installed application of the client 23 is implemented.

2) At a step S49, the user requests a certain service through the application of the client 23, e.g., playback of a content through VOD, watching a live broadcasting program, or ordering a CD.

3) The application of the client 23 establishes an SSL connection with the content provider's web server 13 as shown in S50.

4) The SRM 5 generates a unique agent ID, and sends it to the web server 13. A server security agent 22 roams or is transferred from the web server 13 through the SSL connection before reaching the end station (the client 23). The server security agent 22 is implemented in the end station. Once being implemented, the server security agent 22 shares the SSL connection that has been established between the client 23 and the web server 13. Then, the web server 13 relays any messages between the server security agent 22 and the SRM 5. By providing its unique agent ID, the server security agent 22 is authenticated by the SRM 5. The server security agent 22 in the client 23 automatically collects or determines unique information of the user's local machine (the user's local device) on behalf of the SRM 5. The unique information includes a NIC (network interface card) number, an MAC address, a CPU ID, and a hard disk ID that are unique for a computer in the user's local machine. All the collected local device information is transmitted to the SRM 5 while being related by the web server 13 through the SSL links. In the SRM 5, the local device information is compared with the corresponding records in the user ID section of the database 7 that have been saved during the user registration procedure. Those records can be easily located by relating to the user's log-in ID and password. When the local device information and the corresponding records do not match, the SRM 5 regards the current log-in user as an illegal user and forces the server security agent 22 to terminate. The web server 13 is informed by the SRM 5 about the situation, and then rejects any further request from the illegal client device 23. The aforesaid steps are shown at S51, S52, S53, S54, S55, S56, and S47.

5) When the local device information and the corresponding records match, that is, when the verification is passed, a step S57 is executed. In the step S57, the server security agent 22 requests the license code that is in the secure registry 20 from the application of the client 23. Then, the server security agent 22 receives the license code, and transfers it to the SRM 5.

6) After the license code is sent to the SRM 5 for verification, the SRM 5 compares the licence code to the corresponding record in the database 7. When the licence code and the corresponding record do not match, the SRM 5 regards the current user as holding an illegal license and rejects any request from the client device 23. The aforesaid steps are shown at S58, S59, S60, and S47.

7) When the licence code and the corresponding record match, that is, when the license code is legal, a step S61 is executed. At the step S61, the SRM 5 transfers the corresponding client secure registry key K_csr to the server security agent 22.

8) At a step S62, the SRM 5 checks the service type that is defined in the license code to make a decision on whether providing the user with the content is permitted by the licence. Furthermore, the SRM 5 checks the usage rule that is defined in the license code to decide how to send the key package for the requested digital audio-visual content. For instance, if a user can only access the video stream in the digital audio-visual content, the SRM 5 only needs to send the corresponding key pair for the video stream in the key package to the server security agent 22 in the client 23.

9) At a step S63, assuming that the user has a full access to the digital audio-visual content, the SRM 5 obtains the encrypted key package from the key section of the database 7. The SRM 5 decrypts the obtained key package with the secure storage key K_ss, and re-encrypts the decrypted key package with the user public key K_user—PUB. The SRM 5 transfers the re-encrypted key package to the server security agent 22 in the client 23.

10) The server security agent 22 passes the key package to the application of the client 23 as shown at a step S64.

11) At a step S65, the application of the client 23 obtains the encrypted private key K_user—PTE from the secure registry 20 and transfers it to the server security agent 22. In the server security agent 22, the encrypted private key K_user—PTE is decrypted with the client secure registry key K_csr.

12) At a step S66, the server security agent 22 returns the decrypted private key K_user—PTE back to the application of the client 23. The application of the client 23 decrypts the key package with the decrypted private key K_user—PTE.

13) The application of the client 23 obtains the license code from the secure registry 20, and transfers it to the server security agent 22. In the server security agent 22, the license code is decrypted with the client secure registry key K_csr. The server security agent 22 returns the decrypted license code back to the application of the client 23.

14) At a step 67, the decrypted key package is passed to the decipherer 19 whereas the decrypted license code is passed to the rights manager 21 in the client 23.

15) At a step S68, the requested digital audio-visual content is fed to the decipherer 19 before reaching the AV decoder 16. The decipherer 19 is controlled by the rights manager 21, and decrypts the content with the key package. The output of the decipherer 19 is transferred to the AV decoder 16.

16) The presentation of the content at the client device 23 begins.

FIG. 17 shows the process for a user to obtain a license transfer Key. FIG. 18 shows the processes for a user to successfully transfer a license. Due to the unique user ID used to verify that the user is based on the registered client device 23, the transfer of a license is required to be accomplished if the user wishes to access the content provider's service from another device. The user can either obtain multiple licenses or transfer the license from the registered device to the desired device.

A user can apply for multiple licenses with respect to one or more client devices such as a notebook PC, a pocket PC, and a cellular phone. Each license may contain different usage rules. The user can register the client devices one by one by repeating the same procedure of a normal single license application. In the database 7, the user's multiple IDs and multiple licenses are related to the user's log-in ID and password.

There is a common case that the registered user wants to transfer the license from one device to another device. For instance, when the user is going on a business trip, the user wants to transfer the license from the desktop PC to the notebook PC so that they can access the service from the content provider during the business trip.

With reference to FIGS. 17 and 18, the procedure concerning a license includes the following steps.

1) After being successfully authenticated, the user issues a license transfer request from the application of the client 23 at the registered end station as shown at steps S69, S70, S71, and S72.

2) The end station (the client) 23 transfers the request to the server security agent 22. Then, the server security agent 22 transfers the request to the web server 13 through the established SSL link. Then, the web server 13 relays the request to the SRM 5 at a step S73.

3) Upon receiving the request, the SRM 5 generates a unique license transfer key as shown at a step S74. The SRM 5 encrypts the licenses transfer key with the secure database entry key K_sse, and stores the encrypted license transfer key in the license section of the database 7. In addition, the SRM 5 encrypts the licence transfer key with the client secure registry key K_csr, and sends the encrypted license transfer key to the server security agent 22 in the client 23 via the web server 13 through the SSL links as shown at the step S74.

4) At a step S75, the server security agent 22 requests the application of the client 23 to save the encrypted license transfer key in the secure registry 20. At a step S76, the server security agent 22 decrypts the encrypted license transfer key with the client secure registry key K_csr. The server security agent 22 passes the decrypted license transfer key to the application of the client 23. Then, the application of the client 23 controls the client display to indicate the license transfer key to the user. As a result, the user notes and remembers the licence transfer key.

5) At steps S77 and S78, the user starts to register the desired device that the license should be transferred to by logging onto the content provider's web site with the log-in ID and password from the desired device.

6) At step S79 and S80, similar to the first-time registration, the user is required to accept the agreement that a server security agent 22 can roam or transfer to the new client device 23 to collect or determine the unique local information thereof on behalf of the SRM 5.

7) Once being implemented, the server security agent 22 shares the SSL connection that has been established between the new client 23 and the web server 13. The web server 13 relays messages between the server security agent 22 and the SRM 5. By providing its the unique agent ID, the server security agent 22 is authenticated by the SRM 5.

8) At a step S81, the user is required to issue a license transfer request and provide the license transfer key to the application of the new client 23 instead of applying for a brand new license. The application of the new client 23 forwards the license transfer request to the server security agent 22 together with the license transfer key.

9) The server security agent 22 sends the license transfer key to the SRM 5 through the web server 13. The SRM 5 checks the received licence transfer key with its record in the license section of the database 7 that is related to the user's log-in ID and password. When the received licence transfer key and the corresponding record do not match, the SRM regards the current license transfer request as an illegal one and rejects the current license transfer request. The aforesaid steps are shown at S82, S83, S84, and S85.

10) When the received licence transfer key and the corresponding record match, that is, when the two license transfer keys match, the SRM 5 requests the server security agent 22 to collect the local device information. Then, the server security agent 22 sends the collected local device information to the SRM 5 through the web server 13. The SRM 5 encrypts the received local device information with the secure database entry key K_sse. Before saving the new user ID information in the user ID section of the database 7, the SRM 5 may check the database 7 as to whether there is any identical user ID related to the same user's log-in ID and password which would be added by previous actions.

11) When no same record exists, the SRM 5 marks the old user ID as an obsolete one. The SRM 5 keeps the obsolete user ID in the database 7 for future reference. Then, the SRM 5 saves the new user ID in the user ID section of the database 7. If there is a same record, the SRM 5 may remove it from the database 7 before saving the newly received user ID. The aforesaid steps are shown at S86 and S87.

12) At a step S88, with the help of the database 7, the SRM 5 can easily locate the user private key K_user—PTE, the license code, and the client secure registry key K_csr. The SRM 5 encrypts the user private key K_user—PTE and the license code with the client secure registry key K_csr. The SRM 5 sends the encrypted user private key K_user—PTE, the encrypted license code, and the client secure registry key K_csr to the server security agent 22 in the new client 23.

13) At a step S89, the server security agent 22 requests the application of the new client 23 to save the encrypted user private key K_user—PTE and the encrypted license code in the secure registry 20.

14) The SRM 5 checks the current connection with the server security agent 22 in the old client device 23 which previously owned the license. If the connection is still active, the SRM 5 does not activate the new user ID immediately until the user quits the application of the old client device 23. If the connection has been cancelled, the SRM 5 activates the new user ID immediately and is ready for any request from the new client device 23 at a step S90.

15) If the user tries to employ the old machine to access the service after the license transfer has been successful, the user is reminded that the license has been transferred to another machine.

16) Re-doing the above-mentioned steps, the user can transfer the license to another client device 23.

There is the case where a user wishes to update the hardware in the client device 23, for instance, upgrade a CPU or change a NIC number. Since the unique user ID is based on the hardware of user's local machine, any changes in the hardware may cause the license to be illegal. It is compulsory that if a user wishes to update his/her hardware, he/she applies for license transfer before executing the updating.

Claims

1. A method of presenting content in an end station, comprising the steps of:

generating an access request;

transferring the access request to a base station;

receiving an agent from the base station as a response to the access request;

implementing the agent, wherein the implemented agent determines end station data indicative of an identity of the end station and transfers the end station data to the base station, wherein the base station authenticates the end station in response to the end station data and decides whether the authentication is successful; and

presenting the content when the base station decides that the authentication is successful.

2. A method according to claim 1, wherein the implemented agent generates the end station data using at least one of:

i) an indication of the content to be presented;

ii) an end station identifier uniquely indicative of the identity of the end station;

iii) a user identifier uniquely indicative of a user of the end station;

iv) an agent identifier uniquely indicative of the agent; and

v) a licence.

3. A method according to claim 1, wherein the content is encrypted using an encryption algorithm, and further comprising the steps of receiving decryption data inclusive of at least one of a decryption algorithm and a decryption key from the base station, decrypting the encrypted content using the decryption data, and presenting the decrypted content.

4. A method according to claim 3, wherein the decryption data is encrypted using a predetermined public key of a private/public key pair, and further comprising the step of decrypting the decryption data using a private key of the private/public key pair.

5. A method according to claim 3, wherein the decryption data includes first and second keys and the content includes one or more data packets each having an encrypted payload, and wherein the decrypting step comprises determining the payload in each data packet, decrypting a first portion of the determined payload using the first key, and decrypting a second portion of the determined payload using the second key, the first and second payload portions being arranged such that at least a part of the determined payload is encrypted using both the first and second keys.

6. A method according to claim 3, wherein the decryption data includes first and second keys and the content includes one or more data packets each having an encrypted payload, and wherein the decrypting step comprises determining the payload in each data packet, determining an arbitrary value using the first key, determining a cipher text by encrypting the arbitrary value using the second key, and decrypting the determined payload using the cipher text, the encrypted payload being formed from a logical combination of the unencrypted payload and the cipher text.

7. A method according to claim 3, wherein the decryption data includes first and second keys, and the decrypting step comprises segmenting the content into content portions each including at least one data packet, decrypting the data packets in the content portions using the first and second keys to get decrypted content portions, and combining the decrypted content portions to form the content to be presented.

8. In a base station, a method of authenticating an end station for an allowance of the presentation of content, comprising the steps of:

receiving an access request from the end station;

transferring an agent to the end station, wherein the end station implements the agent and the implemented agent determines end station data indicative of an identity of the end station and transfers the end station data to the base station;

receiving the end station data from the base station;

authenticating the end station for an allowance of the presentation of content in response to the end station data;

deciding whether the authentication is successful; and

authorizing the end station to perform the presentation of content when it is decided that the authentication is successful.

9. A method according to claim 8, further comprising the steps of encrypting the content using an encryption algorithm, generating decryption data inclusive at least one of a decryption algorithm and a decryption key, and transferring the decryption data to the end station, wherein the end station decrypts the content in response to the decryption data.

10. A method according to claim 9, further comprising the steps of determining a public key of a public/private key pair in accordance with the end station data, and encrypting the decryption data using the public key.

11. A method according to claim 9, wherein the decryption data includes first and second keys and the content includes one or more data packets each having a payload, and wherein the encrypting step comprises determining the payload in each data packet, encrypting a first portion of the determined payload using the first key, and encrypting a second portion of the determined payload using the second key, the first and second payload portions being arranged such that at least a part of the payload is encrypted using both the first and second keys.

12. A method according to claim 9, wherein the decryption data includes first and second keys and the content includes one or more data packets each having a payload, and wherein the encrypting step comprises determining the payload in each data packet, determining an arbitrary value using the first key, determining a cipher text by encrypting the arbitrary value using the second key, and encrypting the determined payload using the cipher text, the encrypted payload being formed from a logical combination of the unencrypted payload and the cipher text.

13. A method according to claim 9, wherein the decryption data includes first and second keys and the encrypting step comprises segmenting the content into content portions each including at least one data packet, and encrypting the data packets in the content portions using the first and second keys.

14. A digital right management system for managing the presentation of content, comprising a base station, at least one end station, and a communications network for interconnecting the base station and the end station;

a) the base station including a processor for: a1) receiving an access request from an end station via the communications network; a2) generating an agent in response to the access request; a3) transferring the agent to the end station via the communications network, wherein the end station implements the agent and the implemented agent determines end station data indicative of an identity of the end station and transfers the end station data to the base station via the communications network; a4) authenticating the end station in response to the end station data; a5) deciding whether the authentication is successful; and a6) authorizing the end station to perform the presentation of content when the authentication is successful;

b) the end station including: b1) a display; and b2) a processor for: b21) generating an access request; b22) transferring the access request to the base station via the communications network; b23) receiving the agent from the base station via the communications network; b24) implementing the agent, wherein the implemented agent determines the end station data and transfers the end station data to the base station via the communications network, and wherein the base station authenticates the end station in response to the end station data and decides whether the authentication is successful; and b25) presenting the content by use of the display when the base station decides that the authentication is successful.

15. A method of decrypting content for presentation, the content including one or more data packets each having an encrypted payload, the method comprising the steps of:

receiving encrypted content;

determining the payload in each data packet;

decrypting the determined payload using first and second keys; and

combining the decrypted payloads of the one or more data packets to form decrypted content.

16. A method according to claim 15, wherein the decrypting step comprises:

decrypting a first portion of the determined payload using the first key; and

decrypting a second portion of the determined payload using the second key, the first and second payload portions being arranged such that at least a part of the determined payload is encrypted using both the first and second keys.

17. A method according to claim 15, wherein the decrypting step comprises:

determining an arbitrary value using the first key;

determining a cipher text by encrypting the arbitrary value using the second key; and

decrypting the determined payload using the cipher text, the encrypted payload being formed from a logical combination of the unencrypted payload and the cipher text.

18. A method according to claim 15, further comprising the steps of:

receiving decryption data from an end station, the decryption data including the first and second keys; and

decrypting the decryption data using a private key of a public/private key pair to recover the first and second keys.

19. A method of encrypting content for presentation, the content including one or more data packets each having a payload, the method comprising the steps of:

determining the payload in each data packet;

encrypting the determined payload using first and second keys; and

combining the encrypted payloads of the one or more data packets to form encrypted content.

20. A method according to claim 19, wherein the encrypting step comprises:

encrypting a first portion of the determined payload using the first key; and

encrypting a second portion of the determined payload using the second key, the first and second payload portions being arranged such that at least a part of the determined payload is encrypted using both the first and second keys.

21. A method according to claim 19, wherein the encrypting step comprises:

determining an arbitrary value using the first key;

determining a cipher text by encrypting the arbitrary value using the second key; and

encrypting the determined payload using the cipher text, the encrypted payload being formed from a logical combination of the unencrypted payload and the cipher text.

22. A method according to claim 19, further comprising the steps of:

generating decryption data including the first and second keys;

encrypting the decryption data using a public key of a public/private key pair; and

transferring the encrypted decryption data to an end station, wherein the end station decrypts the received decryption data using a private key of the public/private key pair.