Multi-tier digital TV programming for content distribution

Abstract

A method of securely providing data to a user's system over a broadcast infrastructure. The method comprising the steps of: encrypting the data using a first encrypting key; encrypting a first decrypting key using a second encrypting key; dividing at least part of the encrypted data into a series of logical packages; placing at least some of the logical packages into a broadcast carousel for cyclical broadcast over the broadcast infrastructure; broadcasting the packages in broadcast carousel so that they can be received by at least one user's system, wherein the broadcast is cyclical and repeats periodically; and transferring the encrypted first decrypting key, which has been encrypted with the second encrypting key, to the user's system. In another embodiment, a system is disclosed to carry out the above method in a broadcast infrastructure and an image overlaid on top of a primary image being displayed isused to denote that additional logical packages are available for receipt by broadcast.

Claims

What is claimed is:

1. A method of securely providing data to a users system over a broadcast infrastructure, the method comprising the steps of:

encrypting the data using a first encrypting key so that the data can be subsequently decrypted using a first decrypting key;

encrypting the first decrypting key using a second encrypting key;

dividing the encrypted data into a series of logical packages, wherein the logical packages are divided independent of any transport layer protocol used to broadcast the packages;

placing at least some of the logical packages into a broadcast carousel for cyclical broadcast over the broadcast infrastructure;

broadcasting the packages in broadcast carousel so that they can be received by at least one user's system, wherein the broadcast is cyclical and repeats periodically so that all of the logical packages representing the entire encrypted data are available locally for download at the user's system, without requiring a request be made to a broadcast center; and

transferring the encrypted first decrypting key, which has been encrypted with the second encrypting key, to the user's system.

2. The method as defined in claim 1, wherein the step of transferring the encrypted first decrypting key includes the sub-steps of:

re-encrypting the first decrypting key using a third encrypting key;

broadcasting the decrypted and re-encrypted first decrypting key to the user's system; and

decrypting the re-encrypted first decrypting key using a third decrypting key.

3. The method as defined in claim 1, wherein the step of transferring the encrypted first decrypting key includes the sub-steps of:

transferring the encrypted first decrypting key to a broadcast center;

re-encrypting the first decrypting key using a third encrypting key;

broadcasting the decrypted and re-encrypted first decrypting key to the users system; and

decrypting the re-encrypted first decrypting key using a third decrypting key.

4. The method as defined in claim 1, wherein the step of transferring the encrypted first decrypting key includes the sub-steps of:

transferring the encrypted first decrypting key to a clearinghouse;

re-encrypting the first decrypting key using a third encrypting key;

transferring the decrypted and re-encrypted first decrypting key to the user's system via an Internet download; and

decrypting the re-encrypted first decrypting key using a third decrypting key.

5. The method as defined in claim 1, wherein the data contains a catalog of offerings available for broadcast.

6. The method as defined in claim 1, wherein the data contains a schedule of broadcast times for additional data.

7. A method of securely receiving data on a users system from a broadcast infrastructure, the method comprising the steps of:

receiving a primary broadcast stream;

receiving encrypted data that has been previously encrypted using a first encrypting key and wherein the data has been previously divided into a series of logical packages, wherein the logical packages are divided independent of any transport layer protocol used to broadcast the packages;

receiving data and related promotional data describing the encrypted data being received so that all of the logical packages representing the entire encrypted data are available locally for download, without requiring a request be made to a broadcast center;

assembling at least part of the promotional data into one or more promotional images for overlaying on top of the primary broadcast stream being displayed;

displaying the promotional images overlaid on top of the primary image being displayed;

receiving a user selection of one of the promotional images being displayed; and

assembling at least part of the packages being received in response to the user selection into the encrypted data.

8. The method as defined in claim 7, wherein the step of displaying the promotional images includes displaying the promotional images on a television overlaid on top of a television broadcast image.

9. The method as defined in claim 7, wherein the step of receiving a primary broadcast stream includes receiving promotional material for data packages to be selected.

10. The method as defined in claim 7, wherein the step of displaying the promotional images includes displaying the promotional images as an icon indicating that a selection can be made at this time, wherein the icon overlaid on top of a primary image being displayed.

11. The method as defined in claim 7, wherein the step of displaying the promotional images includes displaying the promotional images as an icon overlaid on top of a primary image being displayed, wherein the icon appearance on the display is synchronized with the primary broadcast stream.

12. The method as defined in claim 7, wherein the primary broadcast stream represents the promotional material for data packages that can be selected.

13. The method as defined claim 7, wherein an icon appears overlaid on the primary video image to indicate to the user that a selection can be made at this time.

14. The method as defined in claim 7, wherein the appearance and disappearance of an icon overlaid on the primary video image is synchronized with a segment of the primary broadcast stream.

15. The method as defined in claim 7, further comprising the steps of:

receiving a decrypting key for decrypting the encrypted data assembled on the user's system.

16. The method as defined in claim 15, wherein the step of receiving a decrypting key, includes receiving a decrypting key that has been encrypted with a second encrypting key.

17. The method as defined in claim 15, wherein the step of receiving a decrypting key includes receiving a decrypting key over a broadcast stream.

18. The method defined in claim 15, wherein a second decrypting key for decrypting data that has been encrypted with the second encryption key is sent to the user's system from a clearinghouse.

19. The method defined in claim 16, wherein the second decrypting key has a timeout provision for decrypting data that has been encrypted with the second encryption key is sent to the user's system from a clearinghouse.

20. A system for securely providing data to a user's system over a broadcast infrastructure, the system comprising:

a content system;

a first public key;

a first private key, which corresponds to the first public key;

a data encrypting key;

a data decrypting key for decrypting data encrypted using the data encrypting key;

first data encryption means for encrypting data so as to be decrypt able only by a data decrypting key:

second data encryption means, using the first public key, for encrypting the data decrypting key;

a clearinghouse;

a broadcast center, for broadcasting a primary broadcast stream and a secondary broadcast stream for reception by the users system, wherein the second broadcast stream includes data encrypted with the data encrypting key, and wherein the data has been broken into a series of packages that are broadcast in a cyclical pattern which repeats over time, wherein the packages are divided independent of any transport layer protocol used to subsequently broadcast the packages so that all of the logical packages representing the entire encrypted data are available locally for download at the user's system, without requiring a request be made to a broadcast center;

first transferring means for transferring the data decrypting key which has been encrypted to the clearinghouse, wherein the clearinghouse possesses the first private key;

first decrypting means for decrypting the data decrypting key using the first private key;

a second public key;

a second private key, which corresponds to the second public key;

re-encryption means for re-encrypting the data decrypting key using the second public key;

second transferring means for transferring the re-encrypted data decrypting key to the user's system via an Internet download, wherein the user's system possesses the second private key; and

second decrypting means for decrypting the re-encrypted data decrypting key using the second private key.

21. The system as defined in claim 20 wherein the second transferring means for transferring the re-encrypted data decrypting key comprises a means for broadcasting the reencrypted data decrypting key through the broadcast center as part of the secondary broadcast stream.

22. The system as defined in claim 20, wherein the data contains a catalog of offerings available for broadcast.

23. The system as defined in claim 21, wherein the data contains a schedule of broadcast times for additional data.

24. The system for securely receiving data on a user's system from a broadcast infrastructure, comprising:

a first receiver for receiving a primary broadcast stream for display on a user's system;

a second receiver for receiving encrypted data that has been previously encrypted using a first encrypting key and wherein the data has been previously divided into a series of logical packages, wherein the logical packages are divided independent of any transport layer protocol used to subsequently broadcast the packages so that all of the logical packages representing the entire encrypted data are available locally for download at the user's system, without requiring a request be made to a broadcast center, wherein the second receiver receives encrypted data and related promotional data describing the encrypted data being received;

a first assembler for assembling at least part of the promotional data into a promotional image for overlaying on top of the primary broadcast stream being displayed;

means for displaying the promotional image overlaid on top of the primary image being displayed;

means for receiving a user selection of one of the promotional images being displayed; and

a second assembler for assembling at least part of the packages being received in response to the user selection into the encrypted data.

25. The system as defined in claim 24, wherein the means for displaying the promotional image includes a means for displaying the promotional image on a television overlaid on top of a television broadcast image.

26. The system as defined in claim 24, wherein the second receiver further comprises receiving a decrypting key for decrypting the encrypted data assembled on the user's system.

27. The system as defined in claim 24, wherein the second receiver further comprises receiving a decrypting key for decrypting the encrypted data assembled on the user's system.

28. The system as defined claim 24, wherein the promotional image is an icon that appears overlaid on the primary video image to indicate to the user that a selection can be made at this time.

29. The system as defined claim 24, wherein the promotional image is an icon so that the appearance and disappearance of the icon overlaid on the primary video image is synchronized with a segment of the primary broadcast stream.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS

Not Applicable

BACKGROUND OF THE INVENTION

1. Field of the Invention

The invention disclosed broadly relates to the field of electronic commerce and more particularly to a system and related tools for the secure delivery and rights management of digital assets, such as print media, films, games, and music over global communications networks such as the Internet, the World Wide Web, and cable or satellite digital broadcast networks.

2. Description of the Related Art

The use of global distribution systems such as the Internet for distribution of digital assets such as music, film, computer programs, pictures, games and other content continues to grow. At the same time owners and publishers of valuable digital content have been slow to embrace the use of the Internet for distribution of digital assets for several reasons. One reason is that owners are afraid of unauthorized copying or pirating of digital content. The electronic delivery of digital content removes several barriers to pirating. One barrier that is removed with electronic distribution is the requirement of the tangible recordable medium itself(e.g., diskettes or CD ROMs). It costs money to copy digital content on to tangible media, albeit, in many cases less than a dollar for a blank tape or recordable CD. However, in the case of electronic distribution, the tangible medium is no longer needed. The cost of the tangible medium is not a factor because content is distributed electronically. A second barrier, is the format of the content itself i.e. is the content stored in an analog format versus a digital format. Content stored in an analog format, for example, a printed picture, when reproduced by photocopying, the copy is of lesser quality than the original. Each subsequent copy of a copy, sometimes called a generation, is of less quality than the original. This degradation in quality is not present when a picture is stored digitally. Each copy, and every generation of copies can be as clear and crisp as the original. The aggregate effect of perfect digital copies combined with the very low cost to distribute content electronically and to distribute content widely over the Internet makes it relatively easy to pirate and distribute unauthorized copies. With a couple of keystrokes, a pirate can send hundreds or even of thousands of perfect copies of digital content over the Internet. Therefore a need exists to ensure the protection and security of digital assets distributed electronically.

Providers of digital content desire to establish a secure, global distribution system for digital content that protects the rights of content owners. The problems with establishing a digital content distribution system includes developing systems for digital content electronic distribution, rights management, and asset protection. Digital content that is distributed electronically includes content such as print media, films, games, programs, television, multimedia, and music.

The deployment of an electronic distribution system provides the digital content providers the ability to achieve fast settlement of payment through immediate sales reporting and electronic reconciliation as well as gain secondary sources of revenue through redistribution of content. Since the electronic digital content distribution system is not affected by physical inventory outages or returns, the digital content providers and retailers may realize reduced costs and improved margins. Digital content providers could facilitate new, or augment existing, distribution channels for better timed-release of inventory. The transactional data from the electronic distribution system could be used to obtain information regarding consumer buying patterns as well as to provide immediate feedback on electronic marketing programs and promotions. In order to meet these goals, a need exists for digital content providers to use an electronic distribution model to make digital content available to a wide range of users and businesses while ensuring protection and metering of digital assets.

Other commercially available electronic distribution systems for digital content, such as real audio, A2B from AT&T, Liquid Audio Pro from Liquid Audio Pro Corp., City Music Network from Audio Soft and others offer transmission of digital data over secured and unsecured electronic networks. The use of secured electronic networks greatly reduces the requirement of digital content providers of distributing digital to a wide audience. The use of unsecured networks such as the Internet and Web allows the digital content to arrive to an end-user securely such as through the use of encryption. However, once the encrypted digital content is de-encrypted on the end-user's machine, the digital content is readily available to the end-user for unauthorized re-distribution. Therefore a need exists for a secure digital content electronic distribution system that provides protection of digital assets and ensures that the Content Provider(s)' rights are protected even after the digital content is delivered to consumers and businesses. A need thus exists for rights management to allow for secure delivery, licensing authorization, and control of the usage of digital assets.

Another reason owners of digital content have been slow to embrace electronic distribution is their desire to maintain and foster existing channels of distribution. Most content owners sell through retailers. In the music market these U.S. retailers include Tower Records, Peaches, Blockbuster, Circuit City and others. Many of these retailers have Web sites that allow Internet users to makes selections over the Internet and have selections mailed to the end-user. Example music Web sites include @tower, Music Boulevard and Columbia House. The use of electronic distribution can remove the ability of the retail stores from differentiating themselves from each other and differentiate themselves from the content owners, especially on the Web. Therefore a need exists to provide retailers of electronic content such as pictures, games, music, programs and videos a way to differentiate themselves from each other and the content owners when selling music through electronic distribution.

Content owners prepare their digital content for electronic distribution through distribution sites such as electronic stores. Electronic stores on the Internet, or through other online services, want to differentiate themselves from each other by their product offerings and product promotions. A traditional store, i.e.--the non-electronic, non-online analogs to electronic stores--use product promotions, product sales, product samples, liberal return policies and other promotional programs to differentiate themselves from their competitors. However, in the online world where the content providers impose usage conditions on the digital content, the ability of electronic stores to differentiate themselves may be severely limited. Moreover, even if the usage conditions can be changed, electronic stores are faced with the difficult task of processing the metadata associated with the digital content from the content providers to promote and sell products electronically. Electronic stores need to manage several requirements when processing the metadata. First, the electronic store is required to receive the metadata associated with the digital content from the content providers. Many times, parts of this metadata may be sent encrypted, so the content provider must create a mechanism to decrypt the encrypted content. Second, the electronic store may wish to preview metadata from the content provider either before the content is received from the content provider or after the content is received by the electronic store, in order to assist with product marketing, product positioning and other promotional considerations for the content. Third, the electronic store is required to extract certain metadata used for promotional materials such as graphics and artist information. Often, this promotional material is used directly by the electronic store in its online promotions. Fourth, the electronic stores may wish to differentiate themselves from one another by modifying some of the permitted usage conditions to create different offerings of the digital content. Fifth, the electronic store may have to insert or alter certain addresses, such as URLs, in the metadata to direct payment reconciliation to an account reconciliation house automatically by the purchaser without the need to go through the electronic store for payment clearance. Sixth, the electronic store may need to create licenses for the permitted use of the copyrighted digital content that match usage conditions. For example, the license may grant the permission to make a limited number of copies of the digital content. A license is needed to reflect the terms and conditions of the permission granted.

In light of all these requirements, to process the metadata related to the digital content, many electronic stores write customized software programs to handle these requirements. The time, cost and testing needed to create these customized software programs can be large. Accordingly, a need exists to provide a solution to these requirements.

Still, another reason owners of digital content have been slow to embrace electronic distribution is the difficulty in preparing content for electronic distribution. Today, many providers of content have thousands or even tens of thousands of titles in their portfolio. In a music example, it is not unusual for a content owner to have a single master sound recording available on several different formats simultaneously (e.g. CD, tape and MiniDisc). In addition, a single format can have a master sound recording re-mastered or re-mixed for a specific distribution channel. As an example, the mixing for broadcast radio may be different than the mixing for a dance club sound track, which may be different than a generally available consumer CD. Inventorying and keeping track of these different mixes can be burdensome. Moreover, many owners of master recordings often times re-issue old recordings in various subsequent collections, such as "The Best Of", or in compilations for musical sound tracks to movies and other collections or compilations. As more content is offered digitally, the need to re-mix and encode the content for electronic distribution grows. Many times providers need to use old recording formats as guides to select the correct master sound recordings and have these sound recordings reprocessed and encoded for release for electronic distribution. This may be especially true for content providers that wish to use their old formats to assist them in re-releasing the old sound recording for electronic distribution. Providers will look through databases to match up titles, artists and sound recordings to set the encoding parameters. This process of manually searching databases for recording portfolios is not without its shortcomings. One shortcoming is the need to have an operator manually search a database and set the processing parameters appropriately. Another shortcoming is the possibility of operator transcription error in selecting data from a database. Accordingly, a need exists to provide content providers a method to automatically retrieve associated data and master recordings for content such as audio.

Content owners prepare their digital content for electronic distribution through a process known as encoding. Encoding involves taking the content, digitizing it, if the content is presented in an analog format, and compressing it. The process of compressing allows the digital content to be transferred over networks and stored on recordable medium more efficiently because the amount of data transmitted or stored is reduced. However, compression is not without its shortcomings. Most compression involves the loss of some information, and is called lossy compression. Content providers must make decisions on what compression algorithm to use and the compression level required. For example, in music, the digital content or song may have very different characteristics depending on the genre of the music. The compression algorithm and compression level selected for one genre may not be the optimal choice for another genre of music. Content providers may find certain combinations of compression algorithms and compression levels work very well for one genre of music, say classical, but provide unsatisfactory results for another genre of music such as heavy metal. Moreover, audio engineers must often equalize the music, perform dynamic range adjustments and perform other preprocessing and processing settings to ensure the genre of music encoded produces the desired results. The requirement to always have to manually set these encoding parameters such as setting the equalization levels and the dynamic range settings for each digital content can be burdensome. Returning to the music example, a content provider for music with a collection covering a variety of musical genre would have to manually select for each song or set of songs to be encoded, the desired combination of encoding parameters. Accordingly, a need exists to overcome the need for manually selection of process parameters for encoding.

The process to compress content can require a large amount of dedicated computational resources, especially for larger content items such as full-length feature movies. Providers of compression algorithms offer various tradeoffs and advantages associated with their compression techniques. These tradeoffs include: the amount of time and computational resources needed to compress the content; the amount of compression achieved from the original content; the desired bit rate for playback; the performance quality of the compressed content; and other factors. Using an encoding program which take as input a multimedia file and generate an encoded output file with no interim indication of progress or status is a problem. Moreover, in many circumstances, other programs are used to call or to manage an encoding program with no interim indication of progress. This leaves the calling application with no way to gauge the amount of content that has been encoded as a percentage of the entire selection of designated to be encoded. In circumstances where the calling program is trying to schedule several different programs to run at once this can be a problem. Furthermore, this can be especially burdensome in cases where batches of content have been selected for encoding and the content provider wants to determine the progress of the encoding process. Accordingly, a need exists to overcome these problems.

Still another reason digital content providers have been slow to adopt electronic distribution for their content is lack of standards for creating digital players on end-user devices for electronically delivered content. Content providers, electronic stores, or others in the electronic distribution chain may want to offer customized players on a variety of devices such as PCS, set-top boxes, hand-held devices and more. A set of tools that can handle the decryption of the digital content in a tamper resistant environment, that is, an environment to deter the unauthorized access to the content during playing by a third party is needed. Moreover, a set of tools is needed to enable an end user to manage of a local library of digital content without allowing the end user to have access to the content for uses other than what was purchased.

Still another reason digital content providers have been slow to adopt online distribution of digital content is the time it takes to deliver content, even compressed over standard phone lines. Other systems exist to provide information over broadcast infrastructure, such as Intel Intellicast system and "Hughes DirecPC", that allow the download of digital content over existing broadcast infrastructure. These broadcast systems although useful, are not without their shortcomings. To begin, these systems do not provide a secure environment for the digital content. Many of these system available today, require that the back channel, usually a phone line, be used to select the digital content desired. If the back channel or telephone line is unavailable, the content can not be selected. Other systems do not provide promotion data, content data, and metadata in a single digital channel, but rather require an additional bidirectional channel for one or more of these functions. Our system may use a bidirectional channel, if it is available, for download-on-demand as well as for efficient retransmission of corrupted content data blocks. Accordingly, a need exists to overcome this shortcoming.

Another shortcoming with current broadcast systems is the lack of security. The lack of security makes the digital content delivered over these systems easy to pirate.

Another shortcoming with current broadcast systems is they do not allow providers of content to use the identical tools to distribute content securely over telecommunications lines, broadcast infrastructure and through computer readable medium such as DVDs and CDS. Accordingly, a need exists for a method and system to provide the delivery of digital content over broadcast infrastructure to overcome these problems.

Further information on the background of protecting digital content can be found from the following three sources. "Music on the Internet and the Intellectual Property Protection Problem" by Jack Lacy, James Snyder, David Maher, of AT&T Labs, Florham Park, N.J. available online URL http://www.a2bmusic.com/about/papers/musicipp.htm. Crypto graphically protected container, called DigiBox, in the article "Securing the Content, Not the Wire for Information Commerce" by Olin Sibert, David Bernstein and David Van Wie, InterTrust Technologies Corp. Sunnyvale, Calif. available online URL http://www.intertrust.com/architecture/stc.html. And "Cryptolope Container Technology", an IBM White Paper, available online URL http:///cyptolope.ibm.com/white.htm.

SUMMARY OF THE INVENTION

A method of securely providing data to a user's system over a broadcast infrastructure. The method comprising the steps of: encrypting the data using a first encrypting key; encrypting a first decrypting key using a second encrypting key; dividing at least part of the encrypted data into a series of logical packages; placing at least some of the logical packages into a broadcast carousel for cyclical broadcast over the broadcast infrastructure; broadcasting the packages in broadcast carousel so that they can be received by at least one user's system, wherein the broadcast is cyclical and repeats periodically; and transferring the encrypted first decrypting key, which has been encrypted with the second encrypting key, to the user's system.

In another embodiment, a system is disclosed to carry out the above method in a broadcast infrastructure and an image overlaid on top of a primary image being displayed is used to denote that additional logical packages are available for receipt by broadcast.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating an over view of a Secure Digital Content Electronic Distribution System according to the present invention.

FIG. 2 is a block diagram illustrating an example Secure Container (SC) and the associated graphical representations according to the present invention.

FIG. 3 is a block diagram illustrating an overview of the encryption process for a Secure Container (SC) according to the present invention.

FIG. 4 is a block diagram illustrating an overview of the de-encryption process for a Secure Container (SC) according to the present invention.

FIG. 5 is a block diagram illustrating an overview of the layers for the Rights Management Architecture of the Secure Digital Content Distribution System of FIG. 1 according to the present invention.

FIG. 6 is a block diagram illustrating an overview of the Content Distribution and Licensing Control as it applies to the License Control Layer of FIG. 5.

FIG. 7 is an illustration of an example user interface for the Work Flow Manager Tool of FIG. 1 according to the present invention.

FIG. 8 is a block diagram of the major tools, components and processes of the Work Flow Manager corresponding to the user interface in FIG. 7 according to the present invention.

FIG. 9 is a block diagram illustrating the major tools, components and processes of an Electronic Digital Content Store of FIG. 1 according to the present invention.

FIG. 10 is a block diagram illustrating the major components and processes of an End-=User Device(s) of FIG. 1 according to the present invention.

FIG. 11 is a flow diagram of a method to calculate an encoding rate factor for the Content Preprocessing and Compression tool of FIG. 8 according to the present invention.

FIG. 12 is a flow diagram of a method to automatically retrieve additional information for the Automatic Metadata Acquisition Tool of FIG. 8 according to the present invention.

FIG. 13 is a flow diagram of a method to automatically set the Preprocessing and Compression parameters of the Preprocessing and Compression Tool of FIG. 8 according to the present invention.

FIG. 14 is an example of user interface screens of the Player Application downloading content to a local library as described in FIG. 15 according to the present invention.

FIG. 15 is a block diagram illustrating the major components and processes of a Player Application running on End-User Device of FIG. 9 according to the present invention.

FIG. 16 is an example user interface screens of the Player Application of FIG. 15 according to the present invention.

FIG. 17 is a flow diagram of an alternate embodiment to automatically retrieve additional information for the Automatic Metadata Acquisition Tool of FIG. 8 according to the present invention.

FIG. 18 is a high level logical diagram of an alternate embodiment of electronic distribution of digital content using broadcast infrastructure, according to the present invention.

FIG. 19 is a detailed block diagram of FIG. 18, illustrating an alternate embodiment of electronic distribution of digital content using broadcast infrastructure, according to the present invention.

FIG. 20 is a block diagram of the packet being broadcast in the alternate embodiment of FIG. 18, according to the present invention.

FIG. 21 is a flow diagram for a process running on the End User Device for purchasing content over the alternate embodiment of FIG. 18., according to the present invention.

FIGS. 22-26 are a series of screen shots illustrating the user's purchase on a television using the alternate embodiment of FIG. 18, according to the present invention.

DETAILED DESCRIPTION OF AN EMBODIMENT

A Table of Contents is provided for this present invention to assist the reader in quickly locating different sections in this embodiment.

I. SECURE DIGITAL CONTENT ELECTRONIC DISTRIBUTION SYSTEM

A. System Overview

1. Rights Management

2. Metering

3. Open Architecture

B. System Functional Elements

1. Content Provider(s)

2. Electronic Digital Content Store(s)

3. Intermediate Market Partners

4. Clearinghouse(s)

5. End-User Device(s)

6. Transmission Infrastructures

C. System Uses

II. CRYPTOGRAPHY CONCEPTS AND THEIR APPLICATION TO THE SECURE DIGITAL CONTENT ELECTRONIC DISTRIBUTION SYSTEM

A. Symmetric Algorithms

B. Public Key Algorithms

C. Digital Signature

D. Digital Certificates

E. Guide To The SC(s) Graphical Representation

F. Example of a Secure Container Encryption

III. SECURE DIGITAL CONTENT ELECTRONIC DISTRIBUTION SYSTEM FLOW

IV. RIGHTS MANAGEMENT ARCHITECTURE MODEL

A. Architecture Layer Functions

B. Function Partitioning and Flows

1. Content Formatting Layer

2. Content Usage Control Layer

3. Content Identification Layer

4. License Control Layer

C. Content Distribution and Licensing Control

V. SECURE CONTAINER STRUCTURE

A. General Structure

B. Rights Management Language Syntax and Semantics

C. Overview of Secure Container Flow and Processing

D. Metadata Secure Container 620 Format

E. Offer Secure Container 641 Format

F. Transaction Secure Container 640 Format

G. Order Secure Container 650 Format

H. License Secure Container 660 Format

I. Content Secure Container Format

VI. SECURE CONTAINER PACKING AND UNPACKING

A. Overview

B. Bill of Materials (BOM) Part

C. Key Description Part

VII. CLEARINGHOUSE(S)

A. Overview

B. Rights Management Processing

C. Country Specific Parameters

D. Audit Logs and Tracking

E. Reporting of Results

F. Billing and Payment Verification

G. Retransmissions

VIII. CONTENT PROVIDER

A. Overview

B. Work Flow Manager

1. Products Awaiting Action/Information Process

2. New Content Request Process

3. Automatic Metadata Acquisition Process

4. Manual Metadata Entry Process

5. Usage Conditions Process

6. Supervised Release Process

7. Metadata SC(s) Creation Process

8. Watermarking Process

9. Preprocessing and Compression Process

10. Content Quality Control Process

11. Encryption Process

12. Content SC(s) Creation Process

13. Final Quality Assurance Process

14. Content Dispersement Process

15. Work Flow Rules

C. Metadata Assimilation and Entry Tool

1. Automatic Metadata Acquisition Tool

2. Manual Metadata Entry Tool

3. Usage Conditions Tool

4. Parts of the Metadata SC(s)

5. Supervised Release Tool

D. Content Processing Tool

1. Watermarking Tool

2. Preprocessing and Compression Tool

3. Content Quality Control Tool

4. Encryption Tool

E. Content SC(s) Creation Tool

F. Final Quality Assurance Tool

G. Content Dispersement Tool

H. Content Promotions Web Site

I. Content Hosting

1. Content Hosting Sites

2. Content Hosting Site(s) 111 provided by the Secure Digital Content Electronic Distribution System

IX. ELECTRONIC DIGITAL CONTENT STORE(S)

A. Overview --Support for Multiple Electronic Digital Content Store(s)

B. Point-to-Point Electronic Digital Content Distribution Service

1. Integration Requirements

2. Content Acquisition Tool

3. Transaction Processing Module

4. Notification Interface Module

5. Account Reconciliation Tool

C. Broadcast Electronic Digital Content Distribution Service

X. END-USER DEVICE(S)

A. Overview

B. Application Installation

C. Secure Container Processor

D. The Player Application

1. Overview

2. End-User Interface Components

3. Copy/Play Management Components

4. Decryption 1505, Decompression 1506 and Playback Components

5. Data Management 1502 and Library Access Components

6. Inter-application Communication Components

7. Other Miscellaneous Components

8. The Generic Player

E. End-User Device(s) 109 in Broadcast Delivery Mode

I. Secure Digital Content Electronic Distribution System

A. System Overview

The Secure Digital Content Electronic Distribution System is a technical platform that encompasses the technology, specifications, tools, and software needed for the secure delivery and rights management of Digital Content and digital content-related content to an end-user, client device. The End-User Device(s) include PCS, set top boxes (IRDs), and Internet appliances. These devices may copy the content to external media or portable, consumer devices as permitted by the content proprietors. The term Digital Content or simply Content, refers to information and data stored in a digital format including: pictures, movies, videos, music, programs, multimedia and games.

The technical platform specifies how Digital Content is prepared, securely distributed through point-to-point and broadcast infrastructures (such as cable, Internet, satellite, and wireless) licensed to End-User Device(s), and protected against unauthorized copying or playing. In addition, the architecture of the technical platform allows for the integration and migration of various technologies such as Watermarking, compression/encoding, encryption, and other security algorithms as they evolve over time.

The base components of the Secure Digital Content Electronic Distribution System are: (1) rights management for the protection of ownership rights of the content proprietor; (2) transaction metering for immediate and accurate compensation; and (3) an open and well-documented architecture that enables Content Provider(s) to prepare content and permit its secure delivery over multiple network infrastructures for playback on any standard compliant player.

1. Rights Management

Rights management in the Secure Digital Content Electronic Distribution System is implemented through a set of functions distributed among the operating components of the system. Its primary functions include: licensing authorization and control so that content is unlocked only by authorized intermediate or End-User(s) that have secured a license; and control and enforcement of content usage according to the conditions of purchase or license, such as permitted number of copies, number of plays, and the time interval or term the license may be valid. A secondary function of rights management is to enable a means to identify the origin of unauthorized copies of content to combat piracy.

Licensing authorization and control are implemented through the use of a Clearinghouse(s) entity and Secure Container (SC) technology. The Clearinghouse(s) provides licensing authorization by enabling intermediate or End-User(s) to unlock content after verification of a successful completion of a licensing transaction. Secure Containers are used to distribute encrypted content and information among the system components. A SC is a cryptographic carrier of information or content that uses encryption, digital signatures, and digital certificates to provide protection against unauthorized interception or modification of electronic information and content. It also allows for the verification of the authenticity and integrity of the Digital Content. The advantage of these rights management functions is that the electronic Digital Content distribution infrastructure does not have to be secure or trusted. Therefore allowing transmission over network infrastructures such as the Web and Internet. This is due to the fact that the Content is encrypted within Secure Containers and its storage and distribution are separate from the control of its unlocking and use. Only users who have decryption keys can unlock the encrypted Content, and the Clearinghouse(s) releases decryption keys only for authorized and appropriate usage requests. The Clearinghouse(s) will not clear bogus requests from unknown or unauthorized parties or requests that do not comply with the content's usage conditions as set by the content proprietors. In addition, if the SC is tampered with during its transmission, the software in the Clearinghouse(s) determines that the Content in a SC is corrupted or falsified and repudiate the transaction.

The control of Content usage is enabled through the End-User Player Application 195 running on an End-User Device(s). The application embeds a digital code in every copy of the Content that defines the allowable number of secondary copies and play backs. Digital Watermarking technology is used to generate the digital code, to keep it hidden from other End-User Player Application 195, and to make it resistant to alteration attempts. In an alternate embodiment, the digital code is just kept as part of the usage conditions associated with the Content 113. When the Digital Content 113 is accessed in a compliant End-User Device(s), the End-User Player Application 195 reads the watermark to check the use restrictions and updates the watermark as required. If the requested use of the content does not comply with the usage conditions, e.g., the number of copies has been exhausted, the End-User Device(s) will not perform the request.

Digital Watermarking also provides the means to identify the origin of authorized or unauthorized copies of Content. An initial watermark in the Content is embedded by the content proprietor to identify the content proprietor, specify copyright information, define geographic distribution areas, and add other pertinent information. A second watermark is embedded in the Content at the End-User Device(s) to identify the content purchaser (or licensee) and End-User Device(s), specify the purchase or license conditions and date, and add any other pertinent information.

Since watermarks become an integral part of the Content, they are carried in the copies independent of whether the copies were authorized or not. Thus the Digital Content always contains information regarding its source and its permitted use regardless of where the content resides or where it comes from. This information may be used to combat illegal use of the Content.

2. Metering

As part of its rights management functions, the Clearinghouse(s) keeps a record of all transactions where a key exchange is cleared through the Clearinghouse(s). This record allows for the metering of licensing authorization and the original conditions of use. The transaction record can be reported to responsible parties, such as, content proprietors or Content Provider(s), retailers, and others, on an immediate or periodic basis to facilitate electronic reconciliation of transaction payments and other uses.

3. Open Architecture

The Secure Digital Content Electronic Distribution System (System) is an open architecture with published specifications and interfaces to facilitate broad implementation and acceptance of the System in the market place while maintaining rights protection for the content proprietors. The flexibility and openness of the System architecture also enable the System to evolve over time as various technologies, transmission infrastructures, and devices are delivered to the marketplace.

The architecture is open regarding the nature of the Content and its format. Distribution of audio, programs, multimedia, video, or other types of Content is supported by the architecture. The Content could be in a native format such as linear PCM for digital music, or a format achieved by additional preprocessing or encoding, such as filtering, compression, or pre/de-emphasis, and more. The architecture is open to various encryption and Watermarking techniques. It allows for the selection of specific techniques to accommodate different Content types and formats and to allow the introduction or adoption of new technologies as they evolve. This flexibility allows Content Provider(s) to pick and evolve the technologies they use for data compression, encryption, and formatting within the Secure Digital Content Electronic Distribution System.

The architecture is also open to different distribution networks and distribution models. The architecture supports content distribution over low-speed Internet connections or high-speed satellite and cable networks and can be used with point-to-point or broadcast models. In addition, the architecture is designed so that the functions in the End-User Device(s) can be implemented on a wide variety of devices, including low cost consumer devices. This flexibility allows Content Provider(s) and retailers to offer Content to intermediate or End-User(s) through a variety of service offerings and enables the users to purchase or license Content, play it back, and record it on various compliant player devices.

B. System Functional Elements

Turning now to FIG. 1, there is shown a block diagram illustrating an overview of a Secure Digital Content Electronic Distribution System 100 according to the present invention. The Secure Digital Content Electronic Distribution System 100 encompasses several business elements that comprise an end-to-end solution, including: Content Provider(s) 101 or the proprietors of the Digital Content, Electronic Digital Content Store(s) 103, Intermediate Market Partners (not shown), Clearinghouse(s) 105, Content Hosting Site 111, Transmission Infrastructures 107, and End-User Device(s) 109. Each of these business elements use various components of the Secure Digital Content Electronic Distribution System 100. A high level description of these business elements and system components, as they pertain specifically to electronic Content 113 distribution, follows.

1. Content Provider(s) 101

Content Provider(s) 101 or content proprietor(s) are owners of original Content 113 and/or distributors authorized to package independent Content 113 for further distribution. Content Provider(s) 101 may exploit their rights directly or license Content 113 to the Electronic Digital Content Store(s) 103, or Intermediate Market Partners (not shown), usually in return for Content usage payments related to electronic commerce revenues. Examples of Content Provider(s) 101 include Sony, Time-Warner, MTV, IBM, Microsoft, Turner, Fox and others.

Content Provider(s) 101 use tools provided as part of the Secure Digital Content Electronic Distribution System 100 in order to prepare their Content 113 and related data for distribution. A Work Flow Manager Tool 154 schedules Content 113 to be processed and tracks the Content 113 as it flows through the various steps of Content 113 preparation and packaging to maintain high quality assurance. The term metadata is used throughout this document to mean data related to the Content 113 and in this embodiment does not include the Content 113 itself. As an example, metadata for a song may be a song title or song credits but not the sound recording of the song. The Content 113 would contain the sound recording. A Metadata Assimilation and Entry Tool 161 is used to extract metadata from the Content Provider(s)' Database 160 or data provided by the Content Provider(s) in a prescribed format (for a music example the Content 113 information such as CD title, artist name, song title, CD artwork, and more) and to package it for electronic distribution. The Metadata Assimilation and Entry Tool 161 is also used to enter the Usage Conditions for the Content 113. The data in Usage Conditions can include copy restriction rules, the wholesale price, and any business rules deemed necessary. A Watermarking Tool is used to hide data in the Content 113 that identifies the content owner, the processing date, and other relevant data. For an embodiment where the Content 113 is audio, an audio preprocessor tool is used to adjust the dynamics and/or equalize the Content 113 or other audio for optimum compression quality, compress the Content 113 to the desired compression levels, and encrypt the Content 113. These can be adapted to follow technical advances in digital content compression/encoding, encryption, and formatting methods, allowing the Content Provider(s) 101 to utilize best tools as they evolve over time in the marketplace.

The encrypted Content 113, digital content-related data or metadata, and encrypted keys are packed in SCs (described below) by the SC Packer Tool and stored in a content hosting site and/or promotional web site for electronic distribution. The content hosting site can reside at the Content Provider(s) 101 or in multiple locations, including Electronic Digital Content Store(s) 103 and Intermediate Market Partners (not shown) facilities. Since both the Content 113 and the Keys (described below) are encrypted and packed in SCs, Electronic Digital Content Store(s) 103 or any other hosting agent can not directly access decrypted Content 113 without clearance from the Clearinghouse(s) and notification to the Content Provider(s) 101.

2. Electronic Digital Content Store(s) 103

Electronic Digital Content Store(s) 103 are the entities who market the Content 113 through a wide variety of services or applications, such as Content 113 theme programming or electronic merchandising of Content 113. Electronic Digital Content Store(s) 103 manage the design, development, business operations, settlements, merchandising, marketing, and sales of their services. Example online Electronic Digital Content Store(s) 103 are Web sites that provide electronic downloads of software.

Within their services, Electronic Digital Content Store(s) 103 implement certain functions of the Secure Digital Content Electronic Distribution System 100. Electronic Digital Content Store(s) 103 aggregate information from the Content Provider(s) 101, pack content and metadata in additional SCs, and deliver those SCs to consumers or businesses as part of a service or application. Electronic Digital Content Store(s) 103 use tools provided by the Secure Digital Content Electronic Distribution System 100 to assist with: metadata extraction, secondary usage conditions, SC packaging, and tracking of electronic content transactions. The secondary usage conditions data can include retail business offers such as Content 113 purchase price, pay-per-listen price, copy authorization and target device types, or timed-availability restrictions.

Once an Electronic Digital Content Store(s) 103 completes a valid request for electronic Content 113 from an End-User(s), the Electronic Digital Content Store(s) 103 is responsible for authorizing the Clearinghouse(s) 105 to release the decryption key for the Content 113 to the customer. The Electronic Digital Content Store(s) also authorizes the download of the SC containing the Content 113. The Electronic Digital Content Store(s) may elect to host the SCs containing the Digital Content at its local site and/or utilize the hosting and distribution facilities of another Content hosting site.

The Electronic Digital Content Store(s) can provide customer service for any questions or problems that an End-User(s) may have using the Secure Digital Content Electronic Distribution System 100, or the Electronic Digital Content Store(s) 103 may contract their customer service support to the Clearinghouse(s) 105.

3. Intermediate Market Partners (not shown)

In an alternate embodiment, the Secure Digital Content Electronic Distribution System 100 can be used to provide Content 113 securely to other businesses called Intermediate Market Partners. These partners may include digital content-related companies offering a non-electronic service, such as televisions stations or video clubs, radio stations or record clubs, that distribute Content 113. These Partners may also include other trusted parties who handle material as part of making or marketing sound recordings, such as record studios, replicators, and producers. These Intermediate Market Partners requires clearance from the Clearinghouse(s) 105 in order to decrypt the Content 113.

4. Clearinghouse(s) 105

The Clearinghouse(s) 105 provides the licensing authorization and record keeping for all transactions that relate to the sale and/or permitted use of the Content 113 encrypted in a SC. When the Clearinghouse(s) 105 receives a request for a decryption key for the Content 113 from an intermediate or End-User(s), the Clearinghouse(s) 105 validates the integrity and authenticity of the information in the request; verifies that the request was authorized by an Electronic Digital Content Store(s) or Content Provider(s) 101; and verifies that the requested usage complies with the content Usage Conditions as defined by the Content Provider(s) 101. Once these verifications are satisfied, the Clearinghouse(s) 105 sends the decryption key for the Content 113 to the requesting End-User(s) packed in a License SC. The key is encrypted in a manner so that only the authorized user can retrieve it. If the End-User's request is not verifiable, complete, or authorized, the Clearinghouse(s) 105 repudiates the request for the decryption key.

The Clearinghouse(s) 105 keeps a record of all transactions and can report them to responsible parties, such as Electronic Digital Content Store(s) 103 and Content Provider(s) 101, on an immediate, periodic, or restricted basis. This reporting is a means by which Content Provider(s) 101 can be informed of the sale of Content 113 and the Electronic Digital Content Store(s) 103 can obtain an audit trail of electronic delivery to their customers. The Clearinghouse(s) 105 can also notify the Content Provider(s) 101 and/or Electronic Digital Content Store(s) 103 if it detects that information in a SC has been compromised or does not comply with the Content's Usage Conditions. The transaction recording and repository capabilities of the Clearinghouse(s) 105 database is structured for data mining and report generation.

In another embodiment, the Clearinghouse(s) 105 can provide customer support and exception processing for transactions such as refunds, transmission failures, and purchase disputes. The Clearinghouse(s) 105 can be operated as an independent entity, providing a trusted custodian for rights management and metering. It provides billing and settlement as required. Examples of electronic Clearinghouse(s) include Secure-Bank.com and Secure Electronic Transaction (SET) from Visa/MasterCard. In one embodiment, the Clearinghouse(s) 105 are Web sites accessible to the End-User Device(s) 109. In another embodiment, the Clearinghouse(s) 105 is part of the Electronic Digital Content Store(s) 103.

5. End-User Device(s) 109

The End-User Device(s) 109 can be any player device that contains an End-User Player Application 195 (described later) compliant with the Secure Digital Content Electronic Distribution System 100 specifications. These devices may include PCS, set top boxes (IRDs), and Internet appliances. The End-User Player Application 195 could be implemented in software and/or consumer electronics hardware. In addition to performing play, record, and library management functions, the End-User Player Application 195 performs SC processing to enable rights management in the End-User Device(s) 109. The End-User Device(s) 109 manages the download and storage of the SCs containing the Digital Content; requests and manages receipt of the encrypted Digital Content keys from the Clearinghouse(s) 105; processes the watermark(s) every time the Digital Content is copied or played; manages the number of copies made (or deletion of the copy) in accordance with the Digital Content's Usage Conditions; and performs the copy to an external media or portable consumer device if permitted. The portable consumer device can perform a subset of the End-User Player Application 195 functions in order to process the content's Usage Conditions embedded in the watermark. The terms End-User(s) and End-User Player Application 195 are used throughout this to mean through the use or running-on an End-User Device(s) 109.

6. Transmission Infrastructures 107

The Secure Digital Content Electronic Distribution System 100 is independent of the transmission network connecting the Electronic Digital Content Store(s) 103 and End-User Device(s) 109. It supports both point-to-point such as the Internet and broadcast distribution models such as digital broadcast television.

Even though the same tools and applications are used to acquire, package, and track Content 113 transactions over various Transmission Infrastructures 107, the presentation and method in which services are delivered to the customer may vary depending on the infrastructure and distribution model selected. The quality of the Content 113 being transferred may also vary since high bandwidth infrastructures can deliver high-quality digital content at more acceptable response times than lower bandwidth infrastructures. A service application designed for a point-to-point distribution model can be adapted to support a broadcast distribution model as well.

C. System Uses

The Secure Digital Content Electronic Distribution System 100 enables the secure delivery of high-quality, electronic copies of Content 113 to End-User Device(s) 109, whether consumer or business, and to regulate and track usage of the Content 113.

The Secure Digital Content Electronic Distribution System 100 could be deployed in a variety of consumer and business-to-business services using both new and existing distribution channels. Each particular service could use a different financial model that can be enforced through the rights management features of the Secure Digital Content Electronic Distribution System 100. Models such as wholesale or retail purchase, pay-per-listen usage, subscription services, copy/no-copy restrictions, or redistribution could be implemented through the rights management of the Clearinghouse(s) 105 and the End-User Player Application 195 copy protection features.

The Secure Digital Content Electronic Distribution System 100 allows Electronic Digital Content Store(s) 103 and Intermediate Market Partners a great deal of flexibility in creating services that sell Content 113. At the same time it provides Content Provider(s) 101 a level of assurance that their digital assets are protected and metered so that they can receive appropriate compensation for the licensing of Content 113.

II. CRYPTOGRAPHY CONCEPTS AND THEIR APPLICATION TO THE SECURE DIGITAL CONTENT ELECTRONIC DISTRIBUTION SYSTEM

License Control in the Secure Digital Content Electronic Distribution System 100 is based on the use of cryptography. This section introduces basic cryptography technologies of the present invention. The use of public key encryption, symmetric key encryption, digital signatures, digital watermarks and digital certificates is known.

A. Symmetric Algorithms

In the Secure Digital Content Electronic Distribution System 100 the Content Provider(s) 101 encrypts the content using symmetric algorithms. They are called symmetric algorithms because the same key is used to encrypt and decrypt data. The data sender and the message recipient must share the key. The shared key is referred to here as the symmetric key. The Secure Digital Content Electronic Distribution System 100 architecture is independent of the specific symmetric algorithm selected for a particular implementation.

Common symmetric algorithms are DES, RC2 and RC4. Both DES and RC2 are block cipher. A block cipher encrypts the data using a block of data bits at a time. DES is an official US government encryption standard, has a 64-bit block size, and uses a 56-bit key. Triple-DES is commonly used to increase the security achieved with simple DES. RSA Data Security designed RC2. RC2 uses a variable-key-size cipher and has a block size of 64 bits. RC4, also designed by RSA Data Security, is a variable-key-size stream cipher. A stream cipher operates on a single data bit at a time. RSA Data Security claims that eight to sixteen machine operations are required for RC4 per output byte.

IBM designed a fast algorithm called SEAL. SEAL is a stream algorithm that uses a variable-length key and that has been optimized for 32-bit processors. SEAL requires about five elementary machine instructions per data byte. A 50 MHZ, 486-based computer runs the SEAL code at 7.2 megabytes/second if the 160-bit key used has already been preprocessed into internal tables.

Microsoft reports results of encryption performance benchmark in its Overview of CryptoAPI document. These results were obtained by an application using Microsoft's CryptoAPI, running on a 120-MHZ, Pentium-based computer with Windows NT 4.0.

        Cipher    Key Size    Key Setup Time  Encryption Speed
        DES          56             460           1,138,519
        RC2          40              40             286,888
        RC4          40             151           2,377,723

          Initial       Component
          CP            Content Provider(s) 101
          MS            Electronic Digital Content Store(s) 103
          HS            Content Hosting Site(s) 111
          EU            End-User Device(s) 109
          CH            Clearinghouse(s) 105
          CA            certification authority(ies) (not shown)

                                     BOM                                 Key
     Description Part
    Parts                    Part Exists   Digest    Result Name Encrypt Alg
     Key Id/Enc Key  Sym Key Alg   Sym Key ID
    [Content URL]                                   Output Part RC4         Enc
     Sym Key     RSA           CH Pub Key
    [Metadata URL]                                  Output Part RC4         Enc
     Sym Key     RSA           CH Pub Key
                                   SC Version
                                     SC ID
                                    SC Type
                                  SC Publisher
                                      Date
                                Expiration Date
                              Clearinghouse(s) URL
                              Digest Algorithm ID
                             Digital Signature Alg ID
    Content ID                   Yes         Yes
    Metadata                     Yes         Yes
    Usage Conditions             Yes         Yes
    SC Templates                 Yes         Yes
    Watermarking Instructions     Yes         Yes     Output Part RC4
     Enc Sym Key     RSA           CH Pub Key
    Key Description Part         Yes         Yes
    Clearinghouse(s) Certificate(s)     Yes         No
    Certificate(s)               Yes         No
                               Digital Signature

                                     BOM                                 Key
     Description Part
    Parts                    Part Exists   Digest    Result Name Encrypt Alg
     Key Id/Enc Key  Sym Key Alg   Sym Key ID
                                                  Metadata SC Parts
    [Content URL]                                   Output Part RC4         Enc
     Sym Key     RSA           CH Pub Key
    [Metadata URL]                                  Output Part RC4         Enc
     Sym Key     RSA           CH Pub Key
                                   SC Version
                                     SC ID
                                    SC Type
                                  SC Publisher
                                      Date
                                Expiration Date
                              Clearinghouse(s) URL
                              Digest Algorithm ID
                             Digital Signature Alg ID
    Content ID                   Yes         Yes
    Metadata                    Some         Yes
    Usage Conditions             Yes         Yes
    SC Templates                 Yes         Yes
    Watermarking Instructions     Yes         Yes     Output Part RC4
     Enc Sym Key     RSA           CH Pub Key
    Key Description Part         Yes         Yes
    Clearinghouse(s) Certificate(s)     Yes         No
    Certificate(s)               Yes         No
                               Digital Signature
                                                   Offer SC Parts
                                   SC Version
                                     SC ID
                                    SC Type
                                  SC Publisher
                                      Date
                                Expiration Date
                              Digest Algorithm ID
                             Digital Signature Alg ID
    Metadata SC BOM              Yes         Yes
    Additional and Overridden     Yes         Yes
    Fields
    Electronic Digital Content     Yes         No
    Store(s) Certificate
    Certificate(s)               Yes         No
                               Digital Signature