WO2000021239A1 - Certificate handling for digital rights management system - Google Patents
Certificate handling for digital rights management system Download PDFInfo
- Publication number
- WO2000021239A1 WO2000021239A1 PCT/US1999/023447 US9923447W WO0021239A1 WO 2000021239 A1 WO2000021239 A1 WO 2000021239A1 US 9923447 W US9923447 W US 9923447W WO 0021239 A1 WO0021239 A1 WO 0021239A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- public
- certificate
- private
- key pair
- Prior art date
Links
- 238000000034 method Methods 0.000 claims description 67
- 238000012790 confirmation Methods 0.000 claims description 6
- 230000000977 initiatory effect Effects 0.000 claims description 3
- 238000004519 manufacturing process Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 7
- 238000013459 approach Methods 0.000 description 4
- 238000009434 installation Methods 0.000 description 3
- 238000007796 conventional method Methods 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000035515 penetration Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 229910052710 silicon Inorganic materials 0.000 description 1
- 239000010703 silicon Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
- G06F21/1011—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
- G06F2211/008—Public Key, Asymmetric Key, Asymmetric Encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2115—Third party
Definitions
- the present invention relates to generation, management and replacement of encryption keys, and more particularly relates to methods for generation, management and replacement of encryption keys in connection with the distribution and management of digital rights in encrypted text or other data.
- U.S. Patent Application S.N. 09/034,720 describes a secure reader for such information, typically though not necessarily for use with text, in which a unique private key is associated with each reader and a public key associated with that reader is available to the owner of the protected information.
- the owner of the information encrypts the information with the public key, and the information is thereafter downloaded to the associated reader.
- the reader then decrypts the information with the internally-maintained private key, allowing the user to view the decrypted information. While this approach offers many advantages, it is important that the public and private security keys not be readily available together during the manufacturing process to avoid potential abuse such as theft or hacking.
- the present invention overcomes many of the limitations of the prior art and, more particularly, provides a secure system and method for generating and distributing encryption keys both during manufacturing and thereafter, and for transferring existing digital rights in data from a first device to a replacement or other device.
- the system and method for generating key pairs during the manufacturing process makes it possible to generate the key pairs without both keys in the key pair existing in an insecure environment at any time.
- the present invention permits distributed generation of the public and private keys, with the factory installing secure versions of the key pair in the reading device.
- the reading device, or reader is then used to transport the public key in a secure way to an authentication server.
- the factory public key must be registered with the authentication server, and the authentication server public key must be registered with the factory server or other equipment.
- the factory equipment automatically generates an encrypted form of the public/private key pair and further generates an appropriate, unique indicia indicative of the associated device.
- This indicia can also be read directly from the device if the device has an unique indicia built into the hardware, such as a "silicon serial number" available in many CPU and peripheral integrated circuits.
- the indicia and the new public key of the device is then encrypted with the public key of the authentication server, and appends to the indicia the authentication server public key.
- the indicia and appended public key are then hashed and signed with the factory private key to generate a device certificate, which is sent to the electronic reader.
- the electronic reader receives the device certificate, authenticates it and, if authentic, compares a portion of the indicia to ensure the certificate is truly intended for the recipient reader. If so, the device private key is installed as well as the authentication server public key; the remainder of the indicia and the encrypted device public key are stored and the reader is ready to ship.
- the user registers the reader with an appropriate entity having certificate authority such as the authentication server.
- certificate authority such as the authentication server. This is accomplished by the device uploading the encrypted indicia and encrypted device public key, either directly or though another computer connected to the Internet, Once uploaded, the authentication server decrypts the device public key and authenticates the package using the factory public key. If authentic, it registers the device public key in the database. Additional user-specific information is typically encoded by the authentication server to generate a user certificate, which is encrypted with the device public key and signed by the private key of the certificate authority.
- the User Certificate contains a different public/private key pair that will be used for decrypting content.
- the public key is registered in the authentication server database, and the private key is put into a secure archive.
- the sequence number of the certificate is set to a low number.
- the user certificate is then provided to and installed by the reader.
- the user certificate is then decrypted and authenticated with the device private key and the authentication server public key both installed at the factory, and the result of the authentication process is provided to the authentication server. If successful, the user certificate is now associated with the specific electronic reader and the process completes.
- the user initiates a certificate movement which causes the authentication server to start a revocation process.
- the revocation process generates a revocation certificate.
- the certificate is sent to the first device where it is decrypted and authenticated.
- the device responds back to the authentication server or other appropriate certificating authority with a revocation acknowledge, and the authentication server authenticates the response. If authenticated, the revocation is recorded as successful and the first reader is no longer authorized to view the protected information.
- the authentication server or other certificating authority then generates a new user certificate using the old public and private keys This is done by looking up the user's public key in the key database, and retrieving the private key from the secure archive. It also looks up the sequence number of the user certificate and increases the value. The new sequence number is built into the customer certificate. The new user certificate is then sent to and installed by the second device, after which the second device sends a confirmation to the authentication server. This permits the user to continue to exercise all rights he had with the first unit, including reading, downloading or otherwise using the protected information in any permissible way.
- Figure 1 shows generally a secure distribution system for management of digital rights in accordance with the present invention.
- Figure 2 shows in flow diagram form an exemplary implementation of a secure key pair generation and installation system and method in accordance with the present invention.
- Figure 3 shows in flow diagram form the registration of an electronic reader and the certificate generation associated therewith.
- Figures 4A-4B shows in flow diagram form an implementation of the steps for generating and authenticating a user certificate as part of the registration process of Figure 3.
- Figure 5 shows in flow diagram form the movement of a user certificate and associated key pair from a first user device to a second user device.
- Figure 6 shows in flow diagram form the details of the revocation process included in the overall process of Figure 5.
- a publisher server 100 contains thereon one or more files of protected information 105 such as the text of books, databases, code, graphics, or other information considered valuable by the owner.
- the files 105 are typically maintained in an unencrypted form on the publisher server 100, although in some embodiments the files of content may be maintained in encrypted form.
- the publisher server 100 may include an encryption process for securing content files before such files are transmitted in the manner described hereinafter.
- the certificate process described herein may be used with virtually any type of information, for purposes of example and simplification in the aid of understanding, the present invention will be described in the context of a text distribution system.
- a user PC 110 typically configured with Internet access and suitable front-end software 112 such as a Web browser (for example, NetscapeTM or Microsoft ExplorerTM, communicates with an electronic reader 115 as well as a retailer server 120.
- the reader 115 is typically identified by a unique indicia such as a serial number 117 and in a typical embodiment also includes a private encryption key 119 which may be uniquely associated with either a specific reader or a specific customer.
- the user PC typically has installed application software such as a Java applet or a helper application 125 which cooperates with a browser by querying the reader 115 to extract the reader serial number or other customer ID 117.
- the PC 110 may be rendered unnecessary in some embodiments by including in the reader 115 browser software and the ability to access the Internet. Alternatively, for some types of protected information, the functionality of the reader may be incorporated into a secure portion of a more generic device such as a PC.
- the customer browses a retailer's server 120 (for example, Amazon.com) and identifies selected books or text that the user wishes to purchase in electronic form. Once the customer begins the purchase transaction for the identified books (which typically includes providing ISBN numbers or other sufficient information to uniquely identify the book), the applet or helper application 125 provides the customer or reader specific indicia 117 to the retailer's server. Alternatively, this information can be entered manually, or could be stored as a cookie or on the server 120.
- a retailer's server 120 for example, Amazon.com
- the helper application 125 could be implemented as a plug-in, although plug-ins tend to be browser-specific and more complicated as a result.
- the retailer's server 120 is supplied with customer-specific indicia which permits subsequent authentication of the purchase and verification of the purchaser.
- the IP address of the user's PC may also be provided to the retailer server as part of the transaction.
- the user supplies appropriate payment information which may be, for example, a credit card number or other Internet-capable payment scheme.
- the retailer server 120 which may be any form of Internet-connected server, responds to a purchase request from a user by executing payment with an associated financial institution 130 such as a bank or other credit clearing house.
- the ID of the reader and the indicia of the requested publication (e.g., ISBN number) is supplied to an authentication server 135.
- the authentication server 135 provides several key functions including maintenance of a database of the electronic IDs, or keys, of the various readers. Also, the server 135 maintains a database identifying the publisher for a given ISBN number, including country in which the customer's reader is located. In addition, the authentication server 135 authenticates requests from those readers by ensuring that the ID received as part of a particular transaction matches the user maintained in the database. Further, the authentication server maintains a database of all purchases and related accounting information for each of the readers.
- the authentication server will execute a financial transaction with a bank 140 or other clearing house.
- the authentication server 135 typically passes to the publisher server 100 a confirmed request for a file 105 which represents the electronic version of the book requested by the user.
- the transaction is complete but for supplying the electronic file to the customer's reader.
- the customer may not wish to immediately download the file; in others, the customer may want an immediate download. If no download is requested, the process essentially terminates until a download is requested. Once a download is requested - which may come hours, days, weeks or more later - the request is acknowledged by the publisher server 100.
- the publisher server downloads the encrypted file 105 to the user's PC 110, via the plug-in or helper application 125; a web browser may also be used in at least some embodiments.
- the encryption is typically customized for the electronic ID of the particular reader 115, typically using the key or ID uniquely associated with that reader, so that the encrypted file can only be displayed as clear text on the requesting reader 115.
- the user's PC is not capable of decrypting the file, so that no clear text version of the book exists anywhere but the publisher's server. In this manner, copyright violations are avoided and the rights of the publisher are protected.
- it may be desirable not to use encryption in which case the encryption/decryption steps are simply eliminated.
- the user's PC stores the encrypted file 105 until the associated reader 115 establishes a communications link through any suitable protocol, including serial, parallel, USB, twisted pair, or infrared.
- the file is then downloaded to the reader 115, where appropriate decryption occurs and
- the distribution scheme of the present invention never requires that the content represented by the file 105 be licensed to any intermediate holder; that is, neither the retailer server nor the authentication server need have any control over or custody of the content, which passes solely between the publisher
- the file 105 is maintained in encrypted form, although such encryption may not be required for all files 105. Nevertheless, for those files that are encrypted, the publisher or other copyright holder can be assured that unauthorized copies will not exist. In some embodiments, it may also be
- the reader 115 desirable to configure the reader 115 to decrypt only a page of text currently being displayed, so that the remaining text is maintained in fully encrypted form even within the reader 115.
- 20 equipment portion 700 shown in dotted lines at the left of the diagram represents the functions performed by the manufacturing equipment; the "electronic reader” portion 705 shown at the right in Figure 2 is performed at the reader level.
- step 710 The process of Figure 2 begins at step 710 with the generates of public/private key pair for the specific device, or reader 115. The process then advances to step 710
- a "Reg Ticket” is built that includes the Device Public Key, the date/time stamp, and the aforementioned serial numbers. That "Reg Ticket” is then encrypted at step 725, using the Authentication Server Public Key. The "Reg Ticket” is then amended at step 730 by appending to it the
- step 735 the amended Reg Ticket is then hashed and signed with the Factory Private Key to form a Device Certificate.
- the Device Certificate is then sent, at step 740, to the "electronic reader" portion 705, which in part of the reader 115 and the process advances to step 745 to await a response from the reader.
- the electronic reader 115 When the electronic reader 115 receives the Device Certificate at step 750, it authenticates the Device Certificate using the Factory Public Key at step 755. If the authentication fails, a security violation message is set at step 760 and the process halts. However, if the authentication succeeds, the actual serial number is compared with the Device Certificate internal serial number at step 765. If the authentication fails, an error is set at 770 and the process halts. If, as will more often be the case, the authentication succeeds, the reader installs the device private key at step 775. The reader thereafter installs the authentication server public key at step 780, and at 785 stores the encrypted Reg Ticket for later uplink to an authentication server, after which the device is deemed ready to ship at step 790. At that point the process sends a pass/fail status message back to the factory equipment, and the processes complete.
- the reader 115 is provided to a user, and the user will at some point desire to acquire protected information viewable on the reader. At that point the user connects to the distribution system described in U.S. Patent Application S.N. 09/034,720 filed 3/4/98, incorporated herein by reference, via the Internet or other appropriate connection, and initiates a registration process on the first use.
- the initiation of the registration process by the user is shown at step 800.
- the process is then carried forward in the electronic reader 115 and the authentication server, with each portion shown in Figure 3 respectively in dashed boxes 705 and 805.
- the process advances in the electronic reader portion 705 by the reader sending its Reg Ticket to an associated Certificate Authority at step 810.
- the Certificate Authority may, in an exemplary embodiment, be the authentication server 135, although it could be implemented in any convenient way.
- the certificate authority in this case will be assumed to be the authentication server 135.
- the authentication server Upon receipt of the Reg Ticket from the reader in step 810, at step 815 the authentication server authenticates the Reg Ticket, decrypts it using the authentication server private key and saves the Device Public Key.
- the authentication server then, at step 820, sends to the reader a request for such user- specific information as specified by the certificate authority or other appropriate authority. This data can be entered directly with the authentication server over a Web interface.
- the reader replies (or the Web form is submitted) at step 825 once the user inputs the necessary data, after which the authentication server 805 verifies and saves the customer information at step 830.
- the authentication server creates a new public/private key pair for the User Certificate.
- the Public key is recorded in the Authentication Server database, and the private key is moved to a secure archive.
- the User Certificate contains information about the user, the private user key, and sequence number for this user.
- the Certificate is then encrypted using the Device Public Key and signed using the Certificate Authority Private Key.
- the User Certificate is then sent to the reader at step 840.
- the reader receives the User Certificate at step 845, it is installed in the reader and the process advances to step 850 where the User Private Key is then decrypted, authenticated and installed. Whether the authentication and installation step is successful or not, the process advances to step 855 where the results are reported to the authentication server at step 860.
- the server receives and stores the success/fail status, and the process completes at steps 865 and 870, respectively, with the reader having an installed User Certificate and the authentication server portion of the process being done.
- Figure 4A which occurs in the authentication server, shows the process of generating a User Certificate
- Figure 4B which occurs in the electronic reader, shows the process of authenticating the User Certificate received from the authentication server.
- the User Certificate is generated by, at step 900, authenticating the Reg Ticket using the Factory Public Key. If the authentication is not successful, the process halts at step 905. However, in the more common instance of the authentication succeeding, at step 910 the Reg Ticket is decrypted using the Certificate Authority Private Key. This provides the Device Public Key, which is saved to a database at step 915.
- the Public/Private Keys are generated for the User Certificate, and saved to a database.
- the User Certificate is then amended at step 925 by adding the time and date revision, a sequence number, a customer ID and a header.
- the resultant User Certificate is then encrypted at step 930 using the Device Public Key, with the encrypted result being signed by using the Authentication Server Private Key at step 935.
- the User Certificate is then ready for sending to the reader, so the process completes at step 940.
- step 850 ( Figure 3) of authenticating and installing the User Certificate begins at step 945 with the authentication of the User Certificate using the Authentication Server Public Key. If authentication fails, the process halts at step 950; but if successful, the process advances to step 955 and the User Certificate is decrypted using the Device Private Key.
- step 960 a check is performed to determine whether the sequence number portion of the user certificate is greater than an existing user certificate (if any - in new registrations there will not be an existing certificate). If the sequence number is not greater, the process fails at step 965.
- step 965 the reader install the User Public Key and Customer information, uniquely associating that reader with a particular user.
- the process then completes at step 970.
- the certificate move process shown in Figures 5 and 6 which provide for movement of a certificate and the associated keys from a first device to a second device.
- the user receives a second device and desires to transfer his rights from the first device to the second device, and initiates the process by linking to the distribution system and more particularly to the authentication server, as shown at step 1010 of Figure 5.
- the authentication server responds at step 1015 by developing a revocation certificate to be sent to the first reader, which is then sent at step 1020.
- the first device if available, responds at step 1025 by revoking that reader's User Certificate, and sends back confirmation to the authentication server.
- the step 1025 may be held for later implementation in the event the reader does attempt to make contact at some point. For purposes of clarity, however, it will be assumed in this example that both devices are available.
- the authentication server receives confirmation of the revocation which occurred at step 1025, and at step 1035 the authentication server generates a new User Certificate with the old public and private keys, but with a higher sequence number.
- the process then advances to step 1040 where the new User Certificate is sent to the second device/reader.
- the new certificate is then installed in the second device at step 1045 and confirmation is returned to the server.
- the server receives the confirmation at step 1050, and completes with the second device being fully authorized to view any of the titles or other information acquired by the user of the first device. Simply put, the User certificate and associated public and private keys has been moved from the first device to the second device. Referring next to Figure 6, however, details of steps 1015 through 1030 shown generally in Figure 5 - the revocation steps - may be better appreciated. As shown generally in Figure 5, the subprocess begins with the user initiating key movement from the first to the second device at step 1010. This causes, at step 1110, the authentication server to create and save a Revocation Token of random numbers. Although random numbers are generally preferred for security reasons, non-random numbers or other indicia may be acceptable in some embodiments.
- the Revocation Token is then encrypted at step 1105 using the Authentication Server Private Key, after which the result is encrypted using the Device Public Key at step 1110.
- the double encrypted result is then signed at step 1115 with the Authentication Server Private Key and sent (at step 1120) to the first device as a Revocation Certificate.
- the first device receives the Revocation Certificate at step 1125, which it attempts to authenticate at step 1130. If the authentication fails, the process halts at step 1135. However, if successful, the process advances to step 1140 where the Revocation Token is decrypted from the Revocation Certificate using the Device Private Key. A revocation acknowledge token is then sent to the Authentication Server at step 1145.
- the authentication server receives the acknowledge token and decrypts it using the Authentication Server Private Key, and compares the result to the saved token number at step 1160. If the token does not match, the process halts at step 1165; but if a match exists, the revocation is deemed a success and is recorded in a database. At that point the step can advance to generating a new user certificate, as shown at step 1035 in Figure 5. It can thus be appreciated that an effective method for secure generation of public and private keys has been shown, together with a method for transferring those keys and the associated rights. Having fully described a preferred embodiment of the invention and various alternatives, those skilled in the art will recognize, given the teachings herein, that numerous alternatives and equivalents exist which do not depart from the invention. It is therefore intended that the invention not be limited by the foregoing description, but only by the appended claims.
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP99954786A EP1121779A4 (en) | 1998-10-07 | 1999-10-07 | Certificate handling for digital rights management system |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/168,000 | 1998-03-04 | ||
US09/168,000 US20010011238A1 (en) | 1998-03-04 | 1998-10-07 | Digital rights management system |
US09/168,351 | 1998-10-07 | ||
US09/168,351 US6513117B2 (en) | 1998-03-04 | 1998-10-07 | Certificate handling for digital rights management system |
Publications (3)
Publication Number | Publication Date |
---|---|
WO2000021239A1 true WO2000021239A1 (en) | 2000-04-13 |
WO2000021239A8 WO2000021239A8 (en) | 2000-08-17 |
WO2000021239A9 WO2000021239A9 (en) | 2000-10-05 |
Family
ID=26863708
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US1999/023447 WO2000021239A1 (en) | 1998-10-07 | 1999-10-07 | Certificate handling for digital rights management system |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP1121779A4 (en) |
WO (1) | WO2000021239A1 (en) |
Cited By (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001015162A2 (en) * | 1999-08-13 | 2001-03-01 | Microsoft Corporation | Methods and systems of protecting digital content |
WO2002001326A2 (en) * | 2000-06-27 | 2002-01-03 | Microsoft Corporation | System and method for client interaction in a multi-level rights-management architecture |
WO2002001330A2 (en) * | 2000-06-27 | 2002-01-03 | Microsoft Corporation | Method and system for binding enhanced software features to a persona |
WO2002010907A2 (en) * | 2000-05-10 | 2002-02-07 | Convera Corporation | Method of revoking_authorizations for software components |
WO2002029528A2 (en) * | 2000-10-05 | 2002-04-11 | Advanced Micro Devices, Inc. | System and method for preventing software piracy |
EP1202149A2 (en) * | 2000-10-24 | 2002-05-02 | Seiko Epson Corporation | System and method for digital content distribution |
EP1251422A2 (en) * | 2001-04-19 | 2002-10-23 | Nec Corporation | Copyright protection system and method thereof |
EP1376305A2 (en) * | 2002-06-27 | 2004-01-02 | Microsoft Corporation | Secure hardware identifier (HWID) for use in a digital rights management (DRM) system |
EP1456996A2 (en) * | 2001-12-21 | 2004-09-15 | Hewlett-Packard Company | Ownership of part-physical, part-virtual devices |
US6886098B1 (en) | 1999-08-13 | 2005-04-26 | Microsoft Corporation | Systems and methods for compression of key sets having multiple keys |
US6970849B1 (en) | 1999-12-17 | 2005-11-29 | Microsoft Corporation | Inter-server communication using request with encrypted parameter |
US6996720B1 (en) | 1999-12-17 | 2006-02-07 | Microsoft Corporation | System and method for accessing protected content in a rights-management architecture |
US7017189B1 (en) | 2000-06-27 | 2006-03-21 | Microsoft Corporation | System and method for activating a rendering device in a multi-level rights-management architecture |
US7047411B1 (en) | 1999-12-17 | 2006-05-16 | Microsoft Corporation | Server for an electronic distribution system and method of operating same |
US7051200B1 (en) | 2000-06-27 | 2006-05-23 | Microsoft Corporation | System and method for interfacing a software process to secure repositories |
US7065216B1 (en) | 1999-08-13 | 2006-06-20 | Microsoft Corporation | Methods and systems of protecting digital content |
US7158953B1 (en) | 2000-06-27 | 2007-01-02 | Microsoft Corporation | Method and system for limiting the use of user-specific software features |
US7171692B1 (en) | 2000-06-27 | 2007-01-30 | Microsoft Corporation | Asynchronous communication within a server arrangement |
US7188342B2 (en) | 2001-04-20 | 2007-03-06 | Microsoft Corporation | Server controlled branding of client software deployed over computer networks |
US7308573B2 (en) | 2003-02-25 | 2007-12-11 | Microsoft Corporation | Enrolling / sub-enrolling a digital rights management (DRM) server into a DRM architecture |
US7370017B1 (en) | 2002-12-20 | 2008-05-06 | Microsoft Corporation | Redistribution of rights-managed content and technique for encouraging same |
EP1962214A1 (en) * | 2005-11-22 | 2008-08-27 | Peking University Founder Group Co., Ltd | A digital works downloading method based on automatically banding removable device |
US7469263B2 (en) * | 2002-07-12 | 2008-12-23 | Fujitsu Limited | Content management system for archiving data, managing histories, validity of content registration certification wherein the management device encrypts the content in response to a content storage, encrypts the encryption key with the media ID |
US7536016B2 (en) | 2004-12-17 | 2009-05-19 | Microsoft Corporation | Encrypted content data structure package and generation thereof |
US7539875B1 (en) | 2000-06-27 | 2009-05-26 | Microsoft Corporation | Secure repository with layers of tamper resistance and system and method for providing same |
WO2015018775A1 (en) * | 2013-08-09 | 2015-02-12 | Viaccess | Method of providing a licence in a system for providing multimedia contents |
US9262594B2 (en) | 2008-01-18 | 2016-02-16 | Microsoft Technology Licensing, Llc | Tamper evidence per device protected identity |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5761306A (en) * | 1996-02-22 | 1998-06-02 | Visa International Service Association | Key replacement in a public key cryptosystem |
US5970147A (en) * | 1997-09-30 | 1999-10-19 | Intel Corporation | System and method for configuring and registering a cryptographic device |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
NZ306846A (en) * | 1995-06-05 | 2000-01-28 | Certco Llc | Digital signing method using partial signatures |
US6085320A (en) * | 1996-05-15 | 2000-07-04 | Rsa Security Inc. | Client/server protocol for proving authenticity |
-
1999
- 1999-10-07 EP EP99954786A patent/EP1121779A4/en not_active Withdrawn
- 1999-10-07 WO PCT/US1999/023447 patent/WO2000021239A1/en not_active Application Discontinuation
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5761306A (en) * | 1996-02-22 | 1998-06-02 | Visa International Service Association | Key replacement in a public key cryptosystem |
US5970147A (en) * | 1997-09-30 | 1999-10-19 | Intel Corporation | System and method for configuring and registering a cryptographic device |
Non-Patent Citations (1)
Title |
---|
MENEZES A J, VAN OORSCHOT P C, VANSTONE S A: "Handbook of Applied Cryptography", 1 January 1997, CRC PRESS, BOCA RATON, FL, US, ISBN: 978-0-8493-8523-0, article MENEZES A. J., ET AL.: "PUBLIC-KEY ENCRYPTION.", pages: 283/284., XP002922356, 022821 * |
Cited By (66)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7158639B2 (en) | 1999-08-13 | 2007-01-02 | Microsoft Corporation | Key generation |
US7065216B1 (en) | 1999-08-13 | 2006-06-20 | Microsoft Corporation | Methods and systems of protecting digital content |
US6956947B2 (en) | 1999-08-13 | 2005-10-18 | Microsoft Corporation | Extraction of multiple single keys from a compressed key |
US7069450B2 (en) | 1999-08-13 | 2006-06-27 | Benaloh Josh D | Systems and methods for compression of key sets having multiple keys |
US7080262B2 (en) | 1999-08-13 | 2006-07-18 | Microsoft Corporation | Key compression |
US7613302B2 (en) | 1999-08-13 | 2009-11-03 | Microsoft Corporation | Systems and methods for compression of key sets having multiple keys |
WO2001015162A3 (en) * | 1999-08-13 | 2001-09-27 | Microsoft Corp | Methods and systems of protecting digital content |
US7549063B2 (en) | 1999-08-13 | 2009-06-16 | Microsoft Corporation | Methods and systems of protecting digital content |
US6886098B1 (en) | 1999-08-13 | 2005-04-26 | Microsoft Corporation | Systems and methods for compression of key sets having multiple keys |
WO2001015162A2 (en) * | 1999-08-13 | 2001-03-01 | Microsoft Corporation | Methods and systems of protecting digital content |
US7003675B2 (en) | 1999-08-13 | 2006-02-21 | Microsoft Corporation | Encrypted content data structure package and generation thereof |
US7047421B2 (en) | 1999-08-13 | 2006-05-16 | Microsoft Corporation | Data signal with a database and a compressed key |
US7047422B2 (en) | 1999-08-13 | 2006-05-16 | Microsoft Corporation | User access to a unique data subset of a database |
US7562395B2 (en) | 1999-12-17 | 2009-07-14 | Microsoft Corporation | System and method for accessing protected content in a rights-management architecture |
US7047411B1 (en) | 1999-12-17 | 2006-05-16 | Microsoft Corporation | Server for an electronic distribution system and method of operating same |
US7707643B2 (en) | 1999-12-17 | 2010-04-27 | Microsoft Corporation | System and method for accessing protected content in a rights-management architecture |
US8032943B2 (en) | 1999-12-17 | 2011-10-04 | Microsoft Corporation | Accessing protected content in a rights-management architecture |
US6996720B1 (en) | 1999-12-17 | 2006-02-07 | Microsoft Corporation | System and method for accessing protected content in a rights-management architecture |
US6970849B1 (en) | 1999-12-17 | 2005-11-29 | Microsoft Corporation | Inter-server communication using request with encrypted parameter |
WO2002010907A2 (en) * | 2000-05-10 | 2002-02-07 | Convera Corporation | Method of revoking_authorizations for software components |
WO2002010907A3 (en) * | 2000-05-10 | 2002-12-27 | Convera Corp | Method of revoking_authorizations for software components |
US7539875B1 (en) | 2000-06-27 | 2009-05-26 | Microsoft Corporation | Secure repository with layers of tamper resistance and system and method for providing same |
US8417968B2 (en) | 2000-06-27 | 2013-04-09 | Microsoft Corporation | Secure repository with layers of tamper resistance and system and method for providing same |
US6981262B1 (en) | 2000-06-27 | 2005-12-27 | Microsoft Corporation | System and method for client interaction in a multi-level rights-management architecture |
US6891953B1 (en) | 2000-06-27 | 2005-05-10 | Microsoft Corporation | Method and system for binding enhanced software features to a persona |
WO2002001326A3 (en) * | 2000-06-27 | 2003-03-13 | Microsoft Corp | System and method for client interaction in a multi-level rights-management architecture |
US7017189B1 (en) | 2000-06-27 | 2006-03-21 | Microsoft Corporation | System and method for activating a rendering device in a multi-level rights-management architecture |
US7430542B2 (en) | 2000-06-27 | 2008-09-30 | Microsoft Corporation | System and method for activating a rendering device in a multi-level rights-management architecture |
US7158953B1 (en) | 2000-06-27 | 2007-01-02 | Microsoft Corporation | Method and system for limiting the use of user-specific software features |
WO2002001330A2 (en) * | 2000-06-27 | 2002-01-03 | Microsoft Corporation | Method and system for binding enhanced software features to a persona |
WO2002001326A2 (en) * | 2000-06-27 | 2002-01-03 | Microsoft Corporation | System and method for client interaction in a multi-level rights-management architecture |
US7051200B1 (en) | 2000-06-27 | 2006-05-23 | Microsoft Corporation | System and method for interfacing a software process to secure repositories |
US7958373B2 (en) | 2000-06-27 | 2011-06-07 | Microsoft Corporation | Secure repository with layers of tamper resistance and system and method for providing same |
WO2002001330A3 (en) * | 2000-06-27 | 2003-10-16 | Microsoft Corp | Method and system for binding enhanced software features to a persona |
US7823208B2 (en) | 2000-06-27 | 2010-10-26 | Microsoft Corporation | Method and system for binding enhanced software features to a persona |
US7171692B1 (en) | 2000-06-27 | 2007-01-30 | Microsoft Corporation | Asynchronous communication within a server arrangement |
US7861306B2 (en) | 2000-06-27 | 2010-12-28 | Microsoft Corporation | Method and system for limiting the use of user-specific software features |
WO2002029528A3 (en) * | 2000-10-05 | 2003-08-07 | Advanced Micro Devices Inc | System and method for preventing software piracy |
WO2002029528A2 (en) * | 2000-10-05 | 2002-04-11 | Advanced Micro Devices, Inc. | System and method for preventing software piracy |
EP1202149A3 (en) * | 2000-10-24 | 2003-05-14 | Seiko Epson Corporation | System and method for digital content distribution |
EP1548541A2 (en) * | 2000-10-24 | 2005-06-29 | Seiko Epson Corporation | System and method for digital content distribution |
US7373391B2 (en) | 2000-10-24 | 2008-05-13 | Seiko Epson Corporation | System and method for digital content distribution |
EP1548541A3 (en) * | 2000-10-24 | 2006-04-12 | Seiko Epson Corporation | System and method for digital content distribution |
EP1202149A2 (en) * | 2000-10-24 | 2002-05-02 | Seiko Epson Corporation | System and method for digital content distribution |
EP1251422A2 (en) * | 2001-04-19 | 2002-10-23 | Nec Corporation | Copyright protection system and method thereof |
EP1251422A3 (en) * | 2001-04-19 | 2005-04-20 | Nec Corporation | Copyright protection system and method thereof |
US7188342B2 (en) | 2001-04-20 | 2007-03-06 | Microsoft Corporation | Server controlled branding of client software deployed over computer networks |
EP1456996A4 (en) * | 2001-12-21 | 2006-12-06 | Hewlett Packard Co | Ownership of part-physical, part-virtual devices |
EP1456996A2 (en) * | 2001-12-21 | 2004-09-15 | Hewlett-Packard Company | Ownership of part-physical, part-virtual devices |
JP4598375B2 (en) * | 2002-06-27 | 2010-12-15 | マイクロソフト コーポレーション | Providing a secure hardware identifier (HWID) for use in a digital rights management (DRM) system |
US7152243B2 (en) | 2002-06-27 | 2006-12-19 | Microsoft Corporation | Providing a secure hardware identifier (HWID) for use in connection with digital rights management (DRM) system |
EP1376305A3 (en) * | 2002-06-27 | 2004-12-29 | Microsoft Corporation | Secure hardware identifier (HWID) for use in a digital rights management (DRM) system |
JP2004080751A (en) * | 2002-06-27 | 2004-03-11 | Microsoft Corp | Providing secure hardware identifier (hwid) for use in connection with digital copy right management (drm) system |
EP1376305A2 (en) * | 2002-06-27 | 2004-01-02 | Microsoft Corporation | Secure hardware identifier (HWID) for use in a digital rights management (DRM) system |
US7469263B2 (en) * | 2002-07-12 | 2008-12-23 | Fujitsu Limited | Content management system for archiving data, managing histories, validity of content registration certification wherein the management device encrypts the content in response to a content storage, encrypts the encryption key with the media ID |
US7370017B1 (en) | 2002-12-20 | 2008-05-06 | Microsoft Corporation | Redistribution of rights-managed content and technique for encouraging same |
US7734551B1 (en) | 2002-12-20 | 2010-06-08 | Microsoft Corporation | Redistribution of rights-managed content and technique for encouraging same |
US7308573B2 (en) | 2003-02-25 | 2007-12-11 | Microsoft Corporation | Enrolling / sub-enrolling a digital rights management (DRM) server into a DRM architecture |
US7536016B2 (en) | 2004-12-17 | 2009-05-19 | Microsoft Corporation | Encrypted content data structure package and generation thereof |
EP1962214A4 (en) * | 2005-11-22 | 2011-04-06 | Univ Peking Founder Group Co | A digital works downloading method based on automatically banding removable device |
EP1962214A1 (en) * | 2005-11-22 | 2008-08-27 | Peking University Founder Group Co., Ltd | A digital works downloading method based on automatically banding removable device |
US9262594B2 (en) | 2008-01-18 | 2016-02-16 | Microsoft Technology Licensing, Llc | Tamper evidence per device protected identity |
US9647847B2 (en) | 2008-01-18 | 2017-05-09 | Microsoft Technology Licensing, Llc | Tamper evidence per device protected identity |
WO2015018775A1 (en) * | 2013-08-09 | 2015-02-12 | Viaccess | Method of providing a licence in a system for providing multimedia contents |
FR3009634A1 (en) * | 2013-08-09 | 2015-02-13 | Viaccess Sa | METHOD FOR PROVIDING A LICENSE IN A SYSTEM FOR PROVIDING MULTIMEDIA CONTENT |
US10915607B2 (en) | 2013-08-09 | 2021-02-09 | Viaccess | Method for providing a licence in a system for providing multimedia contents |
Also Published As
Publication number | Publication date |
---|---|
EP1121779A1 (en) | 2001-08-08 |
EP1121779A4 (en) | 2004-09-15 |
WO2000021239A9 (en) | 2000-10-05 |
WO2000021239A8 (en) | 2000-08-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6513117B2 (en) | Certificate handling for digital rights management system | |
WO2000021239A1 (en) | Certificate handling for digital rights management system | |
US7484246B2 (en) | Content distribution system, content distribution method, information processing apparatus, and program providing medium | |
US6195432B1 (en) | Software distribution system and software utilization scheme for improving security and user convenience | |
US6009401A (en) | Relicensing of electronically purchased software | |
US7310732B2 (en) | Content distribution system authenticating a user based on an identification certificate identified in a secure container | |
US7243238B2 (en) | Person authentication system, person authentication method, information processing apparatus, and program providing medium | |
US7287158B2 (en) | Person authentication system, person authentication method, information processing apparatus, and program providing medium | |
US6990684B2 (en) | Person authentication system, person authentication method and program providing medium | |
US7100044B2 (en) | Public key certificate using system, public key certificate using method, information processing apparatus, and program providing medium | |
US7103778B2 (en) | Information processing apparatus, information processing method, and program providing medium | |
US6098056A (en) | System and method for controlling access rights to and security of digital content in a distributed information system, e.g., Internet | |
US7096363B2 (en) | Person identification certificate link system, information processing apparatus, information processing method, and program providing medium | |
US6971030B2 (en) | System and method for maintaining user security features | |
US20080059797A1 (en) | Data Communication System, Agent System Server, Computer Program, and Data Communication Method | |
US20020026427A1 (en) | Person authentication application data processing system, person authentication application data processing method, information processing apparatus, and program providing medium | |
WO2000075760A1 (en) | Method and system for preventing the unauthorized use of software | |
WO2010139258A1 (en) | Device, method and system for software copyright protection | |
US7185193B2 (en) | Person authentication system, person authentication method, and program providing medium | |
US7770001B2 (en) | Process and method to distribute software product keys electronically to manufacturing entities | |
JPH1131130A (en) | Service providing device | |
US20030014652A1 (en) | Licensing method and license providing system | |
US7895449B2 (en) | System and method for securely delivering installation keys to a production facility | |
JPH1124916A (en) | Device and method for managing software licence | |
JP2008513858A (en) | Method and equipment for postage payment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AT CH DE ES GB LU PL PT |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
AK | Designated states |
Kind code of ref document: C1 Designated state(s): AT CH DE ES GB LU PL PT |
|
AL | Designated countries for regional patents |
Kind code of ref document: C1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
CFP | Corrected version of a pamphlet front page | ||
CR1 | Correction of entry in section i | ||
AK | Designated states |
Kind code of ref document: C2 Designated state(s): AT CH DE ES GB LU PL PT |
|
AL | Designated countries for regional patents |
Kind code of ref document: C2 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
COP | Corrected version of pamphlet |
Free format text: PAGES 1-14, DESCRIPTION, REPLACED BY NEW PAGES 1-14; PAGES 15-17, CLAIMS, REPLACED BY NEW PAGES 15-17; PAGES 1/6-6/6, DRAWINGS, REPLACED BY NEW PAGES 1/6-6/6; DUE TO LATE TRANSMITTAL BY THE RECEIVING OFFICE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1999954786 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 1999954786 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 1999954786 Country of ref document: EP |