The present invention relates to a concept of efficiently distributing access authorization information for a digital rights management system or an access authorization system. The present invention also relates to a device and a method for controlling a service access authorization, to a device and a method for providing an authorization message, and to a system for controlling a service access authorization.
Digital rights management systems, also referred to as DRM systems, are methods using which the usage and distribution of digital media are to be checked on. Digital usage management may particularly be employed in digital movie and sound recording, but also in software, electronic documents or electronic books. It allows providers employing such digital rights management systems for checking the usage of their data, to apply new ways of billing, such as, for example, paying for rights of using data by means of licenses and authorizations, instead of paying for the data themselves.
Authors and exploiters are often interested in checking or limiting the circulation and usage of their intellectual property, even after passing same on. A digital rights management system is to support allowing data to be used only to the extent defined by the respective rights proprietors, i.e. the license.
Meanwhile, however, digital rights management systems are also to be found in many other fields, such as, for example, in companies to protect documents, which are then also referred to as corporate rights management systems.
Digital rights management systems are a technical safety measure of giving a rights proprietor of information goods a way of technically enforcing the type of usage of his or her property by users on the basis of a usage agreement made before.
In addition, digital rights management systems allow managing digital contents beyond a purely flat-rate payment and allow individual licensing or billing depending on the frequency, duration or range of usage. On the one hand, unlimited usage can be restricted while, on the other hand, models of doing business which could hardly be realized so far become possible upon request.
Examples of digital rights management systems are the system of Open Mobile Alliance, referred to as OMA DRM, and the OMA standard in the versions OMA DRM V1.0    (http://www.openmobilealliance.org/technical/release_program/drm_v1—0.aspx), OMA    DRM V2.0    (http://www.openmobilealliance.org/technical/release_program/drm_v2—0.aspx) and OMA    DRM V2.1    (http://www.openmobilealliance.org/technical/release_program/drm_v2—1.aspx), and the    system of ETSI standard EN 50094 referred to as EUROCRYPT, in the version BS EN    50094:1993 or Eurocrypt BE EN 50094:1993    (http://www.beuth.de/langanzeige/BS+EN+50094/9799264.html). Additionally, there are a large number of proprietary digital rights management systems which are partly specified on open platforms.
The article “Digital rights management” published by the online encyclopedia Wikipedia on Apr. 23, 2008 gives an overview of digital rights management systems and briefly describes the “Fairplay” system by the manufacturer “Apple” under the term of application “ITunes Store”, and the “Windows Media DRM” system by the manufacturer “Microsoft”.
The most widespread digital rights management systems are “Fairplay” by the manufacturer Apple, “Windows Media DRM” by the manufacturer Microsoft and the OMA DRM system by Open Mobile Alliance Standardization. They allow the authorizations to be set precisely and may be used for different audio and video files. The market leader Apple, for example, uses “Fairplay” in an application referred to as “ITunes Store”. Other providers of digital contents are, for example, Napster or Musicload. Video providing services predominantly use the DRM system by the manufacturer Microsoft. The OMA DRM system is used for ring tones, images, but also for mobile music and TV transmission, such as, for example, by the contents providers Vodafone or T-Mobile, in almost every mobile phone. The OMA DRM and Windows Media DRM systems are frequently combined to allow interoperability between mobile phones and PCs. The providers Musicload and Vodafone are exemplary here.
Digital rights management systems may play a more important role in the future in many other fields, such as, for example, in the automobile field, for example for protecting software or real-time navigation or online navigation, or in the field of embedded systems.
Digital rights management systems mostly use cryptographic methods for controlling access to digital contents. This may exemplarily be realized by binding any digital contents unambiguously to a license by means of encryption. Without the valid license belonging to the digital contents, the user may purchase the apparatus or data carrier, but cannot access the contents. The contents management computer exemplarily manages the digital contents to be protected and encrypts same for being used in a digital rights management system, thereby making the contents at first unreadable. The license management computer may, upon request, generate the license needed in connection with the respective keys for user authentication and contents decryption. When the user wants to access protected contents, he can request the license necessary for reproduction from the license management computer by means of the digital rights management controller. In case authenticity and integrity of a reproduction program have been verified successfully, the contents, for example, are decrypted using the key contained in the license, in this way rendered readable again and passed on to the reproduction program.
Access authorization systems or access encryption systems, also referred to as conditional access (CA) systems, exemplarily include the systems employed in pay TV or in pay video fetch applications for encrypting and decrypting program contents which may meanwhile be employed also in other digital broadcast/radio systems and for vehicle assistance.
In order for a receiver to be able to decrypt the contents, he needs a continuously changing control word, for example. Having the receiver obtain this control word and thus only addressing certain receivers is one of the tasks of the access authorization systems.
Exemplarily, the provider transmits, in parallel to the useful data, separate data packages as management messages which are also referred to as ECM messages. By means of these ECM messages, a receiver having the respective authorization may exemplarily calculate the control word valid at that time and transmit same to the contents decoder. Same is then able to decrypt the contents received. On the receiver side, an access authorization system is, for example, mapped by an authorization card bound to the customer in the form of a smart card, and a customer-anonymous access authorization module. The module here can filter those packages including management messages from the data stream and calculate the corresponding control word by means of the information given in connection with the authorization card. Logic of the access authorization system may be distributed, on the one hand, to the module and, on the other hand, to the authorization card. Holding customer-specific data on the authorization card and rendering them unreadable by third parties is, for example, a conventional procedure.
In addition to the information which may already be on the authorization card of the customer, the methods may transmit management messages including management commands via the incoming data stream. These management messages, also referred to as EMM messages, serve specifically enabling and disabling customer cards. There is a way of offering the customer more or fewer rights with regard to individual offer packages, without the customer having to exchange the authorization card.
Examples of digital access authorization systems are the “Betacrypt” and “Betacrypt II” systems for digital pay TV which were developed for an application referred to as D-Box, further the system referred to as “Videoguard” for pay TV, broadband TV and mobile applications, and a system, referred to as “Nagravision Aladin” offering access authorization methods for both satellite and cable TV.
In the article “Conditional access” of the online encyclopedia Wikipedia of Mar. 12, 2008, the digital PayTV systems “Videoguard” and “Nagravision Aladin” are mentioned and described briefly in the linked articles “Nagravision” of Jan. 8, 2008 and “Videoguard” of Apr. 20, 2008. The Wikipedia article “Conditional access system” of Dec. 21, 2007 mentions Betacrypt as another access authorization system which has meanwhile been replaced by the Betacrypt II system.
Since, in unidirectional broadcast systems, receivers are usually not able to confirm messages received, and are not always switched on, all the messages, for example, may have to be transmitted repeatedly in order to ensure high receive quality. In order to ensure a high security standard, the access authorization messages can be encrypted securely such that decryption without having a valid access key is either not feasible economically or technically almost impossible. Additionally, different individual access authorization systems may be separated from one another such that they do not influence one another.
Digital rights management systems and access authorization systems allow a service provider to distribute protected multimedia contents to closed groups of users. Distributing may take place using different systems, exemplarily via an analog or digital video or audio broadcast system, via a mobile radio communications system, via an Internet protocol system or a digital multimedia transmission system. DVB (digital video broadcast) systems, GSM (global system for mobile communications) systems, IP (Internet protocol) systems and DAB/DMB (digital audio/multimedia broadcast) systems are, among others, common systems.
The contents may be encrypted before distributed. The usage rules and the cryptographic keys needed may be distributed in additional management messages. The contents may be grouped relating to services. The users of a service are, for example, a group of persons who may be managed on the transmitter side.
A user may access a service when having stored the authorizations needed in his apparatus or in a security component connected to the apparatus, such as, for example, an authorization card (chip card). A user may obtain the authorization in a personalization process.
A common business model between a service provider and a service user is regulating access using a subscription. The service authorization is exemplarily valid for a certain period of time and may, when expired, be extended in case there is an ongoing business relationship between the service provider and the service user. The extension (Vn) is exemplarily done by a management message which may relate to a certain service. It may contain parameters in which the extension period of time (startn, endn) may be coded, exemplarily by means of an extension start time (startn) and an extension end time (endn).
When a digital rights management system or an access authorization system is employed in an environment in which a plurality of receivers can receive the signal transmitted (“point-to-multipoint”), such as, for example, a digital broadcast system, an extension message may be directed to several service users at the same time. This means that an extension message may comprise an address region in which a list of the service users to be extended is located. With these service users, both the time of extension, exemplarily December 31st, and the extension period, exemplarily 3 months, may be identical.
When a subscription is not extended, no extension method is, for example, transmitted for the corresponding service user. His access authorization expires.
The end of an access authorization usually coincides with the time of expiry of a subscription.
Subscriber management systems managing a plurality of subscriber data of service users of digital rights management systems or access authorization systems may, for the management of the subscriber data, need personalization in which a service-dependent user identification, referred to here as “i”, may be allocated to an apparatus of a user having an apparatus identification, referred to here as “g”, for a certain service having a service identification, referred to here as “d”, wherein the service-dependent user identification may depend on the apparatus identification and service identification. As a formula, this is expressed as: i=f(g,d), wherein “f( )” is to refer to an association function. Other associations are also possible when personalizing.
The apparatus identification, the service identification and the user identification may be stored on the transmitting side in a subscriber management system.
The peripheral exemplarily knows the apparatus identification allocated to it for the personalization of an additional service. After personalizing a plurality, exemplarily a number n, of services the apparatus may store a list of service-dependent user identifications permanently (or temporarily), wherein the list may exemplarily be represented as a sequence of numbers (d1, i1), . . . , (dn, in) of n pairs of service identification and user identification having an index between 1 and n. The apparatus exemplarily knows its own user identification i for every active service having the service identification d and can be addressed using same.
The service-dependent user identification is exemplarily temporary for the period of time for which there is a corresponding service authorization.