Subclass 286	Subclass 44	Subclass 45
Having particular key generator

Electronic content delivery system

6226618

Abstract

Disclosed is a method and apparatus of securely providing data to a user's system. The data is encrypted so as to only be decryptable by a data decrypting key, the data decrypting key being encrypted using a first public key, and the encrypted data being accessible to the user's system, the method comprising the steps of: transferring the encrypted data decrypting key to a clearing house that possesses a first private key, which corresponds to the first public key; decrypting the data decrypting key using the first private key; re-encrypting the data decrypting key using a second public key; transferring the re-encrypted data decrypting key to the user's system, the user's system possessing a second private key, which corresponds to the second public key; and decrypting the re-encrypted data decrypting key using the second private key.

Claims

What is claimed is:

1. A method of securely providing data to a user's system, said method comprising the steps of:

encrypting the data using a first encrypting key;

encrypting a first decrypting key using a second encrypting key;

transferring the encrypted data, which has been encrypted with the first encrypting key, to the user's system;

transferring the encrypted first decrypting key, which has been encrypted with the second encrypting key, to the user's system;

transferring the encrypted first decrypting key, which has been encrypted with the second encrypting key, to a clearing house that possesses a second decrypting key;

decrypting the first decrypting key using the second decrypting key; and

transferring the decrypted first decrypting key to the user's system.

2. The method as defined in claim 1, wherein the step of transferring the decrypted first decrypting key includes the sub-steps of:

re-encrypting the first decrypting key using a third encrypting key;

transferring the decrypted and re-encrypted first decrypting key to the user's system; and

decrypting the re-encrypted first decrypting key using a third decrypting key.

3. The method as defined in claim 1, wherein the first encrypting key and the first decrypting key are symmetric keys.

4. The method as defined in claim 3, wherein the second encrypting key is a public key of the clearinghouse and the second decrypting key is a corresponding private key of the clearinghouse.

5. The method as defined in claim 4, wherein the step of transferring the decrypted first decrypting key includes the sub-steps of:

re-encrypting the first decrypting key using a third encrypting key, the third encrypting key being a public key of the user;

transferring the decrypted and re-encrypted first decrypting key to the user's system; and

decrypting the re-encrypted first decrypting key using a third decrypting key, the third decrypting key being a corresponding private key of the user.

6. The method as defined in claim 1, wherein the step of transferring the encrypted first decrypting key to the user's system is performed by an electronic merchant and includes the sub-steps of:

initiating a purchase of the data or a license for the data from the electronic merchant; and

sending the encrypted first decrypting key and purchase transaction data to the user's system.

7. The method as defined in claim 6,

wherein the step of transferring the encrypted first decrypting key to the user's system further includes the sub-step of charging the user for the data or the license, and

the step of decrypting the first decrypting key is performed by the clearinghouse and includes the sub-steps of:

verifying that the user has paid for the data or the license; and

decrypting the first decrypting key using the second decrypting key.

8. The method as defined in claim 6, wherein the step of decrypting the first decrypting key is performed by the clearinghouse and includes the sub-steps of:

charging the user for the data or the license; and

decrypting the first decrypting key using the second decrypting key.

9. The method as defined in claim 1, further comprising the step of decrypting the data using the first decrypting key.

10. The method as defined in claim 1, wherein the data includes music data.

11. A method of securely providing data to a user's system, the data being encrypted so as to only be decryptable by a data decrypting key, the data decrypting key being encrypted using a first public key, and the encrypted data being accessible to the user's system, said method comprising the steps of:

transferring the encrypted data decrypting key to a clearing house that possesses a first private key, which corresponds to the first public key;

decrypting the data decrypting key using the first private key;

re-encrypting the data decrypting key using a second public key;

transferring the re-encrypted data decrypting key to the user's system, the user's system possessing a second private key, which corresponds to the second public key; and

decrypting the re-encrypted data decrypting key using the second private key.

12. The method as defined in claim 11, wherein the step of transferring the encrypted data decrypting key to a clearing house includes the sub-steps of:

transferring the encrypted data decrypting key to the user's system; and

subsequently transferring the encrypted data decrypting key from the user's system to the clearing house.

13. The method as defined in claim 12, wherein the sub-step of transferring the encrypted data decrypting key to the user's system is performed by an electronic merchant and includes the sub-steps of:

initiating a purchase of the data or a license for the data from the electronic merchant; and

sending the encrypted data decrypting key and purchase transaction data to the user's system.

14. The method as defined in claim 13,

wherein the sub-step of transferring the encrypted data decrypting key to the user's system further includes the sub-step of charging the user for the data or the license, and

the step of decrypting the data decrypting key is performed by the clearinghouse and includes the sub-steps of:

verifying that the user has paid for the data or the license; and

decrypting the data decrypting key using the first private key.

15. The method as defined in claim 13, wherein the step of decrypting the data decrypting key is performed by the clearinghouse and includes the sub-steps of:

charging the user for the data or the license; and

decrypting the data decrypting key using the first private key.

16. The method as defined in claim 11, further comprising the step of decrypting the encrypted data using the data decrypting key.

17. A method of operating a clearinghouse to provide integrity in a channel of commerce that includes a provider, a distributor, and a purchaser, the provider producing data and encrypting the data so as to only be decryptable by a data decrypting key, the encrypted data being accessible to the purchaser, said method comprising the steps of:

encrypting the data decrypting key using a public key of the clearinghouse;

sending the encrypted data decrypting key from the provider to the distributor;

when the purchaser desires to purchase the data or a license to use the data, sending the encrypted data decrypting key from the distributor to the purchaser;

sending the encrypted data decrypting key from the purchaser to the clearing house;

decrypting the data decrypting key using a private key of the clearinghouse and re-encrypting the data decrypting key using a public key of the purchaser; and

sending the re-encrypted data decrypting key from the clearinghouse to the purchaser.

18. The method as defined in claim 17,

wherein the distributor charges the user a fee before sending the encrypted data decrypting key to the purchaser, and

the clearinghouse verifies that the user has paid the fee before sending the re-encrypted data decrypting key to the purchaser.

19. The method as defined in claim 17, wherein the clearinghouse charges the user a fee before sending the re-encrypted data decrypting key to the purchaser.

20. The method as defined in claim 17, further comprising the steps of:

decrypting the re-encrypted data decrypting key using the private key of the purchaser; and

decrypting the encrypted data using the data decrypting key.

21. A system for securely providing data to a user's system, the system comprising:

a content system;

a first public key;

a first private key; which corresponds to the first public key;

a data encrypting key;

a data de-encrypting key for de-encrypting data encrypted using the data encrypting key;

first data encryption means for encrypting data so as to be decryptable only by a data decrypting key;

second data encryption means, using the first public key, for encrypting the decrypting key;

a clearing house;

first transferring means for transferring the data decrypting key which has been encrypted to the clearing house, wherein the clearinghouse possesses the first private key;

first decrypting means for decrypting the data decrypting key using the first private key;

a second public key;

a second private key; which corresponds to the second public key;

re-encryption means for re-encrypting the data decrypting key using the second public key;

second transferring means for transferring the re-encrypted data decrypting key to the user's system, wherein the user's system possesses the second private key; and

second decrypting means for decrypting the re-encrypted data decrypting key using the second private key.

22. The system as defined in claim 21, wherein the first transferring means further comprises:

a third transfer means for transferring the encrypted data decrypting key to the user's system; and

a fourth transfer means for subsequently transferring the encrypted data decrypting key from the user's system to the clearinghouse.

23. The system as defined in claim 22, wherein the third transfer means is performed by an electronic merchant and further comprises:

initiating means for initiating a purchase of the data or a license for the data from the electronic merchant; and

sending means for sending the encrypted data decrypting key and purchase transaction data to the user's system.

24. The system as defined in claim 23, wherein the sending means further comprises:

charging means for charging the user for the data or the license; and

wherein the first decrypting means is performed by the clearinghouse and further comprises:

verifying means for verifying that the user has paid for the data or the license; and

third decrypting means for decrypting the data decrypting key using the first private key.

25. The system as defined in claim 23, wherein the first decrypting means is performed by the clearinghouse and further comprises:

charging means for charging the user for the data or the license; and

fourth decrypting means for decrypting the data decrypting key using the first private key.

26. The system in claim 21, further comprises:

data decrypting key decrypting means for decrypting the encrypted data using the data decrypting key.

Description

BACKGROUND OF THE INVENTION

1. Field of the Invention

The invention disclosed broadly relates to the field of electronic commerce and more particularly to a system and related tools for the secure delivery and rights management of digital assets, such as print media, films, games, and music over global communications networks such as the Internet and the World Wide Web.

2. Description of the Related Art

The use of global distribution systems such as the Internet for distribution of digital assets such as music, film, computer programs, pictures, games and other content continues to grow. At the same time owners and publishers of valuable digital content have been slow to embrace the use of the Internet for distribution of digital assets for several reasons. One reason is that owners are afraid of unauthorized copying or pirating of digital content. The electronic delivery of digital content removes several barriers to pirating. One barrier that is removed with electronic distribution is the requirement of the tangible recordable medium itself (e.g., diskettes or CD ROMs). It costs money to copy digital content on to tangible media, albeit, in many cases less than a dollar for a blank tape or recordable CD. However, in the case of electronic distribution, the tangible medium is no longer needed. The cost of the tangible medium is not a factor because content is distributed electronically. A second barrier, is the format of the content itself i.e. is the content stored in an analog format versus a digital format. Content stored in an analog format, for example, a printed picture, when reproduced by photocopying, the copy is of lesser quality than the original. Each subsequent copy of a copy, sometimes called a generation, is of less quality than the original. This degradation in quality is not present when a picture is stored digitally. Each copy, and every generation of copies can be as clear and crisp as the original. The aggregate effect of perfect digital copies combined with the very low cost to distribute content electronically and to distribute content widely over the Internet makes it relatively easy pirate and distribute unauthorized copies. With a couple of keystrokes, a pirate can send hundred or even of thousands of perfect copies of digital content over the Internet. Therefore a need exists to ensure the protection and security of digital assets distributed electronically.

Providers of digital content desire to establish a secure, global distribution system for digital content that protects the rights of content owners. The problems with establishing a digital content distribution system includes developing systems for digital content electronic distribution, rights management, and asset protection. Digital content that is distributed electronically includes content such as print media, films, games, programs, television, multimedia, and music.

The deployment of an electronic distribution system provides the Digital Content Providers the ability to achieve fast settlement of payment through immediate sales reporting and electronic reconciliation as well as gain secondary sources of revenue through redistribution of content. Since the electronic digital content distribution system is not affected by physical inventory outages or returns, the Digital Content Providers and retailers may realize reduced costs and improved margins. Digital Content Providers could facilitate new, or augment existing, distribution channels for better timed-release of inventory. The transactional data from the electronic distribution system could be used to obtain information regarding consumer buying patterns as well as to provide immediate feedback on electronic marketing programs and promotions. In order to meet these goals, a need exists for Digital Content Providers to use an electronic distribution model to make digital content available to a wide range of users and businesses while ensuring protection and metering of digital assets.

Other commercially available electronic distribution systems for digital content, such as real audio, A2B from AT&T, Liquid Audio Pro Corp. from Liquid Audio Pro, City Music Network from Audio Soft and others offer transmission of digital data over secured and unsecured electronic networks. The use of secured electronic networks greatly reduces the requirement of Digital Content Providers of distributing digital to a wide audience. The use of unsecured networks such as the Internet and Web allows the digital content to arrive to an end-user securely such as through the use of encryption. However, once the encrypted digital content is de-encrypted on the end-user's machine, the digital content is readily available to the end-user for unauthorized re-distribution. Therefore a need exists for a secure digital content electronic distribution system that provides protection of digital assets and ensures that the Content Provider(s)' rights are protected even after the digital content is delivered to consumers and businesses. A need thus exists for rights management to allow for secure delivery, licensing authorization, and control of the usage of digital assets.

Another reason owners of digital content have been slow to embrace electronic distribution is their desire to maintain and foster existing channels of distribution. Most content owners sell through retailers. In the music market these U.S. retailers include Tower Records, Peaches, Blockbuster, Circuit City and others. Many of these retailers have Web sites that allow Internet users to makes selections over the Internet and have selections mailed to the end-user. Example music Web sites include @tower, Music Boulevard and Columbia House. The use of electronic distribution can remove the ability of the retail stores from differentiating themselves from each other and differentiate themselves from the content owners, especially on the Web. Therefore a need exists to provide retailers of electronic content such as pictures, games, music, programs and videos a way to differentiate themselves from each other and the content owners when selling music through electronic distribution.

Further information on the background of protecting digital content can be found from the following three sources. "Music on the Internet and the Intellectual Property Protection Problem" by Jack Lacy, James Snyder, David Maher, of AT&T Labs, Florham Park, N.J. available online URL http://www.a2bmusic.com/about/papers/musicipp.htm. Cryptographically protected container, called DigiBox, in the article "Securing the Content, Not the Wire for Information Commerce" by Olin Sibert, David Bernstein and David Van Wie, InterTrust Technologies Corp. Sunnyvale, Calif. available online URL http://www.intertrust.com/architecture/stc.html. And "Cryptolope Container Technology", an IBM White Paper, available online URL http:///cyptolope.ibm.com/white.htm.

SUMMARY OF THE INVENTION

Briefly, in accordance with the present invention, disclosed is a method and apparatus of securely providing data to a user's system. The data is encrypted so as to only be decryptable by a data decrypting key, the data decrypting key being encrypted using a first public key, and the encrypted data being accessible to the user's system, the method comprising the steps of: transferring the encrypted data decrypting key to a clearing house that possesses a first private key, which corresponds to the first public key; decrypting the data decrypting key using the first private key; re-encrypting the data decrypting key using ia second public key; transferring the re-encrypted data decrypting key to the user's system, the user's system possessing a second private key, which corresponds to the second public key; and decrypting the re-encrypted data decrypting key using the second private key.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating an over view of a Secure Digital Content Electronic Distribution System according to the present invention.

FIG. 2 is a block diagram illustrating an example Secure Container (SC) and the associated graphical representations according to the present invention.

FIG. 3 is a block diagram illustrating an overview of the encryption process for a Secure Container (SC) according to the present invention.

FIG. 4 is a block diagram illustrating an overview of the de-encryption process for a Secure Container (SC) according to the present invention.

FIG. 5 is a block diagram illustrating an overview of the layers for the Rights Management Architecture of the Secure Digital Content Distribution System of FIG. 1 according to the present invention.

FIG. 6 is a block diagram illustrating an overview of the Content Distribution and Licensing Control as it applies to the License Control Layer of FIG. 5.

FIG. 7 is an illustration of an example user interface for the Work Flow Manager Tool of FIG. 1 according to the present invention.

FIG. 8 is a block diagram of the major tools, components and processes of the Work Flow Manager corresponding to the user interface in FIG. 7 according to the present invention.

FIG. 9 is a block diagram illustrating the major tools, components and processes of an Electronic Digital Content Store of FIG. 1 according to the present invention.

FIG. 10 is a block diagram illustrating the major components and processes of an End-User Device(s) of FIG. 1 according to the present invention.

FIG. 11 is a flow diagram of a method to calculate an encoding rate factor for the Content Preprocessing and Compression tool of FIG. 8 according to the present invention.

FIG. 12 is a flow diagram of a method to automatically retrieve additional information for the Automatic Metadata Acquisition Tool of FIG. 8 according to the present invention.

FIG. 13 is a flow diagram of a method to automatically set the Preprocessing and Compression parameters of the Preprocessing and Compression Tool of FIG. 8 according to the present invention.

FIG. 14 is an example of user interface screens of the Player Application downloading content to a local library as described in FIG. 15 according to the present invention.

FIG. 15 is a block diagram illustrating the major components and processes of a Player Application running on End-User Device of FIG. 9 according to the present invention.

FIG. 16 is an example user interface screens of the Player Application of FIG. 15 according to the present invention.

DETAILED DESCRIPTION OF AN EMBODIMENT

A Table of Contents is provided for this present invention to assist the reader in quickly locating different sections in this embodiment.

                APPLI-
                CATION
    ATTORNEY    SERIAL      TITLE OF THE
    DOC. NO.    NO.         INVENTION        INVENTOR(S)
    SE9-98-006  09/152,756  Secure Electronic Kenneth L. Milsted
                            Content          George Gregory Gruse
                            Management       Marco M. Hurtado
                                             Edgar Downs
                                             Cesar Medina
    SE9-98-007  09/209,440  Multimedia Player George Gregory Gruse
                            Toolkit          John J. Dorak, Jr.
                                             Kenneth L. Milsted
    SE9-98-008  09/241,276  Multimedia Content Kenneth L. Milsted
                            Creation System  Qing Gong
                                             Edgar Downs
    SE9-98-009  09/177,096  System for Tracking George Gregory Gruse
                            End-User Electronic John J. Dorak, Jr.
                            Content          Kenneth L. Milsted
    SE9-98-010  09/203,307  Key Management   Jeffrey B. Lotspiech
                            System for End-  Marco M. Hurtado
                            User Digital Player George Gregory Gruse
                                             Kenneth L. Milsted
    SE9-98-011  09/208,774  Multi-media player Marco M. Hurtado
                            for an Electronic George Gregory Gruse
                            Content Delivery Edgar Downs
                            System           Kenneth L. Milsted
    SE9-98-013  09/203,306  A method to      Kenneth L. Milsted
                            identify CD content Craig Kindell
                                             Qing Gong
    SE9-98-014  09/203,315  Toolkit for      Richard Spagna
                            delivering electronic Kenneth L. Milsted
                            content from an  David P. Lybrand
                            Online store.    Edgar Downs
    SE9-98-015  09/201,622  A method and     Kenneth L. Milsted
                            apparatus to     Kha Kinh Nguyen
                            automatically create Qing Gong
                            encode audio
    SE9-98-016              A method and     Kenneth L. Milsted
                            apparatus to     Qing Gong
                            indicate an encoding
                            rate for audio

I. SECURE DIGITAL CONTENT ELECTRONIC DISTRIBUTION SYSTEM

A. System Overview

The Secure Digital Content Electronic Distribution System is a technical platform that encompasses the technology, specifications, tools, and software needed for the secure delivery and rights management of Digital Content and digital content-related content to an end-user, client device. The End-User Device(s) include PCS, set top boxes (IRDs), and Internet appliances. These devices may copy the content to external media or portable, consumer devices as permitted by the content proprietors. The term Digital Content or simply Content, refers to information and data stored in a digital format including: pictures, movies, videos, music, programs, multimedia and games.

The technical platform specifies how Digital Content is prepared, securely distributed through point-to-point and broadcast infrastructures (such as cable, Internet, satellite, and wireless) licensed to End-User Device(s), and protected against unauthorized copying or playing. In addition, the architecture of the technical platform allows for the integration and migration of various technologies such as watermarking, compression/encoding, encryption, and other security algorithms as they evolve over time.

The base components of the Secure Digital Content Electronic Distribution System are: (1) rights management for the protection of ownership rights of the content proprietor; (2) transaction metering for immediate and accurate compensation; and (3) an open and well-documented architecture that enables Content Provider(s) to prepare content and permit its secure delivery over multiple network infrastructures for playback on any standard compliant player.

1. Rights Management

Rights management in the Secure Digital Content Electronic Distribution System is implemented through a set of functions distributed among the operating components of the system. Its primary functions include: licensing authorization and control so that content is unlocked only by authorized intermediate or End-User(s) that have secured a license; and control and enforcement of content usage according to the conditions of purchase or license, such as permitted number of copies, number of plays, and the time interval or term the license may be valid. A secondary function of rights management is to enable a means to identify the origin of unauthorized copies of content to combat piracy.

Licensing authorization and control are implemented through the use of a Clearinghouse(s) entity and Secure Container (SC) technology. The Clearinghouse(s) provides licensing authorization by enabling intermediate or End-User(s) to unlock content after verification of a successful completion of a licensing transaction. Secure Containers are used to distribute encrypted content and information among the system components. A SC is a cryptographic carrier of information or content that uses encryption, digital signatures, and digital certificates to provide protection against unauthorized interception or modification of electronic information and content. It also allows for the verification of the authenticity and integrity of the Digital Content. The advantage of these rights management functions is that the electronic Digital Content distribution infrastructure does not have to be secure or trusted. Therefore transmission over network infrastructures such as the Web and Internet. This is due to the fact that the Content is encrypted within Secure Containers and its storage and distribution are separate from the control of its unlocking and use. Only users who have decryption keys can unlock the encrypted Content, and the Clearinghouse(s) releases decryption keys only for authorized and appropriate usage requests. The Clearinghouse(s) will not clear bogus requests from unknown or unauthorized parties or requests that do not comply with the content's usage conditions as set by the content proprietors. In addition, if the SC is tampered with during its transmission, the software in the Clearinghouse(s) determines that the Content in a SC is corrupted or falsified and repudiate the transaction.

The control of Content usage is enabled through the End-User Player Application 195 running on an End-User Device(s). The application embeds a digital code in every copy of the Content that defines the allowable number of secondary copies and play backs. Digital watermarking technology is used to generate the digital code, to keep it hidden from other End-User Player Application 195, and to make it resistant to alteration attempts. When the Digital Content is accessed in a compliant End-User Device(s), the End-User Player Application 195 reads the watermark to check the use restrictions and updates the watermark as required. If the requested use of the content does not comply with the usage conditions, e.g., the number of copies has been exhausted, the End-User Device(s) will not perform the request.

Digital watermarking also provides the means to identify the origin of authorized or unauthorized copies of Content. An initial watermark in the Content is embedded by the content proprietor to identify the content proprietor, specify copyright information, define geographic distribution areas, and add other pertinent information. A second watermark is embedded in the Content at the End-User Device(s) to identify the content purchaser (or licensee) and End-User Device(s), specify the purchase or license conditions and date, and add any other pertinent information.

Since watermarks become an integral part of the Content, they are carried in the copies independent of whether the copies were authorized or not. Thus the Digital Content always contains information regarding its source and its permitted use regardless of where the content resides or where it comes from. This information may be used to combat illegal use of the Content.

2. Metering

As part of its rights management functions, the Clearinghouse(s) keeps a record of all transactions where a key exchange is cleared through the Clearinghouse(s). This record allows for the metering of licensing authorization and the original conditions of use. The transaction record can be reported to responsible parties, such as, content proprietors or Content Provider(s), retailers, and others, on an immediate or periodic basis to facilitate electronic reconciliation of transaction payments and other uses.

3. Open Architecture

The Secure Digital Content Electronic Distribution System (System) is an open architecture with published specifications and interfaces to facilitate broad implementation and acceptance of the System in the market place while maintaining rights protection for the content proprietors. The flexibility and openness of the System architecture also enable the System to evolve over time as various technologies, transmission infrastructures, and devices are delivered to the marketplace.

The architecture is open regarding the nature of the Content and its format. Distribution of audio, programs, multimedia, video, or other types of Content is supported by the architecture. The Content could be in a native format, such as linear PCM for digital music, or a format achieved by additional preprocessing or encoding, such as filtering, compression, or pre/de-emphasis, and more. The architecture is open to various encryption and watermarking techniques. It allows for the selection of specific techniques to accommodate different Content types and formats and to allow the introduction or adoption of new technologies as they evolve. This flexibility allows Content Provider(s) to pick and evolve the technologies they use for data compression, encryption, and formatting within the Secure Digital Content Electronic Distribution System.

The architecture is also open to different distribution networks and distribution models. The architecture supports content distribution over low-speed Internet connections or high-speed satellite and cable networks and can be used with point-to-point or broadcast models. In addition, the architecture is designed so that the functions in the End-User Device(s) can be implemented on a wide variety of devices, including low cost consumer devices. This flexibility allows Content Provider(s) and retailers to offer Content to intermediate or End-User(s) through a variety of service offerings and enables the users to purchase or license Content, play it back, and record it on various compliant player devices.

B. System Functional Elements

Turning now to FIG. 1, there is shown a block diagram illustrating an overview of a Secure Digital Content Electronic Distribution System 100 according to the present invention. The Secure Digital Content Electronic Distribution System 100 encompasses several business elements that comprise an end-to-end solution, including: Content Provider(s) 101 or the proprietors of the Digital Content, Electronic Digital Content Store(s) 103, Intermediate Market Partners (not shown), Clearinghouse(s) 105, Content Hosting Site 111, Transmission Infrastructures 107, and End-User Device(s) 109. Each of these business elements use various components of the Secure Digital Content Electronic Distribution System 100. A high level description of these business elements and system components, as they pertain specifically to electronic Content 113 distribution, follows.

1. Content Provider(s) 101

Content Provider(s) 101 or content proprietor(s) are owners of original Content 113 and/or distributors authorized to package independent Content 113 for further distribution. Content Provider(s) 101 may exploit their rights directly or license Content 113 to the Electronic Digital Content Store(s) 103, or Intermediate Market Partners (not shown), usually in return for Content usage payments related to electronic commerce revenues. Examples of Content Provider(s) 101 include Sony, Time-Warner, MTV, IBM, Microsoft, Turner, Fox and others.

Content Provider(s) 101 use tools provided as part of the Secure Digital Content Electronic Distribution System 100 in order to prepare their Content 113 and related data for distribution. A Work Flow Manager Tool 154 schedules Content 113 to be processed and tracks the Content 113 as it flows through the various steps of Content 113 preparation and packaging to maintain high quality assurance. The term metadata is used throughout this document to mean data related to the Content 113 and in this embodiment does not include the Content 113 itself. As an example, metadata for a song may be a song title or song credits but not the sound recording of the song. The Content 113 would contain the sound recording. A Metadata Assimilation and Entry Tool 161 is used to extract metadata from the Content Provider(s)' Database 160 (for a music example the Content 113 information such as CD title, artist name, song title, CD artwork, and more) and to package it for electronic distribution. The Metadata Assimilation and Entry Tool 161 is also used to enter the Usage Conditions for the Content 113. The data in Usage Conditions can include copy restriction rules, the wholesale price, and any business rules deemed necessary. A Watermarking Tool is used to hide data in the Content 113 that identifies the content owner, the processing date, and other relevant data. For an embodiment where the Content 113 is audio, an audio preprocessor tool is used to adjust the dynamic range and/or equalize the Content 113 or other audio for optimum compression quality, compress the Content 113 to the desired compression levels, and encrypt the Content 113. These can be adapted to follow technical advances in digital content compression/encoding, encryption, and formatting methods, allowing the Content Provider(s) 101 to utilize best tools as they evolve over time in the marketplace.

The encrypted Content 113, digital content-related data or metadata, and encrypted keys are packed in SCs (described below) by the SC Packer Tool and stored in a content hosting site and/or promotional web site for electronic distribution. The content hosting site can reside at the Content Provider(s) 101 or in multiple locations, including Electronic Digital Content Store(s) 103 and Intermediate Market Partners (not shown) facilities. Since both the Content 113 and the Keys (described below) are encrypted and packed in SCs, Electronic Digital Content Store(s) 103 or any other hosting agent can not directly access decrypted Content 113 without clearance from the Clearinghouse(s) and notification to the Content Provider(s) 101.

2. Electronic Digital Content Store(s) 103

Electronic Digital Content Store(s) 103 are the entities who market the Content 113 through a wide variety of services or applications, such as Content 113 theme programming or electronic merchandising of Content 113. Electronic Digital Content Store(s) 103 manage the design, development, business operations, settlements, merchandising, marketing, and sales of their services. Example online Electronic Digital Content Store(s) 103 are Web sites that provide electronic downloads of software.

Within their services, Electronic Digital Content Store(s) 103 implement certain functions of the Secure Digital Content Electronic Distribution System 100. Electronic Digital Content Store(s) 103 aggregate information from the Content Provider(s) 101, pack content and metadata in additional SCs, and deliver those SCs to consumers or businesses as part of a service or application. Electronic Digital Content Store(s) 103 use tools provided by the Secure Digital Content Electronic Distribution System 100 to assist with: metadata extraction, secondary usage conditions, SC packaging, and tracking of electronic content transactions. The secondary usage conditions data can include retail business offers such as Content 113 purchase price, pay-per-listen price, copy authorization and target device types, or timed-availability restrictions.

Once an Electronic Digital Content Store(s) 103 completes a valid request for electronic Content 113 from an End-User(s), the Electronic Digital Content Store(s) 103 is responsible for authorizing the Clearinghouse(s) 105 to release the decryption key for the Content 113 to the customer. The Electronic Digital Content Store(s) also authorizes the download of the SC containing the Content 113. The Electronic Digital Content Store(s) may elect to host the SCs containing the Digital Content at its local site and/or utilize the hosting and distribution facilities of another Content hosting site.

The Electronic Digital Content Store(s) can provide customer service for any questions or problems that an End-User(s) may have using the Secure Digital Content Electronic Distribution System 100, or the Electronic Digital Content Store(s) 103 may contract their customer service support to the Clearinghouse(s) 105.

3. Intermediate Market Partners (not shown)

In an alternate embodiment, the Secure Digital Content Electronic Distribution System 100 can be used to provide Content 113 securely to other businesses called Intermediate Market Partners. These partners may include digital content-related companies offering a non-electronic service, such as televisions stations or video clubs, radio stations or record clubs, that distribute Content 113. These Partners may also include other trusted parties who handle material as part of making or marketing sound recordings, such as record studios, replicators, and producers. These Intermediate Market Partners requires clearance from the Clearinghouse(s) 105 in order to decrypt the Content 113.

4. Clearinghouse(s) 105

The Clearinghouse(s) 105 provides the licensing authorization and record keeping for all transactions that relate to the sale and/or permitted use of the Content 113 encrypted in a SC. When the Clearinghouse(s) 105 receives a request for a decryption key for the Content 113 from an intermediate or End-User(s), the Clearinghouse(s) 105 validates the integrity and authenticity of the information in the request; verifies that the request was authorized by an Electronic Digital Content Store(s) or Content Provider(s) 101; and verifies that the requested usage complies with the content Usage Conditions as defined by the Content Provider(s) 101. Once these verifications are satisfied, the Clearinghouse(s) 105 sends the decryption key for the Content 113 to the requesting End-User(s) packed in a License SC. The key is encrypted in a manner so that only the authorized user can retrieve it. If the End-User's request is not verifiable, complete, or authorized, the Clearinghouse(s) 105 repudiates the request for the decryption key.

The Clearinghouse(s) 105 keeps a record of all transactions and can report them to responsible parties, such as Electronic Digital Content Store(s) 103 and Content Provider(s) 101, on an immediate, periodic, or restricted basis. This reporting is a means by which Content Provider(s) 101 can be informed of the sale of Content 113 and the Electronic Digital Content Store(s) 103 can obtain an audit trail of electronic delivery to their customers. The Clearinghouse(s) 105 can also notify the Content Provider(s) 101 and/or Electronic Digital Content Store(s) 103 if it detects that information in a SC has been compromised or does not comply with the Content's Usage Conditions. The transaction recording and repository capabilities of the Clearinghouse(s) 105 database is structured for data mining and report generation.

In another embodiment, the Clearinghouse(s) 105 can provide customer support and exception processing for transactions such as refunds, transmission failures, and purchase disputes. The Clearinghouse(s) 105 can be operated as an independent entity, providing a trusted custodian for rights management and metering. It provides billing and settlement as required. Examples of electronic Clearinghouse(s) include Secure-Bank.com and Secure Electronic Transaction (SET) from Visa/Mastercard. In one embodiment, the Clearinghouse(s) 105 are Web sites accessible to the End-User Device(s) 109. In another embodiment, the Clearinghouse(s) 105 is part of the Electronic Digital Content Store(s) 103.

5. End-User Device(s) 109

The End-User Device(s) 109 can be any player device that contains an End-User Player Application 195 (described later) compliant with the Secure Digital Content Electronic Distribution System 100 specifications. These devices may include PCS, set top boxes (IRDs), and Internet appliances. The End-User Player Application 195 could be implemented in software and/or consumer electronics hardware. In addition to performing play, record, and library management functions, the End-User Player Application 195 performs SC processing to enable rights management in the End-User Device(s) 109. The End-User Device(s) 109 manages the download and storage of the SCs containing the Digital Content; requests and manages receipt of the encrypted Digital Content keys from the Clearinghouse(s) 105; processes the watermark(s) every time the Digital Content is copied or played; manages the number of copies made (or deletion of the copy) in accordance with the Digital Content's Usage Conditions; and performs the copy to an external media or portable consumer device if permitted. The portable consumer device can perform a subset of the End-User Player Application 195 functions in order to process the content's Usage Conditions embedded in the watermark. The terms End-User(s) and End-User Player Application 195 are used throughout this to mean through the use or running-on an End-User Device(s) 109.

6. Transmission Infrastructures 107

The Secure Digital Content Electronic Distribution System 100 is independent of the transmission network connecting the Electronic Digital Content Store(s) 103 and End-User Device(s) 109. It supports both point-to-point such as the Internet and broadcast distribution models such as broadcast television.

Even though the same tools and applications are used to acquire, package, and track Content 113 transactions over various Transmission Infrastructures 107, the presentation and method in which services are delivered to the customer may vary depending on the infrastructure and distribution model selected. The quality of the Content 113 being transferred may also vary since high bandwidth infrastructures can deliver high-quality digital content at more acceptable response times than lower bandwidth infrastructures. A service application designed for a point-to-point distribution model can be adapted to support a broadcast distribution model as well.

C. System Uses

The Secure Digital Content Electronic Distribution System 100 enables the secure delivery of high-quality, electronic copies of Content 113 to End-User Device(s) 109, whether consumer or business, and to regulate and track usage of the Content 113.

The Secure Digital Content Electronic Distribution System 100 could be deployed in a variety of consumer and business-to-business services using both new and existing distribution channels. Each particular service could use a different financial model that can be enforced through the rights management features of the Secure Digital Content Electronic Distribution System 100. Models such as wholesale or retail purchase, pay-per-listen usage, subscription services, copy/no-copy restrictions, or redistribution could be implemented through the rights management of the Clearinghouse(s) 105 and the End-User Player Application 195 copy protection features.

The Secure Digital Content Electronic Distribution System 100 allows Electronic Digital Content Store(s) 103 and Intermediate Market Partners a great deal of flexibility in creating services that sell Content 113. At the same time it provides Content Provider(s) 101 a level of assurance that their digital assets are protected and metered so that they can receive appropriate compensation for the licensing of Content 113.

II. CRYPTOGRAPHY CONCEPTS AND THEIR APPLICATION TO THE SECURE DIGITAL CONTENT ELECTRONIC DISTRIBUTION SYSTEM

License Control in the Secure Digital Content Electronic Distribution System 100 is based on the use of cryptography. This section introduces basic cryptography technologies of the present invention. The use of public key encryption, symmetric key encryption, digital signatures, digital watermarks and digital certificates is known.

A. Symmetric Algorithms

In the Secure Digital Content Electronic Distribution System 100 the Content Provider(s) 101 encrypts the content using symmetric algorithms. They are called symmetric algorithms because the same key is used to encrypt and decrypt data. The data sender and the message recipient must share the key. The shared key is referred to here as the symmetric key. The Secure Digital Content Electronic Distribution System 100 architecture is independent of the specific symmetric algorithm selected for a particular implementation.

Common symmetric algorithms are DES, RC2 and RC4. Both DES and RC2 are block cipher. A block cipher encrypts the data using a block of data bits at a time. DES is an official US government encryption standard, has a 64-bit block size, and uses a 56-bit key. Triple-DES is commonly used to increase the security achieved with simple DES. RSA Data Security designed RC2. RC2 uses a variable-key-size cipher and has a block size of 64 bits. RC4, also designed by RSA Data Security, is a variable-key-size stream cipher. A stream cipher operates on a single data bit at a time. RSA Data Security claims that eight to sixteen machine operations are required for RC4 per output byte.

IBM designed a fast algorithm called SEAL. SEAL is a stream algorithm that uses a variable-length key and that has been optimized for 32-bit processors. SEAL requires about five elementary machine instructions per data byte. A 50 MHZ, 486-based computer runs the SEAL code at 7.2 megabytes/second if the 160-bit key used has already been preprocessed into internal tables.

Microsoft reports results of encryption performance benchmark in its Overview of CryptoAPI document. These results were obtained by an application using Microsoft's CryptoAPI, running on a 120-MHZ, Pentium-based computer with Windows NT 4.0.

    Table of Contents                                 Page
    I.     SECURE DIGITAL CONTENT ELECTRONIC            12
           DISTRIBUTION SYSTEM
           A.   System Overview                           12
                 1. Rights Management                     12
                 2. Metering                              14
                 3. Open Architecture                     15
           B.   System Functional Elements                16
                 1. Content Provider(s)                   16
                 2. Electronic Digital Content Store(s)   17
                 3. Intermediate Market Partners          18
                 4. Clearinghouse(s)                      19
                 5. End-User Device(s)                    20
                 6. Transmission Infrastructures          21
           C.   System Uses                               21
    II.    CRYPTOGRAPHY CONCEPTS AND THEIR              22
           APPLICATION TO THE SECURE DIGITAL
           CONTENT ELECTRONIC DISTRIBUTION
           SYSTEM
           A.   Symmetric Algorithms                      22
           B.   Public Key Algorithms                     23
           C.   Digital Signature                         24
           D.   Digital Certificates                      25
           E.   Guide To The SC(s) Graphical Representation 26
           F.   Example of a Secure Container Encryption  27
    III.   SECURE DIGITAL CONTENT ELECTRONIC            29
           DISTRIBUTION SYSTEM FLOW
    IV.    RIGHTS MANAGEMENT ARCHITECTURE MODEL         33
           A.   Architecture Layer Functions              34
           B.   Function Partitioning and Flows           35
                 1. Content Formatting Layer              35
                 2. Content Usage Control Layer           36
                 3. Content Identification Layer          37
                 4. License Control Layer                 38
           C.   Content Distribution and Licensing Control 39
    V.     SECURE CONTAINER STRUCTURE                   42
           A.   General Structure                         42
           B.   Rights Management Language Syntax and Semantics 44
           C.   Overview of Secure Container Flow and Processing 45
           D.   Metadata Secure Container 620 Format      47
           E.   Offer Secure Container 641 Format         51
           F.   Transaction Secure Container 640 Format   53
           G.   Order Secure Container 650 Format         55
           H.   License Secure Container 660 Format       58
           I.   Content Secure Container Format           59
    VI.    SECURE CONTAINER PACKING AND UNPACKING       60
           A.   Overview                                  60
           B.   Bill of Materials (BOM) Part              62
           C.   Key Description Part                      66
    VII.   CLEARINGHOUSE(S)                             67
           A.   Overview                                  67
           B.   Rights Management Processing              69
           C.   Country Specific Parameters               72
           D.   Audit Logs and Tracking                   72
           E.   Reporting of Results                      75
           F.   Billing and Payment Verification          75
           G.   Retransmissions                           76
    VIII.  CONTENT PROVIDER                             77
           A.   Overview                                  77
           B.   Work Flow Manager                         78
                 1. Products Awaiting Action/Information Process 80
                 2. New Content Request Process           81
                 3. Automatic Metadata Acquisition Process 83
                 4. Manual Metadata Entry Process         83
                 5. Usage Conditions Process              84
                 6. Supervised Release Process            84
                 7. Metadata SC(s) Creation Process       84
                 8. Watermarking Process                  85
                 9. Preprocessing and Compression Process 85
                10.  Content Quality Control Process       87
                11.  Encryption Process                    88
                12.  Content SC(s) Creation Process        88
                13.  Final Quality Assurance Process       88
                14.  Content Dispersement Process          89
                15.  Work Flow Rules                       89
           C.   Metadata Assimilation and Entry Tool      94
                 1. Automatic Metadata Acquisition Tool   95
                 2. Manual Metadata Entry Tool            96
                 3. Usage Conditions Tool                 96
                 4. Parts of the Metadata SC(s)           98
                 5. Supervised Release Tool               102
           D.   Content Processing Tool                   103
                 1. Watermarking Tool                     104
                 2. Preprocessing and Compression Tool    104
                 3. Content Quality Control Tool          107
                 4. Encryption Tool                       107
           E.   Content SC(s) Creation Tool               108
           F.   Final Quality Assurance Tool              108
           G.   Content Dispersement Tool                 109
           H.   Content Promotions Web Site               110
           I.   Content Hosting                           111
                 1. Content Hosting Sites                 112
                 2. Content Hosting Site(s) 111 provided by the 113
                     Secure Digital Content Electronic Distribution
                     System
    IX.    ELECTRONIC DIGITAL CONTENT STORE(S)          115
           A.   Overview - Support for Multiple Electronic Digital 115
                Content Store(s)
           B.   Point-to-Point Electronic Digital Content Distribution 116
                Service
                 1. Integration Requirements              117
                 2. Content Acquisition Tool              119
                 3. Transaction Processing Module         122
                 4. Notification Interface Module         126
                 5. Account Reconciliation Tool           127
           C.   Broadcast Electronic Digital Content Distribution 128
                Service
    X.     END-USER DEVICE(S)                           129
           A.   Overview                                  129
           B.   Application Installation                  131
           C.   Secure Container Processor                132
           D.   The Player Application                    136
                 1. Overview                              136
                 2. End-User Interface Components         137
                 3. Copy/Play Management Components       141
                 4. Decryption 1505, Decompression 1506 and 141
                     Playback Components
                 5. Data Management 1502 and Library Access 141
                     Components
                 6. Inter-application Communication Components 142
                 7. Other Miscellaneous Components        142
                 8. The Generic Player                    142

B. Public Key Algorithms

In the Secure Digital Content Electronic Distribution System 100, symmetric keys and other small data pieces are encrypted using public keys. Public key algorithms use two keys. The two keys are mathematically related so that data encrypted with one key can only be decrypted with the other key. The owner of the keys keeps one key private (private key) and publicly distributes the second key (public key).

To secure the transmission of a confidential message using a public key algorithm, one must use the recipient's public key to encrypt the message. Only the recipient, who has the associated private key, can decrypt the message. Public key algorithms are also used to generate digital signatures. The private key is used for that purpose. The following section provides information on digital signatures.

The most common used public-key algorithm is the RSA public-key cipher. It has become the de-facto public key standard in the industry. Other algorithms that also work well for encryption and digital signatures are ElGamal and Rabin. RSA is a variable-key length cipher.

Symmetric key algorithms are much faster than the public key algorithms. In software, DES is generally at least 100 times as fast as RSA. Because of this, RSA is not used to encrypt bulk data. RSA Data Security reports that on a 90 MHZ Pentium machine, RSA Data Security's toolkit BSAFE 3.0 has a throughput for private-key operations (encryption or decryption, using the private key) of 21.6 kilobits/second with a 512-bit modulus and 7.4 kilobits/second with a 1024-bit modulus.

C. Digital Signature

In the Secure Digital Content Electronic Distribution System 100, the issuer of SC(s) protects the integrity of SC(s) by digitally signing it. In general, to create a digital signature of a message, a message owner first computes the message digest (defined below) and then encrypt the message digest using the owner's private key. The message is distributed with its signature. Any recipient of the message can verify the digital signature first by decrypting the signature using the public key of the message owner to recover the message digest. Then, the recipient computes the digest of the received message and compare it with the recovered one. If the message has not being altered during distribution, the calculated digest and recovered digest must be equal.

In the Secure Digital Content Electronic Distribution System 100, since SC(s) contain several data parts, a digest is calculated for each part and a summary digest is calculated for the concatenated part digests. The summary digest is encrypted using the private key of the issuer of the SC(s). The encrypted summary digest is the issuer's digital signature for the SC(s). The part digests and the digital signature are included in the body of the SC(s). The recipients of SC(s) can verify the integrity of the SC(s) and its parts by means of the received digital signature and part digests.

A one-way hash algorithm is used to calculate a message digest. A hash algorithm takes a variable-length-input message and converts it into a fixed length string, the message digest. A one-way hash algorithm operates only in one direction. That is, it is easy to calculate the digest for an input message, but it is very difficult (computationally infeasible) to generate the input message from its digest. Because of the properties of the one-way hash functions, one can think of a message digest as a fingerprint of the message.

The more common one-way hash functions are MD5 from RSA Data Security and SHA designed by the US National Institute of Technology and Standards (NITS).

D. Digital Certificates

A digital certificate is used to authenticate or verify the identity of a person or entity that has sent a digitally signed message. A certificate is a digital document issued by a certification authority that binds a public key to a person or entity. The certificate includes the public key, the name of the person or entity, an expiration date, the name of the certification authority, and other information. The certificate also contains the digital signature of the certification authority.

When an entity (or person) sends a message signed with its private key and accompanied with its digital certificate, the recipient of the message uses the entity's name from the certificate to decide whether or not to accept the message.

In the Secure Digital Content Electronic Distribution System 100, every SC(s), except those issued by the End-User Device(s) 109, includes the certificate of the creator of the SC(s). The End-User Device(s) 109 do not need to include certificates in their SC(s) because many End-User(s) do not bother to acquire a certificate or have certificates issued by non bona-fide Certification Authorities. In the Secure Digital Content Electronic Distribution System 100, the Clearinghouse(s) 105 has the option of issuing certificates to the Electronic Digital Content Store(s) 103. This allows the End-User Device(s) 109 to independently verify that the Electronic Digital Content Store(s) 103 have been authorized by the Secure Digital Content Electronic Distribution System 100.

E. Guide To The SC(s) Graphical Representation

This document uses a drawing to graphically represent SC(s) that shows encrypted parts, non-encrypted parts, the encryption keys, and certificates. Referring now to FIG. 2 is an example drawing of SC(s) 200. The following symbols are used in the SC(s) figures. Key 201 is a public or private key. The teeth of the key e.g. CLRNGH for Clearinghouse indicate the key owner. PB inside the handle indicates that it is a public key thus key 201 is a Clearinghouse public key. PV inside the handle indicates that it is a private key. Diamond shape is an End-User Digital Signature 202. The initials indicate which private key was used to create the signature thus in EU is the End-User(s) digital signature from table below. Symmetric key 203 is used to encrypt content. An encrypted symmetric key object 204 comprising a symmetric key 203 encrypted with a PB of CLRNGH. The key on the top border of the rectangle is the key used in the encryption of the object. The symbol or text inside the rectangle indicates the encrypted object (a symmetric key in this case). Another encrypted object, in this example a Transaction ID encrypted object 205 is shown. And Usage Conditions 206 for content licensing management as described below. The SC(s) 200 comprises Usage Conditions 206, Transaction ID encrypted object 205, an Application ID encrypted object 207, and encrypted symmetric key object 204, all signed with an End-User Digital Signature 202.

The table below shows the initials that identify the signer of SC(s).

         Cipher  Key Size      Key Setup Time Encryption Speed
         DES     56            460            1,138,519
         RC2     40            40             286,888
         RC4     40            151            2,377,723

F. Example of a Secure Container Encryption

The tables and diagrams below provide an overview of the encryption and decryption process used to create and recover information from SC(s). The SC(s) that is created and decrypted in this process overview is a general SC(s). It does not represent any of the specific SC(s) types used for rights management in the Secure Digital Content Electronic Distribution System 100. The process consists of the steps described in FIG. 3 for encryption process.

Process Flow for Encryption Process of FIG. 3

    Initial            Component
    CP                 Content Provider(s) 101
    MS                 Electronic Digital Content Store(s) 103
    HS                 Content Hosting Site(s) 111
    EU                 End-User Device(s) 109
    CH                 Clearinghouse(s) 105
    CA                 certification authority(ies) (not shown)

Process Flow for Decryption Process of FIG. 4

    Step   Process
    301    Sender generates a random symmetric key and uses it to encrypt
           the content.
    302    Sender runs the encrypted content through a hash algorithm to
           produce the content digest.
    303    Sender encrypts the symmetric key using the recipient's public key.
           PB RECPNT refers to the recipient's public key.
    304    Sender runs the encrypted symmetric key through the same hash
           algorithm used in step 2 to produce the symmetric key digest.
    305    Sender runs the concatenation of the content digest and symmetric
           key digest through the same hash algorithm used in step 2 to
           produce the SC(s) digest.
    306    Sender encrypts the SC(s) digest with the sender's private key to
           produce the digital signature for the SC(s). PV SENDER refers to
           the sender's private key.
    307B   Sender creates a SC(s) file that includes the encrypted content,
           encrypted symmetric key, content digest, symmetric key digest,
           sender's certificate, and SC(s) signature.
    307A   Sender must have obtained the certificate from a certification
           authority prior to initiating secure communications. The
           certification authority includes in the certificate the sender's
     public
           key, the sender's name and signs it. PV CAUTHR refers to the
           certifications authority's private key. Sender transmits the SC(s)
           to the recipient.

III. SECURE DIGITAL CONTENT ELECTRONIC DISTRIBUTION SYSTEM FLOW

The Secure Electronic Digital Content Distribution System 100, consists of several components that are used by the different participants of the system. These participants include the Content Provider(s) 101, Electronic Digital Content Store(s) 103, End-User(s) via End-User Device(s) 109 and the Clearinghouse(s) 105. A high level system flow is used as an overview of the Secure Digital Content Electronic Distribution System 100. This flow outlined below tracks Content as it flows throughout the System 100. Additionally it outlines the steps used by the participants to conduct the transactions for the purchase, unlocking and use of the Content 113. Some of the assumptions made in the system flow include:

This is a system flow for a Digital Content service (Point-to-Point Interface to a PC).

Content Provider(s) 101 submits audio Digital Content in PCM uncompressed format (as a music audio example).

Content Provider(s) 101 has metadata in an ODBC compliant database or Content Provider(s) 101 will enter the data directly into the Content Information Processing Subsystem.

Financial settlement is done by the Electronic Digital Content Store(s).

Content 113 is hosted at a single Content Hosting Site(s) 111.

It should be understood by those skilled in the art that these assumptions can be altered to accommodate the exact nature of the Digital Content e.g. music, video and program and electronic distribution systems broadcast.

The following process flow in illustrated in FIG. 1.

    Step   Process
    408    Recipient receives the SC(s) and separates its parts.
    409    Recipient verifies the digital signature in the sender's certificate
     by decrypting it with
           the public key of the certification authority. If the certificate's
     digital signature is
           valid, recipient acquires the sender's public key from the
     certificate.
    410    Recipient decrypts the SC(s) digital signature using the sender's
     public key. This
           recovers the SC(s) digest. PB SENDER refers to the sender's public
     key.
    411    Recipient runs the concatenation of the received content digest and
     encrypted key
           digest through the same hash algorithm used by the sender to compute
     the SC(s)
           digest.
    412    Recipient compares the computed SC(s) digest with the one recovered
     from the
           sender's digital signature. If they are the same, recipient confirms
     that the received
           digests have not been altered and continues with the decryption
     process. If they are
           not the same, recipient discards the SC(s) and notifies the sender.
    413    Recipient runs the encrypted symmetric key through the same hash
     algorithm used
           in step 411 to compute the symmetric key digest.
    414    Recipient compares the computed symmetric key digest with the one
     received in the
           SC(s). If it is the same, recipient knows that the encrypted
     symmetric key has not
           been altered. Recipient continues with the decryption process. If
     not valid, recipient
           discards the SC(s) and notifies the sender.
    415    Recipient runs the encrypted content through the same hash algorithm
     used in
           step 411 to compute the content digest.
    416    Recipient compares the computed content digest with the one received
     in the SC(s).
           If it is the same, recipient knows that the encrypted content has
     not been altered.
           Recipient then continues with the decryption process. If not valid,
     recipient discards
           the SC(s) and notifies the sender.
    417    Recipient decrypts the encrypted symmetric key using the recipient's
     private key.
           This recovers the symmetric key. PV RECPNT refers to the recipient's
     private key.
    418    Recipient uses the symmetric key to decrypt the encrypted content.
     This recovers the
           content.

IV. RIGHTS MANAGEMENT ARCHITECTURE MODEL

A. Architecture Layer Functions

FIG. 5 is a block diagram of the Rights Management Architecture of the Secure Digital Content Electronic Distribution System 100. Architecturally, four layers represent the Secure Digital Content Electronic Distribution System 100: the License Control Layer 501, the Content Identification Layer 503, Content Usage Control Layer 505, and the Content Formatting Layer 507. The overall functional objective of each layer and the individual key functions for each layer are described in this section. The functions in each of the layers are fairly independent of the functions in the other layers. Within broad limitations, functions in a layer can be substituted with similar functions without affecting the functionality of the other layers. Obviously, it is required that the output from one layer satisfies format and semantics acceptable to the adjacent layer.

The License Control Layer 501 ensures that:

the Digital Content is protected during distribution against illegal interception and tampering;

the Content 113 originates from a rightful content owner and is distributed by a licensed distributor, e.g. Electronic Digital Content Store(s) 103;

the Digital Content purchaser has a properly licensed application;

the distributor is paid by the purchaser before a copy of the Content 113 is made available to the purchaser or End-User(s); and

a record of the transaction is kept for reporting purposes.

The Content Identification Layer 503 allows for the verification of the copyright and the identity of the content purchaser. The content's copyright information and identity of the content purchaser enables the source tracking of any, authorized or not, copy of the Content 113. Thus, the Content Identification Layer 503 provides a means to combat piracy.

The Content Usage Control Layer 505 ensures that the copy of the Content 113 is used in the purchaser's device according to the Store Usage Conditions 519. The Store Usage Conditions 519 may specify the number of plays and local copies allowed for the Content 113, and whether or not the Content 113 may be recorded to an external portable device. The functions in the Content Usage Control Layer 505 keep track of the content's copy/play usage and update the copy/play status.

The Content Formatting Layer 507 allows for the format conversion of the Content 113 from its native representation in the content owner's facilities into a form that is consistent with the service features and distribution means of the Secure Digital Content Electronic Distribution System 100. The conversion processing may include compression encoding and its associated preprocessing, such as frequency equalization and amplitude dynamic adjustment. For Content 113 which is audio, at the purchaser's side, the received Content 113 also needs to be processed to achieve a format appropriate for playback or transfer to a portable device.

B. Function Partitioning and Flows

The Rights Management Architectural Model is shown in FIG. 5 and this illustrates the mapping of the architectural layers to the operating components making up the Secure Digital Content Electronic Distribution System 100 and the key functions in each layer.

1. Content Formatting Layer 507

The general functions associated with the Content Formatting Layer 507 are Content Preprocessing 502 and Compression 511 at the Content Provider(s) 101, and Content De-scrambling 513 and Decompression 515 at the End-User Device(s) 109. The need for preprocessing and the examples of specific functions were mentioned above. Content Compression 511 is used to reduce the file size of the Content 113 and its transmission time. Any compression algorithm appropriate for the type of Content 113 and transmission medium can be used in the Secure Digital Content Electronic Distribution System 100. For music, MPEG 1/2/4, Dolby AC-2 and AC-3, Sony Adaptive Transform Coding (ATRAC), and low-bit rate algorithms are some of the typically used compression algorithms. The Content 113 is stored in the End-User Device(s) 109 in compressed form to reduce the storage size requirement. It is decompressed during active playback. De-scrambling is also performed during active playback. The purpose and type of scrambling will be described later during the discussion of the Content Usage Control Layer 505.

2. Content Usage Control Layer 505

The Content Usage Control Layer 505 permits the specification and enforcement of the conditions or restrictions imposed on the use of Content 113 use at the End-User Device(s) 109. The conditions may specify the number of plays allowed for the Content 113, whether or not a secondary copy of the Content 113 is allowed, the number of secondary copies, and whether or not the Content 113 may be copied to an external portable device. The Content Provider(s) 101 sets the allowable Usage Conditions 517 and transmits them to the Electronic Digital Content Store(s) 103 in a SC (see the License Control Layer 501 section). The Electronic Digital Content Store(s) 103 can add to or narrow the Usage Conditions 517 as long as it doesn't invalidate the original conditions set by the Content Provider(s) 101. The Electronic Digital Content Store(s) 103 then transmits all Store Usage Conditions 519 (in a SC) to the End-User Device(s) 109 and the Clearinghouse(s) 105. The Clearinghouse(s) 105 perform Usage Conditions Validation 521 before authorizing the Content 113 release to an End-User Device(s) 109.

The enforcement of the content Usage Conditions 517 is performed by the Content Usage Control Layer 505 in the End-User Device(s) 109. First, upon reception of the Content 113 copy from the Content Identification Layer 503 in the End-User Device(s) 109 marks the Content 113 with a Copy/Play Code 523 representing the initial copy/play permission. Second, the Player Application 195 cryptographically scrambles the Content 113 before storing it in the End-User Device(s) 109. The Player Application 195 generates a scrambling key for each Content item, and the key is encrypted and hidden in the End-User Device(s) 109. Then, every time the End-User Device(s) 109 accesses the Content 113 for copy or play, the End-User Device(s) 109 verifies the copy/play code before allowing the de-scrambling of the Content 113 and the execution of the play or copy. The End-User Device(s) 109 also appropriately updates the copy/play code in the original copy of the Content 113 and on any new secondary copy. The copy/play coding is performed on Content 113 that has been compressed. That is, there is no need to decompress the Content 113 before the embedding of the copy/play code.

The End-User Device(s) 109 uses a License Watermark 527 to embed the copy/play code within the Content 113. Only the End-User Player Application 195 that is knowledgeable of the embedding algorithm and the associated scrambling key is able to read or modify the embedded data. The data is invisible or inaudible to a human observer; that is, the data introduces no perceivable degradation to the Content 113. Since the watermark survives several steps of content processing, data compression, D-to-A and A-to-D conversion, and signal degradation introduced by normal content handling, the watermark stays with the Content 113 in any representation form, including analog representation.

3. Content Identification Layer 503

As part of the Content Identification Layer 503, the Content Provider(s) 101 also uses a License Watermark 527 to embed data in the Content 113 such as to the content identifier, content owner and other information, such as publication date and geographic distribution region. This watermark is referred to here as the Copyright Watermark 529. Upon reception, the End-User Device(s) 109 watermarks the copy of the Content 113 with the content purchaser's name and the Transaction ID 535 (see the License Control Layer 501 section below), and with other information such as date of license and Usage Conditions 517. This watermark is referred to here as the license watermark. Any copy of Content 113, obtained in an authorized manner or not, and subject to audio processing that preserves the content quality, carries the copyright and license watermarks. The Content Identification Layer 503 deters piracy.

4. License Control Layer 501

The License Control Layer 501 protects the Content 113 against unauthorized interception and ensures that the Content is only released on an individual basis to an End-User(s) that has properly licensed End-User Device(s) 109 and successfully completes a license purchase transaction with an authorized Electronic Digital Content Store(s) 103. The License Control Layer 501 protects the Content 113 by double Encryption 531. The Content 113 is encrypted using an encryption symmetric key generated by the Content Provider(s) 101, and the symmetric key is encrypted using the public key 621 of the Clearinghouse(s). Only the Clearinghouse(s) 105 can initially recover the symmetric key.

License control is designed with the Clearinghouse(s) 105 as the "trusted party". Before releasing permission for the License Request 537, (i.e. the Symmetric Key 623 for the Content 113 to an End-User Device(s) 109), the Clearinghouse(s) 105 verifies that the Transaction 541 and the License Authorization 543 are complete and authentic, that the Electronic Digital Content Store(s) 103 has authorization from the Secure Digital Content Electronic Distribution System 100 for the sale of electronic Content 113, and that the End-User(s) has a properly licensed application. Audit/Reporting 545 allows the generation of reports and the sharing of licensing transaction information with other authorized parties in the Secure Electronic Digital Content Distribution System 100.

License control is implemented through SC Processing 533. SC(s) are used to distribute encrypted Content 113 and information among the system operation components (more about the SC(s) detailed structure sections below). A SC is cryptographic carrier of information that uses cryptographic encryption, digital signatures and digital certificates to provide protection against unauthorized interception and modification of the electronic information or Content 113. It also allows for the authenticity verification of the electronic data.

License control requires that the Content Provider(s) 101, the Electronic Digital Content Store(s) 103, and the Clearinghouse(s) 105 have bona-fide cryptographic digital certificates from reputable Certificate Authorities that are used to authenticate those components. The End-User Device(s) 109 are not required to have digital certificates.

C. Content Distribution and Licensing Control

FIG. 6 is a block diagram illustrating an overview of the Content Distribution and Licensing Control as it applies to the License Control Layer of FIG. 5. The figure depicts the case in which the Electronic Digital Content Store(s) 103, End-User Device(s) 109 and the Clearinghouse(s) 105 are interconnected via the Internet, and unicast (point-to-point) transmission is used among those components. The communication between the Content Provider(s) 101 and the Electronic Digital Content Store(s) 103 could also be over the Internet or other network. It is assumed that the Content-purchase commercial transaction between the End-User Device(s) 109 and the Electronic Digital Content Store(s) 103 is based on standard Internet Web protocols. As part of the Web-based interaction, the End-User(s) makes the selection of the Content 113 to purchase, provides personal and financial information, and agrees to the conditions of purchase. The Electronic Digital Content Store(s) 103 could obtain payment authorization from an acquirer institution using a protocol such as SET.

It is also assumed in FIG. 6 that the Electronic Digital Content Store(s) 103 has downloaded the End-User Player Application 195 to an End-User Device(s) 109 based on standard Web protocols. The architecture requires that the Electronic Digital Content Store(s) 103 assigns a unique application ID to the downloaded Player Application 195 and that the End-User Device(s) 109 stores it for later application license verification (see below).

The overall licensing flow starts at the Content Provider(s) 101. The Content Provider(s) 101 encrypts the Content 113 using an encryption symmetric key locally generated, and encrypts the Symmetric Key 623 using the Clearinghouse's 105 public key 621. The Content Provider(s) 101 creates a Content SC(s) 630 around the encrypted Content 113, and a Metadata SC(s) 620 around the encrypted Symmetric Key 623, Store Usage Conditions 519, and other Content 113 associated information. There is one Metadata SC(s) 620 and one Content SC(s) 630 for every Content 113 object. The Metadata SC(s) 620 also carries the Store Usage Conditions 519 associated with the Content Usage Control Layer 505.

The Content Provider(s) 101 distributes the Metadata SC(s) 620 to one or more Electronic Digital Content Store(s) 103 (step 601) and the Content SC(s) 630 to one or more Content Hosting Sites (step 602). Each Electronic Digital Content Store(s) 103, in turn creates an Offer SC(s) 641. The Offer SC(s) 641 typically carries much of the same information as the Metadata SC(s) 620, including the Digital Signature 624 of the Content Provider(s) 101 and the Certificate (not shown of the Content Provider(s) 101. As mentioned above, the Electronic Digital Content Store(s) 103 can add to or narrow the Store Usage Conditions 519 (handled by the Control Usage Control Layer) initially defined by the Content Provider(s) 101. Optionally, the Content SC(s) 630 and/or the Metadata SC(s) 620 is signed with a Digital Signature 624 ofthe Content Provider(s) 101.

After the completion of the Content-purchase transaction between the End-User Device(s) 109 and the Electronic Digital Content Store(s) 103 (step 603), the Electronic Digital Content Store(s) 103 creates and transfers to the End-User Device(s) 109 a Transaction SC(s) 640 (step 604). The Transaction SC(s) 640 includes a unique Transaction ID 535, the purchaser's name (i.e. End-User(s)') (not shown), the Public Key 661 ofthe End-User Device(s) 109, and the Offer SC(s) 641 associated with the purchased Content 113. Transaction Data 642 in FIG. 6 represents both the Transaction ID 535 and the End-User(s) name (not shown). The Transaction Data 642 is encrypted with the Public Key 621 of the Clearinghouse(s) 105. Optionally, the Transaction SC(s) 640 is signed with a Digital Signature 643 of the Electronic Digital Content Store(s) 103.

Upon reception of the Transaction SC(s) 640 (and the Offer SC(s) 641 included in it), the End-User Player Application 195 running on End-User Device(s) 109 solicits license authorization from the Clearinghouse(s) 105 by means of an Order SC(s) 650 (step 605). The Order SC(s) 650 includes the encrypted Symmetric Key 623 and Store Usage Conditions 519 from the Offer SC(s) 641, the encrypted Transaction Data 642 from the Transaction SC(s) 640, and the encrypted Application ID 551 from the End-User Device(s) 109. In another embodiment, the Order SC(s) 650 is signed with a Digital Signature 652 of the End-User Device(s) 109.

Upon reception of the Order SC(s) 650 from the End-User Device(s) 109, the Clearinghouse(s) 105 verifies:

1. that the Electronic Digital Content Store(s) 103 has authorization from the Secure Digital Content Electronic Distribution System 100 (exists in the Database 160 of the Clearinghouse(s) 105);

2. that the Order SC(s) 650 has not been altered;

3. that the Transaction Data 642 and Symmetric Key 623 are complete and authentic;

4. that the electronic Store Usage Conditions 519 purchased by the End-User Device(s) 109 are consistent with those Usage Conditions 517 set by the Content Provider(s) 101; and

5. that the Application ID 551 has a valid structure and that it was provided by an authorized Electronic Digital Content Store(s) 103.

If the verifications are successful, the Clearinghouse(s) 105 decrypts the Symmetric Key 623 and the Transaction Data 642 and builds and transfers the License SC(s) 660 to the End-User Device(s) 109 (step 606). The License SC(s) 660 carries the Symmetric Key 623 and the Transaction Data 642, both encrypted using the Public Key 661 of the End-User Device(s) 109. If any verification is not successful, the Clearinghouse(s) 105 denies the license to the End-User Device(s) 109 and informs the End-User Device(s) 109. The Clearinghouse(s) 105 also immediately informs the Electronic Digital Content Store(s) 103 of this verification failure. In an alternate embodiment, the Clearinghouse(s) 105 signs the License SC(s) 660 with its Digital Signature 663.

After receiving the License SC(s) 660, the End-User Device(s) 109 decrypts the Symmetric Key 623 and the Transaction Data 642 previously received from the Clearinghouse(s) 105 and requests the Content SC(s) 630 (step 607) from a Content Hosting Site(s) 111. Upon arrival of the Content SC(s) 630 (step 608), the End-User Device(s) 109 decrypts the Content 113 using the Symmetric Key 623 (step 609), and passes the Content 113 and the Transaction Data 642 to the other layers for license watermarking, copy/play coding, scrambling, and fuirther Content 113 processing as described previously for FIG. 5.

Finally, the Clearinghouse(s) 105 on a periodic basis transmits summary transaction reports to the Content Provider(s) 101 and the Electronic Digital Content Store(s) 103 for auditing and tracking purposes (step 610).

V. SECURE CONTAINER STRUCTURE

A. General Structure

A Secure Container (SC) is a structure that consists of several parts which together define a unit of Content 113 or a portion of a transaction, and which also define related information such as Usage Conditions, metadata, and encryption methods. SC(s) are designed in such a way that the integrity, completeness, and authenticity of the information can be verified. Some of the information in SC(s) may be encrypted so that it can only be accessed after proper authorization has been obtained.

SC(s) include at least one bill of materials (BOM) part which has records of information about the SC(s) and about each of the parts included in the SC(s). A message digest is calculated, using a hashing algorithm such as MD-5, for each part and then included in the BOM record for the part. The digests of the parts are concatenated together and another digest is computed from them and then encrypted using the private key of the entity creating the SC(s) to create a digital signature. Parties receiving the SC(s) can use the digital signature to verify all of the digests and thus validate the integrity and completeness of the SC(s) and all of its parts.

The following information may be included as records in the BOM along with the records for each part. The SC(s) type determines which records need to be included:

SC(s) version

SC(s) ID

Type of SC(s) (e.g. Offer, Order, Transaction, Content, Metadata or promotional and License.)

Publisher of the SC(s)

Date that the SC(s) was created

Expiration date of the SC(s)

Clearinghouse(s) URL

Description of the digest algorithm used for the included parts (default is MD-5)

Description of the algorithm used for the digital signature encryption (default is RSA)

Digital signature (encrypted digest of all of the concatenated digests of the included parts)

SC(s) may include more than one BOM. For example, an Offer SC(s) 641 consists of the original Metadata SC(s) 620 parts, including its BOM, as well as additional information added by the Electronic Digital Content Store(s) 103 and a new BOM. A record for the Metadata SC(s) 620 BOM is included in the Offer SC(s) 641 BOM. This record includes a digest for the Metadata SC(s) 620 BOM which can be used to validate its integrity and therefore, the integrity of the parts included from the Metadata SC(s) 620 can also be validated using the part digest values stored in Metadata SC(s) 620 BOM. None of the parts from the Metadata SC(s) 620 have records in the new BOM that was created for the Offer SC(s) 641. Only parts added by the Electronic Digital Content Store(s) 103 and the Metadata SC(s) 620 BOM have records in the new BOM.

SC(s) may also include a Key Description part. Key Description parts include records that contain the following information about encrypted parts in the SC(s):

The name of the encrypted part.

The name to use for the part when it is decrypted.

The encryption algorithm used to encrypt the part.

Either a Key Identifier to indicate the public encryption key that was used to encrypt the part or an encrypted symmetric key that, when decrypted, is used to decrypt the encrypted part.

The encryption algorithm used to encrypt the symmetric key. This field is only present when the record in the Key Description part includes an encrypted symmetric key that was used to encrypt the encrypted part.

A Key Identifier of the public encryption key that was used to encrypt the symmetric key. This field is only present when the record in the Key Description part includes an encrypted symmetric key and the encryption algorithm identifier of the symmetric key that was used to encrypt the encrypted part.

If the SC(s) does not contain any encrypted parts, then there is no Key Description part.

B. Rights Management Language Syntax and Semantics

The Rights Management Language consists of parameters that can be assigned values to define restrictions on the use of the Content 113 by an End-User(s) after the Content 113 purchase. The restrictions on the use of the Content 113 is the Usage Conditions 517. Each Content Provider(s) 101 specifies the Usage Conditions 517 for each of its Content 113 items. Electronic Digital Content Store(s) 103 interpret the Usage Conditions 517 in Metadata SC(s) 620 and use the information to provide different options or Store Usage Conditions 519 to the End-User(s) for purchase of Content 113. After an End-User(s) has selected a Content 113 item for purchase, the End-User Device(s) 109 requests authorization for the Content 113 based on Store Usage Conditions 519. Before the Clearinghouse(s) 105 sends a License SC(s) 660 to the End-User(s), the Clearinghouse(s) 105 verifies that the Store Usage Conditions 519 being requested are in agreement with the allowable Usage Conditions 517 that were specified by the Content Provider(s) 101 in the Metadata SC(s) 620.

When an End-User Device(s) 109 receives the Content 113 that was purchased, the Store Usage Conditions 519 are encoded into that Content 113 using the Watermarking Tool. The End-User Player Application 195 running on End-User Device(s) 109 insures that the Store Usage Conditions 519 that were encoded into the Content 113 are enforced.

The following are examples of Store Usage Conditions 519 for an embodiment where the Content 113 is music:

Song is recordable.

Song can be played n number of times.

C. Overview of Secure Container Flow and Processing

Metadata SC(s) 620 are built by Content Provider(s) 101 and are used to define Content 113 items such as songs. The Content 113 itself is not included in these SC(s) because the size of the Content 113 is typically too large for Electronic Digital Content Store(s) 103 and End-User(s) to efficiently download the containers just for the purpose of accessing the descriptive metadata. Instead, the SC(s) includes an external URL (Uniform Resource Locators) to point to the Content 113. The SC(s) also includes metadata that provides descriptive information about the Content 113 and any other associated data, such as for music, the CD cover art and/or digital audio clips in the case of song Content 113.

Electronic Digital Content Store(s) 103 download the Metadata SC(s) 620, for which they are authorized, and build Offer SC(s) 641. In short, an Offer SC(s) 641 consists of some of the parts and the BOM from the Metadata SC(s) 620 along with additional information included by the Electronic Digital Content Store(s) 103. A new BOM for the Offer SC(s) 641 is created when the Offer SC(s) 641 is built. Electronic Digital Content Store(s) 103 also use the Metadata SC(s) 620 by extracting metadata information from them to build HTML pages on their web sites that present descriptions of Content 113 to End-User(s), usually so they can purchase the Content 113.

The information in the Offer SC(s) 641 that is added by the Electronic Digital Content Store(s) 103 is typically to narrow the selection of Usage Conditions 517 that are specified in the Metadata SC(s) 620. An Offer SC(s) 641 template in the Metadata SC(s) 620 indicates which information can be overridden by the Electronic Digital Content Store(s) 103 in the Offer SC(s) 641 and what, if any, additional information is required by the Electronic Digital Content Store(s) 103 and what parts are retained in the embedded Metadata SC(s) 620.

Offer SC(s) 641 are included in a Transaction SC(s) 640 when an End-User(s) decides to purchase Content 113 from an Electronic Digital Content Store(s) 103. The Electronic Digital Content Store(s) 103 builds a Transaction SC(s) 640 and includes Offer SC(s) 641 for each Content 113 item being purchased and transmits it to the End-User Device(s) 109. The End-User Device(s) 109 receives the Transaction SC(s) 640 and validates the integrity of the Transaction SC(s) 640 and the included Offer SC(s) 641.

An Order SC(s) 650 is built by the End-User Device(s) 109 for each Content 113 item being purchased. Information is included from the Offer SC(s) 641, from the Transaction SC(s) 640, and from the configuration files of the End-User Device(s) 109. Order SC(s) 650 are sent to the Clearinghouse(s) 105 one at a time. The Clearinghouse(s) 105 URL where the Order SC(s) 650 is included as one of the records in the BOM for the Metadata SC(s) 620 and included again in the Offer SC(s) 641.

The Clearinghouse(s) 105 validates and processes Order SC(s) 650 to provide the End-User Device(s) 109 with everything that is required to a License Watermark 527 and access purchased Content 113. One of the functions of the Clearinghouse(s) 105 is to decrypt the Symmetric Keys 623 that are needed to decrypt the watermarking instructions from the Offer SC(s) 641 and the Content 113 from the Content SC(s) 630. An encrypted Symmetric Key 623 record actually contains more than the actual encrypted Symmetric Key 623. Before executing the encryption, the Content Provider(s) 101 appends its name to the actual Symmetric Key 623. Having the Content Provider(s)' 101 name encrypted together with the Symmetric Key 623 provides security against a pirate Content Provider(s) 101 that has built its own Metadata SC(s) 620 and Content SC(s) 630 from legal SC(s). The Clearinghouse(s) 105 verifies that the name of the Content Provider(s) 101 encrypted together with the Symmetric Keys 623 matches the name of the Content Provider(s) 101 in the SC(s) certificate.

If there are any changes required to be made to the watermarking instructions by the Clearinghouse(s) 105, then the Clearinghouse(s) 105 decrypts the Symmetric Key 623 and then modifies the watermarking instructions and encrypts them again using a new Symmetric Key 623. The Symmetric Key 623 is then re-encrypted using the Public Key 661 of the End-User Device(s) 109. The Clearinghouse(s) 105 also decrypts the other Symmetric Keys 623 in the SC(s) and encrypts them again with the Public Key 661 of the End-User Device(s) 109. The Clearinghouse(s) 105 builds a License SC(s) 660 that includes the newly encrypted Symmetric Keys 623 and updated watermarking instructions and sends it to the End-User Device(s) 109 in response to the Order SC(s) 650. If the processing of the Order SC(s) 650 does not complete successfully, then the Clearinghouse(s) 105 returns to the End-User Device(s) 109 an HTML page reporting the failure of the authorization process.

A License SC(s) 660 provides an End-User Device(s) 109 with everything that is needed to access a Content 113 item. The End-User Device(s) 109 requests the appropriate Content SC(s) 630 from the Content Hosting Site(s) 111. Content SC(s) 630 are built by Content Provider(s) 101 and include encrypted Content 113 and metadata parts. The End-User Player Application 195 uses the Symmetric Keys 623 from the License SC(s) 660 to decrypt the Content 113, metadata, and watermarking instructions. The watermarking instructions are then implemented into the Content 113 and the Content 113 is scrambled and stored on the End-User Device(s) 109.

D. Metadata Secure Container 620 Format

The following table shows the parts that are included in a Metadata SC(s) 620. Each box in the Parts column is a separate object included in the SC(s) along with the BOM (with the exception of part names that are surrounded by [ ] characters). The BOM contains a record for each part included in the SC(s). The Part Exists column indicates whether the part itself is actually included in the SC(s) and the Digest column indicates whether a message digest is computed for the part. Some parts may not be propagated when a SC(s) is included in other SC(s) (as determined by the associated template), although the entire original BOM is propagated. This is done because the entire BOM is required by the Clearinghouse(s) 105 to verify the digital signature in the original SC(s).

The Key Description Part columns of the following table define the records that are included in the Key Description part of the SC(s). Records in the Key Description part define information about the encryption keys and algorithms that were used to encrypt parts within the SC(s) or parts within another SC(s). Each record includes the encrypted part name and, if necessary, a URL that points to another SC(s) that includes the encrypted part. The Result Name column defines the name that is assigned to the part after it is decrypted. The Encrypt Alg column defines the encryption algorithm that was used to encrypt the part. The Key Id/Enc Key column defines either an identification of the encryption key that was used to encrypt the part or a base64 encoding of the encrypted Symmetric Key 623 bitstring that was used to encrypt the part. The Sym Key Alg column is an optional parameter that defines the encryption algorithm that was used to encrypt the Symmetric Key 623 when the previous column is an encrypted Symmetric Key 623. The Sym Key ID column is an identification of the encryption key that was used to encrypt the Symmetric Key 623 when the Key Id/Enc Key column is an encrypted Symmetric Key 623.

    Step   Process
    121    A uncompressed PCM audio file is provided as Content 113 by the
     Content
           Provider(s) 101. Its filename is input into the Work Flow Manager
     154 Tool along
           with the Content Provider(s)' 101 unique identifier for the Content
     113.
    122    Metadata is captured from the Content Provider(s)' Database 160 by
     the Content
           Information Processing Subsystem using the Content Provider(s)' 101
     unique
           identifier for the Content 113 and information provided by the
     Database Mapping
           Template.
    123    The Work Flow Manager Tool 154 is used to direct the content flow
     through the
           acquisition and preparation process at the Content Provider(s) 101.
     It can also be
           used to track the status of any piece of content in the system at
     any time.
    124    The Usage Conditions for the Content 113 are entered into the
     Content Information
           Processing Subsystem, this can be done either manually or
     automatically. This data
           includes copy restriction rules and any other business rules deemed
     necessary. All
           of the metadata entry can occur in parallel with the Audio
     Processing for the data.
    125    The Watermarking Tool is used to hide data in the Content 113 that
     the Content
           Provider(s) 101 deems necessary to identify the content. This could
     include when
           it was captured, where it came from (this Content Provider(s) 101),
     or any other
           information specified by the Content Provider(s) 101.
           .cndot. The Content 113 Encoding Tool performs equalization, dynamic
     range
                adjustments and re-sampling to the Content 113 as necessary for
     the different
                compression levels supported.
           .cndot. The Content 113 is compressed using the Content 113 Encoding
     Tool to the
                desired compression levels. The Content 113 can then be played
     back to
                verify that the compression produces the required level of
     Content 113
                quality. If necessary the equalization, dynamic range
     adjustments,
                compression and playback quality checks can be performed as
     many times
                as desired.
           .cndot. The Content 113 and a subset of its metadata is encrypted
     with a Symmetric
                Key by the SC Packer. This tool then encrypts the key using the
     Public Key
                of the Clearinghouse(s) 105 to produce an Encrypted Symmetric
     Key. This
                key can be transmitted anywhere without comprising the security
     of the
                Content 113 since the only entity that can decrypt it is the
     Clearinghouse(s)
                105.
    126    The Encrypted Symmetric Key, metadata and other information about
     the Content
           113 is then packed into a Metadata SC by the SC Packer Tool 152.
    127    The encrypted Content 113 and metadata are then packed into a
     Content SC. At this
           point the processing on the Content 113 and metadata is complete.
    128    the Metadata SC(s) is then sent to the Content Promotions Web Site
     156 using the
           Content Disbursement Tool (not shown).
    129    The Content Disbursement Tool sends the Content SC(s) to the Content
     Hosting
           Site(s) 111. The Content Hosting Site(s) can reside at the Content
     Provider(s) 101,
           the Clearinghouse(s) 105 or a special location dedicated for Content
     Hosting. the
           URL for this site is part of the metadata that was added to the
     Metadata SC.
    130    The Content Promotions Web Site 156 notifies Electronic Digital
     Content Store(s)
           103 of new Content 113 that is added to the System 100.
    131    Using the Content Acquisition Tool, Electronic Digital Content
     Store(s) 103 then
           download the Metadata SCs that correspond to the Content 113 they
     wish to sell.
    132    The Electronic Digital Content Store(s) 103 will use the Content
     Acquisition Tool
           to pull out any data from the Metadata SC(s) that they want to use
     to promote the
           Content 113 on their Web Site. Access to portions of this metadata
     can be secured
           and charged for if desired.
    133    The Usage Conditions for the Content 113, specific to this
     Electronic Digital Content
           Store(s) 103, are entered using the Content Acquisition Tool. These
     Usage
           Conditions include the retail prices and copy/play restrictions for
     the different
           compression levels of the Content 113.
    134    The Electronic Digital Content Store(s) 103 specific Usage
     Conditions and the
           original Metadata SC(s) are packed into an Offer SC by the SC Packer
     Tool.
    135    After the Electronic Digital Content Store(s) 103 Web Site is
     updated, the Content
           113 is available to End-User(s) surfing the Web.
    136    When an End-User(s) finds Content 113 that they want to buy, they
     click on a
           content icon, such as a music icon, and the item is added to his/her
     shopping cart
           which is maintained by the Electronic Digital Content Store(s) 103.
     When the End-
           User(s) completes shopping they submit the purchase request to the
     Electronic
           digital Content Store(s) 103 for processing.
    137    The electronic Digital Content Store(s) 103 then interacts with
     credit card clearing
           organizations to place a hold on the funds in the same way they do
     business today.
    138    Once the Electronic Digital Content Store(s) 103 receives the credit
     card
           authorization number back from the credit card clearing
     organization, it stores this
           into a database and invokes the SC Packer Tool to build a
     Transaction SC. This
           Transaction SC includes all of the Offer SCs for the Content 113
     that the End-Users(s)
           has purchased, a Transaction ID that can be tracked back to the
     Electronic Digital
           Content Store(s) 103, information that identifies the End-User(s),
     compression levels,
           Usage Conditions and the price list for the songs purchased.
    139    This Transaction SC is then transmitted to the End-User Device(s)
     109.
    140    When the Transaction SC arrives on the End-User Device(s) 109, it
     kicks off the
           End-User Player Application 195 which opens the Transaction SC and
     acknowledges
           the End-User's purchase. The End-User Player Application 195 then
     opens the
           individual Offer SCs and informs the user with an estimate of the
     download time.
           It then asks the user to specify when they want to download the
     Content 113.
    141    Based on the time the End-User(s) requested the download, the
     end-User Player
           Application 195 will wake up and initiate the start of the download
     process by
           building a Order SC that contains among other things the Encrypted
     symmetric Key
           for the Content 113, the Transaction ID, and End-User(s)
     information.
    142    This Order SC is then sent to the Clearinghouse(s) 105 for
     processing.
    143    The Clearinghouse(s) 105 receives the Order SC, opens it and
     verifies that none of
           the data has been tampered with. The Clearinghouse(s) 105 validates
     the Usage
           Conditions purchased by the End-User(s). These Usage Conditions must
     comply
           with those specified by the Content Provider(s) 101. This
     information is logged in
           a database.
    144    Once all the checks are complete, the Encrypted symmetric Key is
     decrypted using
           the private key of the Clearinghouse(s) 105. The symmetric Key is
     then encrypted
           using the public key of the End-User(s). This new Encrypted
     symmetric Key is then
           packaged into a License SC by the SC Packer.
    145    The License SC is then transmitted to the End-User(s).
    146    When the License SC is received at the End-User Device(s) 109 it is
     stored in
           memory until the Content SC is downloaded.
    147    The End-User Device(s) 109 request form the Content Hosting Facility
     111, sending
           the corresponding License SC for the purchased Content 113.
    148    Content 113 is sent to the end-User Device(s) 109. Upon the receipt
     the Content 113
           is de-encrypted by the End-User Device(s) 109 using the Symmetric
     Key.

The following describes the terms that are used in the above Metadata SC(s) table:

[Content URL]--A parameter in a record in the Key Description part. This is a URL that points to the encrypted Content 113 in the Content SC(s) 630 that is associated with this Metadata SC(s) 620. The Metadata SC(s) 620 itself does not contain the encrypted Content 113.

[Metadata URL]--A parameter in a record in the Key Description part. This is a URL that points to the encrypted metadata in the Content SC(s) 630 that is associated with this Metadata SC(s) 620. The Metadata SC(s) 620 itself does not contain the encrypted metadata.

Content ID--A part that defines a unique ID assigned to a Content 113 item. There is more than one Content ID included in this part if the Metadata SC(s) 620 references more than one Content 113 item.

Metadata--Parts that contain information related to a Content 113 item such as the artist name and CD cover art in the case of a song. There may be multiple metadata parts, some of which may be encrypted. The internal structure of the metadata parts is dependent on the type of metadata contained therein.

Usage Conditions--A part that contains information that describes usage options, rules, and restrictions to be imposed on an End-User(s) for use of the Content 113.

SC(s) Templates--Parts that define templates that describe the required and optional information for building the Offer, Order, and License SC(s) 660.

Watermarking Instructions--A part that contains the encrypted instructions and parameters for implementing watermarking in the Content 113. The watermarking instructions may be modified by the Clearinghouse(s) 105 and returned back to the End-User Device(s) 109 within the License SC(s) 660. There is a record in the Key Description part that defines the encryption algorithm that was used to encrypt the watermarking instructions, the output part name to use when the watermarking instructions are decrypted, a base64 encoding of the encrypted Symmetric Key 623 bitstring that is was used to encrypt the watermarking instructions, the encryption algorithm that was used to encrypt the Symmetric Key 623, and the identification of the public key that is required to decrypt the Symmetric Key 623.

Clearinghouse(s) Certificate(s)--A certificate from a certification authority or from the Clearinghouse(s) 105 that contains the signed Public Key 621 of the Clearinghouse(s) 105. There may be more than one certificate, in which case a hierarchical level structure is used with the highest level certificate containing the public key to open the next lowest level certificate is reached which contains the Public Key 621 of the Clearinghouse(s) 105.

Certificate(s)--A certificate from a certification authority or from the Clearinghouse(s) 105 that contains the signed Public Key 621 of the entity that created the SC(s). There may be more than one certificate, in which case a hierarchical level structure is used with the highest level certificate containing the public key to open the next level certificate, and so on, until the lowest level certificate is reached which contains the public key of the SC(s) creator.

SC Version--A version number assigned to the SC(s) by the SC Packer Tool.

SC ID--A unique ID assigned to the SC(s) by the entity that created the SC(s).

SC Type--Indicates the type of SC(s) (e.g. Metadata, Offer, Order, etc.)

SC Publisher--Indicates the entity that created the SC(s).

Creation Date--Date that the SC(s) was created.

Expiration Date--Date the SC(s) expires and is no longer valid.

Clearinghouse(s) URL--Address of the Clearinghouse(s) 105 that the End-User Player Application 195 should interact with to obtain the proper authorization to access the Content 113.

Digest Algorithm ID--An identifier of the algorithm used to compute the digests of the parts.

Digital Signature Alg ID--An identifier of the algorithm used to encrypt the digest of the concatenated part digests. This encrypted value is the digital signature.

Digital Signature--A digest of the concatenated part digests encrypted with the public key of the entity that created the SC(s).

Output Part--The name to assign to the output part when an encrypted part is decrypted.

RSA and RC4--Default encryption algorithms used to encrypt the Symmetric Keys 623 and data parts.

Enc Sym Key--A base64 encoding of an encrypted key bitstring that, when decrypted, is used to decrypt a SC(s) part.

CH Pub Key--An identifier that indicates that the Clearinghouse's 105 Public Key 621 was used to encrypt the data.

E. Offer Secure Container 641 Format

The following table shows the parts that are included in the Offer SC(s) 641. The parts, with the exception of some of the metadata parts, and BOM from the Metadata SC(s) 620 are also included in the Offer SC(s) 641.

                            BOM                  Key Description Part
    Parts                   Part Exists Digest    Result Name Encrypt Alg Key
     Id/Enc Key Sym Key Alg   Sym Key ID
    [Content URL]                      Output Part RC4         Enc Sym Key
     RSA           CH Pub Key
    [Metadata URL]                      Output Part RC4         Enc Sym Key
     RSA           CH Pub Key
                            SC Version
                            SC ID
                            SC Type
                            SC Publisher
                            Date
                            Expiration Date
                            Clearinghouse(s) URL
                            Digest Algorithm ID
                            Digital Signature Alg ID
    Content ID              Yes         Yes
    Metadata                Yes         Yes
    Usage Conditions        Yes         Yes
    SC Templates            Yes         Yes
    Watermarking Instructions Yes         Yes       Output Part RC4         Enc
     Sym Key    RSA           CH Pub Key
    Key Description Part    Yes         Yes
    Clearinghouse(s) Certificate(s) Yes         No
    Certificate(s)          Yes         No
                            Digital Signature

The following describes the terms that are used in the above Offer SC(s) 641 that were not previously described for another SC(s):

Metadata SC(s) BOM--The BOM from the original Metadata SC(s) 620. The record in the Offer SC(s) 641 BOM includes the digest of the Metadata SC(s) 620 BOM.

Additional and Overridden Fields--Usage conditions information that was overridden by the Electronic Digital Content Store(s) 103. This information is validated by the Clearinghouse(s) 105, by means of the received SC(s) templates, to make sure that anything that the Electronic Digital Content Store(s) 103 overrides is within the scope of its authorization.

Electronic Digital Content Store(s) Certificate--A certificate provided to the Electronic Digital Content Store(s) 103 by the Clearinghouse(s) 105 and signed by the Clearinghouse(s) 105 using its private key. This certificate is used by the End-User Player Application 195 to verify that the Electronic Digital Content Store(s) 103 is a valid distributor of Content 113. The End-User Player Application 195 and Clearinghouse(s) 105 can verify that the Electronic Digital Content Store(s) 103 is an authorized distributor by decrypting the certificate's signature with the Clearinghouse's 105 Public Key 621. The End-User Player Application 195 keeps a local copy of the Clearinghouse's 105 Public Key 621 that it receives as part of its initialization during installation.

F. Transaction Secure Container 640 Format

The following table shows the parts that are included in the Transaction SC(s) 640 as well as its BOM and Key Description parts.

                                 BOM                  Key Description Part
    Parts                        Part Exists Digest    Result Name   Encrypt
     Alg Key ID/Enc Key   Sym Key Alg   Sym Key ID
    Metadata SC Parts
    [Content URL]                           Output Part   RC4         Enc Sym
     Key      RSA           CH Pub Key
    [Metadata URL]                          Output Part   RC4         Enc Sym
     Key      RSA           CH Pub Key
                                 SC Version
                                 SC ID
                                 SC Type
                                 SC Publisher
                                 Date
                                 Expiration Date
                                 Clearinghouse(s) URL
                                 Digest Algorithm ID
                                 Digital Signature Alg ID
    Content ID                   Yes         Yes
    Metadata                     Some        Yes
    Usage Conditions             Yes         Yes
    SC Templates                 Yes         Yes
    Watermarking Instructions    Yes         Yes       Output Part   RC4
      Enc Sym Key      RSA           CH Pub Key
    Key Description Part         Yes         Yes
    Clearinghouse(s) Certificate(s) Yes         No
    Certificate(s)               Yes         No
                                 Digital Signature
    Offer SC Parts
                                 SC Version
                                 SC ID
                                 SC Type
                                 SC Publisher
                                 Date
                                 Expiration Date
                                 Digest Algorithm ID
                                 Digital Signature Alg ID
    Metadata SC BOM              Yes         Yes
    Additional and Overridden Fields Yes         Yes
    Electronic Digital Content   Yes         No
    Store(s) Certificate
    Certificate(s)               Yes         No
                                 Digital Signature

The following describes the terms that are used in the above Transaction SC(s) 640 that were not previously described for another SC(s):

Transaction ID 535--An ID assigned by the Electronic Digital Content Store(s) 103 to uniquely identify the transaction.

End-User(s) ID--An identification of the End-User(s) obtained by the Electronic Digital Content Store(s) 103 at the time the End-User(s) makes the buying selection and provides the credit card information.

End-User(s)' Public Key--The End-User(s)' Public Key 661 that is used by the Clearinghouse(s) 105 to re-encrypt the Symmetric Keys 623. The End-User(s)' Public Key 661 is transmitted to the Electronic Digital Content Store(s) 103 during the purchase transaction.

Offer SC(s)--Offer SC(s) 641 for the Content 113 items that were purchased. The Offer SC(s) do not have digests computed because each container can be validated individually.

Offer SC(s) BOMs--BOM parts of the Offer SC(s) 641 that are included as parts in the Transaction SC(s) 640. The Transaction SC(s) 640 BOM has a record for each of the Offer SC(s) 641 BOM parts. The record includes a digest of the BOM part and a parameter that identifies the name of the Offer SC(s) 641 part that is associated with this Offer SC(s) 641 BOM part. After each Offer SC(s) 641 is unpacked by the packer, a digest is computed for its BOM and compared with the digest of its associated Offer SC(s) 641 BOM record in the Transaction SC(s) 640. If the digests match, then the BOMs are identical and the appropriate Offer SC(s) 641 was really included in the Transaction SC(s) 640. If the digest do not match, then the SC(s) is not valid.

Selections of Content Use--An array of Usage Conditions for each Content 113 item being purchased by the End-User(s). There is an entry for each Offer SC(s) 641.

HTML to Display--One or more HTML pages that the End-User Player Application 195 displays in the Internet browser window upon receipt of the Transaction SC(s) 640 or during the interaction between the End-User Device(s) 109 and the Clearinghouse(s) 105.

When the End-User Device(s) 109 receives a Transaction SC(s) 640, the following steps may be performed to verify the integrity and authenticity of the SC(s):

1. Verify the integrity of the Electronic Digital Content Store(s) 103 certificate using the Public Key 621 of the Clearinghouse(s) 105. The Public Key 621 of the Clearinghouse(s) 105 was stored at the End-User Device(s) 109 after it was received as part of the initialization of the End-User Player Application 195 during its installation process.

2. Verify the Digital Signature 643 of the SC(s) using the public key from the Electronic Digital Content Store(s) 103 certificate.

3. Verify the hashes of the SC(s) parts.

4. Verify the integrity and authenticity of each Offer SC(s) 641 included in the Transaction SC(s) 640.

5. Compute the hashes of BOMs from each Offer SC(s) 641 and compare them against the hashes of the Offer SC(s) 641 BOMs that are included as parts in the Transaction SC(s) 640.

G. Order Secure Container 650 Format

The following table shows the parts that are included in the Order SC(s) 650 as well as its BOM and Key Description parts. These parts either provide information to the Clearinghouse(s) 105 for decryption and verification purposes or is validated by the Clearinghouse(s) 105. The parts and BOM from the Offer SC(s) 641 are also included in the Order SC(s) 650. The Some string in the Part Exists column of the Metadata SC(s) BOM indicates that the some of those parts are not included in the Order SC(s) 650. The BOM from the Metadata SC(s) 620 is also included without any change so that the Clearinghouse(s) 105 can validate the integrity of the Metadata SC(s) 620 and its parts.

                          BOM                  Key Description Part
    Parts                 Part Exists Digest    Result Name Encrypt Alg Key
     ID/Enc Key Sym Key Alg   Sym Key ID
                          SC Version
                          SC ID
                          SC Type
                          SC Publisher
                          Date
                          Expiration Date
                          Digest Algorithm ID
                          Digital Signature Alg ID
    Transaction ID        Yes         Yes       Output Part RSA         CH Pub
     Key
    End-User(s) ID        Yes         Yes       Output Part RSA         CH Pub
     Key
    End-User(s)' Public Key Yes         Yes
    Offer SC(s)           Yes         No
    Offer SC(s) BOMS      Yes         Yes
    Selections of Content Use Yes         Yes
    HTML to Display       Yes         Yes
    Key Description Past  Yes         Yes
    Electronic Digital Content Yes         No
    Store(s) Certificate
                          Digital Signature

The following describes the terms that are used in the above Order SC(s) 650 that were not previously described for another SC(s):

Transaction SC(s) BOM--The BOM in the original Transaction SC(s) 640. The record in the Order SC(s) 650 BOM includes the digest of the Transaction SC(s) 640 BOM.

Encrypted Credit Card Info.--Optional encrypted information from the End-User(s) that is used to charge the purchase to a credit card or debit card. This information is required when the Electronic Digital Content Store(s) 103 that created the Offer SC(s) 641 does not handle the customer billing, in which case the Clearinghouse(s) 105 may handle the billing.

H. License Secure Container 660 Format

The following table shows the parts that are included in the License SC(s) 660 as well as its BOM. As shown in the Key Description part, the Symmetric Keys 623 that are required for decrypting the watermarking instructions, Content 113, and Content 113 metadata have been re-encrypted by the Clearinghouse(s) 105 using the End-User(s)' Public Key 661. When the End-User Device(s) 109 receives the License SC(s) 660 it decrypts the Symmetric Keys 623 and use them to access the encrypted parts from the License SC(s) 660 and the Content SC(s) 630.

                                 BOM                  Key Description Part
    Parts                        Part Exists Digest    Result Name   Encrypt
     Alg Key ID/Enc Key   Sym Key Alg   Sym Key ID
    Metadata SC(s) Parts
    [Content URL]                           Output Part   RC4         Enc Sym
     Key      RSA           CH Pub Key
    [Metadata URL]                          Output Part   RC4         Enc Sym
     Key      RSA           CH Pub Key
                                 SC(s) Version
                                 SC(s) ID
                                 SC(s) Type
                                 SC(s) Publisher
                                 Date
                                 Expiration Date
                                 Clearinghouse(s) URL
                                 Digest Algorithm ID
                                 Digital Signature Alg ID
    Content ID                   Yes         Yes
    Metadata                     Some        Yes
    Usage Conditions             Yes         Yes
    SC(s) Templates              Yes         Yes
    Watermarking Instructions    Yes         Yes       Output Part   RC4
      Enc Sym Key      RSA           CH Pub Key
    Key Description Part         Yes         Yes
    Clearinghouse(s) Certificate(s) Yes         No
    Certificate(s)               Yes         No
                                 Digital Signature
    Offer SC(s) Parts
                                 SC(s) Version
                                 SC(s) ID
                                 SC(s) Type