1. Field of the Invention
The present invention generally relates to digital media delivery and management systems. More particularly, the present invention pertains to systems for digital rights management.
2. Description of the Related Art
Digital media usually refers to some form of electronic media that can be manipulated by digital processing systems in one way or another. Unlike analog media, digital media is typically transmitted, stored, and/or processed in digital forms, e.g., in binary formats.
Use of digital media has been gaining popularity over the last few decades partly due to their technical advantages over the analog counterpart, such as robustness over noise, and partly due to the wide availability of various digital information processing systems such as personal computers and CD or DVD players. Digital media are generally easier to process and/or manage and they are often considered to have higher perceptual qualities. Digital broadcasting has also been gradually gaining momentum in the cable and satellite television or radio industries. Moreover, terrestrial digital television (DTV) broadcasting has been tentatively scheduled to supersede analog television by early 2009 in the United States.
The better processing capability of digital media is, however, also one of the downsides of using digital media. For example, digital media, or more precisely digital data associated with digital media, can be reproduced indefinitely without any loss of quality, often with no or very little cost. Furthermore, it can be easily altered or modified or copied in part or in whole without any accountability. This has been a hindrance to wide-scale adoption of digital media in many potential application areas. This is especially true for copyrighted media, or media that otherwise need to be protected for transmission, access, or reproduction. In many cases, the user needs special rights or permissions in order to be able to perform certain tasks or operations associated with a digital media. This is often referred as digital rights. The term digital rights sometimes refers to legal rights associated with the digital media. It sometimes refers to technical rights or capabilities, and it may not necessarily coincide with the rights' holder's legal rights.
A digital rights management (DRM) system manages digital rights and also rights of other types of media. Many digital media publishers and vendors use DRM systems to protect copyrighted or otherwise access-controlled materials. Typical DRM systems use various technical measures to identify, describe, analyze, valuate, trade, monitor, and track digital rights. For example, DRM systems often use copy protection measures to control and/or restrict the use and access of digital media content. In the commercial context, DRM provides a method to control any duplication and dissemination of digital media so that appropriate fees can be collected, for example, for each copy or for each performance of the media content.
A typical DRM system uses encryption and decryption software for this purpose along with other software or hardware based security measures. For example, HD DVD and Blue-ray movies are encrypted, or scrambled, using Advanced Access Content System (AACS). The data on the medium is encrypted, in addition to being compressed or encoded in MPEG-4 format, and it may only be decrypted and viewed using one or more valid decryption keys. In a typical DRM scheme, a DRM server wraps the digital content through encryption according to applicable policies.
Once the digital media is delivered, a DRM client unwraps the content and makes it accessible to the user in accordance with his or her rights. DRM clients may include desktop PCs, handhold devices, set-top boxes, mobile phones and other portable devices as well as other dedicated digital media players (e.g., for music, movies, etc.) and television and radio sets. The digital rights are typically distributed to clients separately from the wrapped media content. They can be distributed at the time of the content distribution, or they can be dynamically accessed later when needed, for example, at the time of storage or playback.
In the cable industry, and in other related industries such as satellite broadcasting, media is protected by conditional access (CA) systems. CA refers to a technique for limiting the access of protected content to authorized users. In a typical CA system such as those used in the cable television industry, the scrambled media content is delivered along with a decryption key called a control word (CW). The control word is embedded in an encrypted message called ECM (entitlement control message), which can be decrypted using another key called a service key (SK). The service key is delivered to the user in a different message called EMM (entitlement management message), and it may be decrypted using a user-specific decryption key, or user key (UK), which is typically associated with a client device, either at hardware or firmware level, such as a “smartcard”. The lifetime of each key varies depending on the purpose, and it varies from application to application. Typically, the lifetime of CW is much shorter (on the order of 0.1 second for live video stream) than that of SK, which is, for example, on the order of a month or so for a subscription channel in the cable television. SK and CW can also be associated with a particular media, for example, a movie title for pay-per-view. The UK is usually permanent, but can be replaced by providing a new smartcard to the user. Typical CA systems also have the ability to “revoke” UKs from unauthorized devices. It should be noted that a CW is not generally user specific. Using the (subscriber-specific) SK, the system can securely broadcast other common information, such as the CWs or the media content, to subscribers simultaneously without having to broadcast a different program for each of the subscribers.
The digital media content (e.g., video and audio signals) of one program, typically in the MPEG-2 or MPEG-4 format in the case of cable television, is sometimes multiplexed together with those of other programs for transmission so that multiple programs appear to be transmitted simultaneously. A CA system scrambles the digital form of programs and transmits the entitlement control messages and the entitlement management messages with the digital form of programs for broadcast either within the multiplex (e.g., for satellite) or through an out-of-band channel (e.g., for cable).
Content encryption is typically done using symmetric key cryptography, while key encryption is typically done using public key/private key cryptography. In symmetric key cryptography, the same or essentially equivalent keys are used to both encrypt and decrypt the data. In the asymmetric or public key cryptography, different but related keys are used to encrypt and decrypt the data. Public keys may be derived from the corresponding private keys in certain cryptographic schemes, but not vice versa. In general, encryption/decryption schemes based on symmetric key cryptography are less expensive than those using asymmetric key cryptography in terms of computational requirements.
Typically, a client device such as a set-top box (STB) at the receiving end descrambles the data stream and decodes the MPEG-2 data for viewing. A tuner portion of the STB receives the incoming signal, demodulates it and reconstitutes the transport stream, which contains multiple packets of information. The set-top box can de-multiplex the entitlement management messages and entitlement control messages and the media content. The data (e.g., service key and control word) contained in the entitlement management message and entitlement control message are used to descramble the encrypted programming content. The set-top box then decodes the MPEG data and renders the content for viewing.
FIG. 1 illustrates an overall “architecture” of an exemplary DRM/CA system in a block diagram form. The figure shows a virtual zone or realm, all again within the same security system, associated with a digital management system or a conditional access server 101. DRM systems may have their own servers. Or, alternatively, certain related CA servers may be used for various DRM purposes such as authenticating clients. DRM systems may also manage the digital rights associated with digital media through other methods. An example of this DRM system is an on-line movie distributor system. In this example, the DRM server 101 typically resides across a network 102 such as cable network, satellite network, wireless phone network, or the Internet, from a DRM client device 103. When a digital media is delivered to the client 103, either from the DRM server 101 or from other digital media services, the client first needs to get proper permission or entitlement before it can play or display the delivered content. The CA server 101 typically resides across a network 102, such as cable network, satellite network, wireless phone network, or the Internet, from a client device 103, which can be a CA Client or a Set-top Box. When a digital media is delivered to the client 103, either from the DRM/CA server 101 or from other digital media services, the client first needs to get proper permission or entitlement before it can play or display the delivered content. The permission is often delivered as ECMs (e.g., in cable television transmission) as stated earlier. In typical real-time digital media delivery systems such as cable television, the required ECMs are simultaneously delivered along with the digital media content. In the example shown in FIG. 1, the DRM/CA server 101 is responsible for various DRM/CA-related tasks and it provides necessary support to the authenticated client 103 for accessing digital media content which the client is entitled to. The client can play the media on a display 105 in real time and/or store it for later viewing. The figure shows a storage unit 104 within the DRM realm associated with the client. It may be a part of the client device 103 in some cases. The digital media is typically stored in the storage unit in an encrypted/scrambled form, or in an otherwise protected form. In this example, the DRM system is responsible for protecting the stored digital media. In order for a client device such as a media player to have access to the content of the stored media, it needs to have proper permission, which is provided by the DRM/CA system in case the client is legitimately entitled to certain operations on the digital media.
FIG. 2 illustrates various message or data types used in certain implementations of conditional access (CA) schemes. In particular, the figure shows an entitlement management message (EMM) 134, an entitlement control message (ECM) 140, and a scrambled content 146, along with various encryption/decryption keys, which are typically used in CA systems in the cable television industry. A client device (not shown in the figure) typically contains a security device 130 associated with a CA server (not shown), and the security device has a unique user key (UK) 132 to represent a subscriber. The security device 130 may be a smartcard. The user key 132 can be used to decrypt the entitlement management message (EMM) 134, which has the encrypted service key (SK) 138. The client, or the security device 130, performs the EMM decryption 136 using the user key 132 to recover the service key 138. The entitlement control message (ECM) 140, on the other hand, contains an encrypted control word (CW) 144. In typical operations, the client, or the embedded security device 130, further performs the ECM decryption 142 using the service key 138 to recover the control word 144. The scrambled content 146, that is, the digital media content encrypted with CW 144, can then be descrambled using the control word to generate the clear content 150. Typically, the CA server provides the control word to an authorized client to descramble the content, at 148. The descrambled, or clear, digital media content 150 can be either played on the client device or re-encrypted for further processing or for (temporary or permanent) storage. In many cases, however, the scrambled content 146 can be recorded, sometimes along with the ECM 140, for later use and it is protected by a copy protection (CP) system, a DRM system, or a different CA system. The DRM system manages the rights according to the information in the EMMs and/or ECMs.
It should be noted that encryption and decryption keys are symbolically represented by locks and keys, respectively, in FIG. 2 and in other drawings throughout this disclosure. Even though these two different symbols are used for consistency whenever possible, it should be understood that, in symmetric key cryptography, the same or essentially equivalent keys are used for both encryption and decryption operations whereas, in public key cryptography, encryption keys (i.e., locks) and decryption keys (i.e., keys) are different and, in particular, it may not be computationally feasible to derive decryption keys from the corresponding encryption keys. As noted earlier, in digital media delivery and management, content scrambling (e.g., encryption of digital media content) is typically done using (generally computationally cheaper) symmetric key cryptography, while key encryption (e.g., encryption of service keys) is typically done using (generally easier to exchange) public key cryptography.
Although FIG. 2 shows a particular encryption/decryption arrangement of a CA system, it is understood that different arrangements can be used as well. In general, the entitlement management messages are unicast to individual devices to individually authorize entitlement and the entitlement control messages are typically broadcast to all devices to globally provide the information to retrieve the content key for descrambling the broadcast stream. A service key represents the entitlement recovered from the entitlement management message and a control word represents the key recovered from the entitlement control message for descrambling the media content. The descrambler of a digital television system uses standard algorithms, e.g., Common Scrambling for Digital Video Broadcasting (DVB-CSA) and Digital Encryption Standard (DES) for Advanced Television Systems Committee (ATSC) standard (conditional access system for terrestrial broadcast). The descrambler (e.g., 148 in FIG. 2) can be conveniently placed on any of the various components (e.g., a bridge, a renderer, or a storage system) in a client device.
With respect to FIGS. 3A and 3B, exemplary scenarios are illustrated in which digital media content is delivered and protected by a CA server and/or a DRM system. In FIG. 3A, an access control device 172, which is typically a part of a client device (not shown in the figure), has a user key 174 to decrypt the entitlement management message 176, which contains an encrypted service key (SK), which in turn is used to decrypt the entitlement control message 178. ECM 178 contains the encrypted control word (CW). The scrambled content 180, which is encrypted by the control word, is then decrypted by the client device. The access control unit 172, or any component associated with the client device, with the appropriate rights descrambles the protected content 182 using the control word 184 and provides the content 186 to the user. The content can either be re-scrambled and stored in a storage device for later viewing or it can be provided for real time use. The client device may directly record the original CA protected content (e.g., as illustrated in FIG. 3A), or record the content with substitutive CA/DRM protection (e.g., encrypting with replacement entitlement control messages, or rescrambling using different control words, etc.).
In the scenario shown in FIG. 3B, the recovered control word 210 is protected by a DRM system (symbolically represented by a cryptographic key 208 in the figure). In this example, only a certain CA/DRM client, e.g., an access control device 202 with a user key 204, which has appropriate rights (e.g., having access to the decryption key 208) can descramble the DRM protected CW 206 to get the CW 210. Then the decrypted control word 210 is used to descramble the delivered or stored media content 212 to obtain clear the content 214.
In typical conditional access of a primary security system (e.g., digital TV or satellite TV), the control word, which is a global key, needs to change frequently (e.g., once every 0.1 second) to avoid key-sharing attack. However, to locally protect the recorded and stored content with a DRM system, a control word that is unique to the access control device does not need to change as frequently. For example, an entire recorded movie may be rescrambled using only one control word. It should be noted that different CA systems and DRM systems may have entirely different implementations of EMMs and ECMs but have similar or same descramblers for content protection (e.g., according to the ATSC Standard).
Multiple digital rights management systems can be used for protection of digital media, e.g., at the same time or alternately depending on the contexts. For example, the digital media owners such as movie studios and media delivery services such as cable companies might utilize different and separate DRM systems for the same digital media, or for different parts of the same media. Similarly, the same cable television company (e.g. Comcast Corp. of Philadelphia, Pa.) may use different CA systems for different contexts or for different domains. Digital rights management can also be implemented in a hierarchical fashion or in multiple domains. This is illustrated in FIG. 4A where different DRM (254, 258, 260) or CA (262) systems can also be involved for protection of digital media at different stages of their delivery, processing, playing, and storage processes. For example, FIG. 4A shows an exemplary context where multiple CA and/or DRM systems are employed during delivery of digital media. The media is delivered from a CA server 262 to a client (e.g., a storage unit 278 in the figure), and it is initially protected by the same CA server in this example. The broken-line box 252 represents this “virtual domain” or zone in which the CA server 262 is responsible for enforcing proper access rules regarding the digital media. The figure shows three more virtual DRM domains, 254, 258, and 260, each of which is under the protection of a DRM system (not explicitly shown in the figure). When the digital media is passed from one DRM system to another DRM system, the media content (and its associated keys) may be descrambled/decrypted using the keys from one DRM system and rescrambled/encrypted using the keys from the next DRM system. In the example illustrated in FIG. 4A, the media under the protection of CA server 262 is descrambled, 264, and scrambled again, 266, in the DRM system 254. The media is then passed to the next DRM system 258, through descrambling 268 by DRM system 254 and scrambling 272 by DRM system 258, and again to the next DRM system 260, through descrambling 274 by DRM system 258 and scrambling 276 by DRM system 278. In this example, the scrambled digital media content is stored, 278, e.g., in a client device, and the last DRM system 260 is responsible for protecting the stored digital media. The DRM systems closer to the source of the digital media are typically more “global” than the ones closer to the sink or the client. In other words, the DRM system 258 of the figure, for example, is more “local” than the DRM system 254. Generally, there is a one-to-many relationship between a global or upstream DRM system and a local or downstream DRM system. It should be noted that, in this particular example, whenever the digital media passes the DRM system boundaries, the media is exposed in clear forms, with the control passed completely from the previous DRM to the next DRM. For example, at a point labeled 270 in FIG. 4A, the media (and/or any associated security keys) has been descrambled by DRM system 254, thus DRM system 254 loses control over the media content. The media is then scrambled by the next DRM system 258, thus comes under control of this DRM system 258. This can be a potentially vulnerable point in a business model involving multiple DRM systems such as the one shown in the figure where the original owner of the media passes the media control completely to other DRM systems.
This vulnerability can be protected by various bridge protection schemes, where an exemplary is schematically illustrated in FIG. 4B, where two different DRM domains 232, and 234 are shown. In the figure the media is shown in different stages of protection (Encryption A, Encryption B and Encryption C) and the decryption and re-encryption processes are not shown. In this particular example, in the first stage (Encryption A) the digital media delivered from across the network 236 may first be protected by the DRM system 232. In the second stage (Encryption B) the digital media may be protected by both DRM systems 232 and 234. In the third stage (Encryption C) the digital media may be protected only by the second DRM system 234. For example, the first DRM system 232 may be managed by a cable company and the second DRM system 234 may be managed by a movie studio. In order for a user to play the delivered content, he or she may need to get proper access permission from either system, or from both systems, depending on the implementation. In general, there may be multiple content distributors, multiple content owners, and/or multiple content players of the same digital media, each of which may have its own DRM or CA system.
Some DRM systems can store content that are still protected by the operator CA system. In this mode, ready access to CA servers may be required to access protected digital media. For example, when the digital media is stored in a user's device, in order to play the stored media the user may need to obtain an access grant from the corresponding CA server, e.g., as a form of an ECM. The associated ECM, or a CW contained in the ECM, may also be downloaded at the time when the media content is delivered.
In some cases, a CA server may provide entitlement valid only at playback time. For example, the system can allow the user to record (scrambled) programs that the user is not entitled to use at the time of recording. After the user obtains the required rights (e.g., through purchase of pay-per-view service, or by upgrading a subscription package, etc.), the user can then play back the recorded information at later convenient time. As stated earlier, the descrambled content and/or decrypted keys may be rescrambled/encrypted using a different scheme, such as the one based on a DRM system, before it is stored in a storage device.
Further information about bridge protection system can be found in U.S. patent application Ser. No. 11/446,427, filed on Jun. 2, 2006 which application is incorporated herein by reference. The bridge protection schemes create certain problems for the end clients of the DRM system on how the inner DRM system will deal with the original DRM protection after the bridging has occurred. For example, a CA media under the CA rules may be stored in a client of a DRM system. The client normally has a subscription agreement with the DRM system, but typically does not deal directly with CA system, and therefore would have difficulty in changing the CA rules under the DRM system. For example, the content protected by the CA system may be restricted by the CA system's access rules so that it can be played for a limited period of time (e.g. only for one week) or may be played back only once or twice. The user may be forced, in this case to “upgrade” the service from the CA system to obtain greater access rights, but the user's (e.g. client) system is a DRM system which may not have all the necessary keys, etc. to obtain the upgrade.