1. Field of the Invention
This invention relates to the field of encryption, and in particular to the control of copy protected content material.
2. Description of Related Art
Techniques continue to be advanced to prevent the illicit acquisition of copy protected material, such as recorded entertainment material. A number of these techniques involve the use of devices that are manufactured to comply with established copy protection standards. Each compliant device enforces rules and procedures designed to minimize the likelihood that the device will be used to impermissibly copy protected material. For example, a cost-effective method of copy protection is discussed in detail by Jean-Paul Linnartz et al., in Philips Electronics Response to Call for Proposals Issued by the Data Hiding Subgroup Copy Protection Technical Working Group, July 1997 (xe2x80x9cLinnartzxe2x80x9d), which is incorporated herein by reference. The Linnartz scheme operates by attaching a xe2x80x9cticketxe2x80x9d to the recorded material; the ticket comprises a verifiable xe2x80x9ccountxe2x80x9d that is decremented at each stage of the playback and recording process, and is cryptologically difficult to increment. A cryptologically difficult process is one that can be expected to require an inordinate amount of time to complete, relative to the potential gain that may be realized by devoting this amount of time. A compliant device enforces this ticketing scheme by refusing to play or record material with an expired or missing ticket, by decrementing the ticket each time the material is played back or recorded, and so on. Other protection schemes are also common in the art that rely on compliant devices to enforce the protection.
To prevent the copying of protected material via an interception of the material, each compliant device communicates the content material to another compliant device in an encrypted form. The material is encrypted at the transmitting device using an encryption key, and decrypted at the receiving device using a decryption key. To minimize the adverse effects of a breach of security that reveals the decryption key, a different encryption scheme, requiring a different decryption key, is used for each target receiving device. In this manner, a discovery of a decryption key does not affect the security of encrypted material that is communicated to other receiving devices.
To effect a unique encryption scheme for each receiving device, a key exchange or key distribution is effected between devices. A variety of techniques are commonly available for exchanging or distributing keys. In one such transaction, the target receiving device provides a public key corresponding to an asymmetric public-private key pair that is associated with the receiving device. The source transmitting device encrypts the content material using this public key and then transmits the encrypted content material to the target receiving device. Because a knowledge of the public (encryption) key of a public-private key pair does not aid in a search for the corresponding private (decryption) key, this communication of public key and encrypted material is cryptographically secure. Other techniques are also used, each typically requiring the communication of a parameter that is related to a secret parameter of the receiving device such that the communicated parameter allows a transmitter to encrypt a message that can only be decrypted by a device having knowledge of the secret parameter. For ease of reference, the term public parameter is used herein to include the communicated parameter, and the term private parameter is used herein to include the parameter of each of these key exchange scenarios that is kept secret.
To assure that copy protected material is provided only to compliant devices, each compliant source device requires a verification that the receiving device is a legitimate compliant device. This verification is typically achieved via a certification process. A trusted authority (TA), or certifying authority (CA) provides a certificate that verifies that the public parameter is legitimate. Typically, this certificate has a digital signature associating the public key with a specific device or entity. The trusted authority creates this certificate using another private key that is known only to the trusted authority. The trusted authority publishes a public key corresponding to its private key, and the source device uses the trusted authority""s public key to decrypt the certificate to determine whether the communicated public key is valid. In this manner, a counterfeiter cannot obtain protected material by merely providing its own public key to a source device, because the counterfeiter would also need to provide a certificate associated with this public key that is encrypted using the trusted authority""s private key. A counterfeiter may, however, be able to clone a compliant device, and thereafter gain unauthorized access to protected content material.
To prevent the proliferation of cloned devices, or to minimize the profits that may be gained by a cloned device or other devices that are used for the unauthorized distribution of copy protected materials, a xe2x80x9crevocation listxe2x80x9d is published by the trusted authority. The revocation list contains a list of all certified public keys that have been found to have been used for illicit purposes. The providers of content material, such as CD or DVD manufacturers, have access to a xe2x80x9cmaster listxe2x80x9d of these revoked keys. The manufacturers communicate the list of revoked keys, or a sub-list of recently revoked keys, to consumer devices that exchange copy protected material by encoding the list, or sub-list, as xe2x80x9cout of bandxe2x80x9d data that is recorded on the CD or DVD or other medium. The out of band data, for example, also includes the table of contents of the particular CD or DVD, a unique identifier of the CD or DVD, and so on. Each time one device communicates to another device, updates to the revocation list can be communicated. In this somewhat amorphous peer-to-peer communication network, it is expected that the identification of cloned devices or other unauthorized devices will be disseminated broadly enough so that at least a substantial portion of the unauthorized devices will be disallowed service by compliant devices. As the odds increase that an unauthorized device may be detected, the perceived worth of such unauthorized devices is diminished, and the gain that can be realized by providing such devices is reduced, thereby discouraging the continued distribution of these unauthorized devices.
With increased availability of low-cost, high-density memory devices, such as giga-byte sized hard disk devices, large amounts of content material can be stored on low-cost portable devices. Such devices may be configured as stand-alone playback devices, or as transfer devices that are used to effect a transfer of material between less portable systems, such as between a home audio library and an automotive stereo system. To be successful, such systems must facilitate the transfer of information between compliant devices with minimal burden on the user. This ease of transfer, however, facilitates the illicit copying of copy protected material. In general, these portable devices are somewhat remote from the aforementioned peer-to-peer communication network that uses out of band data to communicate revocation lists.
The proliferation of devices that may receive copy protected content material increases the number of authorization certificates, and correspondingly, the potential list of revoked certificates. U.S. Pat. No. 5,687,235 xe2x80x9cCERTIFICATE REVOCATION PERFORMANCE OPTIMIZATIONxe2x80x9d, issued Nov. 11, 1997 to Perlman et al, discloses the use of a xe2x80x9crevocation servicexe2x80x9d for improving the efficiency of revocation list distribution. In the ""235 patent, a device submits a request for a subset of the current revocation list from the revocation service provider, via a network connection. The request includes parameters such as a maximum size for this subset, a date from which to select revoked certificates for inclusion in the list, expiration dates of certificates, and so on. In this manner, the requesting device can control the amount of information received at any one time, can delete entries in its local revocation list based on expiration dates, and so on. In xe2x80x9cOn Certificate Revocation and Validationxe2x80x9d (Financial Cryptography Second International Conference, FC 98 Proceedings, pages 172-177), Paul C. Kocher discloses a tree structure for organizing revocation lists that minimizes the certifications required to validate the lists, and optimizes the determination of whether a particular certificate is included in the revocation list via a directed search. Despite these techniques and others that improve the efficiency of the distribution and use of revocation lists, it is expected that further improvements are required to efficiently and effectively provide security among a large number of devices.
It is an object of this invention to increase the likelihood that devices that provide or use unauthorized copies of content material are detected. It is a further object of this invention to provide a copy protection system that is well suited for ease of use for portable playback and transfer devices. It is a further object of this invention to provide a copy protection system that is suitable for use with other techniques used to efficiently distribute and enforce revocation lists.
These objects and others are achieved by providing a hierarchical arrangement of revocation lists, corresponding to a hierarchy of content processing and rendering devices. At each level of the hierarchy, an access device provides its certification to an access device at a higher level in the device hierarchy. The higher level device compares the lower level device""s certification to a revocation list corresponding to devices at the lower level. If the certificate has not been revoked, the higher level device provides a lower level revocation list to the lower level access device. The lower level access device uses this lower level revocation list to verify the status of devices to which it communicates content material. Because each list is limited to devices at each level of a conventional hierarchy of consumer devices, the lists provide an optimization at each device, by providing revocations only for devices that are expected to be used at the particular hierarchy level.