Multiple party content distribution system and method with rights management features
A multiple party system for distributing content. In one embodiment, four parties are involved in the system: a consumer, a service provider, an authenticator, and a content provider. The distribution of content from the content provider to the consumer is carried out using a predefined protocol, mutating IDs, and licenses. The authenticator controls the distribution of mutating IDs and verifies the identity of one or more participating parties.
Latest Imagineer Software, Inc. Patents:
- SYSTEMS FOR PERFORMING TRANSACTIONS AT A POINT-OF-SALE TERMINAL USING MUTATING IDENTIFIERS
- Secure electronic commerce using mutating identifiers
- SECURE DIGITAL CONTENT MANAGEMENT USING MUTATING IDENTIFIERS
- SECURE COMMUNICATION AND REAL-TIME WATERMARKING USING MUTATING IDENTIFIERS
- Secure communication and real-time watermarking using mutating identifiers
This application is a continuation of U.S. patent application Ser. No. 10/248,894 filed on Feb. 27, 2003, which claims priority to U.S. Provisional Patent Application Ser. No. 60/360,023 filed on Feb. 27, 2002, the entire contents of which are both hereby incorporated by reference.
BACKGROUND OF THE INVENTIONEmbodiments of the invention relate to the distribution of content (such as text, audio, video, multi-media materials, and the like). More particularly, the invention relates to the distribution of such content in a manner that ensures that the copyrights and other similar legal rights of the content owner are respected.
More and more content is being delivered in digital form, and more and more digital content is being delivered over private and public networks, such as Intranets, the Internet, cable TV networks, and the like. For consumers of such content, digital versions (as opposed to analog, paper copy, and other forms) provide various advantages such as enhanced fidelity, improved and greater playback options, interactivity, and others. Online or network delivery generally offers greater convenience and timeliness. Online delivery is also cheaper than other delivery methods, and this benefits content publishers.
Most current and potential digitally distributed content is, like most books, distributed in a manner such that the publisher or owner generally gives or sells the content to a consumer, but continues to restrict rights to use the content even after the content is under the sole physical control of the consumer. For instance, a content owner typically retains copyright to the content so that the consumer cannot legally reproduce or publish the content without permission. Digital content, as opposed to older forms of media, allows a content owner to adjust pricing according to whether the consumer is allowed to make a persistent copy, or is just allowed to view the content as it is delivered.
Despite the worthwhile attributes of digital and network distribution, content owners are still generally reluctant to distribute content, particularly high-value content, via networks because unauthorized duplication, piracy, and distribution of digital content (e.g., as was done by users of Napster) is very easy. Unlike analog recorders, photocopiers, and other older devices, current technology permits unlimited, pristine copies of digital content to be made. And, in most instances, copies of the digital content can be made very quickly or nearly instantaneously. Furthermore, even current protective measures such as public key encryption and the content scrambling system (“CSS”), which is used for digital versatile discs, have been defeated.
SUMMARY OF THE INVENTIONIn light of the above, there is a need to provide a method and system of distributing content that ensures that the rights of content owners are respected.
The present invention provides among other things a multiple party system for distributing content. In one embodiment, four parties are involved in the system: a consumer, a service provider, an authenticator, and a content provider. The distribution of content from the content provider to the consumer is carried out using a predefined protocol, mutating IDs, and licenses. The authenticator controls the distribution of mutating IDs and verifies the identity of one or more parties.
In another embodiment, the method includes having a consumer make a request for content to a service provider and relaying the request to a content provider. In response to the request, the content provider creates a license that includes identifying information concerning the service provider and encrypted information identifying the requested content. The license is sent to the service provider. The service provider encrypts the license from the content provider with one of its own licenses and sends this message to the consumer. The consumer encrypts the message to create an authentication request and sends the authentication request to an authenticator. The authenticator checks the authentication request and, if valid, informs the content provider to send encrypted content specified in the license to the consumer. A decryption key is sent by the authenticator to the consumer so that the consumer may decrypt and view and consume the content.
In another embodiment, the invention provides a content distribution system that includes an authenticator and a content provider. The content provider has content and a content identifier, and generates a first mutating identifier associated with the content identifier. The system also includes a consumer device that is operable to generate a request for the content. In addition, the system includes a service provider. The service provider receives the request from the consumer device, receives the first mutating identifier from the content provider, generates a second mutating identifier associated with the first mutating identifier, and distributes the second mutating identifier to the consumer device. The consumer device generates a third mutating identifier associated with the second mutating identifier, and distributes the third mutating identifier to the authenticator. The authenticator validates the request and thereafter informs the service provider of the validity of the request. If the request is valid, the content provider thereafter encrypts the content and sends the encrypted content to the consumer while the authenticator sends a decryption code to the consumer.
Embodiments of the invention will become apparent by consideration of the detailed description and accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGSIn the drawings:
Before embodiments of the invention are explained in detail, it is to be understood that the invention is not limited in its application to the details of the construction and the arrangements of the components set forth in the following description or illustrated in the drawings. The invention is capable of still other embodiments and of being practiced or being carried out in various ways. Also, it is to be understood that the phraseology and terminology used herein is for the purpose of description and should not be regarded as limiting.
In particular it should be understood that the invention is implemented using various computer devices, such as personal or home computers, servers, and other devices that have processors or that are capable of executing programs or sets of instructions, including special purpose devices such as set top boxes. In general, the invention may be implemented using existing hardware or hardware that could be readily created by those of ordinary skill in the art. Thus, the architecture of exemplary devices will not be explained in detail, except to note that the devices will generally have a processor, memory (of some kind), and input and output devices. In some cases, the devices may also have operating systems and application programs that are managed by the operating systems. The hardware devices will also generally need some ability, depending on the role of the device in the particular embodiment of the invention implemented, to compress or decompress data and to encode data or decode encrypted data. In many instances, a decompression capability may be provided using available codecs, such as hardware-implemented MPEG codecs. A decryption capability may be provided using a decryption hardware or software module capable of decrypting data that is encrypted using the encryption algorithm chosen. One encryption algorithm that is suitable for use in embodiments of the invention is the Rijndael algorithm, an example of which is available at http://www.esat.kuleuven.ac.be/˜rijmen/rijndael/rijndaelref.zip.
In the embodiment shown in
The participants 22, 24, 26, and 28 are connected to each other via two-way links 30, 32, 34, 36, and 38. These links may be a constructed from all or part of the networks mentioned above. The system 20 uses a key-based encryption algorithm and currently available algorithms such as the Rijndael algorithm may be used. The ultimate choice for the algorithms used will depend on a variety of factors including a trade off between the strength of the algorithm (in terms of being broken) and speed (in terms of a processor's capability to perform the mathematical operations required by the chosen algorithm).
In one embodiment of the invention, it is assumed that the consumer has a decoding processor or similar device, which may, for example, take the form of a “set top box,” home computer, or other device. In this same embodiment, it is assumed that the decoding processor is in a “hostile environment,” in the sense that consumer may possibly want to tamper or otherwise circumvent rights management features of the decoding processor. Thus, it is preferred that the decoding processor be housed in a container that has the ability to detect intrusions to its interior. It is also preferable, that the decoding processor have “persistent” memory such as non-volatile RAM, EPROM, or other storage where data remains intact after the removal of power. The persistent memory is used to store identification information, which may be a “mutating ID,” that, preferably, changes over time.
In preferred embodiments, the system 20 uses a random number generator to generate certain numbers used by a protocol implemented or followed by the system. It is preferred that the random number generator produce numbers that are as truly random as is possible with the particular technology used to implement the invention. In one embodiment, communication traffic, such as requests from consumers to obtain content, is used to create random numbers. Such requests occur, in general, in an unpredictable manner. Thus, the random numbers generated based on such traffic are also truly or nearly truly random, as opposed to pseudo random numbers generated with algorithmic methods.
In the exemplary embodiment shown, each of the parties 22-28 in the system 20 has different responsibilities and it is assumed that each party trusts the authenticator 28. Further, it is preferable that content provider 22, service provider 24, and consumer 26 be assigned a changing or mutating identifier (“ID”), which is explained further below.
Content Provider (“Alice”)
The content provider 22 is an entity such as a movie studio, recording company, or any other entity that wishes to distribute content electronically. In general, it is assumed that the content provider 22 owns the copyright or other intellectual property rights in the content or is authorized by the owner of such rights to distribute the content. It is assumed that the content provider 22 wants to be reimbursed fairly for each copy of its content distributed using the system 20. Thus, in one embodiment of the invention, the system 20 is configured such that the content provider 22 can produce a virtual inventory of licenses for content using a list of mutating IDs (generally created as needed), where each license gives authorization to view or in some cases maintain a copy of the content provided. The virtual inventory (or set of licenses) may be assigned to various distribution entities, such as one or more service providers. As the virtual inventory is consumed, the consumption is tracked in order to record, log, or note which service provider 24 provided content copy to one of its consumers. For instance, tracking of the virtual memory allows a content provider such as a movie studio, which has sold distribution rights to a cable company and a satellite broadcasting company, to determine which of the entities, the cable company or the satellite broadcasting company, distributed the content to the subject consumer. The tracking system also allows the consumption activity of individual consumers to be recorded or logged. In preferred embodiments, the content provider 22 is the sole encrypter of its content and controls the decoding of the content by, for example, denying a request, as explained further below.
Service Provider (“Bob”)
In the embodiment shown, the service provider 24 distributes content of the content providers. However, service providers may also have several additional responsibilities, including identification of themselves and the subject content with mutating IDs. In the embodiments described, a user, such as the consumer 26, cannot decode content without the appropriate mutating IDs. In many scenarios, the service provider 24 provides the requested content off of or from a storage device that is local to the service provider 24. However, the invention is not limited to any particular location of the content and content may be retrieved from storage of the content provider 22 and then transferred to the consumer 26. In preferred embodiments of the invention, every service provider 24 sees each request from consumers in the system 20 and receives authentication from the authenticator 28. In some embodiments, any one of the service providers in a particular embodiment may be responsible for shipping or transferring the content to the consumer. This allows content providers to avoid having to deliver their content to service providers, if they so desire. In other words, the service provider 24 need not possess (such as by maintaining encrypted copies in local storage) the content that is ordered by consumers.
Consumer (“Carol”)
It is assumed that at least some consumers may wish or attempt to view or consume content without paying for it. Therefore, measures are provided to prevent unauthorized consumption of content. The mutating IDs mentioned above provide one mechanism by which content decoding and, therefore, consumption is controlled. By encapsulating multiple mutating IDs, the set top box is able to prove to the authenticator 28 that 1) the set top box is a licensed decoder of the content, 2) the service provider 24 is a licensed distributor of the content, and 3) the content itself was licensed for use by the content provider 22 for the consumer, as will be explained in greater detail.
Authenticator (“Trent”)
The authenticator 28 is the repository that holds the data necessary to decode a particular piece of content. In the embodiments discussed, the authenticator 28 verifies the consumer 26, the service provider 24, and the content by their mutating IDs before sending any decoding information to the subject consumer 26. The authenticator 28 is also the source of mutating IDs and keeps track of such IDs using a database or similar mechanism.
Mutating ID
An exemplary mutating ID 38 is shown in
Protocol
The system 20 uses a protocol to govern communications between entities. Each entity is randomly assigned a one-time-use identifier (such as the identifier or ID 38 shown in
After the authenticator 28 randomly assigns an identifier to the content, the content provider will then catalog the virtual inventory for distribution. The random identifier provides a non-deterministic or a random component to the encryption of the identifier. Since there is non-deterministic information in the identifier, there can be no decoding information gained by knowing the decoding key. By identifying everything encoded with one of the decoding keys generated by the authenticator 28, the authenticator 28 can identify who asked for them, when they asked for them, and for what purpose they asked for them.
There are four pieces of information to be distributed by the authenticator 28. The first is the requested content or the content to be distributed. The second and third are a decode license to be used by the consumer 26 once the license is authenticated, and a distribution license for distributing the encrypted content to the consumer 26. The last is a consumer identifier. To decrypt the content, the decryption takes place in reverse order to the path of distribution. By encapsulating or stacking one inside another or tagging one to another, the encrypted data is secured. Even if it were possible to obtain the encrypted data, it is considered infeasible to break since the encryption used is at least as strong as Rijndael.
Certain embodiments of the system 20 are implemented with an encryption algorithm and a random number generator. Preferably, the encryption algorithm is a symmetric key-based encryption algorithm. The keys are permutation identifications, offsets, and skips. All three could be bundled into one object called a “key.” Therefore, any key based encryption algorithm can be used in embodiments of the invention. Since introducing a new encryption algorithm can be a very time consuming process, the system 20 was created to allow already existing and tested key-based encryption algorithms to be used.
With respect to generating a random number, in the embodiment shown, three different procedures are used. Of course, other combinations of random number procedures can also be used to generate a random number. The first random number generation procedure is a standard congruential random number. The second random number generation procedure generates a random number that is used to determine a sampling rate of a random stream.
Acquiring a random stream can be difficult. By conventional definition, a random stream or a set of numbers is considered random if and only if the set is the most compact way to represent the numbers. For instance, given the set 2, 4, 6, 8, 10, ⊕, a more compact representation would be {2i|i ε Z+} or any even number in the positive integer number set. Another way to state this is a set of numbers for which there is no discemable “pattern” is generally considered random. The goal of encrypted communication is to remove all patterns from the encrypted data being transmitted so that intelligent guessing cannot be used to decrypt the encrypted transmitted data. In embodiments of the system 20, the authenticator 28 provides all the random numbers used in the distribution and transmission of content. As discussed in more detail, the sequence of generated numbers is a sequence of random numbers or a random stream, or at least a close approximation to a random stream.
The third process of the random number generator is to ensure that there is no deterministic way to retrieve the next number. The random streams coming into and leaving the authenticator 28 are encrypted and thereby contain encrypted data. This non-deterministic mechanism used to generate the random stream helps ensure that the random number sequence cannot be represented by a more compact expression, hence defining a random stream.
For example, the authenticator 28 is designed to receive requests to decode content. These requests reach the authenticator 28 in a random order. For instance, suppose consumer X requests the key to movie Y, and consumer W requests the key to song Z, etc. These requests are formalized by the protocol as sequences of numbers that have been arbitrarily chosen either to be intentionally arbitrary or encrypted by an arbitrary key. Since the requests are arbitrary in nature and are processed in an arbitrary fashion, a stream of random numbers is naturally generated. By sampling this stream in a semi-arbitrary way (i.e., congruential random number), a good sequence of random numbers is generated.
In one embodiment, the protocol used in the system 20 combines a packet assembly disassembly generator or PAD, key pairing, and a RC4 random stream cipher. More specifically, to encrypt the information in a window of data, a PAD series is generated once a PAD generator is chosen. A second random stream P is generated based on the PAD series in the following manner:
Pk=pad(k
where pk is the k-th element of the P series, and pad(kj) modn is the j-th element of the PAD series. That is, every element of the P series is a combination of exclusive-ORing of the elements in the series generated by the PAD generator. The key pair generally includes a public key and private key. These keys do not have any mathematical relation. They are generated randomly and independently of each other. The keys themselves are simply twenty or more digit numbers. Each entity has a unique key pair.
An exemplary embodiment of the protocol will now be discussed in greater detail. In the embodiment shown, in
As each piece of content is consumed, the authenticator 28 tracks which service provider 24 the particular content came from and notifies the content provider 22 of each such decoding. Once it receives content, the service provider 24 combines each encrypted piece of content with other identifying data before distribution to the consumer 26. Each service provider 24 keeps a collection of mutating IDs on hand that are used to identify that particular service provider. As with all others, these mutating IDs are created and tracked by the authenticator 28. The service provider 24 also has a list of Econtent identifiers for each piece of content. Once requested, the service provider 24 picks an unused Econtent identifier and one of its unused mutating IDs. The service provider encrypts the Econtent identifier with the key of the chosen mutating ID and attaches the associated number creating a piece of data referred to herein as the “distributable content” or “Edistrib.” The service provider 24 sends the Edistrib content to the consumer 26 and awaits a confirmation signal from the authenticator 28 that allows decoding.
The confirmation signal is received as an encrypted parcel of data that can be decrypted with the mutating ID key used to create the Edistrib content. The confirmation signal is an agreed on, secret set of bytes set by the service provider 24 and authenticator 28. Once the confirmation has been received and verified, the service provider 24 can send the encrypted content or Econtent identifier to the consumer 26.
As noted above, it is assumed that the consumer 26 wants to cheat the system 20. For that reason, all communications between the consumer 26 and the authenticator 28 are encrypted by some encrypted communication method. The consumer 26 is given only one mutating ID at a time. When the consumer 26 wants to view or receive some content, the consumer 26 makes a selection of the desired content using the set top box or hardware in place at the site of the consumer 26. The hardware device then requests the content from the service provider 24 who sends the Edistrib content for a particular decode. Once this has been received by the consumer 26, the Edistrib content is encrypted with the consumer's mutating ID key and coupled with the mutating ID number into a consumer identifier referred to as an Econsumer identifier. The Econsumer identifier is then sent to the authenticator 28 for verification. Upon verification, the authenticator 28 informs the service provider 24 by a secure channel that the consumer's set top box is licensed to consume the subject content. The authenticator 28 also discards the current set top box mutating ID and sends the set top box a new, unused mutating ID.
The consumer 26 simultaneously receives, from separate sources, the encrypted data and keys necessary to decrypt the data. With this, the decoding device can decode the requested content.
Generation of mutating IDs and keeping track of them is the primary task of the authenticator 28. Distribution of mutating IDs to content providers and service providers can be handled via any acceptable means to both, as long as they stay secret to the respective receiver. To ensure that consumers do not ever have more than one mutating ID, once an Econsumer identifier is verified as accurate, a new mutating ID is encrypted using the consumer's current mutating ID key and sent to the consumer 26. The consumer can then use that ID for the next transaction. Since the authenticator 28 keeps track of all mutating IDs, it can verify that an Econsumer identifier is or contains a valid request. To do so, it finds the key associated with the number in the Econsumer identifier and decrypts it, revealing the Econsumer identifier. If no key can be found, then the authenticator 28 returns a failure. Using the exact same process, the authenticator 28 recovers the Econtent identifier. If no key can be found, then the authenticator 28 returns a failure. Once again, the authenticator 28 decrypts the Econtent identifier, if possible. If it is possible, the authenticator 28 look ups the confirmation code for the service provider 24, encrypts it with the mutating ID key used by the service provider 24, and returns it to the service provider. A new mutating ID is then sent, followed by the decoding data. The authenticator 28 then notes or otherwise records all the participating parties, time, and content involved in the transaction for billing purposes.
As was noted above, one aspect of the invention is to ensure that copies of content are not obtained by unauthorized or unlicensed entities. In the embodiments discussed, obtaining an unauthorized copy of the content would require a person or entity to intercept a message and then break the encrypted content. It is assumed that this is impossible, at least in practical terms, because even if the content was intercepted (which would not be a trivial task) decoding it would be very difficult. This is so, in part, because it is possible, using the random numbers and encryption algorithm discussed to create encrypted data that would require a very long time (on the order of years and in the inventors' opinion, thousands of years) to decrypt. Types of attack would generally require correctly guessing or otherwise obtaining an Econsumer identifier. However, since each mutating ID is used only once by the controller of that ID, there is no way to divine one Econsumer identifier by inspecting another. Further, since the mutating IDs are calculated to be random (to the limit of the random number generator), it is infeasible to calculate one mutating ID from another.
In addition to providing a high degree of security, the protocol allows for interchangeable parties at each position. In other words, multiple content providers can use multiple service providers to reach multiple consumers using the authenticator 28 agreed upon by all parties. Further, positions can easily be merged or modified to fit many different distribution models. However, it is generally required that the virtual inventory be maintained by the content provider 22 and/or service provider. As noted, the virtual inventory is preferably a list including secret mutating IDs. The virtual inventory may be traded like any other commodity. Thus, rather than a discrete piece of data being the actual digital content of the desired piece of content, it becomes the Econsumer identifier constructed by a particular set of events leading to one particular viewing of that content. Since the Econsumer identifier cannot be constructed without cooperation from all parties involved, all parties have the ability to negotiate and reach a mutually beneficial arrangement for the consumption of digital content at the demand of the consumer 26. Should one party decide to not participate, communication with the authenticator 28 can prevent decoding by withdrawing the consent of one or more parties.
As was noted above, the system 20 is not limited to just four parties. More distribution layers can be introduced and verified through the unraveling process in the same manner. For instance, one service provider 24 can distribute to another service provider. The authenticator 28 can continue to unravel an Econsumer identifier until it has found a content provider 22. This can be accomplished by the simple recursive algorithm used to create Econsumer identifiers. The important distinction is that the implementation of the authenticator 28 controls the ultimate decoding of content based upon the Econsumer identifier. Should a content provider 22 or service provider 24 want to control the distribution downstream, it is easy to control by informing the authenticator 28 to deny decoding of content under particular circumstances.
Additional aspects of embodiments of the invention will now be described with respect
As should be apparent from the discussion above, the license 52 undergoes multiple transformations, in the sense that the license is encrypted multiple times.
As should be apparent, the system 20 and the protocol used to implement it can be used in a variety of applications beyond the secure distribution of content. Many different types of communications ranging from e-mail, video and multi-media conferencing, data and telemetry collection, and others may benefit from using all or part of the system 20 to enhance security and trust. Some of these additional applications are now discussed.
Confirmation of Geographic Location
As is known, innumerous human activities depend on the human participants trusting the other participants. Furthermore, participants must feel comfortable that the other participants are authentic (i.e., not imposters or frauds) and will not renege on promises or commitments made. In times when most activities took place face-to-face many concerns about authenticity were reduced. For example, before the existence of the telephone and Internet, imposters would have to physically meet and fool any person that the imposter intended to dupe. With modern communications, it is often impossible for parties to know who they are actually communicating with or where the parties are located.
Various biometric and other devices exist that can be used to address concerns of authenticity and trust and many of these can be used with or added into embodiments of the system 20 described. However, the system 20 also has inherent features that lessen concerns of authenticity. One of these is the ability to trace, at least to a relatively specific point, the location of consumers ordering content.
As noted, mutating IDs are implemented in embodiments of the invention and the consumer 26 is assigned the first mutating ID 100. Subsequent mutating IDs are assigned each time the consumer desires to obtain content. Further, each consumer 26 has a decoding processor or similar device (e.g., a set top box, home computer, etc.) and the consumer's address and name are associated with that hardware. Each service provider and content provider also has an actual physical location and address. Because embodiments of the system 20 rely on unraveling multi-encrypted and encapsulated identifiers, the location of a consumer can, at a minimum, be traced to the service area of the service provider of the consumer.
For example, if the consumer or a thief moved the consumer's hardware to a location outside of the service area of the service provider 24 and requested content, the unraveling of the multi-encrypted and encapsulated identifiers would fail, as the new service provider would be unable to send appropriate keys needed for decoding based on the mutating ID stored in the hardware.
Real Time Authentication of User and Real Time Play Back of Content
As noted, one difficulty with modern communications systems is ensuring the authenticity of the communicating parties. In one embodiment of the invention, the system 20 may be used to encode information such as email messages sent from one party to another. The sending party acts like the content provider/service provider and the receiving party like the consumer.
One way to provide extra insurance of authenticity is to send a receiving party certain random information and require that the recipient process that information and relay it back to the sender before communication of valuable information begins. For example, randomly selected sections of text from the U.S. Constitution, the Gettysburg Address, or for that matter any text from the thousands of manuscripts from the Library of Congress may be sent to the receiving party. Before any valuable content or information is sent to the receiving party, the randomly selected text must be properly decrypted and then a duplicate of the information sent back to the recipient. If the receiving party is unable to do this, then an improper communication connection has been made or the receiving party is an imposter, who may, for example, have intercepted or hacked into the communication link of the true recipient. However, without possessing the proper mutating ID, no decryption of the random text is possible.
An additional security feature that may be added to the system 20 is real-time play back of content. As noted earlier, one of the problems for copyright and other legal rights holders, is that digital content can be copied (at least theoretically) an infinite number of times and the time needed to make each copy is very short. For example, a CD containing seventy minutes of music can be completely copied in a few minutes. Compressed files may be copied even faster. This makes large-scale illicit copying of content very attractive to a potential criminal. Once a single copy of valuable content is obtained, hundreds and possibly thousands of pristine copies can be made quickly and then sold.
In embodiments of the system 20, decoding of the content at the consumer 26 or receiver is done in a real-time fashion, meaning that play back in the system 20 occurs no faster than playback of the content as intended for the final viewer or consumer. Thus, if a movie has a running time of 2 hours and twenty minutes, recording of the content sent to the consumer takes the same amount of time, thereby discouraging large scale copying of the same. It should also be noted that the system is configured to restrict the number of decryptions that occur. Generally, only one decryption can be made by the consumer. This helps reduce unauthorized copying. It should also be noted that the content may include known copy protection devices or code before it is encrypted. These devices may be used to prevent or reduce unauthorized copying as well.
Data and Telemetry Collection
As noted, embodiments of the invention may be implemented where just three parties participate. The parties include an authenticator, a sending party (by analogy encompassing the roles and functions of the content provider and service provider), and receiving party (by analogy encompassing the roles and functions of the consumer). As noted, the system 20 may be configured to implement a secure email system. As should be apparent, the system 20 could also be implemented in a variety of other applications where secure communication could be useful, such as collecting data from electric and gas meters, equipment and human monitoring systems, and other data and telemetry collection applications. In general, many existing systems could be readily modified with existing processing and communications hardware to allow communications using the multi-encrypted and encapsulated identifier architecture described herein.
As can be seen from the above, various embodiments provide a system and method of distributing content and information with features to protect security and the legal rights of content owners. Additional features and aspects of embodiments of the invention are set forth in the attached claims.
Claims
1. A method of content distribution, the method comprising:
- encrypting a plurality of identifiers, each identifier identifying a party;
- encapsulating the encrypted identifier at each party; and
- authenticating one of the parties with the encapsulated identifier.
2. The method of claim 1, further comprising distributing content based on the authenticated identifier.
3. The method of claim 2, further comprising discarding the identifier after the distribution.
4. The method of claim 1, wherein encapsulating the encrypted identifier further comprises tagging an identifier to the encrypted identifier.
5. The method of claim 1, further comprising providing at least three parties.
6. The method of claim 1, wherein authenticating one of the parties further comprises decrypting the encapsulated identifier.
7. The method of claim 1, further comprising generating a new identifier for each party.
8. The method of claim 1, further comprising requesting content from a party.
9. A protocol for governing the communication of content between a plurality of entities, the protocol comprising:
- establishing an authenticator;
- maintaining a record of a previously used identifiers for each of the plurality of entities;
- assigning a generally random, unused, one-time use identifier to each of the plurality of entities, where each identifier includes a number and a key and where each number is a hash;
- ensuring that the hash of each number contains no information from the content;
- keeping the identities of the plurality of entities blind to the plurality of entities; and
- informing the authenticator of the identities of each of the plurality of entities.
10. A protocol as claimed in claim 9, where keeping the identities of the plurality of entities blind to the plurality of entities includes ensuring that the hash of each number contains no information of the identity of the respective entity.
11. A protocol as claimed in claim 9, wherein assigning a generally random, unused, one-time identifier includes sampling a stream of requests using a congruential random number.
12. A protocol as claimed in claim 9, further comprising encrypting content using a PAD series.
13. A method of transferring content items, the method comprising:
- generating a plurality of mutating identifiers at an authenticator, each mutating identifier having a key;
- assigning an identifier to a content provider;
- transferring at least some of the plurality of mutating identifiers to the content provider; and
- encrypting the content at the content provider using a key from at least one of some of the plurality of mutating identifiers transferred to the content provider.
14. A method as claimed in claim 13, further comprising associating the identifier of the content provider to at least some of the plurality of mutating identifiers transferred to the content provider.
15. A method as claimed in claim 13, further comprising transferring the encrypted content to a service provider or a consumer.
16. A method as claimed in claim 15, further comprising tracking the transfer of encrypted content to a service provider or a consumer at the authenticator.
17. A method of distributing content items, the method comprising:
- assigning a content item a label;
- associating the label with a key;
- requesting a first mutating ID having a first part and a key;
- encrypting the content item with the key from the first mutating ID;
- grouping the first part of the first mutating ID with the label to create an encrypted identifier;
- sending the encrypted content to a service provider;
- assigning a second mutating ID to the service provider, the second mutating ID having a first part and a key;
- encrypting the encrypted identifier with the key of the second mutating ID to create distributable content;
- transferring the distributable content to a consumer;
- verifying the identity of the consumer;
- if the identity of the consumer is verified, sending the encrypted content from the service provider to the consumer; and
- sending a decryption key from an authenticator to the consumer.
18. A method as claimed in claim 17, further comprising:
- assigning a first identifier to the consumer before transferring the distributable content to the consumer; and
- assigning a second identifier to the consumer to replace the first identifier after sending the encrypted content from the service provider to the consumer.
19. A method as claimed in claim 17, wherein assigning a second identifier to the consumer includes encrypting the second identifier with the first identifier.
20. A method as claimed in claim 17, further comprising transferring a request for content from a consumer, the request including a label for at least one content item.
21. A method of establishing a system for distributing content, the method comprising:
- providing a plurality of entities including a first number of entities;
- generating a plurality of symmetric keys including a second number of secret symmetric keys, wherein the first number of entities is equal to the second number of secret symmetric keys; and
- transmitting each secret symmetric key included in the plurality of secret symmetric keys to at most one entity included in the plurality of entities.
22. The method of claim 21, further comprising generating a plurality of identifiers including a third number of identifiers, wherein the third number of identifiers is equal to the first number of entities and the second number of secret symmetric keys.
23. The method of claim 22, further comprising transmitting each identifier included in the plurality of identifier to at most one entity included in the plurality of entities.
24. The method of claim 21, further comprising generating a plurality of content encryption keys including a fourth number of content encryption keys, wherein the fourth number of content encryption keys is equal to the first number of entities and the second number of secret symmetric keys.
25. The method of claim 24, further comprising transmitting each content encryption key included in the plurality of content encryption keys to at least one entity included in the plurality of entities.
26. A method of distributing content, the method comprising:
- encrypting content with at least one encryption key;
- obtaining at least one mutating identifier from an authenticator, the at least one mutating identifier including a key;
- generating at least one license for the content based on the mutating identifier; and
- transmitting the at least one license and the content to at least one of a service provider and a consumer.
27. The method of claim 26, further comprising generating a label associated with the content.
28. The method of claim 27, further comprising transmitting the label to the authenticator.
29. The method of claim 27, wherein generating at least one license for the content based on the mutating identifier, includes encrypting the label with the key.
30. The method of claim 26, further comprising sending the encryption key to the authenticator.
31. The method of claim 26, further comprising sending the encryption key to at least one consumer.
32. A method of distributing content, the method comprising:
- receiving at least one mutating identifier from an authenticator, the at least one mutating identifier including a key;
- receiving encrypted content from a content provider;
- receiving at least one license for the encrypted content from the content provider;
- receiving a request for the content from a consumer;
- encrypting the at least one license with the key;
- transmitting the at least one license to the consumer;
- receiving a confirmation signal from the authenticator; and
- transmitting the encrypted content to the consumer.
33. A method of obtaining content, the method comprising:
- receiving a first mutating identifier from an authenticator, the first mutating identifier including a first key;
- sending a request for content to a service provider;
- receiving an encrypted license for the content from the service provider;
- encrypting the encrypted license with the first key;
- sending the encrypted license to the authenticator;
- receiving the content encrypted with an encryption key from the service provider; and
- receiving the encryption key from at least one of a content provider, the service provider, and the authenticator.
34. The method of claim 33, further comprising receiving a second mutating identifier from the authenticator, wherein the second mutating identifier includes a second key.
35. A method of managing the distribution of content, the method comprising:
- providing a first mutating identifier to a content provider, the first mutating identifier including a first key;
- providing a second mutating identifier to a service provider, the second mutating identifier including a second key;
- providing a third mutating identifier to a consumer, the third mutating identifier including a third key;
- receiving an encrypted license for content from the consumer, the encrypted license for content encrypted with the third key;
- decrypting the encrypted license for content;
- verifying the encrypted license for content; and
- transmitting a confirmation signal to the service provider.
36. The method of claim 35, further comprising transmitting an encryption key associated with encrypted license for content to the consumer.
Type: Application
Filed: Oct 6, 2005
Publication Date: Feb 9, 2006
Applicant: Imagineer Software, Inc. (Milwaukee, WI)
Inventors: William Sellars (Milwaukee, WI), William Cochran (Champaign, IL), David Hunt (Washington, DC)
Application Number: 11/244,462
International Classification: H04L 9/00 (20060101);