WO1997044736A1 - Method and apparatus for two-level copy protection - Google Patents

Method and apparatus for two-level copy protection Download PDF

Info

Publication number
WO1997044736A1
WO1997044736A1 PCT/US1997/008264 US9708264W WO9744736A1 WO 1997044736 A1 WO1997044736 A1 WO 1997044736A1 US 9708264 W US9708264 W US 9708264W WO 9744736 A1 WO9744736 A1 WO 9744736A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
copy protection
data
information
level
Prior art date
Application number
PCT/US1997/008264
Other languages
French (fr)
Inventor
Paul J. Wehrenberg
Original Assignee
Apple Computer, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Apple Computer, Inc. filed Critical Apple Computer, Inc.
Priority to AU32063/97A priority Critical patent/AU3206397A/en
Publication of WO1997044736A1 publication Critical patent/WO1997044736A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00188Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which result in a restriction to authorised devices recording or reproducing contents to/from a record carrier
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • G11B20/00217Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source
    • G11B20/00253Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is stored on the record carrier
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • G11B20/00485Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier
    • G11B20/00543Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier wherein external data is encrypted, e.g. for secure communication with an external device or for encrypting content on a separate record carrier
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00855Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a step of exchanging information with a remote server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N5/00Details of television systems
    • H04N5/76Television signal recording
    • H04N5/91Television signal processing therefor
    • H04N5/913Television signal processing therefor for scrambling ; for copy protection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N5/00Details of television systems
    • H04N5/76Television signal recording
    • H04N5/91Television signal processing therefor
    • H04N5/913Television signal processing therefor for scrambling ; for copy protection
    • H04N2005/91357Television signal processing therefor for scrambling ; for copy protection by modifying the video signal
    • H04N2005/91364Television signal processing therefor for scrambling ; for copy protection by modifying the video signal the video signal being scrambled

Definitions

  • This invention relates to data encryption and decryption, and more particularly to an improved method and apparatus for using one level of encryption to establish a secure communication channel, then passing a decryption key over that channel for subsequent decryption.
  • This invention includes a new method of scrambling bulk data. This invention is particularly useful for protecting bulk information intended for widespread distribution such as movies or music in CD or DVD formats.
  • a wide variety of information is sold to consumers in various forms.
  • One major category of information is computer software.
  • Another major category of information is music, often in the form of CDs or tape.
  • Still another major category of information is movies, usually over cable or satellite television links but often in the form of analog tape or LaserDisc.
  • There is a tension in distribution of any form of information because if consumers will buy it from a rightful owner, other consumers are likely to buy illegal copies made from legitimate originals.
  • Various copy protection schemes have been considered for use with various media. Scrambling of cable or satellite channels is common.
  • a variety of anti-copying schemes are used in analog video tape. CDs or digital tape can be encoded with anti-copying codes.
  • DVD is a new, high density storage medium capable of storing about 4.5 through 18 gigabytes of information on a single 12 centimeter disc.
  • Commercial products have already been announced before May 1996 for availability before December 1996.
  • the movie industry with its high degree of sensitivity to intellectual property protection, is concerned that none of the new transmission modalities, including personal computers, enable free copying of their material. Other content providers have similar concerns. Some sort of copy protection scheme would encourage content providers, such as the movie industry, to distribute information such as movies in digital format.
  • the proposed protection scheme is intended to fall between a "screen door latch” (too weak) and a “Fort Knox” approach (too clumsy and expensive for mass-market products). Although it will be discussed here in the context of DVD, one skilled in the art will appreciate that this copy protection scheme can be used in many other situations or collections of elements.
  • the invention provides a two-stage copy protection scheme. This is particularly useful where large quantities of data are to be encrypted and decrypted using an encryption key but that encryption key is to be carefully protected until the data is to be decrypted using an authorized retrieval system.
  • One stage of the retrieval system includes an encryption scheme to assure that the retrieval is made in an authorized system, and another stage of the retrieval system uses a stored encryption key to decode the data of interest.
  • the encryption key is used as a descrambling code.
  • the information flow can be broken into elements with a distinct hierarchy of bandwidth.
  • an MPEG stream high bandwidth
  • the scrambling control bits little lower bandwidth
  • only the MPEG-decode key information necessary to decode the scrambling control bits very low bandwidth
  • the scrambling can be done in any of many ways, some of which are discussed in detail below.
  • the order of the data within a unit of data can be reordered in a controlled way to give a scrambled signal.
  • Each unit of data such as a 64 KB block, can be scrambled in a defined way, then a descriptor which characterizes that scrambling can be encrypted using a key and the encoded descriptor can be stored with the relevant block of data.
  • a single key can be used to decrypt any scrambling descriptor and the descriptor can be changed for each unit of data, that is, each unit of data can be independently scrambled.
  • This copy protection becomes much more powerful if the key can be changed for different units of primary information, for example for each movie title.
  • Storage and access to this key raises an interesting challenge, but this can be managed very conveniently by using a separate encryption mode to secure the key and provide it in a coordinated fashion with the program of interest.
  • One way to do this is to store the key in a secure manner on the same storage medium as the scrambled information.
  • the mechanism of this separate storage mode can be set at a desired level of complexity.
  • One preferred mode is to make this key inaccessible by typical access operations, but readily accessible through special operations.
  • the key may be stored at a location which is inaccessible to a host computer which can only access a logical block address, but readily accessible to a drive control unit, which may be designed to access a specific physical address, preferably not a logical block address. This access capability can be designed into the drive control unit, and the relevant key can be stored at the corresponding location when the media is prepared.
  • a public/private key pair is stored in a disk drive mechanism and a second public /private key pair is stored in a decryption /decode unit such as an MPEG2 decoder.
  • the key pairs are used to establish a secure channel of communication between the disk drive and the decoder and, once the channel is secure, a message can be read safely from the storage medium into the decoder even if the data path for the channel between these elements is unsecure.
  • This message is the information content or message protected using the high-level security scheme, but is itself the key for the low-level security scheme. Passing this encrypted key over a secure channel makes it extremely difficult to intercept the key and use it for improper purposes.
  • Scrambling and encrypting the primary information means that a read of the media by a system that does not implement correct decoding will give unintelligible results. Only the application software, with a little help from the operating system, can allow correct decoding of the primary information, as in correct decoding and display of a movie.
  • One object of this invention is to provide reasonably effective prevention of casual copying by a user.
  • Another object of this invention is to provide a copy protection scheme with little or no impact on or modification of the traditional, primary computer components.
  • Still another object of this invention is to minimize the performance impact of the protection scheme by selectively protecting the most unique or most valuable portions of a data stream.
  • Figure 1 illustrates an apparatus useful in practicing this invention.
  • Figures 2A, 2B and 2C illustrate a source data structure in its original form (2A), then formatted and addressed after scrambling (2B) and then formatted and addressed after encrypting the scrambling vector (2C).
  • Figure 3 illustrates encryption of a 32 element scrambling vector.
  • Figure 4 illustrates descrambling inside an MPEG2 decoder.
  • Figure 1 gives a schematic of the complete system. Note that the MPEG decoder is depicted as a hardware element, but the copy protection method can be used, perhaps with a lesser degree of protection, when the MPEG decoder is a software process.
  • a more generic system includes only a medium, a reader for that medium, a destination for information from that medium, and a channel between the reader and the destination.
  • the medium does not need to be physically close to the destination.
  • the source information might be stored on a server such as a video- on-demand server, and the destination might be located many miles away, as in a set top box, cable decoder, or other interface.
  • the server might include a reader which securely transfers a decryption key to the destination in a user's home, then communicates a scrambled data stream over some channel to the destination where it is descrambled according to the decryption key.
  • the channel for communicating the decryption key need not be the same as the channel for communicating the encoded, bulk information, but a single channel might be used for both purposes.
  • a channel might be a data path through a computer but might also be a telephonic, television cable or satellite link or even a combination of two or more such links.
  • the decoding can be done after any number of intervening transfers of the encoded digital information.
  • One useful example would be a decoder coupled directly to a television set for direct and secure transmission of an encoded movie from a source to an end user.
  • the channel can include several connected data paths and still safely transfer encoded information.
  • the primary information may be stored in encoded form on a server. That server might be connectable through several separate links, perhaps telephone or cable switching boxes, until final delivery to a decoder.
  • One encoding scheme is used to encode the primary data.
  • a key for this scheme is maintained according to one or more of a variety of methods.
  • a second encoding scheme is used to transfer the key from a secure location to a location for use in decoding the primary data.
  • the key for the primary data is stored with the data in a generally inaccessible location. This might be in a special track or location on a disk containing the primary information. Alternatively, this might be maintained on a server as in, for example, a video-on-demand system, or in a selected-access system as in, for example, a pay-per-view system.
  • the specific encoding scheme for the primary information may take any of a variety of forms.
  • Some encoding schemes are known in the art but there are other, new schemes that are particularly useful.
  • One particularly useful scheme is a simple scrambling scheme where the scrambling key is sufficiently complex to make brute-force decoding difficult, but simple enough to allow for rapid decryption when the correct key is available.
  • the encoding scheme for the secondary information here the scrambling or primary information key itself, also may take any of a variety of forms. In one preferred form, this secondary encoding uses two pairs of private and public keys to establish a secure channel between the reader, for example the device where the primary key is maintained, and the destination, for example the device where the primary key is to be used.
  • the primary information key is placed on the media during manufacture. It may be stored in a location or sub channel that is readily accessible to the drive controller but difficult or impossible to access otherwise. In a preferred embodiment, is not in an area that is addressable by logical block address (LBA) and thus is not accessible by devices other than the drive controller itself.
  • LBA logical block address
  • This primary information key is transferred as the message for a public key/private key transaction through the open computer system to a descrambler where it is used to descramble the primary information.
  • the drive controller is possessed of a public key and a private key, and has the capability of receiving another entity's public key.
  • the drive can then encrypt a message using its private key and the received public key. This encrypted message can be requested by the operating system and passed to the owner of the non-drive public key, the destination.
  • the non-drive entity can then use its own private key and the drive's public key to decrypt the received message.
  • the key on the media is the message for the second encoding system.
  • the key for the primary encoding is itself encoded using the second encoding system and transferred through the open computer system to the non-drive entity, where it is decoded according to the second encoding scheme. This key can then be loaded into the primary decoding system and used directly.
  • the key encoding transaction described above uses very robust encryption which may be computationally intensive. However the size of the message is small and the transaction is a one time thing which is done at startup. The complexity of this encryption allows for a very high level of security. Since this encryption and decryption take place infrequently, preferably only at startup, there is very little penalty to taking some time. A typical user will not mind and may not even notice a delay of up to even a few seconds during the initiation or loading of a media title.
  • One preferred sequence of events in just one preferred embodiment is as follows.
  • the primary information is MPEG encoded data.
  • the main channel (not shown - part of information stream 12) from the DVD media 11 contains MPEG encoded data.
  • the DVD version of MPEG contains multiple opportunities for scrambling. Scrambling bits are defined and /or reserved bits exist in Video, Audio, Sub-picture, Data Search Information, and Video Blanking Information packs.
  • the copy protection method described here scrambles the video and /or audio and /or sub pictures.
  • An encoded version of the scrambling control bits are then inserted into the MPEG stream. Direct de-scrambling based on the inserted scrambling control bits will not give the correct results.
  • the scrambling control bit stream must be processed through a decoder, such as a tapped shift register.
  • the primary information key includes information on the correct setup of the decoder, such as position of the taps for correct scrambling control bit decoding. This primary information key is put on the media in a sub channel or an area that is addressable by physical address, but not by logical block address.
  • the drive controller can access the information needed for decoding scrambling control, but the host system 16 cannot obtain it by a read command to a logical block address.
  • the drive controller 13 is designed to pass this information over to the host system 16 only in encrypted form using the controller's private key and the public key of the intended recipient.
  • the intended recipient is the MPEG decoder 40, particularly the descrambling unit illustrated by its buffer area 41.
  • the recipient, MPEG decoder 40 uses its private key and the controller's public key to decrypt the information that originated in the media sub channel or logically unaddressable regions. If the scrambled MPEG data stream 12 is directed to a recording device, the copy protection scheme is not defeated because the information to properly decode the scrambling control bits is not present in any form. The required information passes through the host in encrypted form only and is therefore useless even if trapped and recorded.
  • the operating system brokers the exchange of public keys between the controller and the MPEG decoder at startup.
  • the DVD-ROM device driver (not shown, part of system software) requests the operating system to provide the public keys of any installed MPEG2 decoders.
  • the operating system obtains public keys from drive 10 and MPEG2 decoder 40 (if present).
  • the operating system provides the public key of the decoder 40 to the drive 10 and public key of the drive 10 to the decoder 40.
  • the DVD-ROM device driver refuses to accept any MPEG decoder public key except during the startup sequence. This give some extra security against impersonation.
  • the primary information key is used by the recipient, e.g. the MPEG decoder, to correctly reorder the scrambled logical blocks received by streaming off of the storage device, e.g. a DVD disk.
  • the specific function of the primary information key depends on the specific scrambling scheme. One preferred scrambling scheme is described below.
  • the primary information key is inserted into an appropriate decoder, then used to unscramble the primary data stream.
  • the primary data stream is scrambled MPEG data which is descrambled to give a traditional MPEG data stream which then is decoded to give a video image, for example, an NTSC standard image or an RGB image, which can be displayed on an appropriate monitor.
  • the preferred scrambling scheme is designed to be computationally intensive to break if attacked as a jig saw puzzle, but easy to reorder if the key is available.
  • a data unit is divided into smaller units, which are then rearranged according to a selected scheme.
  • Information for reordering that data unit is stored for retrieval in conjunction with that data unit. This might take the form of a scrambling vector, which might be stored in a subheader or perhaps embedded in the scrambled data unit.
  • the information can be further protected by encoding the scrambling vector according to an encryption scheme, using a selected primary information key. The same process can be repeated for subsequent data units, but each data unit can be rearranged in a different order.
  • the scrambling vector is retrievable and can be reassociated with its corresponding data unit.
  • the same primary information key can be used to encode a series of scrambling vectors.
  • the primary information key, along with each particular instance of the encoded scrambling vector, is used to decode the scrambling vector which in turn is used to correctly reorder the data unit.
  • a selected program such as a movie title, is divided into data units, each of which is scrambled individually, and each scrambling vector is encoded using a single key. That primary information key can be stored with the primary program, and each program can use a different primary information key.
  • the specific scrambling and descrambling schemes can be implemented in specialized hardware for rapid and convenient playback of the primary program.
  • Figures 2A, 2B, 2C, 3 and 4 describe one scrambling embodiment that uses a scrambling vector subheader on 2 KB data blocks. If the user data stream (information or primary data stream) has places to put this scrambling vector data, it could be placed inside the user data and no subheader would be necessary.
  • Figure 2A illustrates representative, primary data as formatted and addressed before scrambling.
  • the data to scramble is segmented into groups of 32 sequential blocks, also referred to as sectors, each having a logical block address (LBA), each containing 2 KB for a total of 64 KB.
  • LBA logical block address
  • Data in this form is considered clear text. For example, if it were MPEG2 movie data, it would be directly decodable by an MPEG2 decoder conforming to the published standards.
  • FIG. 2B illustrates data as formatted and addressed after scrambling of LBAs and user data blocks in the 64 KB sequence. There are 32! distinct ways to randomly assign the data blocks to the 32 LBAs in each 64 KB sequence. The illustrated order, 5, 31, 17, ..., 22, is merely illustrative. Each group of 32 sectors can be scrambled independently and the correct position within the group given by the value of the Scrambling Vector Element (SVE) placed in a subheader.
  • Figure 2C illustrates data as formatted and addressed after scrambling of SVE
  • the scrambled form, SV*, of the scrambling vector, SV is now placed in the subheaders of the group of 32 sectors.
  • the SV*E user data are mastered onto the media, such as a DVD disc, in the sequence shown in Figure 2C. If the data stream is a scrambled MPEG2 movie, a standard MPEG2 decoder will not be able to make any sense out of it in the scrambled form.
  • this figure shows encryption of a 32 element scrambling vector.
  • the elements of the scrambling vector are encrypted using a reversible algorithm whose parameters are defined by the media key, Kjviedia • Recall this is the key that is only readable by the drive 10, and this key is never passed as clear text through the open system.
  • Kjviedia the media key
  • descrambling is done inside MPEG2 decoder 40.
  • the descrambling buffer area 41 is equal to or greater than the 64 KB of user data plus the 32 byte overhead of the SV*. Typical memory allocation might be done on 1 KB boundaries, so handling the SV* and converting it back to SV might necessitate 65 KB for the descrambling buffer area.
  • the internal output is a clear text MPEG data stream which is then decoded to give final output 19 as uncompressed video.
  • Another preferred scrambling scheme reorders only part of the user data block.
  • An MPEG data stream includes high order bits that define information about the sequence of the user data blocks. If data blocks including this information were simply reordered, it would be possible to use those specific bits to reassemble the data in the correct order. However, if only part of the user block is reordered and the expected sequence information is left untouched, the user blocks will be corrupted because the first part of the user block will be matched with the second part of a different user block. In a preferred implementation, the first half of each block is untouched while the second half of each block is reordered as described above in connection with Figures 2A, 2B and 2C.
  • the scrambling vector is prepared, encoded and stored as described above. This scheme still has 32! possible combinations. Since each data unit can be reordered using a different scrambling vector, descrambling will be difficult without the key, but simple with the correct primary information key.
  • the size of the data unit affects the complexity of encoding and decoding.
  • the example above describes a data unit subdivided into 32 blocks. This allows reordering in 32! possible combinations which gives a fairly complex, and thus secure, encoding scheme.
  • a standard data unit is 32 KB of 2 KB subunits. This provides 16 blocks which can be reordered as decribed above, to give 16! possible combinations of scrambled data.
  • a media drive controller can be designed to support this scheme at minimal cost impact. As far as the transferring a scrambled primary data stream, a traditional drive controller need not be modified at all. To support the secondary encoding, the drive controller needs to maintain a public and a private key had be able to support the selected encryption scheme. To support the preferred embodiment of storing the primary information key in a special location on the media, the drive controller needs to be designed to achieve the needed access and transfer the key appropriately.
  • the recipient similarly may need only minor modification. If the data stream decoder is a separate unit, there may be no need to modify the decoder.
  • the recipient is or is coupled to a descrambler unit which in turn is tightly coupled to a decoder such as an MPEG decoder.
  • the descrambler unit should support the selected scrambling scheme and should manage the primary information key as needed.
  • the descrambler manages a public and a private key, interfacing with the secure data channel, receiving and decrypting the primary information key, and using the primary information key to descramble the primary information.

Abstract

An apparatus and method for providing two levels of copy protection, including a first method for copy protection, including a key, and a second method for copy protection. One level of copy protection is a moderately secure level to allow decrypting a medium- to high-bandwidth data stream without significant delay of the data stream. The second level of copy protection can be highly secure but can be utilized less often and so can be decrypted more slowly. One useful combination is to use a key encryption scheme for the first level of copy protection of a primary data stream, then to use the second protection scheme to securely transfer the first level key from a protected storage location to a decoding location. Encoded primary data can be stored on a removable media, together with the decryption key stored in a special location. The media drive unit can access the special location and, using the second level copy protection scheme, transfer the key securely to a descrambling unit. The first level copy protection can involve selective reordering of data subunits within a data unit according to a scrambling vector, then encoding the scrambling vector using the first key, and storing the encoded scrambling vector with the corresponding data unit.

Description

METHOD AND APPARATUS FOR TWO-LEVEL COPY PROTECTION
Field of the Invention This invention relates to data encryption and decryption, and more particularly to an improved method and apparatus for using one level of encryption to establish a secure communication channel, then passing a decryption key over that channel for subsequent decryption. This invention includes a new method of scrambling bulk data. This invention is particularly useful for protecting bulk information intended for widespread distribution such as movies or music in CD or DVD formats.
Background of the Invention
The field of data encryption has been the subject of extensive scholarly investigation and has been the topic of many patents in the United States and other countries. For general reference, the background description in each of United States Patent Nos. 5,497,422 (Tysen et al., 5 March 1996) and 5,438,622 (Normile et al., 1 August 1995) discuss representative encryption schemes known in the art. Each of these patent applications are assigned to Apple Computer, Inc. These patents are incorporated herein by reference in their entirety.
A wide variety of information is sold to consumers in various forms. One major category of information is computer software. Another major category of information is music, often in the form of CDs or tape. Still another major category of information is movies, usually over cable or satellite television links but often in the form of analog tape or LaserDisc. There is a tension in distribution of any form of information because if consumers will buy it from a rightful owner, other consumers are likely to buy illegal copies made from legitimate originals. Various copy protection schemes have been considered for use with various media. Scrambling of cable or satellite channels is common. A variety of anti-copying schemes are used in analog video tape. CDs or digital tape can be encoded with anti-copying codes.
Distribution of various information in digital form has troubled many content providers because making the information available potentially makes it quite simple for a user to make one or many illegal copies of that content. Forms of such content include movies, music, and data such as encyclopedic compilations. This issue has been widely discussed in relation to audio CDs, LaserDiscs and other formats.
In the personal computer environment, the protection of intellectual property has been of interest since the beginning of the industry. In computer software, a variety of special encoding or encryption schemes have been used. Some software requires a hardware key to be connected in some way to the computer system. Use of such systems frustrates casual copiers but often has some negative impact on legitimate users.
Due to the rapid growth of the industry and the technical difficulties associated with controlling information flow in an intrinsically open architecture, the industry players have more often than not written the problem off as intractable, at least in relevant time and cost frames. However, the problem remains. And as the convergence between entertainment and computing moves forward, driven by the evolution of hardware and software technologies, industry participants with different attitudes and requirements enter the discussion.
The problem is particularly acute with the advent of the DVD technology as a mass storage device in computers. DVD is a new, high density storage medium capable of storing about 4.5 through 18 gigabytes of information on a single 12 centimeter disc. Commercial products have already been announced before May 1996 for availability before December 1996.
The movie industry, with its high degree of sensitivity to intellectual property protection, is concerned that none of the new transmission modalities, including personal computers, enable free copying of their material. Other content providers have similar concerns. Some sort of copy protection scheme would encourage content providers, such as the movie industry, to distribute information such as movies in digital format.
The proposed protection scheme is intended to fall between a "screen door latch" (too weak) and a "Fort Knox" approach (too clumsy and expensive for mass-market products). Although it will be discussed here in the context of DVD, one skilled in the art will appreciate that this copy protection scheme can be used in many other situations or collections of elements.
Summary of the Invention The invention provides a two-stage copy protection scheme. This is particularly useful where large quantities of data are to be encrypted and decrypted using an encryption key but that encryption key is to be carefully protected until the data is to be decrypted using an authorized retrieval system. One stage of the retrieval system includes an encryption scheme to assure that the retrieval is made in an authorized system, and another stage of the retrieval system uses a stored encryption key to decode the data of interest. In one preferred implementation, the encryption key is used as a descrambling code.
To minimize the performance impact on the apparatus and not constrain use of system resources by low priority or low value data streams, the information flow can be broken into elements with a distinct hierarchy of bandwidth. For example, an MPEG stream (high bandwidth) may be merely scrambled, the scrambling control bits (much lower bandwidth) may be encoded, and only the MPEG-decode key information necessary to decode the scrambling control bits (very low bandwidth) is key encrypted.
The scrambling can be done in any of many ways, some of which are discussed in detail below. For example, the order of the data within a unit of data can be reordered in a controlled way to give a scrambled signal. Each unit of data, such as a 64 KB block, can be scrambled in a defined way, then a descriptor which characterizes that scrambling can be encrypted using a key and the encoded descriptor can be stored with the relevant block of data. A single key can be used to decrypt any scrambling descriptor and the descriptor can be changed for each unit of data, that is, each unit of data can be independently scrambled. With a key available, it is relatively straightforward to correctly reorder the scrambled data into the original, "clear text" format. With no key, if a sufficiently complex scrambling method has been chosen, it can be challenging to identify the correct key by trial and error, particularly since each data unit is scrambled in a different pattern. With the key, a moderately complex scrambling method will not have a significant effect on data reconstruction rate and thus becomes transparent to the user.
This copy protection becomes much more powerful if the key can be changed for different units of primary information, for example for each movie title.
Storage and access to this key raises an interesting challenge, but this can be managed very conveniently by using a separate encryption mode to secure the key and provide it in a coordinated fashion with the program of interest. One way to do this is to store the key in a secure manner on the same storage medium as the scrambled information. The mechanism of this separate storage mode can be set at a desired level of complexity. One preferred mode is to make this key inaccessible by typical access operations, but readily accessible through special operations. Specifically, in just one preferred embodiment, the key may be stored at a location which is inaccessible to a host computer which can only access a logical block address, but readily accessible to a drive control unit, which may be designed to access a specific physical address, preferably not a logical block address. This access capability can be designed into the drive control unit, and the relevant key can be stored at the corresponding location when the media is prepared.
Subsequent manipulation of the key can be under close security. Since the key need be extracted only once, taking even several seconds to extract and/or transfer the key will not have a significant impact on the user. In one preferred embodiment, a public/private key pair is stored in a disk drive mechanism and a second public /private key pair is stored in a decryption /decode unit such as an MPEG2 decoder. The key pairs are used to establish a secure channel of communication between the disk drive and the decoder and, once the channel is secure, a message can be read safely from the storage medium into the decoder even if the data path for the channel between these elements is unsecure. This message is the information content or message protected using the high-level security scheme, but is itself the key for the low-level security scheme. Passing this encrypted key over a secure channel makes it extremely difficult to intercept the key and use it for improper purposes.
This inhibits casual copying by setting up the system so that the data flow path between a source, such as a DVD-ROM drive, and a destination, such as an MPEG decoder carries only scrambled information and decryption to clear text occurs only in an isolated portion of the system, preferably within a special descrambler/ decoder unit. The scheme cannot be defeated except by system patches, and a new patch is required for each title defeated, that is for each new title encryption key.
Scrambling and encrypting the primary information means that a read of the media by a system that does not implement correct decoding will give unintelligible results. Only the application software, with a little help from the operating system, can allow correct decoding of the primary information, as in correct decoding and display of a movie.
Distributing the copy protection elements balances the economic and processing power burden so that no single part of the overall system bears all the cost and effort of protecting the valuable information. Modifying the media format to carry scrambled data and modifying the drive to take advantage of its closed sub-system status balances these costs. Moving the implementation burden on the computer system toward the peripheries, i.e. the media, the mass storage device, and the application software minimizes the impact on the operating system software and motherboard hardware. This method and apparatus avoids the need to create new high bandwidth information flow paths and new file systems while providing useful protection for the valuable source information.
One object of this invention is to provide reasonably effective prevention of casual copying by a user.
Another object of this invention is to provide a copy protection scheme with little or no impact on or modification of the traditional, primary computer components.
Still another object of this invention is to minimize the performance impact of the protection scheme by selectively protecting the most unique or most valuable portions of a data stream. This and other objects and advantages of the invention, as well as the details of an illustrative embodiment, will be more fully understood from the following specification and drawings.
Brief Description of the Drawings Figure 1 illustrates an apparatus useful in practicing this invention.
Figures 2A, 2B and 2C illustrate a source data structure in its original form (2A), then formatted and addressed after scrambling (2B) and then formatted and addressed after encrypting the scrambling vector (2C).
Figure 3 illustrates encryption of a 32 element scrambling vector. Figure 4 illustrates descrambling inside an MPEG2 decoder.
Description of the Preferred Embodiments
Representative elements and the process of a preferred implementation of the copy protection scheme are described below. A preferred embodiment will be described by way of example. Figure 1 gives a schematic of the complete system. Note that the MPEG decoder is depicted as a hardware element, but the copy protection method can be used, perhaps with a lesser degree of protection, when the MPEG decoder is a software process. A more generic system includes only a medium, a reader for that medium, a destination for information from that medium, and a channel between the reader and the destination.
The medium does not need to be physically close to the destination. For example, the source information might be stored on a server such as a video- on-demand server, and the destination might be located many miles away, as in a set top box, cable decoder, or other interface. For example, the server might include a reader which securely transfers a decryption key to the destination in a user's home, then communicates a scrambled data stream over some channel to the destination where it is descrambled according to the decryption key.
The channel for communicating the decryption key need not be the same as the channel for communicating the encoded, bulk information, but a single channel might be used for both purposes. A channel might be a data path through a computer but might also be a telephonic, television cable or satellite link or even a combination of two or more such links. The decoding can be done after any number of intervening transfers of the encoded digital information. One useful example would be a decoder coupled directly to a television set for direct and secure transmission of an encoded movie from a source to an end user.
The channel can include several connected data paths and still safely transfer encoded information. For example, the primary information may be stored in encoded form on a server. That server might be connectable through several separate links, perhaps telephone or cable switching boxes, until final delivery to a decoder.
One encoding scheme is used to encode the primary data. A key for this scheme is maintained according to one or more of a variety of methods. A second encoding scheme is used to transfer the key from a secure location to a location for use in decoding the primary data. In a preferred embodiment, the key for the primary data is stored with the data in a generally inaccessible location. This might be in a special track or location on a disk containing the primary information. Alternatively, this might be maintained on a server as in, for example, a video-on-demand system, or in a selected-access system as in, for example, a pay-per-view system. The specific encoding scheme for the primary information may take any of a variety of forms. Some encoding schemes are known in the art but there are other, new schemes that are particularly useful. One particularly useful scheme is a simple scrambling scheme where the scrambling key is sufficiently complex to make brute-force decoding difficult, but simple enough to allow for rapid decryption when the correct key is available. The encoding scheme for the secondary information, here the scrambling or primary information key itself, also may take any of a variety of forms. In one preferred form, this secondary encoding uses two pairs of private and public keys to establish a secure channel between the reader, for example the device where the primary key is maintained, and the destination, for example the device where the primary key is to be used.
As illustrated in Figure 1, there are five keys involved in one preferred implementation of the copy protection apparatus of this invention, one for the primary information and four for secure transfer of that key.
Secure Transfer of the Primary Information Key
In one preferred embodiment, the primary information key is placed on the media during manufacture. It may be stored in a location or sub channel that is readily accessible to the drive controller but difficult or impossible to access otherwise. In a preferred embodiment, is not in an area that is addressable by logical block address (LBA) and thus is not accessible by devices other than the drive controller itself. This primary information key is transferred as the message for a public key/private key transaction through the open computer system to a descrambler where it is used to descramble the primary information.
The drive controller is possessed of a public key and a private key, and has the capability of receiving another entity's public key. The drive can then encrypt a message using its private key and the received public key. This encrypted message can be requested by the operating system and passed to the owner of the non-drive public key, the destination.
The non-drive entity can then use its own private key and the drive's public key to decrypt the received message. As noted above, the key on the media is the message for the second encoding system. Thus the key for the primary encoding is itself encoded using the second encoding system and transferred through the open computer system to the non-drive entity, where it is decoded according to the second encoding scheme. This key can then be loaded into the primary decoding system and used directly.
The key encoding transaction described above uses very robust encryption which may be computationally intensive. However the size of the message is small and the transaction is a one time thing which is done at startup. The complexity of this encryption allows for a very high level of security. Since this encryption and decryption take place infrequently, preferably only at startup, there is very little penalty to taking some time. A typical user will not mind and may not even notice a delay of up to even a few seconds during the initiation or loading of a media title. One preferred sequence of events in just one preferred embodiment is as follows.
The primary information is MPEG encoded data. The main channel (not shown - part of information stream 12) from the DVD media 11 contains MPEG encoded data. The DVD version of MPEG contains multiple opportunities for scrambling. Scrambling bits are defined and /or reserved bits exist in Video, Audio, Sub-picture, Data Search Information, and Video Blanking Information packs.
The copy protection method described here scrambles the video and /or audio and /or sub pictures. An encoded version of the scrambling control bits are then inserted into the MPEG stream. Direct de-scrambling based on the inserted scrambling control bits will not give the correct results. To obtain correct de-scrambling, the scrambling control bit stream must be processed through a decoder, such as a tapped shift register. The primary information key includes information on the correct setup of the decoder, such as position of the taps for correct scrambling control bit decoding. This primary information key is put on the media in a sub channel or an area that is addressable by physical address, but not by logical block address. This last requirement means the drive controller can access the information needed for decoding scrambling control, but the host system 16 cannot obtain it by a read command to a logical block address. The drive controller 13 is designed to pass this information over to the host system 16 only in encrypted form using the controller's private key and the public key of the intended recipient. In Figure 1 the intended recipient is the MPEG decoder 40, particularly the descrambling unit illustrated by its buffer area 41.
The recipient, MPEG decoder 40, uses its private key and the controller's public key to decrypt the information that originated in the media sub channel or logically unaddressable regions. If the scrambled MPEG data stream 12 is directed to a recording device, the copy protection scheme is not defeated because the information to properly decode the scrambling control bits is not present in any form. The required information passes through the host in encrypted form only and is therefore useless even if trapped and recorded. The operating system brokers the exchange of public keys between the controller and the MPEG decoder at startup.
At startup, the DVD-ROM device driver (not shown, part of system software) requests the operating system to provide the public keys of any installed MPEG2 decoders. The operating system obtains public keys from drive 10 and MPEG2 decoder 40 (if present). The operating system provides the public key of the decoder 40 to the drive 10 and public key of the drive 10 to the decoder 40. The DVD-ROM device driver refuses to accept any MPEG decoder public key except during the startup sequence. This give some extra security against impersonation.
Use of the Primary Information Key
During primary data transfer operation, the primary information key is used by the recipient, e.g. the MPEG decoder, to correctly reorder the scrambled logical blocks received by streaming off of the storage device, e.g. a DVD disk. The specific function of the primary information key depends on the specific scrambling scheme. One preferred scrambling scheme is described below. Once transferred to the recipient, the primary information key is inserted into an appropriate decoder, then used to unscramble the primary data stream. In a preferred embodiment, the primary data stream is scrambled MPEG data which is descrambled to give a traditional MPEG data stream which then is decoded to give a video image, for example, an NTSC standard image or an RGB image, which can be displayed on an appropriate monitor.
Scrambling Scheme
The preferred scrambling scheme is designed to be computationally intensive to break if attacked as a jig saw puzzle, but easy to reorder if the key is available. A data unit is divided into smaller units, which are then rearranged according to a selected scheme. Information for reordering that data unit is stored for retrieval in conjunction with that data unit. This might take the form of a scrambling vector, which might be stored in a subheader or perhaps embedded in the scrambled data unit. The information can be further protected by encoding the scrambling vector according to an encryption scheme, using a selected primary information key. The same process can be repeated for subsequent data units, but each data unit can be rearranged in a different order. In each instance, the scrambling vector is retrievable and can be reassociated with its corresponding data unit. The same primary information key can be used to encode a series of scrambling vectors. The primary information key, along with each particular instance of the encoded scrambling vector, is used to decode the scrambling vector which in turn is used to correctly reorder the data unit.
In one particularly preferred embodiment, a selected program, such as a movie title, is divided into data units, each of which is scrambled individually, and each scrambling vector is encoded using a single key. That primary information key can be stored with the primary program, and each program can use a different primary information key. The specific scrambling and descrambling schemes can be implemented in specialized hardware for rapid and convenient playback of the primary program. Figures 2A, 2B, 2C, 3 and 4 describe one scrambling embodiment that uses a scrambling vector subheader on 2 KB data blocks. If the user data stream (information or primary data stream) has places to put this scrambling vector data, it could be placed inside the user data and no subheader would be necessary. Referring to Figures 2A, 2B and 2C, Figure 2A illustrates representative, primary data as formatted and addressed before scrambling. The data to scramble is segmented into groups of 32 sequential blocks, also referred to as sectors, each having a logical block address (LBA), each containing 2 KB for a total of 64 KB. Data in this form is considered clear text. For example, if it were MPEG2 movie data, it would be directly decodable by an MPEG2 decoder conforming to the published standards.
Changing the order of the sequential blocks scrambles the primary information. Figure 2B illustrates data as formatted and addressed after scrambling of LBAs and user data blocks in the 64 KB sequence. There are 32! distinct ways to randomly assign the data blocks to the 32 LBAs in each 64 KB sequence. The illustrated order, 5, 31, 17, ..., 22, is merely illustrative. Each group of 32 sectors can be scrambled independently and the correct position within the group given by the value of the Scrambling Vector Element (SVE) placed in a subheader. Figure 2C illustrates data as formatted and addressed after scrambling of
LBAs and user data blocks in the 64 KB segment. The scrambled form, SV*, of the scrambling vector, SV, is now placed in the subheaders of the group of 32 sectors. The SV*E user data are mastered onto the media, such as a DVD disc, in the sequence shown in Figure 2C. If the data stream is a scrambled MPEG2 movie, a standard MPEG2 decoder will not be able to make any sense out of it in the scrambled form.
Referring to Figure 3, this figure shows encryption of a 32 element scrambling vector. The elements of the scrambling vector are encrypted using a reversible algorithm whose parameters are defined by the media key, Kjviedia • Recall this is the key that is only readable by the drive 10, and this key is never passed as clear text through the open system. There are a number of simple approaches available for encrypting the scrambling vector, such as tapped shift registers, pseudo random sequence generators, etc.
Referring to Figure 4, descrambling is done inside MPEG2 decoder 40. The descrambling buffer area 41 is equal to or greater than the 64 KB of user data plus the 32 byte overhead of the SV*. Typical memory allocation might be done on 1 KB boundaries, so handling the SV* and converting it back to SV might necessitate 65 KB for the descrambling buffer area. The internal output is a clear text MPEG data stream which is then decoded to give final output 19 as uncompressed video.
Other data streams can be processed in an analogous manner.
Another preferred scrambling scheme reorders only part of the user data block. An MPEG data stream includes high order bits that define information about the sequence of the user data blocks. If data blocks including this information were simply reordered, it would be possible to use those specific bits to reassemble the data in the correct order. However, if only part of the user block is reordered and the expected sequence information is left untouched, the user blocks will be corrupted because the first part of the user block will be matched with the second part of a different user block. In a preferred implementation, the first half of each block is untouched while the second half of each block is reordered as described above in connection with Figures 2A, 2B and 2C. The scrambling vector is prepared, encoded and stored as described above. This scheme still has 32! possible combinations. Since each data unit can be reordered using a different scrambling vector, descrambling will be difficult without the key, but simple with the correct primary information key.
The size of the data unit affects the complexity of encoding and decoding. The example above describes a data unit subdivided into 32 blocks. This allows reordering in 32! possible combinations which gives a fairly complex, and thus secure, encoding scheme. In the DVD specification, a standard data unit is 32 KB of 2 KB subunits. This provides 16 blocks which can be reordered as decribed above, to give 16! possible combinations of scrambled data.
A media drive controller can be designed to support this scheme at minimal cost impact. As far as the transferring a scrambled primary data stream, a traditional drive controller need not be modified at all. To support the secondary encoding, the drive controller needs to maintain a public and a private key had be able to support the selected encryption scheme. To support the preferred embodiment of storing the primary information key in a special location on the media, the drive controller needs to be designed to achieve the needed access and transfer the key appropriately.
The recipient similarly may need only minor modification. If the data stream decoder is a separate unit, there may be no need to modify the decoder. In a preferred embodiment, the recipient is or is coupled to a descrambler unit which in turn is tightly coupled to a decoder such as an MPEG decoder. The descrambler unit should support the selected scrambling scheme and should manage the primary information key as needed. In a preferred embodiment, the descrambler manages a public and a private key, interfacing with the secure data channel, receiving and decrypting the primary information key, and using the primary information key to descramble the primary information. A general description of the device and method of using the present invention as well as a preferred embodiment of the present invention has been set forth above. One skilled in the art will recognize and be able to practice many changes in many aspects of the device and method described above, including variations which fall within the teachings of this invention. The spirit and scope of the invention should be limited only as set forth in the claims which follow.

Claims

C l a i m s
What is claimed is: 1. An apparatus for providing two levels of copy protection, said apparatus comprising first means for copy protecting information, said first means including a key, and second means for copy protecting information, said second means applied to said key for said first means. 2. The apparatus of claim 1 wherein said first means for copy protecting information is a selective disordering of an information data stream and said key can be used to correctly reorder the disordered information data stream. 3. The apparatus of claim 1 further comprising two devices connected by a communication channel and wherein said second means for copy protecting information is a means to provide a secure communication channel between two devices. 4. The apparatus of claim 3 wherein said second means for copy protecting information includes use of a public and private key by at least one of said two devices. 5. The apparatus of claim 3 wherein said key for said first means for copy protecting information is encoded for transmission over said communication channel between said two devices. 6. The apparatus of claim 1 further comprising a source of information encoded according to a first means for copy protection, a decoder for said information according to said first means for copy protection, using said key, a storage location for said key, a means for communicating between said storage location and said decoder, wherein said second means for copy protecting information comprises means for encoding said key for secure communication between said storage location and said decoder.
PCT/US1997/008264 1996-05-23 1997-05-15 Method and apparatus for two-level copy protection WO1997044736A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU32063/97A AU3206397A (en) 1996-05-23 1997-05-15 Method and apparatus for two-level copy protection

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US65286296A 1996-05-23 1996-05-23
US08/652,862 1996-05-23

Publications (1)

Publication Number Publication Date
WO1997044736A1 true WO1997044736A1 (en) 1997-11-27

Family

ID=24618492

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1997/008264 WO1997044736A1 (en) 1996-05-23 1997-05-15 Method and apparatus for two-level copy protection

Country Status (2)

Country Link
AU (1) AU3206397A (en)
WO (1) WO1997044736A1 (en)

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1010291A1 (en) * 1997-09-05 2000-06-21 Intel Corporation A tamper resistant player for scrambled contents
WO2000058963A2 (en) * 1999-03-26 2000-10-05 Liquid Audio, Inc. Copy security for portable music players
EP1061516A1 (en) * 1999-06-08 2000-12-20 Deutsche Thomson-Brandt Gmbh Method for play back of an encrypted piece of information recorded on an information carrier and play back apparatus for use within said method
EP1083560A2 (en) * 1999-09-10 2001-03-14 Eastman Kodak Company Hybrid optical recording disc with copy protection
EP1139064A1 (en) * 2000-03-30 2001-10-04 Mannesmann VDO Aktiengesellschaft Vehicle navigation system with a protected storage medium
WO2002003385A1 (en) * 2000-07-05 2002-01-10 Moskowitz Scott A Copy protection of digital data combining steganographic and cryptographic techniques
US6385596B1 (en) 1998-02-06 2002-05-07 Liquid Audio, Inc. Secure online music distribution system
WO2002052388A2 (en) * 2000-12-27 2002-07-04 Internet Extra Ltd. Method and apparatus for controlling access to multimedia files
WO2002078223A2 (en) * 2001-03-23 2002-10-03 Trend Network Ag Mobile multimedia device
GB2377514A (en) * 2001-07-05 2003-01-15 Hewlett Packard Co Document encryption permitting indexing by a search engine
US6598162B1 (en) 1996-01-17 2003-07-22 Scott A. Moskowitz Method for combining transfer functions with predetermined key creation
WO2005083701A1 (en) * 2004-02-26 2005-09-09 Robert Bosch Gmbh Drive for a data carrier by a navigation system
US7543122B2 (en) * 2005-08-11 2009-06-02 Research In Motion Limited System and method for obscuring hand-held device data traffic information
USRE44222E1 (en) 2002-04-17 2013-05-14 Scott Moskowitz Methods, systems and devices for packet watermarking and efficient provisioning of bandwidth
US8930719B2 (en) 1996-01-17 2015-01-06 Scott A. Moskowitz Data protection method and device
US9070151B2 (en) 1996-07-02 2015-06-30 Blue Spike, Inc. Systems, methods and devices for trusted transactions
US9191206B2 (en) 1996-01-17 2015-11-17 Wistaria Trading Ltd Multiple transform utilization and application for secure digital watermarking
US9258116B2 (en) 1996-07-02 2016-02-09 Wistaria Trading Ltd System and methods for permitting open access to data objects and for securing data within the data objects
US9270859B2 (en) 1999-03-24 2016-02-23 Wistaria Trading Ltd Utilizing data reduction in steganographic and cryptographic systems
US9710669B2 (en) 1999-08-04 2017-07-18 Wistaria Trading Ltd Secure personal content server
US9740373B2 (en) 1998-10-01 2017-08-22 Digimarc Corporation Content sensitive connected content
EP1840784B2 (en) 2004-11-15 2018-06-20 MegaChips Corporation Semiconductor memory device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4168396A (en) * 1977-10-31 1979-09-18 Best Robert M Microprocessor for executing enciphered programs
US4903296A (en) * 1984-09-14 1990-02-20 International Business Machines Corporation Implementing a shared higher level of privilege on personal computers for copy protection of software
US5058162A (en) * 1990-08-09 1991-10-15 Hewlett-Packard Company Method of distributing computer data files
US5224166A (en) * 1992-08-11 1993-06-29 International Business Machines Corporation System for seamless processing of encrypted and non-encrypted data and instructions
US5319705A (en) * 1992-10-21 1994-06-07 International Business Machines Corporation Method and system for multimedia access control enablement
US5438622A (en) * 1994-01-21 1995-08-01 Apple Computer, Inc. Method and apparatus for improving the security of an electronic codebook encryption scheme utilizing an offset in the pseudorandom sequence

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4168396A (en) * 1977-10-31 1979-09-18 Best Robert M Microprocessor for executing enciphered programs
US4903296A (en) * 1984-09-14 1990-02-20 International Business Machines Corporation Implementing a shared higher level of privilege on personal computers for copy protection of software
US5058162A (en) * 1990-08-09 1991-10-15 Hewlett-Packard Company Method of distributing computer data files
US5224166A (en) * 1992-08-11 1993-06-29 International Business Machines Corporation System for seamless processing of encrypted and non-encrypted data and instructions
US5319705A (en) * 1992-10-21 1994-06-07 International Business Machines Corporation Method and system for multimedia access control enablement
US5438622A (en) * 1994-01-21 1995-08-01 Apple Computer, Inc. Method and apparatus for improving the security of an electronic codebook encryption scheme utilizing an offset in the pseudorandom sequence

Cited By (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9191205B2 (en) 1996-01-17 2015-11-17 Wistaria Trading Ltd Multiple transform utilization and application for secure digital watermarking
US9191206B2 (en) 1996-01-17 2015-11-17 Wistaria Trading Ltd Multiple transform utilization and application for secure digital watermarking
US9171136B2 (en) 1996-01-17 2015-10-27 Wistaria Trading Ltd Data protection method and device
US9104842B2 (en) 1996-01-17 2015-08-11 Scott A. Moskowitz Data protection method and device
US6598162B1 (en) 1996-01-17 2003-07-22 Scott A. Moskowitz Method for combining transfer functions with predetermined key creation
US9021602B2 (en) 1996-01-17 2015-04-28 Scott A. Moskowitz Data protection method and device
US8930719B2 (en) 1996-01-17 2015-01-06 Scott A. Moskowitz Data protection method and device
US9830600B2 (en) 1996-07-02 2017-11-28 Wistaria Trading Ltd Systems, methods and devices for trusted transactions
US9258116B2 (en) 1996-07-02 2016-02-09 Wistaria Trading Ltd System and methods for permitting open access to data objects and for securing data within the data objects
US9070151B2 (en) 1996-07-02 2015-06-30 Blue Spike, Inc. Systems, methods and devices for trusted transactions
US9843445B2 (en) 1996-07-02 2017-12-12 Wistaria Trading Ltd System and methods for permitting open access to data objects and for securing data within the data objects
EP1010291A4 (en) * 1997-09-05 2002-01-02 Intel Corp A tamper resistant player for scrambled contents
EP1010291A1 (en) * 1997-09-05 2000-06-21 Intel Corporation A tamper resistant player for scrambled contents
US6385596B1 (en) 1998-02-06 2002-05-07 Liquid Audio, Inc. Secure online music distribution system
US6868403B1 (en) 1998-02-06 2005-03-15 Microsoft Corporation Secure online music distribution system
US9740373B2 (en) 1998-10-01 2017-08-22 Digimarc Corporation Content sensitive connected content
US10461930B2 (en) 1999-03-24 2019-10-29 Wistaria Trading Ltd Utilizing data reduction in steganographic and cryptographic systems
US9270859B2 (en) 1999-03-24 2016-02-23 Wistaria Trading Ltd Utilizing data reduction in steganographic and cryptographic systems
WO2000058963A2 (en) * 1999-03-26 2000-10-05 Liquid Audio, Inc. Copy security for portable music players
US6367019B1 (en) 1999-03-26 2002-04-02 Liquid Audio, Inc. Copy security for portable music players
WO2000058963A3 (en) * 1999-03-26 2001-01-04 Liquid Audio Inc Copy security for portable music players
EP1061516A1 (en) * 1999-06-08 2000-12-20 Deutsche Thomson-Brandt Gmbh Method for play back of an encrypted piece of information recorded on an information carrier and play back apparatus for use within said method
US9710669B2 (en) 1999-08-04 2017-07-18 Wistaria Trading Ltd Secure personal content server
US9934408B2 (en) 1999-08-04 2018-04-03 Wistaria Trading Ltd Secure personal content server
EP1083560A3 (en) * 1999-09-10 2003-10-08 Eastman Kodak Company Hybrid optical recording disc with copy protection
EP1083560A2 (en) * 1999-09-10 2001-03-14 Eastman Kodak Company Hybrid optical recording disc with copy protection
US10110379B2 (en) 1999-12-07 2018-10-23 Wistaria Trading Ltd System and methods for permitting open access to data objects and for securing data within the data objects
US10644884B2 (en) 1999-12-07 2020-05-05 Wistaria Trading Ltd System and methods for permitting open access to data objects and for securing data within the data objects
US7185369B2 (en) 2000-03-30 2007-02-27 Mannesmann Vdo Ag Motor vehicle navigation system having a protected storage medium
EP1338944A3 (en) * 2000-03-30 2006-09-27 Siemens Aktiengesellschaft Method for activating a file by means of a vectorial code
EP1338943A3 (en) * 2000-03-30 2006-09-27 Siemens Aktiengesellschaft Method for activating a file on a navigation system
EP1139064A1 (en) * 2000-03-30 2001-10-04 Mannesmann VDO Aktiengesellschaft Vehicle navigation system with a protected storage medium
WO2002003385A1 (en) * 2000-07-05 2002-01-10 Moskowitz Scott A Copy protection of digital data combining steganographic and cryptographic techniques
WO2002052388A3 (en) * 2000-12-27 2003-11-06 Internet Extra Ltd Method and apparatus for controlling access to multimedia files
WO2002052388A2 (en) * 2000-12-27 2002-07-04 Internet Extra Ltd. Method and apparatus for controlling access to multimedia files
WO2002078223A2 (en) * 2001-03-23 2002-10-03 Trend Network Ag Mobile multimedia device
WO2002078223A3 (en) * 2001-03-23 2003-01-30 Trend Network Ag Mobile multimedia device
GB2377514A (en) * 2001-07-05 2003-01-15 Hewlett Packard Co Document encryption permitting indexing by a search engine
US7436956B2 (en) 2001-07-05 2008-10-14 Hewlett-Packard Development Company, L.P. Document encryption
GB2377514B (en) * 2001-07-05 2005-04-27 Hewlett Packard Co Document encryption
US9639717B2 (en) 2002-04-17 2017-05-02 Wistaria Trading Ltd Methods, systems and devices for packet watermarking and efficient provisioning of bandwidth
USRE44307E1 (en) 2002-04-17 2013-06-18 Scott Moskowitz Methods, systems and devices for packet watermarking and efficient provisioning of bandwidth
USRE44222E1 (en) 2002-04-17 2013-05-14 Scott Moskowitz Methods, systems and devices for packet watermarking and efficient provisioning of bandwidth
US10735437B2 (en) 2002-04-17 2020-08-04 Wistaria Trading Ltd Methods, systems and devices for packet watermarking and efficient provisioning of bandwidth
US7756628B2 (en) 2004-02-26 2010-07-13 Robert Bosch Gmbh Navigation system including a drive for reading out navigation data and a method for operating a navigation system
WO2005083701A1 (en) * 2004-02-26 2005-09-09 Robert Bosch Gmbh Drive for a data carrier by a navigation system
EP1840784B2 (en) 2004-11-15 2018-06-20 MegaChips Corporation Semiconductor memory device
US7900001B2 (en) 2005-08-11 2011-03-01 Research In Motion Limited System and method for obscuring hand-held device data traffic information
US7543122B2 (en) * 2005-08-11 2009-06-02 Research In Motion Limited System and method for obscuring hand-held device data traffic information

Also Published As

Publication number Publication date
AU3206397A (en) 1997-12-09

Similar Documents

Publication Publication Date Title
WO1997044736A1 (en) Method and apparatus for two-level copy protection
US6810387B1 (en) Copy prevention apparatus and method in digital broadcasting receiving system
US7493662B2 (en) Data nullification device for nullifying digital content recorded on a recording medium, after the digital content has been reproduced, a predetermined time period has passed since the recording of the digital content, or the digital content has been moved to another recording medium
EP1163798B1 (en) Method and apparatus for securing control words
US6118873A (en) System for encrypting broadcast programs in the presence of compromised receiver devices
US8677152B2 (en) Method and apparatus for encrypting media programs for later purchase and viewing
KR100749947B1 (en) System, method and apparatus for securely providing content viewable on a secure device
KR100413682B1 (en) Method for controlling transmission and reception of data including ciphered data stream
AU739300B2 (en) Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels
US6898578B2 (en) Recording apparatus for recording digital information
EP1211898B1 (en) Content protection scheme for a digital recording device
KR20010024179A (en) Method and system for preventing unauthorized playback of broadcasted digital data streams
US8041034B2 (en) Multi-streaming apparatus and multi-streaming method using temporary storage medium
MXPA03009297A (en) Method of protecting recorded multimedia content against unauthorized duplication.
US6853727B1 (en) File table copy protection for a storage device when storing streaming content
US6957329B1 (en) System for encrypting data from multiple multimedia applications and method thereof
JP2004518203A (en) How to store encrypted data
US7099472B2 (en) Method and apparatus for securing digital video recording
GB2403882A (en) Encrypted content containing a content identification key is decrypted if the content identification key matches the identification key already known.
US20060077812A1 (en) Player/recorder, contents playing back method and contents recording method
JP2005032248A (en) Multimedia storage device having area for digital writing use only
JP2012124950A (en) Consumer electronic equipment receiving input digital data stream of picture and/or sound information digital signal
KR19980074137A (en) Device for preventing illegal copying of disk composite image data and its method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH HU IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK TJ TM TR TT UA UG UZ VN YU AM AZ BY KG KZ MD RU TJ TM

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH KE LS MW SD SZ UG AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: JP

Ref document number: 97542553

Format of ref document f/p: F

NENP Non-entry into the national phase

Ref country code: CA

122 Ep: pct application non-entry in european phase