This invention relates generally to a system and method for the distribution, transfer, and protection of digital content, and, more particularly relates to a system and method for implementing digital rights management in the distribution and transfer of digital content files to ensure proper protection and prevent unauthorized duplication thereof.
The world is clearly leaving the industrial age and entering the digital information age. Personal computer ownership is at an all time high, and the rise in the popularity and usage of the Internet has exceeded even the most optimistic view of computer developers. This increased computer ownership and usage of the Internet have encouraged the development and growth of a system of e-commerce which allows consumers to now shop, bank, book travel, etc. from the comfort of their own home twenty-four hours a day, seven days a week, via the Internet. However, because the Internet was designed for digital content transfer of information it is quite poor at delivering physical products such as a toaster which may have been purchased online through e-commerce. Most of these physical xe2x80x9cproductsxe2x80x9d still require shipping, handling, etc. to bring them in the hands of the consumer, even though the display, description, and actual purchase takes place via the Internet.
While physical products still require elements of traditional commerce to complete their acquisition, xe2x80x9cinformationxe2x80x9d products may fully exploit the medium of the Internet to allow for a total e-commerce selection, purchase, and delivery cycle. Since the Internet was developed to transfer digital information, a natural extension into the e-commerce realm exists for these information products which are themselves or may be remastered as digital information. While it would be naive to attempt to fully list all products which may be termed xe2x80x9cinformation productsxe2x80x9d, such a definition would certainly include digital music, literature, financial services, software programs, games, video, etc. Through the Internet a consumer may shop for, sample, read technical specifications about, purchase, and download the particular information product of his or her choice all through the home computer without leaving the comfort of the home twenty-four hours a day, seven days a week. This is but one example of true and complete e-commerce.
One area of information products which has seen an explosive growth is the music or audio area. While the term digital content information products covers much more than simply music as indicated above, the recent growth and availability of digital content audio files and the widespread availability of free software downloadable from the Internet to play these audio files on a home PC allows a description of this particular digital information product to point out the risks and impediments to the full development of a total e-commerce system for the purchase and transfer of digital content information products via the Internet. Additionally, while it is recognized that there are various formats of audio digital content information products available, including AC-3, AAC, MS Audio, Liquid Audio, MP4, etc., the most popular at this point appears to be the Motion Picture Experts Group Audio Level 3 (MP3) format. Because of its current widespread use and universal understanding of its operation, this format will be used in the following description, recognizing that such description is exemplary of such digital content information products in general.
The MP3 format for audio compression and digital transfer via the Internet is a compressed digital format for near CD quality audio at 16 k bytes per second. This format compresses digital music into much smaller, denser files which can move across the Internet quickly and be transferred to a personal computer""s hard disk without taking up too much room. Prior to the advent of the MP3 format, high quality computer sound files were typically in WAV format. However, such a WAV file providing high quality sound reproduction for a 3 minute song would take up to about 30 megabytes of hard disk space and would actually require several hours to transmit over the Internet at normal speeds. However, this same song in MP3 format would require only about 2 megabytes of space on a hard disk and may be transferred across the Internet in mere minutes instead of hours. The desirability of this MP3 format is further enhanced by the widespread availability of free MP3 software to both generate and play MP3 format audio files. Additionally, several thousand MP3 format digital content audio files are also freely available for download from the Internet from various artists with many more available for purchase. These factors have combined to the point where one of the major Internet search engines has reported that searches for MP3 files is second only to searches for the keyword xe2x80x98sexxe2x80x99.
Recognizing that the demand for MP3 format audio digital content files will likely spawn demand for players of such files, several manufacturers have developed and released, or are in the process of releasing, portable players which are capable of playing these MP3 files. With such portable players consumers will be able to realize the benefits of this format away from their PCs. In the short term, these portable players will most likely utilize rotating media to store the MP3 files, however, more expensive players will most likely use flash RAM for storage of the digital content audio files. While the PC is still the primary player for MP3 audio digital content files, soon these portable devices will be able to connect directly to the Internet, or possibly capture audio from direct digital broadcasts. Currently portable players connect to the PC via parallel or serial ports, however, this is not seen as being sustainable into a mass marketed product because configuration of these ports is too complicated for a consumer product.
Despite, or maybe because of, the ease of transfer and quality of these MP3 digital audio content files, the music industry as an industry has not embraced the availability of this channel of commerce. In fact, the Recording Industry Association of America (RIAA) has filed court action to block the distribution of a portable MP3 player. The reason for such a move stems from the fear of bootleg piracy and copyright violations which may be possible with current MP3 technology. Specifically, MP3 files contain digital content which may be easily copied without reduction in quality of the audio information contained therein. Therefore, the music industry is concerned that pirates will violate the industry""s or artists"" copyrights by posting bootleg copies of songs on the Internet in this format for free. The industry is concerned that such high quality bootleg copies will add significantly to their estimated 5 billion dollars in losses due to bootleg piracy with conventional media. Therefore, until these copyright issues are resolved, the full utilization of the e-commerce potential for the sale and transfer of digital content files will not be realized.
The system of the instant invention overcomes these and other known problems existing with the current state of digital content transfer and distribution.
More specifically, the system of the instant invention provides a new and useful system of digital content distribution, transfer, and protection of digital content information files which allows for the full development and exploitation of the e-commerce capabilities of the information age. Further, the instant invention provides a portable player for use with such a system which will fully protect the digital content information files transferred to and stored therein. Additionally, the instant invention provides a protocol and method of communicating between a digital content provider host and a portable device for establishing a trusted relationship with the portable device ensuring that the copyright of the digital content information file will be respected. This is accomplished in the instant invention through the definition of a new authentication interface for the USB.
The instant invention also teaches a data structure for the digital content file which includes licensing or certification information along with the digital content data itself.
The inventive concepts and teachings disclosed by this invention, therefore, involve a system and components for the download and protection of digital content which will allow the mass marketing of portable digital players such as the MP3 audio player, e-books, etc. Specifically, and utilizing the MP3 audio player platform as an exemplary embodiment, the system of the instant invention will facilitate the sale and download of music (or other digital content) via the Internet, from a kiosk, etc. While the invention will be described in this summary utilizing the portable MP3 audio player device, it is recognized that other formats such as AC-3, AAC, MSAudio, etc. are available and may benefit from the system of the instant invention. Additionally, the system of the instant invention will likewise provide security for other digital content such as e-books, movies, software, etc. To understand the necessity, advantages, and full scope of the invention, a brief recapitulation of the problem currently hindering the full development of the market for digital content is instructive. As the Internet continues to expand and provide more and more consumer services, the desire to utilize this medium for consumer purchases becomes apparent. Since the Internet is structured to provide a transfer of digital information, it may be used as a retail outlet mechanism for digital content providers such as the music industry, literary publishers, movie producers, software developers, etc. Of these potential sources of digital content, the music industry has taken the lead in utilizing this medium through the widespread dissemination of audio players which may be downloaded to a user""s PC. However, because the digital content may be so easily copied, the music industry has not fully embraced this medium as a safe channel of distribution for its digital content. Before the music industry, or any other industry for that matter, will fully utilize the potential of digital content transfer via the Internet a system of digital rights management (DRM) which protects this digital content must be provided. Further, this system of digital rights management must be provided for both the PC and the host of portable audio players which are being introduced onto the market and which will allow the full exploitation of the market potential for digital content audio, video, text, etc.
The system of this invention, therefore, provides such a system of digital rights management which protects the digital content in both the PC (or other host) and portable player. As indicated above, this system is suitable for any digital content, but will be described utilizing an audio embodiment, such as a portable MP3 player. A portable MP3 audio player incorporating the system of the instant invention will preferably utilize a universal serial bus (USB) and will conform to the storage device class as established by the USB Device Working Group for Audio. The portable MP3 audio players may use a variety of storage media such as rotating media, flash RAM, etc., and may provide various levels of playback capability including playback of fully encrypted files, personalized encrypted files, and clear-text files. The system of the instant invention, therefore, first needs to determine the type of portable audio player to which it will transfer the digital content. This requires both host and portable device systems to establish a trusted relationship therebetween so that the system which will be providing the digital content (e.g., a PC or kiosk) may determine the level at which the portable player may be trusted.
The level of trust which is established between the host or digital content provider and the portable device determines the type of digital content file which may be downloaded. Specifically, if a high level of trust is established between the host and the portable device, clear text files may be transferred to the portable device for playback. This high level of trust signifies that the portable device will provide protection of this clear text digital content, preventing its further dissemination to other players without appropriate compensation to the digital content provider. Other players may include xe2x80x9cpersonalizedxe2x80x9d decryption capability wherein a digital content file may be encrypted with the device""s public key prior to the transfer of that information to the portable device. The portable device is then able to decrypt the digital content information prior to playback using its private key. This type of device may be thought of as providing a medium level of trust. If a portable device cannot confirm that it will provide protection for clear text files, a low level of trust is established. In this case, only fully encrypted (full DRM) digital content may be transferred to this device. Digital content which does not require DRM or which has a low level DRM requirement may also be transferred to these players, such as the currently available free digital content.
This level of trust relationship is established between the host and portable device through an interrogation/response system of communication between the host and the portable device. This system is initiated by the host transmitting a query to the portable device requesting device information. The portable device responds with its device description identification along with a flag which indicates xe2x80x9cI can authenticatexe2x80x9d. In response to the xe2x80x9cI can authenticatexe2x80x9d flag, the host generates a challenge to the portable device in an attempt to ascertain its level of trust. The portable device then creates a unique response based on the challenge which includes its ID and is digitally signed. Based on this unique response and the digital signature information transmitted from the portable device, the host makes a decision, accepting assertions, to determine the level of trust of the portable device. Since communications over the USB to the portable device are considered intra-system communications, no separate encryption of these communications is required, allowing a much simpler and less expensive player. As indicated above, if the level of trust is determined to be high, clear text digital content may be transmitted over the USB to allow playback in the portable device. However, if a lower level of trust is established, such as may be the case if the portable device utilizes removable media to store the digital content files, clear text files may not be transmitted to the portable device. It is noted however that a high level of trust allows for the lowest cost and battery consumption portable device as such device need not include any decryption circuitry to allow playback of the digital content stored therein.
A system of trust certification may be provided with the portable device. While there are many trusted authorities which may issue such trust certifications, Certicom has made a proposal to the USB audio device working group for a certificate scheme based on their elliptic curve cryptography. Depending on the particular structure of the portable device, the Certicom certificate will either allow the system of the instant invention to safely pass a key that will allow the device to decrypt the file after it has been downloaded to the portable device or will guarantee that the portable device will protect the clear content of the digital content downloaded thereto. The above-described authentication and establishment of a level of trust will be implemented via a new interface since the USB storage device class does not provide any way for certification or key exchange. This new interface is termed an authentication interface, and will be in addition to the USB storage interface which is well defined for the USB storage device class.
The system of the invention also includes file management as a key feature. This feature allows the utilization of the existing file system to prevent unauthorized download and modification of the digital content files. Under this file management the host or PC will have only directory and delete access to the protected files in the portable device. These protected files include the clear text files downloaded under the system of the instant invention. If the portable devices are relatively xe2x80x9cdumbxe2x80x9d devices, the system of the instant invention may require that a file system trap be utilized to prevent file operations such as rename and delete operations. However, in portable devices which include a higher level of intelligence this file system trap may be eliminated. Once the trust relationship has been established with the portable device, five more messages will become valid through the authentication interface in addition to the normal file system commands. These new messages include PROTECT_FILE  less than filename greater than , UNPROTECT_FILE  less than filename greater than , LIST_PROTECTED_FILES, ZERO_PROTECTED_FILE  less than filename greater than , and DECRYPT_PROTECTED_FILE  less than filename greater than ,  less than key greater than .
In summary, the system of the instant invention combines concepts of digital rights management (DRM) with a trust authentication and file protection system for host and portable devices communicating over a USB. The scope of this invention includes the overall system of providing the DRM, as well as the individual elements of the host system and the portable device system. Additionally, the invention teaches a new protocol directed to the method of communicating between the host and portable device, as well as broader data transmission concepts directed to the method of establishing the trusted relationship and the file transfer. Additionally, the teachings of the invention include the data structure of the digital content file including license or certification header information.