KR20180105687A - Method and system for conditional access through licensing of proprietary functions - Google Patents

Abstract

There is provided a method for making playback of content secure and traceable on a playback device of a plurality of playback devices, each of the plurality of playback devices including a cryptographic function module (CFM). In one embodiment, the method comprises the steps of: accepting at a playback device a first input from a content licensing agency; In the device, generating a first output from the first input in accordance with a proprietary cryptographic function using a CFM, the first output being required to enable reproduction of the content by the player, Is one of a family of proprietary cryptographic functions executable by the CFM of each of a plurality of playback devices; And enabling playback of the content by the device at least partially in accordance with the first output.

Description

Method and system for conditional access through licensing of proprietary functions

The present invention relates to a system and method for providing conditional access to protected content, and more particularly to a system and method for providing access to protected content through execution of licensable functions.

Digitalization of audiovisual media content such as television shows and movies has allowed viewers to purchase copies of media content for personal enjoyment. Such media content may be distributed via tangible media such as optical discs, or may be downloaded by downloading digital media from a content server or kiosk to recordable media for later playback. Unfortunately, the digitization of such media content has also allowed for large and extensive unauthorized distribution and / or use. Such unauthorized distribution and / or use preclude providers of audiovisual media content from having the economic benefit of authoring such material.

Of course, the unauthorized distribution and / or use of the content constitutes copyright infringement of the content by an individual or organization that distributes or uses the content in an unauthorized manner. Therefore, one way to prevent unauthorized use is to actively enforce such copyrights. One of the problems with these enforcement is that such copyright infringement is generally highly distributed and distributed, and litigation against copyright infringement of such entities is much more costly than recoverable damages or even legal damages. For example, if an individual views or distributes a movie without permission, he or she may be found guilty of copyright infringement, but a court award for such infringement does not justify the cost and expense of filing the suit against the individual. In addition, such actions may not be effective in relation to the derivative work, and may require evidence that is difficult to obtain.

Other implementation strategies are also problematic. For example, one such strategy is to attempt to deny entities that provide software or hardware capable of decoding and decrypting protected content. The problem may be that it is difficult to initiate litigation against such entities before the infringement itself occurs (and, in the case of litigation, generally unprotected copies have already been distributed) If it can be used in an infringing manner, the action itself may fail.

In addition, successful digital rights management (DRM) schemes require coordination between the content providers, manufacturers and licensors of the DRM system itself. When this approach is intended as a standard adopted by many manufacturers and content providers, the devices are manufactured according to common specifications. Unfortunately, this specification can be accessed by the general public and used to circumvent the DRM scheme, or else it can be used to make the DRM scheme inefficient. At the same time, content providers may want to distribute content, and manufacturers produce devices that are intended to be used only in certain constraints (e.g., within specific geographic boundaries or time periods only).

There is a need for a system and method for protecting content from unauthorized use and / or dissemination that can augment current methods by providing additional litigation incidents for potential real infringers. It is also contemplated that content providers and manufacturers may protect such content in a manner that allows for different schemes to be adopted, as required by geographical boundaries, duration, content sensitivity or type, or by any other desired means. A system and method is needed to make it possible. The systems and methods described herein satisfy this need.

In order to solve the above-mentioned requirements, the present invention discloses a method and system for making playback of content on a playback device of a plurality of playback devices safe and traceable, each of the plurality of playback devices comprising a cryptographic function module module CFM).

In one embodiment, the method comprises the steps of: accepting at a playback device a first input from a content licensing agency; Generating, at the device, a first output from the first input in accordance with a proprietary cryptographic function using a CFM, the first output being necessary to enable playback of the content by the playback device The proprietary cryptographic function being one of a family of proprietary cryptographic functions executable by the CFM of each of the plurality of playback devices; And enabling playback of the content by the device at least partially in accordance with the first output.

In a related embodiment, the system includes a first processor, a memory communicatively coupled to the processor, and a device including a CFM integrated into the device, the cryptographic function module comprising a family of cryptographic functions executable by the CFM Lt; RTI ID = 0.0 > intermediate < / RTI > Also, the memory described above may be configured to receive a first input to the device, generate an intermediate input from the first input, receive an intermediate output, generate a first output, and, at least partially, And instructions for enabling playback of the content by the device.

Reference is now made to the drawings, wherein like reference numerals designate corresponding parts throughout:
1 is an illustration of an overview of a distribution system that may be used to provide video data, software updates, and other data to subscribers;
2A and 2B are diagrams for explaining operations of a conventional digital rights management system;
Figures 3A and 3B are diagrams illustrating one embodiment of an improved digital rights management system;
4 is a diagram illustrating exemplary operations that may be used in the use of cryptographic function modules when providing content;
5 is a diagram illustrating exemplary operations that may be used to generate a first output from a first input;
Figures 6A-6C are diagrams showing different embodiments of a proprietary cryptographic function digital rights management system;
7 is a diagram illustrating operations that may be performed to read and use generated intermediate I / O pairs to enable or disable playback or take other actions; And
Figure 8 is a drawing of a computer system that may be used to implement a playback device or elements thereof.

In the following description, reference is made to the accompanying drawings which form a part hereof, and in which is shown, by way of illustration, some embodiments of the invention. It is understood that other embodiments may be utilized and structural changes may be made without departing from the scope of the present invention.

Distribution system

1 is an illustration of an overview of a distribution system 100 that may be used to provide content data. Such content may include, for example, a television program, a movie and / or a media program such as a video game.

The distribution system 100 includes a function licensee 102, a content licensing agency or content licensor 108 and a playback device 114 that may be manufactured by the device manufacturer 104, also shown in FIG. In one embodiment, content licensor 108 includes a license provider 110 and a content provider 112 (which may be implemented by a server or similar device). The license provider 110 provides access to the content by providing entitlement information for use by the digital rights management (DRM) system 116 of the playback device 114 to enable playback of the content (E.g., from playback device 114) to acquire (e.

The content provider 112 responds to the request 120 for the content (e.g., from the playback device 114) by sending the content 122 to the playback device 114 for consumption. In general, the content provided by the content provider 112 to the playback device is provided to the DRM system (e. G., ≪ RTI ID = 0.0 > Encrypted or otherwise obfuscated to be used only by playback devices 114 having DRMS 116. [

Proprietary crytographic function (PCF)

As will be described below, the DRMS 116 must implement one or more proprietary cryptographic functions 126 (PCFs), or it must be performed to allow use of the content by the device 114. The PCF 126 may also be considered a licensable cryptographic function or LCF because the PCF 126 is proprietary (e.g., because it can not be executed without the license of the licensor 102 without a license). In one embodiment, the proprietary nature of the PCF is rooted in the fact that it corresponds to a protected intellectual property right (e.g., trade secret, work or patented invention).

In one embodiment, PCFs 126 are cryptographic functions that can not distinguish input / output (I / O). In this regard, a function that can not distinguish an I / O is a function that can not be confirmed only by checking input values for the function and output values caused by the function. For example, if the input / output pairs of the function are (1, 2), (2, 4) and (4, 16), we can reasonably confirm that the function is a square function. Because in each case the output is the square of the input. In this case, this function is not I / O distinguishable. However, if the input / output pair does not indicate a pattern that allows the essence of the basic function to be identified, the function can be classified as I / O indistinguishable. The function may be piecewise I / O discrimination, but may be I / O discrimination successively. For example, if all of the Nth output of the squared function described above deviates from the result of the squared function in such a way that it can not be determined simply by looking at the input / output pair, have.

PCF of 126 (indicated by f _PC (·) in Fig. 1) are each associated with a "black box" (106A-106B) device manufacturers from the licensor 102 through 104, the license provider 110 or content provider (Not shown). The black box 106 is a device that performs data conversion, such as code or keys, without revealing how the conversion is performed or revealing the data, as the name suggests. In this application, the use of the black box 106 allows the licensor 102 to transfer program instructions and / or instructions for installation to the devices 114 at the facility of another entity without exposing the information and / Or provide data remotely. For example, the black box 106A may be provided to the manufacturer of the device 114 and may be provided to the playback device (e. G., The device 104) while holding operations performed by dedicated software or hardware module secrets from the device manufacturer 104 114 dedicated hardware or software processor modules. The PCFs 126 are also provided to the license provider 110 via the black box 106B so that the license provider 110 can add the PCF 126 to the rights grant information 124 securely transmitted to the playback device 114 . The PCFs 126 may be provided to the content provider 112 to enable the content provider 112 to securely provide the encrypted content 112 to the PCF 126. [

The cryptographic function is "licenseable" in that the commercially feasible performance of the function or combination of functions used to generate the output values at the input values requires a license from the licensor 102. Such licensability can be achieved, for example, by (1) being kept secret from the public and being difficult to reverse-engineer and / or (2) being protected as original and / or original intellectual property , Licensor (102).

For example, it may be necessary to determine the combination of operations necessary to implement the function (either by inspection of the input / output pair, by stripping the processing chip performing the operation (s) Reverse engineering is commercially impractical and the only commercially viable way to perform the function and calculate the appropriate output values from the input values is to obtain a license to perform the function , The function may be "licenseable ".

For example, consider a closed form function:

방정식 (1)

Equation (1)

는 입력 값들 0

로부터 출력 값들

을 생성하며, 이는 실질적으로 의사 랜덤하고 본질적으로 매우 무상관하다. 많은 세트의 입/출력 쌍이 고려되었다고 하더라도, 권한이 없는 엔티티가 입/출력 값들만으로 함수

의 본질을 결정하는 것은 어려울 것이다. 이에 따라, 입력 값으로부터 적절한 출력 값

을 생성하는 것을 확신하기 위해서, DRMS(116)는 기본 함수에 대한 액세스를 가져야하며, 그리고 라이센서(102)는 재생 기기(114)의 하드웨어, 소프트웨어 또는 펌웨어에서 그 함수를 구현하기 위해 라이센스를 취한 엔티티들에 그 기본 함수에 대한 액세스를 제한할 수 있다.This function

0 < / RTI >

Lt; RTI ID = 0.0 &

Which is substantially pseudo-random and essentially unreliable. Even though many sets of input / output pairs are considered,

It will be difficult to determine the nature of. Accordingly, from the input value, an appropriate output value

The DRMS 116 must have access to the basic function and the licensor 102 must have access to the licensed entity to implement the function in the hardware, software, or firmware of the playback device 114 To restrict access to that basic function.

Significantly, the above discussion of "commercially unavailable" of executing a function, except through the license, is based on the characteristics of virtually any DRMS 116 or the DRMS 116 in view of its infinite resources and time And that the functions performed by the functions can be identified. However, such effort is "commercially impractical" when the cost of such reverse engineering efforts exceeds the commercial benefits for a significant number of people who can participate in such activities. For example, if the licensable function 126 implemented in the playback devices 114 has been easily updated or changed, then "commercially unavailable" of executing the function, except through the license, It would be much less than if it could not be. Because the advantage of such a reverse engineering effort can be easily removed by simply updating function 126 to another function 126. [ Similarly, if the licensable function 126 is implemented in a small number of playback devices 114, the commercial impossibility of executing the function 126, except through the license, Lt; RTI ID = 0.0 > 114). ≪ / RTI > This is because the economic advantage from a small number of playback devices is less than the advantage that can be obtained from a large number of playback devices 114.

The function 126 may also be "licensable" because of the originality or creativity that can be protected in accordance with the intellectual property rights (e.g., patent or copyright) laws of a particular jurisdiction, A license is required to perform the function. The entities that perform the function 126 without the proper license and use the function to decrypt and use the content are responsible for copyright infringement on the unauthorized use of the content itself, as well as the use or copying of the function 126 (e.g., Copying the code to perform the function), or copyright infringement. In such a case, the "licensable" state of the function is placed in a protected or protected intellectual property whose state is not in an unrecognizable and unreadable state but whose details are unknown.

Although shown separately, license provider 110 and content provider 112 may operate together as a single entity. For example, a request for rights grant information 124 and a request for content 122 may be sent to the same entity and received from the same entity.

The PCF 126 may be provided to the manufacturer 104 of the playback devices 114 from the licensor 102 or may be provided to the licensor 102 for delivery and installation to the playback device 114. [ To the license provider (110) or the content provider (112). For example, license provider 110 or content provider 112 may provide function 126 to be downloaded and installed to playback device 114 for execution as part of DRMS 116.

In one embodiment, the PCF 126 is one of a number of cryptographic licensable functions that may be executed by a plurality of playback devices 114. Groups of devices 114 with the same PCF 126 may be described by a manufacturer, licensor, content provider, geographic location where the devices 114 are used or content is consumed, or any combination thereof.

For example, all devices 114 manufactured by a particular equipment manufacturer 104 may utilize the same PCF 126. Alternatively, of the devices 114 manufactured by the specific equipment manufacturer 104, only the same model or similar devices 114 may use the same PCF 126. Alternatively, the devices 114 from the particular device manufacturer 104 may use more than one PCF 126, one of which is common to all devices 114 created by the manufacturer 104 And the remaining PCFs are common only to devices 114 in a particular model group or devices for a particular market. For example, all devices 114 manufactured by the manufacturer 104 may include three PCFs 126, one PCF 126 being common to all such devices 114 Another PCF 126 is common only to the same model of devices 114 and another PCF 126 is a device model for a particular market (e.g., sold for use in China) , Or models with extended functionality) that are intended to be used by a plurality of devices.

Device groups may also be defined by the content provider 112. For example, a particular content provider 112 such as FOX may require the presentation of all of the content provided by the content provider 112 to have the capabilities of a particular PCF 126 different from those of the other content providers 112 You may want to do it.

The device groups may also be defined by the content 122 itself. For example, the content provider 112 may determine that the presentation of each particular content 122 title or media program is different from that of the other content titles from the same or different content provider (s) 112 (E.g., PCF 126 may be content that is unique to content provider 112 or to all content providers 112). In this case, the content provider 112 may use three PCFs 126, one for use with any content 122 from the content provider 112, and the other PCF 126, Is unique to each content type (e.g., movie or television), and the other is unique to the content title. In embodiments in which the entitlement information 124 is provided by a license provider 110 that is separate from the content provider 112, the groups of devices 114 may include a license provider 110 associated with the license provider 110, May be defined by the content 122.

Device groups can also be defined by geopolitical boundaries. For example, playback devices 114 (or content 122 distributed to be consumed in one country or set of countries) manufactured for a intended use in one country or set of countries may be provided for use in other countries May include a specific PCF 126 that is different from the devices or content.

FIGS. 2A and 2B are diagrams showing operations of a conventional DRMS 116. FIG. The DRMS 116 includes an entitlement information processor (EIP) 202, a content segment assembler (CSA) 204 and a decoder 206.

2A and 2B, the EIP 202 receives the entitlement information 124 and, from the entitlement information 124, decrypts the encrypted content segments from the content segment assembly < RTI ID = 0.0 > Information 208 and decryption information 210 needed to decrypt the assembled encrypted content segments 212. [ The CSA 204 accepts the content segments 212 and assembles those segments 212 together into an encrypted content stream 214 that is provided to a decryptor 206. The EIP 202 also generates decryption information 210 (e.g., decryption keys) necessary to decrypt the segments of the encrypted content stream 214 from the entitlement information 124 and provides the decryptor 206 with decryption information (210), and the decoder (206) decrypts the segments of the encrypted content stream (214) using the provided decryption information (210).

First Embodiment - Demultiplexing a transport stream with multiple media programs

In the first exemplary embodiment, the encrypted content segments 212 may take the form of packets of a transport stream carrying a plurality of media programs. For example, FIG. 2A shows a transport stream that transmits encrypted content segments 212A for two media programs A and B, where each content segment for media program A (For example, C _A1 , C _A2 ... C _AN for the media program A and C _B1 , C _B2 ... C _BN for the media program B) _Ao and K _Bo ).

Each encrypted packet or content segment for a media program includes a program identifier (PID) (A or B in the illustrated case) associated with one of the media programs. In order to receive and provide any one media program, the CSA 204 parses the transport stream to identify encrypted packets (representing the segments) having a PID associated with the desired program, And provides these packets to the decoder 206. For example, when the media program A is selected, the CSA 204 parses the incoming segments to find segments with a PID that includes "A " And provides content segments 212A. Encrypted packets or segments for the media program A may be encrypted by a single key KAo so that the encrypted segments E _KAo [C _A1 ], E _{K Ao} [C _A2 ], ... , E _KAo [C _AN ]) occurs, or each encrypted packet or segment may be encrypted according to a different key. For example, the content segment _AN can be encrypted with the key K _ANo , and the content segment C _BN can be encrypted with the key K _BNo . In this case, the decryption of each content segment requires that the appropriate key be provided to the decryptor 206, which may be accomplished via the EIP 202 as described below.

Second Embodiment - A media program assembled into different versions of temporal segments

FIG. 2B illustrates an example in which encrypted content segments 212B take the form of an assembly of media content segments, each media content segment comprising one of multiple versions of a temporal portion of a media program, Lt; / RTI > are encrypted with different segment keys. For example, a media program may be temporally separated into segments C ₁ , C ₂ ... C _N , and segments of two different (A and B) versions (e.g., (Using different encoding parameters) (resulting in C _A1 , C _A2 ... C _AN generation for version A of the media program, and C _B1 , C _B2 , and C _B2 for version B of the media program). ... are encrypted according to the generated C _BN), each segment has different keys (K _A1o respectively, _A2o K ... K and K _{ANo B1o,} K ... K _{B2o BNo).} The media program to be played back can be assembled by selecting each time portion of the media program from versions A and B. [ In general, this is accomplished through a map generated by the EIP 202 and provided to the CSA 204.

For example, a first temporal portion of the media program may be selected from version A, a second temporal portion of the media program may be selected from the version B, and a third temporal portion of the media program may be selected from the version B And the fourth through sixth temporal parts of the media program may be selected from version A (accordingly, a series of encrypted content segments C _A1 , C _B2 , C _B3 , C _A4 , C _A5 , C _A6 . .. C _BN occurs). The pattern of assemblies of content segments may be used for watermarking decrypted content for forensic purposes. In addition, a map is needed to identify which encrypted versions of the content segments are to be assembled together, and each such segment has a different key (K _A1o , K _B2o , K _B3o , K _A4o , K _A5o , K _A6o ... K _BNo ), if the creation of one of the maps or keys is compromised, the appropriate keys for the encrypted content segments provided to the decryptor 206 will not be provided and the media program will be decrypted appropriately .

FIGS. 3A and 3B are views showing one embodiment of the improved DRMS 300. FIG.

FIG. 3A shows a functional block diagram of an improved DRMS 300. FIG. The enhanced DRMS 300 implements one or more PCFs 126 using a cryptographic function module (CFM) 308, which may be implemented as part of providing content for playback as described below, such as EIP 202, May be interposed between operations performed by any combination of the CSA 204 and / or the decoder 206.

3B is a diagram illustrating an exemplary hardware structure of a playback device 114 that implements DRMS 300. [ The playback device 114 includes a processor 320 communicatively coupled to a memory 322 that stores processor 320 instructions and data for performing operations necessary to play back the content. These operations may include, for example, any one or both of the operations associated with the CFM 308, the EIP 202, the CSA 204 and the decoder 206. Some or all of the processor instructions and data may be stored in secure memory 324 communicatively coupled to processor 320. [ Secure memory 324 is secure in that access to secure memory 324 for retrieving and / or storing data is restricted to trusted entities. The memory 324 may attempt to write to and / or read from the memory 324 and memory, either by encrypting the data to and / or from the secure memory with a symmetric or asymmetric key, Security can be given by implementing a protocol that requires authentication between the entities that perform authentication. In one embodiment, CFM 308 is implemented by a software module stored in memory 322 or secure memory 324 and executed by processor 320. [

The processor 320 may also be communicatively coupled to an output device such as the display 328 to present decrypted and decoded content and may further include user inputs (e.g., to control the playback device 114) And is communicatively coupled to the input device 330 for receiving. In one embodiment, display 328 and input device 330 are integrated into a single unit, which allows a user to view content and provide input using a touch screen or similar device.

In an alternative embodiment, some of the operations required to play back the content may be performed by one or more special purpose processors < RTI ID = 0.0 > 0.0 > 320 '. ≪ / RTI > For example, any combination of CFM 308, EIP 202, CSA 204 or interpreter 206 may be implemented in special purpose processors 320 'that execute instructions stored in memory 322 or 322' Can be implemented.

In one particular embodiment, CFM 308 is implemented by a special purpose processor 320 'that is communicatively coupled to special purpose processor memory 322' or special purpose processor security memory 324 '. In this case, intermediate inputs 306AA-306AC and outputs 306BA-306BC are communicated between the processors over communication link 326. [ In one embodiment, the CFM 308 is integrated into the playback device 114 (e.g., it can not be removed by the end user separately from other processing components).

4 is a diagram illustrating exemplary operations that may be used in the utilization of CFM 308 when providing content. At block 402, a first input (302) with entitlement information is received by the device (114). As described herein, the first input 302 may include entitlement information 124, such as keys, digital certificates, authentication information, or a seed.

At block 404, a first output 304A and / or 304B (hereinafter alternatively referred to as a first output 304) is generated from a first input 302, Is required to enable playback of the content by the playback device 114. [ As described herein, the first output 304 includes content assembly information 304A, such as content segment maps or packet identifiers, or (2) information 304B, which enables decryption of content, such as keys or other information. . ≪ / RTI > The first output 304 is generated according to a proprietary cryptographic function or PCF 126 using the CFM 308.

At block 406, the playback of the content by the device 114 is enabled at least according to the first output 304. [ The first input 302 described above may be represented by the entitlement information provided to the EIP 202 and the first output may be represented by (1) maps or other information provided to the CSA 204 for assembling the content segments, Is represented by decryption information 210 such as keys or other information provided by the same content assembly information 208 and / or (2) to the decryptor 206, which enables decryption of the media stream, 1 output 304 is at least partially accomplished by the execution of the PCF using the CFM 308. [

The PCF 126 executed by the CFM 308 is one of the families of PCFs 126 available to the licensor 102 for provisioning on the playback devices 114 . As described herein, one or more PCF (s) 126 installed on playback device 114 and used to play content may be played back by a PCF 126 for a given input, May be uniquely identified in the PCFs 126 (e.g., identifiable by the input / output pairs of the executed PCF 126).

5 is a diagram illustrating exemplary operations that may be used to generate the first output 304 from the first input 302. [ At block 502, one or more intermediate inputs (306AA, 306AB and / or 306AC, alternatively referred to hereinafter as intermediate input 306A) (at least partially generated from the first input 302) . At block 504, one or more intermediate outputs (306BA, 306BB, and 306BC, alternatively referred to hereinafter as intermediate outputs 306B) are at least partially, in accordance with PCF 126, Is generated from the associated intermediate input 306A. The resulting intermediate input 306A / intermediate output 306B includes a cryptographic input / output pair 306IA, 306IB, and 306IC uniquely associated with the PCF 126 used to generate them, alternatively I / O pairs 306I )). This unique association allows the input / output pair 306I to be used to determine if the function performed by the CFM 308 is a desired or expected function. Finally, at block 506, the first output 304 is generated at least partially from the intermediate output 306B.

6A-6C are diagrams illustrating different embodiments of how the PCF 126 may be used by the DRMS 116. FIG. The CFM 308 is coupled to the intermediate input (s) 306A for use in assembling the encrypted content segments, decrypting the encrypted content segments, or both, (S) 306B from the intermediate output (s).

Processing Rights Entitlement Information with PCF

6A is a diagram illustrating application of the use of the PCF 126 in generating the first outputs 304 (and provided to the CSA 204 and / or the decoder 206) by the EIP 202. In this embodiment, the first input 302 includes entitlement information 124 that is provided to the EIP 202. The entitlement information 124 may include keys, digital certificates, hash values, or any data or combination of data necessary to enable the use of the content.

The EIP 202 accepts the entitlement information 302 and generates an intermediate input 306AA therefrom and an intermediate input 306AA is provided to the CFM 308. [ The CFM 308 computes the intermediate output 306BA based at least in part on the provided intermediate input 306AA using the PCF 126 and provides the intermediate output 306BA to the EIP 202. [ The EIP 202 then computes the outputs 304A and / or 304B, alternatively referred to as output 304 in the following, and sends the outputs 304 to the CSA 204 and / 206.

In one embodiment, the PCF 126 is installed on the playback device 114 by the manufacturer 104 of the playback device. The playback device manufacturer 104 may also install a plurality of PCFs 126 on a single playback device wherein a different set of PCFs 126 or sets of PCFs 126 is provided to each license provider 110 or Assigned to the content provider 112 or allocated for use in a different jurisdiction. The PCFs 126 may be invoked by use of code provided to the content licensor 108 and subsequently provided to the playback device 114 along with the entitlement information. In addition, some or all of the PCFs 126 may be enabled through blowing of JTAG fuses or other artifices.

In other embodiments, the PCF 126 may be provided by a content licensor (e.g., licensor 110 or content provider 112) for installation in memory 322, 322 ', 324, . For example, entitlement information 302, in the form of a license file, may be provided by content licensor 108 or other entity. The license file may also include instructions for storing in the memory 322, 322 ', 324, 324' for execution by the processor 320, 320 'of the playback device. These instructions may include one or more instructions for performing the PCF 126, and / or instructions may include instructions for invoking the one or more PCFs 126 previously installed on the playback device.

In one embodiment, the PCF 126 may be used to generate an output to assemble transport stream segments. For example, if the encrypted media segment includes a transport stream having a plurality of media programs, each described by a PID, then the first input 302 or entitlement information 124 provided to the EIP 202 is at least in part, may include using the PCF (126), can be used to produce a PID type (u _i), which for a desired media program. Consider the PCF 126 of the following equation (2). Here, the input ( u _i ) is a number between 0 and 1.

방정식 (2)

Equation (2)

If the PID required to recover the media program segments from the transport stream is 64, an input of 0.20 for PCF 126 ( u _i ) will provide the desired result 64. Thus, the first input 302 or entitlement information may comprise an input value of 0.20. The CFM 308 computes an output value 64 for the PID and provides that value to the CSA 204 for use in assembling the content segments or packets. In this case, the intermediate input value 306AA is equal to the input value 302 (e.g., 0.20) and the intermediate output value 306BA (e.g., 64) is equal to the output value 304A ).

(Both performed by the EIP 202) to generate an intermediate value 306AA from the input value 302 and an output value 304A from the intermediate output value 306BA . For example, the input value 302 provided to the EIP 202 as part of the entitlement information may be a number (number) that a plurality of functional operations are performed by the EIP 202 to generate the intermediate input 306BA And output 304A may be generated by performing further operations on CFM 308 to intermediate output 306BA.

In the second example, the CFM 308 may also be used to generate maps used to assemble the content segment versions together to form a content title, as described above. Again, this may result in the output value (s) 304A from the preprocessing and / or intermediate output 306BA performed by the EIP 202 to produce the intermediate input 306AA from the input 302 provided in the entitlement information Processing that is performed by EIP 202 to generate the < RTI ID = 0.0 > EIP < / RTI >

In a third example, the PCF 126 may be used to generate keys for decrypting the assembled content segments in the encrypted content stream 214. Using the PCF 126, the CFM 308 may generate the keys necessary to decrypt the encrypted media program. For example, the entitlement information of the first input 302 provided to the EIP 202 may include input key (K _I ) values, from the input key (K _I ), a decryptor A first output 304B in the form of one or more output keys (K _O ) values required by the second output 206 is derived. For example, assume that the input value 302 includes an input key K _I provided in the entitlement information 124. The input key may be hashed by the EIP 202 as a cryptographic value to produce an intermediate input value 306AA provided to the CFM 308. [ The CFM 308 may then compute another number using the PCF 126 (e.g., as defined in equation (1)), and calculate the number to perform one or more other cryptographic operations can provide the EIP (202), thus the output key (K _O) can be output (304B) which is created for, and then output values (30B) is the content (encrypted content stream 214) And is provided to the decoder 206 for decoding.

)은 각 연속적인 중간 출력을 생성하기 위한 입력(

)으로서 사용될 수 있으며, 이에 따라,

의 초기 시드 값으로부터 일련의 의사 난수들을 생성한다.

에 대한 다른 초기 시드 값들은 서로 다른 의사 난수 시퀀스를 생성할 것이다.In embodiments in which each content segment is encrypted with a different key, a number of output keys may be generated and provided to the decoder 206. This may be accomplished by the use of multiple input keys or the use of a single input key from which a number of output keys may be generated. For example, the intermediate output of equation (1)

) Is an input for generating each successive intermediate output (

), And accordingly,

Lt; RTI ID = 0.0 > a < / RTI > series of pseudo-random numbers.

Lt; RTI ID = 0.0 > seeds < / RTI >

If an incorrect PCF 126 is used to compute the intermediate output 306B from the intermediate input 306A, as described above, the result will be the incorrect intermediate output value 306B, which is the presentation of the decrypted media program Lt; / RTI > For example, if an incorrect PCF 126 is used to generate an incorrect PID, the CSA 204 will attempt to assemble the content segments 212 (packets) using an incorrect index. The result may be an error (if there are no packets with a computed PID) or an assembly of segments for the wrong media program. If the incorrect PCF 126 is used to generate the reproduction map used to assemble the content segments 212, incorrect segments 212 will be selected for the assembly, It will not be decodable with the keys associated with segments 212. Also, if an incorrect PCF 126 is used to generate the intermediate output 604B needed to generate the output key (s), the encrypted content will not be decrypted properly by the decryptor 206. [

The PCF 126 may be used to take other actions as well. In particular, the intermediate I / O pairs 306I generated by the PCF 126 may be compared with the expected results, and appropriate actions are taken as described below.

FIG. 7 is a diagram showing operations that may be performed to read and use the generated intermediate I / O pairs 306I to enable / disable playback or to take other actions. At block 702, the intermediate I / O pair 306I is read. In one embodiment, the intermediate I / O pair 306I is read from the buffer or work memory used by the CFM 308 to implement the PCF 126 or directly from the CFM 308. [ In another embodiment, the intermediate I / O pair 306I is stored in the memory of the playback device 114 for later retrieval as described in block 702. [ At block 704, the read intermediate I / O pair 306I is read from the predicted intermediate I / O pair (e.g., the I / O pair expected to be generated by the PCF 126 implemented in the device 114) ). At block 706, operations that affect the playback of the content by the device are taken in accordance with the comparison determined at block 704.

In one example, as part of generating the output 304 provided to the CSA 204 or the decoder 206, the EIP 202 may provide an intermediate input value 306AA to the CFM 308, If the intermediate output value 306AB is not a predicted value (which can be received by the EIP 202 from the content licensor 108 having the rights grant information 124 for comparison), the EIP 202 may perform a number of operations (1) stopping the content segment assembly and / or decryption operations; (2) an inaccurate value is calculated or its value itself is reported to an internal or external monitoring entity (e.g., a licensor) or to the playback device 114, Or perform other operations; (3) providing an interface on the device 114 to inform the user that a fault has occurred and to prompt the user to take remedial action; (4) increasing the defect counter; Or (5) any combination of these.

The processors 320 and / or 320 'of the device 114 may also generate information (e.g., information identifying the device 114, device configuration, or intermediate I / O values 306IA) May store intermediate I / O values 306IA in associated memories 322, 322 ', 324, or 324' (along with processed content as they become available). These intermediate I / O values 306IA may be reported to the license provider 110 or the content provider 112 via the communication link (s) used to obtain the entitlement information 124 or the encrypted content 212 They can be read by them. Preferably, intermediate I / O values 306I may be safely stored (e.g., in memory 324 or 324 ') such that intermediate I / O values 306I can not be changed, It may be read by or transmitted to the entities that investigate whether the device 114 has performed the expected PCF 126. [ In addition, intermediate I / O values 306I and related information may be reported to other entities (e.g., a licensor or key issuance center 102). This information can be used to identify the compromised devices 114 and / or as a tool to stop further infringement by providing decisive evidence of violation of the relevant law of the jurisdiction in which the device 114 was sold or used.

For example, assume that content provider 112 wants to provide content for playback on playback devices 114. The content provider 114 may be configured to allow all the devices 114 that are configured to play their content to perform the PCF 126 as part of the DRM process performed by the DRM system 116 of the device 114 CFM 308. < RTI ID = 0.0 > The licensor or key issuing center 102 may generate an appropriate PCF 126 for integration into the device 114 and securely transfer the CFM 308 performing the PCF on the device 114 (Without disclosing the performed operations) to the device manufacturer 104. [0064] The devices 114 are then sold or distributed to consumers who then use the device 114 to obtain the entitlement information 124 and the encrypted content 122 for playback And communicably connects its own devices 114 to the content licensor 108. [

The content provider 112 then divides the content 122 and encrypts the segments of the content (thereby creating the encrypted content segments 212), thereby causing the entitlement information 124 and / The use of a suitable PCF 126 is required to reassemble and / or decrypt the encrypted content segment 212. [ In a simple example, a content provider 112, may encrypt the content segment (212A), respectively, and thereby, the content segments (212A) is at least partially input by performing a PCF in CFM (308) key (K _I) Lt; _{RTI ID} = 0.0 &_gt; (Ko) < / RTI >

After the communication connection of the device 114 to the content licensor 108 via the Internet or other communication means, the device 114 receives the entitlement information 124 and the EIP 202 receives the entitlement information 124, The CFM 308 is used to perform the PCF 126 as part of the DRM system. If the incorrect PCF 126 is performed by the device 114, then the appropriate segments 212 will not be assembled and / or the assembled segments 214 will not be decoded properly. In this example, the device 114 receives the input key K _I and uses the PCF 126 installed by the manufacturer on the device 114 to generate a necessary output key (e.g., decryption information (210).

Regardless of the fact that the incorrect PCF 126 has been performed (e.g., by bypassing or spoofing the PCF 126), segments 212 are assembled and the assembled segments 214 appropriately If the device 114 is corrupted to be decrypted, the intermediate I / O pairs 306IA calculated by the PCF 126 will not match the expected values, and their comparison will indicate that the device 114 is corrupted. This information can be used by the device 114 to stop or modify the reproduction of the decrypted content 216 (e.g., by playing back at a reduced resolution), or by function licensor 102 or content licensor 108 < / RTI >

Also, any unauthorized (or unauthorized) user who performs or derives the performance of the PCF 126 (even if the resulting I / O pairs 306I are not used to complete the DRM process and generate the first output 304B needed to present the content) The entity will execute the proprietary PCF 126 and thereby infringe the patent by copying or duplicating the content itself and / or performing a function or implementing it in the device. This provides another option to the function licensor 102 and / or the content licensor 108 to obtain remedies to prevent further infringement or damage.

6B is a diagram showing the application of the use of the PCF 126 in generating the intermediate output information 306BB by the CSA 204. FIG. The operation of the CFM 308 in this case is similar to that shown in Figure 6A, except that the PCF 126 is executed in conjunction with the content segment assembly operations performed by the CSA 204. [ For example, the EIP 202 may be provided with an encrypted version of the PID provided to the CSA 204 when assembling the content segments 212 into the encrypted content stream 214. The encrypted PID may be provided from the CSA 204 to the CFM 308 and the CFM 308 may return the decrypted PID to the CSA 204 so that the content segments 212 are properly assembled do. Alternatively, the CFM 308 may return a number or value that requires additional processing (e.g., another hash operation) by the CSA 204 to generate the appropriate PID. The CSA 204 may then assemble the encrypted content segments to generate the encrypted content stream 214 and the encrypted content stream 214 may be provided to the decryptor 206 for decryption and decrypted Content 216 can be generated.

Intermediate results, including I / O pairs 306IB, can be used to confirm that the PCF 126 has been correctly performed by the CSA 204, as described above in connection with FIG. 6A, 216 < / RTI > The result of the comparison between the I / O pairs 306IB or I / O pairs 306IB may be written to the function licensor 102 or the content licensor 108 or other May be reported to the entity. For example, the result may be reported while the encrypted content 122 is received and decrypted for presentation, or via the next license request 118 or content request 120. [

6C is a diagram showing the application of the use of PCF 126 by CFM 308 in generating intermediate output information 306BC. The operation of the CFM 308 in this case is similar to that shown in Figures 6A and 6B except that the PCF 126 is executed in conjunction with the decryption operations performed by the decoder 206. [ For example, the EIP 202 may be configured to decrypt the assembled encrypted content segments 212 of the encrypted content stream 214 to provide decrypted content 216 to the decryptor 206, And may be provided with entitlement information 124 including an encrypted version of the keys. The encrypted key (s) may be provided from the decryptor 206 to the CFM 308 and the CFM 308 may perform operations including the PCF 126 to return the decrypted key (s) Thereby allowing the encrypted content segments of the encrypted content stream 214 to be decrypted appropriately. Alternatively, the CFM 308 may be a number or value that requires additional processing by the decoder 206 (e.g., another hash operation or other key or combination operation with the secret) to generate the appropriate key (s) Can be returned. The decryptor 206 may then generate the decrypted content using such key (s) to decrypt the encrypted content segments of the encrypted content stream 214, and the decrypted content may be decrypted by the playback device 114 Or provided with a display or monitor communicatively coupled to the playback device 114 if they are provided.

Intermediate results, including I / O pairs 306IC, can be used to confirm that the PCF 126 has been correctly performed by the decoder 206, as described above with respect to Figures 6A and 6B, Is used to suspend or modify the presentation of the decrypted content 216. [ The result of the comparison between the I / O pairs 306IC or the I / O pairs 306IC may be used by the function licensor 102 or the content licensor 108 or other May be reported to the entity. For example, the result may be reported while the encrypted content 122 is received and decrypted for presentation, or via the next license request 118 or content request 120. [

The PCF 126 may be one of a family of PCFs 126 that may be implemented by the CFM 308 of the DRM system 116. [ The PCFs 126 may also be used to generate the intermediate output 306B by applying the PCF 126 to the intermediate input 306A to generate at least somewhat unique intermediate output 306B in the PCF 126, Lt; / RTI > This allows intermediate I / O pairs 306I to be used to take a number of different operations that may be desirable.

Regeneration of licensed premium content by licensed compatible playback devices

One problem associated with the dissemination and regeneration of media programs is that in reality, when the packaged media program or device does not provide a premium experience and / or provides experience but is not formally licensed, A label, logo, or other moniker may be attached to the packaging indicating that the program or device is in compliance with certain quality standards and is licensed devices and / or media.

For example, suppose that a media program with high dynamic range (HDR) playback can be provided to a consumer. Such a media program may be reproduced in standard dynamic range (SDR) using the standard playback device 114, but only devices that comply with HDR standards may play media programs with HDR. Products that comply with standards for such HDR playback (media programs and playback devices 114 may be "authenticated" in this way), so using logos or other badges, for example, , Authentication can be displayed.

Regarding these premium content, two types of counterfeit media programs can be expected: (1) media that do not include premium content (eg, HDR video), but display it in packaging using a fake logo or certificate (2) media programs that include premium content but that do not have premium content licensed (e.g., a media program originates from an unauthorized source with no rights to provide the media program, Not in this premium format). In addition, two types of counterfeit devices may be expected: (1) devices that are labeled as capable of playing premium content (eg, HER video), but in fact can not, and (2) Devices that are labeled and capable of doing so, but that do not have the authority to play media programs in a premium format.

The techniques described above can also be used to control the display of information that both the media program and playback device 114 are compliant with and are authorized to do so.

For example, PCF 126 may be provided only to playback devices 114 licensed and thus authorized to provide premium content. At the same time, when only the media programs authenticated to include the premium content are manipulated by the PCF 126 of the playback device 114, it is determined that both the media program and playback device are authentic and authenticated that the source is an authorized source May include information that causes playback device 114 to generate an output that may be used to provide a perceivable indication.

As before, the PCF itself is proprietary and can therefore include licensable intellectual property. Thus, if the PCF is a protected intellectual property, any entity that uses the PCF 126 without permission may be responsible for the infringement of that intellectual property right. In addition, any licensed entity that violates the license by providing a PCF to unlicensed entities may be liable for breach of contract as well as for infringement or inducement of infringement of that intellectual property right. In addition, the information contained in the media program and used by the PCF 126 may be protected intellectual property rights (e. G., Under copyright law).

The PCF 126 may be installed in the reproduction apparatus 114 at the time of manufacture or may be installed on the reproduction apparatus 114 remotely as described above. In addition, the PCF 126 may be updated remotely after distributing the playback device 114 to the customer. The information used by the PCF 126 may be transmitted in the transport stream at a reserved location for auxiliary data, or may be placed in a frame or packet header as desired. Using the PCF 126, at least in part, the device retrieves information from the media program, calculates the values needed to provide the content, and, once the correct values are calculated, provides the content.

In one embodiment, the provided "content" may be a splash screen indicating that the media program contains genuine premium content. This splash screen will only be provided if correct information is provided to the PCF 126, which will only occur if a genuine media program is played on the genuine playback device 114. [

This function may be used by customs authorities to identify bogus, gray market or unauthorized media programs or playback devices. This can be accomplished by supplying the customs registrar 114 with the genuine authentic reproduction device 114 and by instructing the customs official to attempt to reproduce the media programs known to be genuine in the genuine authentic reproduction device 114 . If the splash screen (or other indication that the media program is authentic or genuine) is not displayed (the information provided with the media program is incorrect or missing), the customs officer will not guarantee that the media program is genuine, , A gray market, or an unauthorized product. It is also possible to include a PCF 126 for locating specific properties of the media program and based on these properties a different splash screen identifying the media program as non-genuine, possibly as a suspected source of the media program . The PCF 126 may also report this evaluation result to an entity, such as a content licensor or PCF 126 licenser, to inform the existence of the infringing article.

Similarly, a known genuine media program can be used to verify that the playback device 114 is genuine in the same manner. A known genuine media program is provided to the playback device 114 for playback. When the playback device 114 is a genuine one, it will include the appropriate PCF 126, and when the information contained in the media program is at least partially processed by the PCF 126 of the playback device 114, (E.g., a splash screen or logo) is properly played back to inform the customs officer that the playback device 114 is a genuine authenticated product (e.g., allowed to play premium content). However, if the appropriate PCF 126 is not provided, the display of the splash screen or logo will be improperly reproduced or not reproduced at all, thus informing the customs officer that the reproduction device 114 is not a genuine authenticated product. In addition, if the playback device 114 includes the appropriate PCF 126 but the PCF 126 is not licensed, the manufacturer and user of the playback device 114 are responsible for the infringement of the intellectual property rights of the PCF 126 And thus provide another means for obtaining compensation and / or preventing further infringement.

Hardware environment

The playback device 114 or its components may be implemented in the computer system 800 as shown in FIG. The computer system 800 includes a memory 806 such as a general purpose hardware processor 804A and / or a special purpose hardware processor 804B (alternatively referred to collectively as the processor 804) and a random access memory (RAM) (Not shown). The computer 802 may be coupled to other devices including input / output (I / O) devices such as a keyboard 814, a mouse device 816, and a printer 828.

In one embodiment, the computer 802 operates by a general purpose processor 804A that executes instructions defined by the computer program 810 under the control of the operating system 808. [ The computer program 810 and / or operating system 808 may be stored in memory 806 and may interface with a user and / or other devices to receive inputs and commands and may include such inputs and commands and / And may provide outputs and results based on commands defined by computer program 810 and operating system 808. [

Outputs / results may be presented on display 822 or provided to other devices for presentation or further processing or operation. In one embodiment, display 822 includes a liquid crystal display (LCD) having a plurality of individually addressable pixels formed by liquid crystals. Each pixel of the display 822 may receive commands from the computer program 810 and / or the operating system 808, and then apply the commands to the commands and then, in response to the data or information generated by the processor 804, Transparent or semitransparent state in order to form a light-emitting layer. Other types of display 822 also include picture elements that change state to form an image presented on display 822. [ The image may be provided through a graphical user interface (GUI) module 818A. Although the GUI module 818A is shown as a separate module, the instructions that perform GUI functions may reside or be distributed to the operating system 808, the computer program 810, or may be implemented with special purpose memory and processors.

Some or all of the operations performed by the computer 802 in accordance with the computer program 810 instructions may be implemented in the special purpose processor 804B. In this embodiment, some or all of the computer program 810 instructions may be stored in a read only memory (ROM), programmable read only memory (PROM), or flash memory in a special purpose processor 804B, Lt; / RTI > The special purpose processor 804B may also be hardwired through a circuit design to perform some or all of the operations for implementing the present invention. In addition, the special purpose processor 804B may be a hybrid processor including dedicated circuits for performing a subset of the functions, and other circuits for performing more general functions such as responding to computer program instructions. In one embodiment, the special purpose processor is an application specific integrated circuit (ASIC).

The computer 802 may also implement a compiler 812 that causes an application program 810 written in a programming language such as COBOL, C ++, FORTRAN, or another language to be translated into a processor 804 readable code. After completion, the application or computer program 810 accesses data stored in the memory 806 of the computer 802 and received from the I / O devices, using the relationships and logic generated using the compiler 812 And operate it.

The computer 802 also optionally includes an external communication device, such as a modem, satellite link, Ethernet card, or other device, for receiving input from another computer and providing output to the other computer.

In one embodiment, the instructions that implement operating system 808, computer program 810 and / or compiler 812 may be stored in a computer readable storage medium such as a home drive, floppy disk drive 824, hard drive, CD-ROM drive, tape drive, For example, data storage device 820, which may include one or more fixed or removable data storage devices, such as drives. The operating system 808 and the computer program 810 may also be used to cause the computer 802 to perform the steps necessary to implement and / or use the present invention, Into a memory to create a special purpose data structure that allows the computer to operate as a specially programmed computer executing the method steps described herein. In addition, the computer program 810 and / or the operating instructions may be tangibly embodied in the memory 806 and / or the data communication devices 830, thereby creating a computer program product or article in accordance with the present invention . As such, the terms "article of manufacture", "program storage device", and "computer program product" or "computer readable storage device" described herein are intended to include a computer program accessible from any computer- .

Of course, those skilled in the art will recognize that any combination of the above components, any number of different components, peripherals, and other devices may be used with the computer 802.

Although the term "computer" is referred to herein, the computer may be a portable device such as a smart phone, a portable MP3 player, a video game console, a notebook computer, a pocket computer, or any other device having appropriate processing, Devices.

conclusion

The foregoing is a description of preferred embodiments of the present invention. The foregoing description of the preferred embodiments of the invention has been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise form disclosed. Many modifications and variations are possible in light of the above teachings. For example, while examples of exclusively licensable functions are presented for illustrative purposes, actual exclusively licensable functions may be substantially more complex than described.

It is intended that the scope of the invention be limited not by this detailed description, but rather by the claims appended hereto. The above specification, examples and data provide a complete description of the manufacture and use of the compositions of the present invention. Since many embodiments of the invention can be made without departing from the spirit and scope of the invention, the invention resides in the appended claims.

Claims (29)

CLAIMS 1. A method for making playback of content secure and traceable on a playback device of a plurality of playback devices,
Wherein each of the plurality of playback devices includes a cryptographic function module (CFM)
The method comprising:
Accepting a first input from a content licensing agency at the playback device;
Generating, in the device, a first output from the first input in accordance with a proprietary cryptographic function using a CFM, the first output being required to enable playback of the content by the playback device, Wherein the cryptographic function is one of a family of proprietary cryptographic functions executable by the CFM of each of the plurality of playback devices; And
Enabling playback of the content by the device at least partially in accordance with the first output,
Wherein the proprietary cryptographic function is exclusive to the cryptographic function licensing entity and is provided to the license holder for execution by the playback device subject to a license of the licensee. The method according to claim 1,
Wherein generating a first output from the first input comprises:
Providing an intermediate input based on the first input to the CFM of the playback device;
Generating an intermediate output from the intermediate input at least partially in accordance with the proprietary cryptographic function using the CFM, wherein the intermediate input and the intermediate output together form a proprietary cryptographic function input / output (I / O) pair;
And using the instrument to generate the first output from the intermediate output at least partially. The method of claim 2,
Reading the generated exclusive cryptographic function I / O pair;
Comparing the cryptographic function I / O pair with an expected cryptographic function I / O pair uniquely associated with the cryptographic function used to calculate the intermediate output; And
Further comprising: taking an action that affects playback of the content by the device in accordance with the comparison. The method of claim 3,
Wherein the action taken comprises disabling playback of the content by the device. The method of claim 3,
Wherein the proprietary cryptographic function is installed on the device in accordance with a license of a license holder and the action taken comprises identifying the license holder using the comparison. (delete) The method according to claim 1,
The license owner is a manufacturer of the playback device;
Wherein the proprietary cryptographic function is unique to the manufacturer of the playback device and is installed in the playback device by the manufacturer. The method according to claim 1,
Wherein the proprietary cryptographic function is I / O indistinguishable and is provided to the playback device from the cryptographic function licensing entity for deployment on the playback device, without revealing the proprietary cryptographic function. The method according to claim 1,
The playback device is one of a class of playback devices,
Wherein the proprietary cryptographic function is unique to the class of playback devices,
Wherein the class is defined according to the geographic location in which the playback device is used. The method according to claim 1,
Wherein the proprietary cryptographic function is unique to the content. The method according to claim 1,
The content is provided by a content provider,
Wherein the proprietary cryptographic function is unique to the content provider. (delete) The method according to claim 1,
Wherein the proprietary cryptographic function is provided to the playback device by a content provider having the content, and is then installed on the playback device for execution by the CFM. The method according to claim 1,
The content is encrypted according to the content key:
Wherein the first input comprises entitlement information comprising one or more first keys;
Wherein the first output includes a content key for decrypting the encrypted content. The method according to claim 1,
Wherein the first input is received from the content licensing entity with a license file,
The license file further comprising playback device instructions for execution by the playback device further needed to enable playback of the content,
Wherein the playback device commands include a playback device operation that calls the proprietary encryption function. The method according to claim 1,
Wherein the content includes an indication to verify an authenticated version of the media program being played on the authenticated playback device. 18. The method of claim 16,
Wherein the content is selected from the group comprising a splash screen and a logo. 1. A playback device for playing content securely and trackably,
A first processor;
A memory communicatively coupled to the processor, the memory comprising:
Instructions for receiving a first input to the device;
Instructions for generating an intermediate input from the first input;
An instruction to receive the intermediate output;
Instructions for generating a first output;
Instructions for enabling playback of the content by the device at least partially in accordance with the first output;
A cryptographic function module (CFM) integrated in the device, the cryptographic function module for generating the intermediate output from the intermediate input according to a proprietary cryptographic function of a family of cryptographic functions executable by the CFM, ,
Wherein the cryptographic function is exclusively for a cryptographic function licensing entity and is provided to the license holder for execution by the device subject to a license of a licensee and the license owner is the content licensing agency. (delete) 19. The method of claim 18,
Wherein the proprietary cryptographic function is I / O indistinguishable and is provided from the cryptographic function licensing entity to the license holder of the proprietary cryptographic function without revealing the cryptographic function to the license holder. 19. The method of claim 18,
The CFM generates a plurality of intermediate outputs from a plurality of associated intermediate inputs,
Wherein the generated plurality of intermediate outputs associated with the plurality of intermediate inputs comprise a plurality of proprietary cryptographic function input / output pairs unique to the proprietary cryptographic function. 23. The method of claim 21,
The instructions include:
Instructions for reading the plurality of generated proprietary cryptographic function I / O pairs;
Instructions for comparing the proprietary cryptographic function I / O pairs with expected cryptographic function I / O pairs uniquely associated with the proprietary cryptographic functions used to calculate the intermediate output; And
Further comprising instructions to take an action that affects playback of the content by the device in accordance with the comparison. 23. The method of claim 22,
Wherein the action taken comprises disabling playback of the content by the device. 23. The method of claim 22,
Wherein the instructions further comprise instructions for reporting a result of the comparison to a source of the content. 19. The method of claim 18,
Wherein the CFM comprises CFM instructions for execution by the first processor to at least partially generate the intermediate output from the intermediate input in accordance with the proprietary cryptographic function. 19. The method of claim 18,
Wherein the CFM comprises a second processor communicatively coupled to the first processor,
Wherein the second processor is for at least partially generating the intermediate output from the intermediate input at least in part according to the proprietary cryptographic function. 19. The method of claim 18,
The content is encrypted according to the content key:
Wherein the first input comprises entitlement information comprising one or more first keys;
Wherein the first output comprises a content key for decrypting the encrypted content. 19. The method of claim 18,
Wherein the first input is received from a content licensing entity along with a license file,
The license file further comprising playback device instructions for execution by the playback device further needed to enable playback of the content,
Wherein the playback device commands include a playback device operation calling the cryptographic function. A system for secure and trackable reproduction of content,
A license provider for receiving license requests and providing the entitlement information needed to play the content, the entitlement information comprising a first input;
A content provider for receiving content requests and providing encrypted versions of the content;
Reproducing apparatus,
Wherein the playback device comprises:
A first processor;
A memory communicatively coupled to the processor;
A non-removable cryptographic function module (CFM)
The memory comprising:
Instructions for receiving the first input to the device;
Instructions for generating an intermediate input from the first input;
An instruction to receive the intermediate output;
Instructions for generating a first output;
At least in part, instructions for enabling playback of the content by the playback device in accordance with the first output,
Wherein the cryptographic function module is for generating the intermediate output from the intermediate input according to a proprietary cryptographic function of a family of cryptographic functions executable by the CFM,
Wherein the cryptographic function is exclusive to a cryptographic function licensing entity and is provided to the license holder for execution by the device subject to a license of the licensee.

Images