WO2005076270A1 - Device and method for authorizing a user to get access to content stored in encrypted form on a storage medium - Google Patents

Device and method for authorizing a user to get access to content stored in encrypted form on a storage medium Download PDF

Info

Publication number
WO2005076270A1
WO2005076270A1 PCT/IB2005/050308 IB2005050308W WO2005076270A1 WO 2005076270 A1 WO2005076270 A1 WO 2005076270A1 IB 2005050308 W IB2005050308 W IB 2005050308W WO 2005076270 A1 WO2005076270 A1 WO 2005076270A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
key
key table
identifier
network
Prior art date
Application number
PCT/IB2005/050308
Other languages
French (fr)
Inventor
Declan P. Kelly
Steven B. Luitjens
Wilhelmus F. J. Fontijn
Franciscus L. A. J. Kamperman
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Priority to JP2006551968A priority Critical patent/JP2007525123A/en
Priority to EP05702793A priority patent/EP1714280A1/en
Publication of WO2005076270A1 publication Critical patent/WO2005076270A1/en

Links

Classifications

    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25866Management of end-user data
    • H04N21/25875Management of end-user data involving end-user authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26613Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/414Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance
    • H04N21/41407Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance embedded in a portable device, e.g. video client on a mobile phone, PDA, laptop

Definitions

  • the present invention relates to a device and a corresponding method for authorizing a user to get access to content stored in encrypted form on a storage medium, said storage medium storing a machine-readable medium identifier and at least one key table encrypted by use of a key table key and storing at least one asset key for decrypting encrypted content.
  • the invention relates further to a network in which said method is employed as well as to a computer program for implementing said method.
  • European patent appl ication 02 078 437.7 (PI INL020775) describes a method of protecting content stored on a storage medium against unauthorized access, said storage medium being accessible by a drive of a portable device which is conncctable to a network.
  • the authentication procedure of the network is used to generate a cryptographic key, hereinafter called asset key. for encryption and decryption of content stored on said storage medium.
  • asset key a cryptographic key
  • the storage medium contains a unique medium identifier and that the mobile communication network authentication procedure is used to transform this medium identifier into the actual asset key.
  • SIM encryption method This transform is performed by the user's SIM card, when used in a mobile phone network, so that without this SIM card the content of the storage medium can not be read.
  • This provides a very simple and secure way for users to protect their private content, also referred to as SIM encryption method in the following.
  • a drawback of this approach is that access to the content is restricted to a single user, or more particularly, to a single user's SIM card. It is thus an object of the present invention to provide a device and method which allow the user to provide access to the content to other users in a simple, but still secure way. Further, transparent access from different devices owned by the same user, for instance from different mobile phones having different SIM cards, shall be enabled. A corresponding network and a computer program for implementing said method shall be provided as well.
  • a device as claimed in claim 1 comprising: - a connection means for connecting said device to a network, a drive for accessing said storage medium, in particular for reading content and said medium identifier from said storage medium, and a transmitter for transmitting said medium identifier and a user identifier of a user, who shall be authorized to get access to said content and who is identified to said network by said user identifier, to an authentication unit within said network, said medium identifier and said user identifier being used by said authentication unit for generating a key table key for said user enabling said user to decrypt at least one predetermined key table.
  • ⁇ coi i esponding method is expendable in claim ⁇ computei pi ⁇ gi am (oi implementing said method is defined in claim 1 1
  • a netwoi k in which the invention is employed is defined in claim 10 and compi ises a ⁇ i st usei device foi authoi izmg a usci of a second tisci dev ice to get access to content sioiccl in enciypted loi m on a slot age medium, said stoi agc medium stoi ing a machine-readable medium identifier and at least one key table enciypted by use of a key table key and stoi ing at least one asset key foi deciypting enciypted content, said fust usei device compi ising.
  • an authentication unit comprising: - a receiver for receiving said medium identifier and said user identifier, - a key generating means for generating a key table key for said user using said medium identifier and said user identifier, said key table key enabling said user to decrypt said at least one key table, and - a transmitter for transmitting said key table key to said first and/or said second user device; and a second user device of a user who shall be authorized to get access to content stored in encrypted form on said storage medium comprising: - a connection means for connecting said device to said network, - a receiver for transmitting said storage medium, in particular for reading content and said medium identifier from said storage medium, and - a transmitter for transmitting said medium identifier and a user identifier of a user, who shall be authorized to get access to said content and who is identified to said network by said user identifier, to an authentication unit within said network; an authentication unit comprising: - a receiver for receiving said medium identifier and said user identifier,
  • the present invention is based on the idea to use the authentication process of a network for enabling a user who has access to content stored on a storage medium to authorize other users to get access to the same content.
  • the authentication unit of the network By use of the medium identifier and the user identifier of a user who shall be authorized the authentication unit of the network generates and provides a key table key.
  • This key table key can then be used by the user lo be authorized to decrypt an assigned and predetermined key table provided for this "new " user in which key table an asset key is stored for decryption of thc content to which he shall get access.
  • "new " risers can be added to an authorization list without their direct involvement.
  • the network proposed according to the present invention which is preferably a communication network such as a GSM or an UMTS network, comprises at least two user devices, which may both belong to the same user or to different users, and an authentication unit for authenticating users when they connect to the network.
  • the authentication procedure used for authenticating users is very secure since breaking the authentication algorithm used in a mobile communication network would allow the user to make calls that would be billed to other users.
  • the level of protection of such an authentication algorithm is very high and is considered to be sufficient for protecting the user's data when using the authentication algorithm for generating key table keys as proposed according to the present invention.
  • said authentication unit is also used for generating asset keys as described in the above mentioned European patent application 02 078 437.7 (PHNL020775). The description of this method in this document is herein incorporated by reference. Preferred embodiments of the invention are defined in dependent claims.
  • the device further comprises a receiver for receiving the key table key for the user to be authorized from the network, and the transmitter is operative for transmitting the received key table key to said user.
  • the user who wants to authorize another user to have access to content communicates with the network to get a new key table key for the other user which is then received by him and forwarded to the other user, for instance in the form of an SMS or any other electronic message.
  • the user to be authorized is thus not involved in the procedure of generating the new key table key.
  • the new key table key may also be provided directly from the network to the user to be authorized.
  • the network can use the user identifier already provided by the first user together with a medium identifier to the authentication unit for generation of the key table key.
  • the storage medium not only stores one single key table but a plurality of key tables, for instance one key table for each user.
  • each key table may further comprise a decryption check identifier as proposed according to another embodiment. For said check an appropriate decryption check means may by provided in the user device.
  • the user check identifier is used also as decryption check identifier, for instance, once unencrypted on the outside to identify the user belonging to the key table, and twice inside the key table, i.e. encrypted, to check whether the decryption was correct.
  • decryption check identifier for instance, once unencrypted on the outside to identify the user belonging to the key table, and twice inside the key table, i.e. encrypted, to check whether the decryption was correct.
  • there is only one key table provided on the storage medium and the first user who wants to authorize a second user provides his own key table key to the second user enabling him to decrypt the same key table.
  • key table generating means For generating such key tables appropriate key table generating means are provided according to another embodiment.
  • the first user thus uses a key table key to encrypt the asset key which allows decryption of the content to which the other user shall get access and thus generates a key table which is then stored by said accessing means on the storage medium.
  • each item of content is enci x ptcd in its ow n asset s ai e stoi ed m
  • a key table I he fii st user uses know n SI M enci yplion method (c g using his SI M cai cl) to get his key table key, which is the key used to enci ypt the key table
  • the authentication algorithm used for authenticating mobile communication devices to the network is then employed for generating the key table keys and, preferably, also the asset keys (actually any random key will do).
  • the authentication unit of the home location register (HLR) of the user to be authorized is used for generating the key table key for said user for transmission of the medium identifier and the user identifier to the authentication unit.
  • a secure channel can be implemented.
  • the authentication procedure is then also used to generate the key for the secure channel in a similar way as used for generating the key table key.
  • the mobile network operator can offer the above described procedure as a service. Users from different networks can also be authorized in the same way in which the network handles roaming users. Moreover, by offering this service, but not supporting users from other networks, the network can also encourage users of different networks to subscribe to this network.
  • Fig. 1 shows an embodiment of a record carrier according to the invention
  • Fig. 2 shows an embodiment of a network according to the present invention
  • Fig. 3 shows a flow chart illustrating the method according to the invention
  • Fig. 4 shows an embodiment of a user device according to the present invention.
  • Fig. 1 shows a storage medium 10 according to the present invention and illustrates what is stored on such a record carrier.
  • a particular user of a first user device has access to content which is stored in encrypted form on a record carrier 10, for instance an optical record carrier such as a CD, DVD or BD, which is readable by the user device, which may, for instance, be a portable mobile phone having a drive for accessing the record carrier 10.
  • the record carrier 10 - besides the encrypted content - stores a machine-readable medium identifier id and at least one key table KL, which is encrypted by use of a key table key KLK and which stores at least one asset key AK.
  • Said asset key AK has been used for encrypting the content C and thus needs to be used by a user for decrypting the encrypted content C.
  • each key table KL might store more than one asset key AK for decrypting different portions of content C stored on the record carrier 10.
  • each key table there might be a user check identifier UC assigned for finding the right key table KL and/or each key table might comprise a decryption check identifier DC for seeing if a key table KL has been correctly decrypted, which will be both explained below in more detail.
  • Fig. 2 shows an embodiment of a network according to the present invention illustrating the general use of the invention.
  • Fig. 3 illustrates the steps of the method according to the invention as a flow chart.
  • a mobile communication network in particular a GSM network 3
  • the mobile phones 1 , 2 each comprise a SIM card reader 4 for reading a SIM card 20.
  • an authentication key is stored which is a secret key shared with an authentication center AuC of the GSM network 3 used for authentication of the mobile phones 1 , 2 when connecting to the network 3.
  • the mobile phones 1 , 2 further comprise a drive 5 for reading data from and/or storing data on a removable storage medium 10, which can, for instance, be a small form factor optical disc drive.
  • the user devices I . 2 further comprise connection means 6 for connecting to the network 3 including a transmitter 7 for transmitting data and a receiver 8 for receiving data.
  • the mobi le communication netw oi k authentication procedure is used to transform the unique identifier of the record carrier 10 (e.g. a serial number stored in a particular area on the record carrier 10) into the asset key AK used for encryption of thc content C (or part of the content) stored on (he record carrier 10.
  • This transform is cither performed by the SIM card 20 or by the authentication center AuC, so that without this SIM card the content can not be decrypted and read.
  • This provides a very simple and secure way for the user to protect his private content. If the user now desires to allow other users to access his content or to enable transparent access from different devices owned by himself, the following procedure is performed.
  • the unique identifier id is read from the record carrier.
  • This medium identifier id and a user identifier ui of a second user who shall be authorized by the first user to get access to a particular piece of the first user's content, are then (S2) transmitted to the authentication center AuC of the network 3.
  • a key table key KLK for instance a key locker key in case the key tables are in the form of key lockers, is generated by the key generator 31 from the medium identifier id and the user identifier ui.
  • the generated key table key KLK can then be transmitted back only to the first user device 1 (S4) or both to the first user device 1 and to the second user device 2 (S8).
  • the first user device 1 generates now a key table KL2 for the second user 2 (S5) by use of the received key table key KLK, i.e. the asset key(s) which shall be given to the second user for accessing content are encrypted by said key table key KLK.
  • the second user 2 is then authorized by getting the key table key KLK for decrypting the newly generated key table KL2 from the first user (S6).
  • the key table key KLK By use of the key table key KLK he is then able to decrypt the key table KL2, read the asset key(s) from it and use the asset key(s) for decryption of content.
  • the user 2 is thus added to the authorization list without direct involvement.
  • the first user device 1 also generates now a key table KL2 for the second user 2 (S9) by use of the received key table key KLK (identically as in step 5).
  • each key table KL preferably also comprises a decryption check identifier DC (see Fig.
  • the user devices comprise a decryption check unit 9 as shown in the embodiment of the user device 1 illustrated in Fig. 4.
  • the key tables may include some randomly generated padding fields to make hacking more difficult.
  • the key tables are key lockers so that different rights can be stored for each user and some content is hidden from some users.
  • the key tables may also be all (for each user) located inside a key locker.
  • the key locker key is then a hidden key on the record carrier.
  • the user devices may include a user check unit 1 1 to check a corresponding user check identifier uc preferably stored on the record carrier and assigned to each key table. This user check identifier uc is used to find the correct key table for a user so that decryption of each available key table in order to find the correct one can be avoided.
  • the user's SIM card contains an identifier to identify the user to the mobile network, called international mobile subscriber identity (IMSI) in GSM, which can used.
  • IMSI international mobile subscriber identity
  • GSM Global System for Mobile communications
  • the user's phone number can be used.
  • this user check identifier uc could be encrypted in a very simple way, e.g. XOR with a key. This means, that again each user check identifier needs to be decrypted by means of a relatively simple XOR operation. Since each user check identifier is preferably XORed with a different key, there is no easy way to determine the underlying user check identifier so that this method may hide the user's identity with sufficient security.
  • a user who wants to authorize other users also generates a new key table for each new user. Therefore, a key table generating unit 12 is also provided in each user device I as also shown in Fig. 4.
  • the user who creates the content will be authorized as indicated in the above mentioned European patent application 02 078 437.7 (PHNL 020775). Adding further users to the authorization list can be done through the network. Therefore, a secure connection is preferably provided between the user device and the network (in particularly the home location register HLR) in GSM of the user to be authorized.
  • the network in particularly the home location register HLR
  • user identifier again the user's phone number or the user's IMSI can be used. Of course, other user identifiers can be used as well by which the user is uniquely identified to the network.
  • the authentication procedure described above can also be used to generate the key for a secure channel between the user devices and the network in a similar way.
  • the network operator can offer the above described procedure as a service. Users from different networks can also be authorized in the same way in which the network handles roaming users. However, by offering the service, but not supporting users from other networks, the network can encourage friends or family members of current users to subscribe to their network.
  • the present invention provides a simple and easily implementable method for adding further users on an authorization list to get access to content belonging to a particular user.
  • the authentication procedure of the network is used in this process which provides a high level of security.

Abstract

The present invention relates to a device and a method for authorizing a user to get access to content stored in encrypted form on a storage medium (10), said storage medium storing a machine-readable medium identifier (id) and at least one key table (KL) encrypted by use of a key table key (KLK) and storing at least one asset key (AK) for decrypting encrypted content (C). In order to allow a user to provide access to the content to other users in a simple but secure way, a device is proposed comprising: - a connection means (6) for connecting said device to a network (3), - a drive (5) for accessing said storage medium (10), in particular for reading content (C) and said medium identifier (id) from said storage medium (l0), and - a transmitter (7) for transmitting said medium identifier (id) and a user identifier (ui) of a user, who shall be authorized to get access to said content (C) and who is identified to said network (3) by said user indentifier (ui), to an authentication unit (AuC) within said network (3), said medium identifier (id) and said user identifier (ui) being used by said authentication unit (AuC) for generating a key table key (KLK) for said user enabling said user to decrypt at least one predetermined key table (KL).

Description

Device and method for authorizing a user to get access to content stored in encrypted form on a storage medium
The present invention relates to a device and a corresponding method for authorizing a user to get access to content stored in encrypted form on a storage medium, said storage medium storing a machine-readable medium identifier and at least one key table encrypted by use of a key table key and storing at least one asset key for decrypting encrypted content. The invention relates further to a network in which said method is employed as well as to a computer program for implementing said method.
European patent appl ication 02 078 437.7 (PI INL020775) describes a method of protecting content stored on a storage medium against unauthorized access, said storage medium being accessible by a drive of a portable device which is conncctable to a network.
I n order to provide a high level of protection against unauthorized access, the authentication procedure of the network is used to generate a cryptographic key, hereinafter called asset key. for encryption and decryption of content stored on said storage medium. In particular, it describes the use of this method in a mobile phone network where the authentication key is stored on a SIM card used in a mobile phone. Thus, the main idea is that the storage medium contains a unique medium identifier and that the mobile communication network authentication procedure is used to transform this medium identifier into the actual asset key.
This transform is performed by the user's SIM card, when used in a mobile phone network, so that without this SIM card the content of the storage medium can not be read. This provides a very simple and secure way for users to protect their private content, also referred to as SIM encryption method in the following.
A drawback of this approach is that access to the content is restricted to a single user, or more particularly, to a single user's SIM card. It is thus an object of the present invention to provide a device and method which allow the user to provide access to the content to other users in a simple, but still secure way. Further, transparent access from different devices owned by the same user, for instance from different mobile phones having different SIM cards, shall be enabled. A corresponding network and a computer program for implementing said method shall be provided as well. This object is achieved according to the present invention by a device as claimed in claim 1 comprising: - a connection means for connecting said device to a network, a drive for accessing said storage medium, in particular for reading content and said medium identifier from said storage medium, and a transmitter for transmitting said medium identifier and a user identifier of a user, who shall be authorized to get access to said content and who is identified to said network by said user identifier, to an authentication unit within said network, said medium identifier and said user identifier being used by said authentication unit for generating a key table key for said user enabling said user to decrypt at least one predetermined key table. Λ coi i esponding method is denned in claim Λ computei pi υgi am (oi implementing said method is defined in claim 1 1 A netwoi k in which the invention is employed is defined in claim 10 and compi ises a π i st usei device foi authoi izmg a usci of a second tisci dev ice to get access to content sioiccl in enciypted loi m on a slot age medium, said stoi agc medium stoi ing a machine-readable medium identifier and at least one key table enciypted by use of a key table key and stoi ing at least one asset key foi deciypting enciypted content, said fust usei device compi ising. - a connection means for connecting said device to a netwoik, - a drive for accessing said storage medium, in particular for reading content and said medium identifier from said storage medium, and - a transmitter for transmitting said medium identifier and a user identifier of a user, who shall be authorized to get access to said content and who is identified to said network by said user identifier, to an authentication unit within said network; an authentication unit comprising: - a receiver for receiving said medium identifier and said user identifier, - a key generating means for generating a key table key for said user using said medium identifier and said user identifier, said key table key enabling said user to decrypt said at least one key table, and - a transmitter for transmitting said key table key to said first and/or said second user device; and a second user device of a user who shall be authorized to get access to content stored in encrypted form on said storage medium comprising: - a connection means for connecting said device to said network, - a receiver for receiving said key table key from said authentication unit or said first user device, a drive for accessing said storage medium, in particular for reading content from said storage medium, and for decrypting at least one predetermined key table using the received key table key. The present invention is based on the idea to use the authentication process of a network for enabling a user who has access to content stored on a storage medium to authorize other users to get access to the same content. By use of the medium identifier and the user identifier of a user who shall be authorized the authentication unit of the network generates and provides a key table key. This key table key can then be used by the user lo be authorized to decrypt an assigned and predetermined key table provided for this "new" user in which key table an asset key is stored for decryption of thc content to which he shall get access. Thus, "new" risers can be added to an authorization list without their direct involvement. This method is simple and easy to implement, but nevertheless provides a high level of security due to the use of thc very secure authentication procedure of the network for generating key table keys allowing access to key tables and thus to asset keys for decrypting content. The network proposed according to the present invention, which is preferably a communication network such as a GSM or an UMTS network, comprises at least two user devices, which may both belong to the same user or to different users, and an authentication unit for authenticating users when they connect to the network. The authentication procedure used for authenticating users is very secure since breaking the authentication algorithm used in a mobile communication network would allow the user to make calls that would be billed to other users. Therefore, the level of protection of such an authentication algorithm is very high and is considered to be sufficient for protecting the user's data when using the authentication algorithm for generating key table keys as proposed according to the present invention. Furthermore, said authentication unit is also used for generating asset keys as described in the above mentioned European patent application 02 078 437.7 (PHNL020775). The description of this method in this document is herein incorporated by reference. Preferred embodiments of the invention are defined in dependent claims. According to an embodiment the device further comprises a receiver for receiving the key table key for the user to be authorized from the network, and the transmitter is operative for transmitting the received key table key to said user. Thus, the user who wants to authorize another user to have access to content communicates with the network to get a new key table key for the other user which is then received by him and forwarded to the other user, for instance in the form of an SMS or any other electronic message. The user to be authorized is thus not involved in the procedure of generating the new key table key. According to another embodiment the new key table key may also be provided directly from the network to the user to be authorized. To identify this user the network can use the user identifier already provided by the first user together with a medium identifier to the authentication unit for generation of the key table key. According to a further embodiment the storage medium not only stores one single key table but a plurality of key tables, for instance one key table for each user. Moi eovei to each key table a usei check ident i fiei might be assigned which is checked In the device pnoi to deci yption to find the l ight key table assigned to said usei I his avoids deciyption of a numbei of (oi even all) key tables in oi dei to find the coi i ect key table foi the usei I he usei check identi fiei could foi instance be identical to the usei idcnti fiu identi fying the usei to the netw oi k lot instance as claimed in a fui thei depende nt claim when being employed in a mobile communication netwoi k, the international mobile subscnbei identity (1MSI) oi the telephone numbei of said usei If it is desiiable to hide the usei 's identity, this usei check identifiei can also be enciypted, foi instance in a veiy simple way by use of an XOR function with the usei 's key table key. This would mean that again this encrypted user check identifier has to be decrypted, in particular for a number or all tables. However, this operation is very simple and not much time-consuming. Since each user check identifier is encrypted with a different key (the key table keys of different users), it is no easy to determine the underlying user check identifier, so that even such a simple encryption, e.g. the use of a symbol XOR function, should be sufficiently secure. In order to see if the correct key table has been decrypted and if the decryption has been correctly done, each key table may further comprise a decryption check identifier as proposed according to another embodiment. For said check an appropriate decryption check means may by provided in the user device. In addition, some randomly generated patting fields may be provided in order to make hacking more difficult. In a preferred embodiment, the user check identifier is used also as decryption check identifier, for instance, once unencrypted on the outside to identify the user belonging to the key table, and twice inside the key table, i.e. encrypted, to check whether the decryption was correct. In a simple embodiment there is only one key table provided on the storage medium, and the first user who wants to authorize a second user provides his own key table key to the second user enabling him to decrypt the same key table. Alternatively, for each user there may be provided a separate key table on the storage medium each being decrypted by a different key table key. For generating such key tables appropriate key table generating means are provided according to another embodiment. The first user thus uses a key table key to encrypt the asset key which allows decryption of the content to which the other user shall get access and thus generates a key table which is then stored by said accessing means on the storage medium. Thus, according to a preferred aspect of the invention each item of content is enci x ptcd in its ow n asset
Figure imgf000007_0001
s ai e stoi ed m a key table I he fii st user uses know n SI M enci yplion method (c g using his SI M cai cl) to get his key table key, which is the key used to enci ypt the key table The enciypted asset keys nd kev table ai e stoi ed on the medium I f thc fii st usei w ants to access the asset
Figure imgf000007_0002
s he needs to use the SI M enci yplion method again to get his
Figure imgf000007_0003
table kc Othei usei s get othei keys using the SIM enciyption method because then SIM is di ffci ent I f the fii st usei wants a second usei to have access tot the content, then the fiist usei enciypts the key table with the asset keys in the SIM dei ived key of thc second usei Now a second enciypted key table is stoied on medium, but not the SIM dei ived key itself Preferably, as mentioned above, the invention is employed in a mobile communication network and the user device is a mobile phone. The authentication algorithm used for authenticating mobile communication devices to the network is then employed for generating the key table keys and, preferably, also the asset keys (actually any random key will do). When the network is a mobile communication network the authentication unit of the home location register (HLR) of the user to be authorized is used for generating the key table key for said user for transmission of the medium identifier and the user identifier to the authentication unit. Also for transmission of the generated key table key to the user device a secure channel can be implemented. Preferably, the authentication procedure is then also used to generate the key for the secure channel in a similar way as used for generating the key table key. It is also preferred that the mobile network operator can offer the above described procedure as a service. Users from different networks can also be authorized in the same way in which the network handles roaming users. Moreover, by offering this service, but not supporting users from other networks, the network can also encourage users of different networks to subscribe to this network.
The invention will now be explained in more detail with reference to the drawings in which Fig. 1 shows an embodiment of a record carrier according to the invention, Fig. 2 shows an embodiment of a network according to the present invention, Fig. 3 shows a flow chart illustrating the method according to the invention, and Fig. 4 shows an embodiment of a user device according to the present invention.
Fig. 1 shows a storage medium 10 according to the present invention and illustrates what is stored on such a record carrier. For the following description it is assumed that a particular user of a first user device has access to content which is stored in encrypted form on a record carrier 10, for instance an optical record carrier such as a CD, DVD or BD, which is readable by the user device, which may, for instance, be a portable mobile phone having a drive for accessing the record carrier 10. It is further assumed that the record carrier 10 - besides the encrypted content - stores a machine-readable medium identifier id and at least one key table KL, which is encrypted by use of a key table key KLK and which stores at least one asset key AK. Said asset key AK has been used for encrypting the content C and thus needs to be used by a user for decrypting the encrypted content C. There might also be more than one key table KL stored on the record carrier 10, in particular one key table KL for each separate user, and each key table KL might be encrypted by a different key table key KLK. Moreover, each key table KL might store more than one asset key AK for decrypting different portions of content C stored on the record carrier 10. Further, to each key table there might be a user check identifier UC assigned for finding the right key table KL and/or each key table might comprise a decryption check identifier DC for seeing if a key table KL has been correctly decrypted, which will be both explained below in more detail. Fig. 2 shows an embodiment of a network according to the present invention illustrating the general use of the invention. Fig. 3 illustrates the steps of the method according to the invention as a flow chart. In the network illustrated in Fig. 2 a mobile communication network, in particular a GSM network 3, is shown as an example to which two user devices 1 , 2, here two mobile phones, are connectable and over which they can communicate with each other and with other users. The mobile phones 1 , 2 each comprise a SIM card reader 4 for reading a SIM card 20. On the SIM card 20 an authentication key is stored which is a secret key shared with an authentication center AuC of the GSM network 3 used for authentication of the mobile phones 1 , 2 when connecting to the network 3. The mobile phones 1 , 2 further comprise a drive 5 for reading data from and/or storing data on a removable storage medium 10, which can, for instance, be a small form factor optical disc drive. The user devices I . 2 further comprise connection means 6 for connecting to the network 3 including a transmitter 7 for transmitting data and a receiver 8 for receiving data. Λs desci ibed in the above mentioned European patent application 02 078 437.7 (PI INL 020775) the mobi le communication netw oi k authentication procedure is used to transform the unique identifier of the record carrier 10 (e.g. a serial number stored in a particular area on the record carrier 10) into the asset key AK used for encryption of thc content C (or part of the content) stored on (he record carrier 10. This transform is cither performed by the SIM card 20 or by the authentication center AuC, so that without this SIM card the content can not be decrypted and read. This provides a very simple and secure way for the user to protect his private content. If the user now desires to allow other users to access his content or to enable transparent access from different devices owned by himself, the following procedure is performed. In a first step SI the unique identifier id is read from the record carrier. This medium identifier id and a user identifier ui of a second user who shall be authorized by the first user to get access to a particular piece of the first user's content, are then (S2) transmitted to the authentication center AuC of the network 3. Therein (S3) a key table key KLK, for instance a key locker key in case the key tables are in the form of key lockers, is generated by the key generator 31 from the medium identifier id and the user identifier ui. The generated key table key KLK can then be transmitted back only to the first user device 1 (S4) or both to the first user device 1 and to the second user device 2 (S8). In the first case the first user device 1 generates now a key table KL2 for the second user 2 (S5) by use of the received key table key KLK, i.e. the asset key(s) which shall be given to the second user for accessing content are encrypted by said key table key KLK. The second user 2 is then authorized by getting the key table key KLK for decrypting the newly generated key table KL2 from the first user (S6). By use of the key table key KLK he is then able to decrypt the key table KL2, read the asset key(s) from it and use the asset key(s) for decryption of content. The user 2 is thus added to the authorization list without direct involvement. In the second alternative where the key table key KLK is also directly forwarded to the second user (S8), the first user device 1 also generates now a key table KL2 for the second user 2 (S9) by use of the received key table key KLK (identically as in step 5). But, immediately thereafter the second user 2 may directly decrypt the new key table KL2 by use of this key table key KI .K (S 10). A further possibi lity is that a second user has a record carrier for which he does not have access. But he may ask the user who has access via the network to give him access as well. Thus, the first user may provide his key table key to the second user via the netw ork and thus authorize him to access its own key table by use o thc same key table key. In this case, it is also sufficient that there is only one single key table stored on the record carrier which is used by all users authorized by the first user 1 . As already mentioned above, each key table KL preferably also comprises a decryption check identifier DC (see Fig. 1) to indicate that the decryption of the key table has worked correctly. To check this the user devices comprise a decryption check unit 9 as shown in the embodiment of the user device 1 illustrated in Fig. 4. Further, the key tables may include some randomly generated padding fields to make hacking more difficult. When a user tries to access the record carrier, the unique identifier id should be transformed using the SIM mapping to an asset key, which is a potential key for decrypting a key table. Using this potential key to decrypt a key table present on the record carrier results in an actual asset key. However, if the user is not authorized then his SIM will generate a key table key, which is, however, not able to correctly decrypt any of the key tables which can be easily seen from the decryption check identifier. Preferably, as already mentioned, the key tables are key lockers so that different rights can be stored for each user and some content is hidden from some users. The key tables may also be all (for each user) located inside a key locker. The key locker key is then a hidden key on the record carrier. Furthermore, as also shown in the embodiment of Fig. 4, the user devices may include a user check unit 1 1 to check a corresponding user check identifier uc preferably stored on the record carrier and assigned to each key table. This user check identifier uc is used to find the correct key table for a user so that decryption of each available key table in order to find the correct one can be avoided. For instance, the user's SIM card contains an identifier to identify the user to the mobile network, called international mobile subscriber identity (IMSI) in GSM, which can used. Alternatively, the user's phone number can be used. Further, if it is desirable to hide the user's identity, this user check identifier uc could be encrypted in a very simple way, e.g. XOR with a key. This means, that again each user check identifier needs to be decrypted by means of a relatively simple XOR operation. Since each user check identifier is preferably XORed with a different key, there is no easy way to determine the underlying user check identifier so that this method may hide the user's identity with sufficient security. Preferably a user who wants to authorize other users, also generates a new key table for each new user. Therefore, a key table generating unit 12 is also provided in each user device I as also shown in Fig. 4. The user who creates the content will be authorized as indicated in the above mentioned European patent application 02 078 437.7 (PHNL 020775). Adding further users to the authorization list can be done through the network. Therefore, a secure connection is preferably provided between the user device and the network (in particularly the home location register HLR) in GSM of the user to be authorized. As user identifier, again the user's phone number or the user's IMSI can be used. Of course, other user identifiers can be used as well by which the user is uniquely identified to the network. The authentication procedure described above can also be used to generate the key for a secure channel between the user devices and the network in a similar way. Preferably, the network operator can offer the above described procedure as a service. Users from different networks can also be authorized in the same way in which the network handles roaming users. However, by offering the service, but not supporting users from other networks, the network can encourage friends or family members of current users to subscribe to their network. The present invention provides a simple and easily implementable method for adding further users on an authorization list to get access to content belonging to a particular user. The authentication procedure of the network is used in this process which provides a high level of security.

Claims

CLAIMS:
1. Device for authorizing a user to get access to content stored in encrypted form on a storage medium (10), said storage medium storing a machine- readable medium identifier (id) and at least one key table (KL) encrypted by use of a key table key (KLK) and storing at least one asset key (AK) for decrypting encrypted content (C), said device comprising: a connection means (6) for connecting said device to a network (3), a drive (5) for accessing said storage medium (10), in particular for reading content (C) and said medium identifier (id) from said storage medium (10), and a transm itter (7) for transmitting said medium identi fier (id) and a user identi fier (ui) of a user, who shall be authorized to get access to said content (C) and who is identi fied to said network (3) by said user identi fier (ui), to an authentication unit (ΛuC) within said network (3). said medium identi fier (id) and said user identi fier (ui) being used by said authentication unit (AuC) for generating a key table key (KLK) for said user enabling said user to decrypt at least one predetermined key table (KL).
2. Device as claimed in claim 1 , further comprising a receiver (8) for receiving said key table key (KLK) for said user from said network (3), and wherein said transmitter (7) is operative for transmitting said received key table key (KLK) to said user.
3. Device as claimed in claim 1, wherein said storage medium (10) stores a plurality of key tables (KL), in particular one key table per user, wherein to each key table (KL) a user check identifier (uc) is assigned and wherein said device further comprises a user check means (1 1) for checking based on said user check identifier (uc) which key table (KL) is assigned to said user.
4. Device as claimed in claim 1 , wherein said at least one key table (KL) further comprises a decryption check identifier (DC) and wherein said device further comprises a decryption check means (9) for checking based on said decryption check identifier (DC) if a key table (KL) has been correctly decrypted.
5. Device as claimed in claim 1, further comprising a key table generating means (12) for generating a key table (KL) by encryption of one or more asset keys (AK) by use of a key table key (KLK), and wherein said drive (5) is operative for storing said key table (KL) on said storage medium
(10).
6. Device as claimed in claim 1 , wherein said device is a mobile communication device, in particular a mobile phone, wherein said network is a mobile communication network and wherein said authentication unit (ΛuC) uses an authenticat ion algorithm used for authentication of mobile communication devices for generating said key table key (K LK).
7. Device as claimed in claim 6. wherein said user identifier (ui) is the international mobile subscriber identity or the telephone number of said user.
8. Device as claimed in claim 6, wherein said transmitter (7) is operative for transmitting said medium identifier (id) and said user identifier (ui) to an authentication unit (AuC) of the home location register of said user with said network (3).
9. Method of authorizing a user to get access to content stored in encrypted form on a storage medium (10), said storage medium storing a machine-readable medium identifier (id) and at least one key table (KL) encrypted by use of a key table key (KLK) and storing at least one asset key (AK) for decrypting encrypted content (C), said method comprising the steps of: connecting said device to a network (3), and transmitting said medium identifier (id) and a user identifier (ui) of a user, who shall be authorized to get access to said content (C) and who is identified to said network (3) by said user identifier (ui), to an authentication unit (AuC) within said network (3), said medium identifier (id) and said user identifier (ui) being used by said authentication unit (AuC) for generating a key table key (KLK) for said user enabling said user to decrypt at least one predetermined key table (KL).
10. Network comprising: a first user device (1) for authorizing a user of a second user device to get access to content stored in encrypted form on a storage medium (10), said storage medium storing a machine-readable medium identifier (id) and at least one key table (KL) encrypted by use of a key table key (KLK) and storing at least one asset key (AK) for decrypting encrypted content (C), said first user device comprising: - a connection means (6) for connecting said device to a network (3), - a drive (5) for accessing said storage medium (10), in particular for reading content (C) and said medi um identifier (id) from said storage medium ( 10). and - a transmitter (7) for transmitting said medium identi fier (id) and a user identi fier (ui) of a user, who shal l be authorized to get access to said content (C) and who is identi fied to said netw ork (3) by said user identi fier (ui). lo an authentication unit (Λ uC) within said netwoi k (3), an authentication unit (ΛuC) comprising: - a receiver (30) for receiving said medium identifier (id) and said user identifier (ui), - a key generating means (31 ) for generating a key table key for said user using said medium identifier (id) and said user identifier (ui), said key table key enabling said user to decrypt said at least one key table, and - a transmitter (32) for transmitting said key table key to said first and/or said second user device; and a second user device (2) of a user who shall be authorized to get access to content stored in encrypted form on said storage medium comprising: - a connection means (6) for connecting said device to said network, - a receiver (8) for receiving said key table key from said authentication unit or said first user device, - a drive (5) for accessing said storage medium, in particular for reading content from said storage medium, and for decrypting at least one predetermined key table using the received key table key.
11. Computer program comprising program code means for causing a computer to carry out the steps of the method as claimed in claim 9 when said computer program is run on a computer.
PCT/IB2005/050308 2004-02-04 2005-01-26 Device and method for authorizing a user to get access to content stored in encrypted form on a storage medium WO2005076270A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2006551968A JP2007525123A (en) 2004-02-04 2005-01-26 Apparatus and method for authenticating a user accessing content stored in encrypted form on a storage medium
EP05702793A EP1714280A1 (en) 2004-02-04 2005-01-26 Device and method for authorizing a user to get access to content stored in encrypted form on a storage medium

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP04100409.4 2004-02-04
EP04100409 2004-02-04

Publications (1)

Publication Number Publication Date
WO2005076270A1 true WO2005076270A1 (en) 2005-08-18

Family

ID=34833726

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2005/050308 WO2005076270A1 (en) 2004-02-04 2005-01-26 Device and method for authorizing a user to get access to content stored in encrypted form on a storage medium

Country Status (5)

Country Link
EP (1) EP1714280A1 (en)
JP (1) JP2007525123A (en)
KR (1) KR20060122906A (en)
CN (1) CN1914679A (en)
WO (1) WO2005076270A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100750954B1 (en) 2005-06-17 2007-08-22 가부시끼가이샤 도시바 Information provision system, provision information copying device, user terminal device and user management device
WO2009079708A1 (en) * 2007-12-21 2009-07-02 Cocoon Data Pty Limited System and method for securing data

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105493436B (en) * 2013-08-29 2019-09-10 瑞典爱立信有限公司 For distributing method, the Content owner's equipment of content item to authorized user

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0691762A2 (en) * 1994-07-08 1996-01-10 Sony Corporation Audio-video- or data server using telephone lines
US20020032658A1 (en) * 1995-07-21 2002-03-14 Fujitsu Limited System and method of online deciphering data on storage medium
US20020078027A1 (en) * 2000-12-18 2002-06-20 Koninklijke Philips Electronics N.V. Secure super distribution of user data
US20020114461A1 (en) * 2001-02-20 2002-08-22 Muneki Shimada Computer program copy management system
EP1237324A1 (en) * 1999-12-02 2002-09-04 Sanyo Electric Co., Ltd. Memory card and data distribution system using it
WO2003029988A1 (en) * 2001-09-12 2003-04-10 Sony Corporation Content delivery system, content delivery method, and client terminal

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0691762A2 (en) * 1994-07-08 1996-01-10 Sony Corporation Audio-video- or data server using telephone lines
US20020032658A1 (en) * 1995-07-21 2002-03-14 Fujitsu Limited System and method of online deciphering data on storage medium
EP1237324A1 (en) * 1999-12-02 2002-09-04 Sanyo Electric Co., Ltd. Memory card and data distribution system using it
US20020078027A1 (en) * 2000-12-18 2002-06-20 Koninklijke Philips Electronics N.V. Secure super distribution of user data
US20020114461A1 (en) * 2001-02-20 2002-08-22 Muneki Shimada Computer program copy management system
WO2003029988A1 (en) * 2001-09-12 2003-04-10 Sony Corporation Content delivery system, content delivery method, and client terminal
US20040030930A1 (en) * 2001-09-12 2004-02-12 Ryosuke Nomura Content distribution system, content distribution method, and client terminal

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100750954B1 (en) 2005-06-17 2007-08-22 가부시끼가이샤 도시바 Information provision system, provision information copying device, user terminal device and user management device
WO2009079708A1 (en) * 2007-12-21 2009-07-02 Cocoon Data Pty Limited System and method for securing data
AU2008341026B2 (en) * 2007-12-21 2010-12-16 Cocoon Data Holdings Limited System and method for securing data
AU2008341026C1 (en) * 2007-12-21 2012-10-04 Cocoon Data Holdings Limited System and method for securing data
US8806207B2 (en) 2007-12-21 2014-08-12 Cocoon Data Holdings Limited System and method for securing data

Also Published As

Publication number Publication date
CN1914679A (en) 2007-02-14
KR20060122906A (en) 2006-11-30
EP1714280A1 (en) 2006-10-25
JP2007525123A (en) 2007-08-30

Similar Documents

Publication Publication Date Title
US10327142B2 (en) Secure short message service (SMS) communications
JP4866863B2 (en) Security code generation method and user device
EP2731040B1 (en) Computer system for storing and retrieval of encrypted data items, client computer, computer program product and computer-implemented method
US20050235143A1 (en) Mobile network authentication for protection stored content
JP2009510644A (en) Method and configuration for secure authentication
CA2879910C (en) Terminal identity verification and service authentication method, system and terminal
US20080189297A1 (en) Securely Storing and Accessing Data
KR20200028880A (en) Multiple security authentication system and method between blockchain-based mobile terminals and IoT devices
CN101621794A (en) Method for realizing safe authentication of wireless application service system
EP1714280A1 (en) Device and method for authorizing a user to get access to content stored in encrypted form on a storage medium
EP2920732B1 (en) Computer system for storing and retrieval of encrypted data items, client computer, computer program product and computer-implemented method
KR20170092992A (en) User authentication apparatus and method thereof
JP2023506791A (en) Privacy information transmission method, device, computer equipment and computer readable medium
CN105635096A (en) Data module access method, system and terminal
KR101808313B1 (en) Method of encrypting data
CN113162766B (en) Key management method and system for key component
KR100883899B1 (en) Method and System for three-party authenticated key exchange using smart cards
CN101477574A (en) Encryption and decryption method for data in data base
JP2016045619A (en) Authentication control system, control server, authentication control method and program
CN111783070A (en) File information acquisition method, device, equipment and storage medium based on block chain
JP2020042372A (en) Authentication system
Bhaskar et al. Sedas for Securing E-Banking with LBA using smart phone
JP2004343442A (en) Disclosure-oriented identifier distribution method and system, and disclosure-oriented identifier certification device
KR20150134966A (en) Method and Apparatus for Password Based User Authentication Using Portable Storage Medium

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2005702793

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2006551968

Country of ref document: JP

Ref document number: 1020067015742

Country of ref document: KR

Ref document number: 200580004011.6

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Ref document number: DE

WWE Wipo information: entry into national phase

Ref document number: 3198/CHENP/2006

Country of ref document: IN

WWP Wipo information: published in national office

Ref document number: 2005702793

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1020067015742

Country of ref document: KR

WWW Wipo information: withdrawn in national office

Ref document number: 2005702793

Country of ref document: EP