Method for Electronic Content
Distribution and Right Management
Abstract
The present paper proposes a method for managing the copyright of electronic content, especially huge size documents. The user, the owner of a dedicated device embedded with a secure module, can make use of encrypted documents after he/she is authenticated by a trusted party or clearinghouse. And the content can only be used on the designated device. This model supports super-distribution and corporate purchasing. The present paper can protect participants from abrupt network connection breakdown.
1. Background
In most cases, buying books electronically means browsing bookseller’s Web site (e.g. http://www.amazon.com), starting to search a database, paying with a credit card, and having the book shipped. The buying process incorporates rapidly evolving technologies, but the content remains decidedly low-tech: paper, ink, and glue. Electronic books (eBooks) have the potential to easily assemble personal libraries of fiction, reference books and publications.
Digital content can be copied and disseminated easily and without any degradation in quality. Digital security of lawsuits can not stop Internet theft of content. Stephen King encrypted his novel “Riding the Bullet” and published its Internet distribution for PC in 2000, the key was hacked and posted on the Internet in less than 24 hours after its release. The publishing industry stands to lose $1.5 billion through eBook piracy by 2005 (Forrester Research , “Content Out of Control”, Sept. 2000). However, with the growing demand for digital content, publishers, distributors, and Web retailers are looking for safe and effective ways to sell and distribute documents electronically. They have learned a lesson from watching the music industry struggling with the consequences of digital music distribution. Wary of making the same mistakes, they will not fully embrace the electronic commerce of digital content
until they can implement digital rights protection mechanisms that are fully customisable, and appropriately secure.
US5,513,260, entitled “Method and Apparatus for Copy Protection for Various Recording Media”, provides a method and apparatus for copyright protection for various recording media such as compact discs (CDs). Coupled with the combination of encrypting methods, an authenticating signature is recorded on the media when copy protection is required. The nature of this authenticating signature is that it will not be transferred to private copies made on CD recorders and it is necessary to play the protected medium.
US4,903,296, entitled “Implementing a Shared Higher Level of Privilege on Personal Computers for Copy Protection of Software”, restricts software distributed on magnetic media, to use on a single computing machine. The original medium can not be copied functionally, until it is modified by the execution of a program stored in a tamper proof co-processor, which forms a part of the computing machine. The modified software on the original medium or its copy is operable only on the computing machine containing the co-processor that performed the modification. WO9,842,098A1, “Digital Product Rights Management Technique”, enables a digital product to be freely distributed through uncontrolled channels in encrypted form. Security fragment(s) of the product are stored in a license server. To purchase a license, reader software at the user side provides to the server a signature, which the license server uses to encrypt the product decryption key and the security fragments. To make use of the product, a new signature is generated and used to decrypt the product fragments.
US6,006,332, with the title of “Rights Management System for Digital Media”, is provided for controlling access to digitised data. An unsecure client is provided with a launch pad program which is capable of communicating with a secure Rights Management (RM) server. The launch pad will communicate with the secured RM server and request the digitised data corresponding to the controlled object. The RM server transmits this information to the launch pad. To handle this data, the launch pad
appropriate RM browser is obtained, and authentication and security information are inscribed. Prior to use, an authentication procedure is undertaken between the launch pad and the RM server to authenticate the RM browser.
Further prior art references include:
• US Pat. 5,935,246, Glenn Stuart Benson, “Electronic Copy Protection Mechanism using challenge and response to prevent unauthorised execution of software” • US Pat. 5,986,690, John S. Hendricks, “Electronic Book Selection and Delivery
system”
• US4,866,769, Karp Alan Hersh, “Hardware Assist for Protecting PC Software” • M. A. Kaplan, “IBM CryptolopesTM, Super-Distribution and Digital Rights
Management”, http://www.research.ibm.com/people/k/kaplan
• R. Mori and M. Kawahara, “Superdistribution: The Concept and the Architecture”, IEICE Transactions, Vol. E.73, No. 7, July 1990.
• J. Menezes, P. C. van Oorschot, S. A. Vanstone, “Handbook of Applied Cryptography”, CRC Press, 1996.
2. Summary
The present paper provides a method for secure distributing electronic books. The digital content can be read on a dedicated device with a tamperproof unit that can execute security function. Without loss of generality, we assume the content is stored on a CD-ROM. Any content buyer can obtained a CD-ROM as well as an access card. Nobody but the buyer can read the information of the access card. The content is encrypted in advance and a clearinghouse keeps the decryption key, which is required to decrypt the content on the CD-ROM. To make use of the content, the user’s device submits a request to the clearinghouse. The clearinghouse sends a response message including a ciphertext generated by encrypting the content decryption key with the device secret key. The ciphertext other than the content decryption key is stored on the device. Only the secure module of the device can make use of the ciphertext. Should the user lost the ciphertext, the user can recover it with the help of the clearinghouse.
3. Description of the Drawings
Figure 1 illustrates the relationship of the various parties involved. The producers 100 provide the encrypted content to the retailers 120, the decryption keys are stored in the clearinghouse 110. The clearinghouse is the trusted party of the system. The retailers sell products to the users 130.
Figure 2 is the block diagram of the user device. The device 200 comprises video interface 220, which outputs to terminal 210; storage device 230; network interface 240 used to communicate with network 290; processor 250 acting as a general computer CPU; I/O interface 260; keyboard 280 and secure module 270 embedded with a device secret key. Any operation related to the device secret key is executed in module 270.
Figure 3 is the database structure of the clearinghouse. The database 300 includes two parts. One is for management of decryption key. This component 310 has CD-ROM serial number 312 and content decryption key 318. The other is for management of access card, used to record the history of access card, device and CD-ROM. This component 350 includes card information 352, device serial numbers 354 (default is null) and CD-ROM serial numbers 356 (default is null).
Figure 4 introduces the content of access card. The card 400 comprises of the CD-ROM serial number 410 (optional), number of licenses 420 can be some forms of money or the number of legal devices or CD-ROM, expire date 430 and card serial number 440. If one license is granted to a device, the device can make use of one kind of CD-ROM.
Figure 5 is the flowchart of the operation of the preferred embodiment. In this embodiment, the clearinghouse provides services to the user.
4. Description of the Preferred Embodiment
In this embodiment, a user, the owner of a dedicated device, buys an encrypted digital goods from a retailer, as well as an access card. The user submits a registration request to a clearinghouse to obtain the decryption key so that he/she can make use of
the goods. Without loss of generality, we assume that the content is stored in a CD-ROM and all the content in one CD-CD-ROM share the same decryption key kept in the database of the clearinghouse. It is trivial to encrypt different content with different key based on the titles or some other information.
5.1Notation
a|b: the concatenation of a and b
E(m,K): the ciphertext formed by encrypting plaintext m with key K Kch : the secret key of a clearinghouse
DEVno: Device serial number, readable freely. Any device has a unique DEVno.
DEVkey: Device secret key, is derived with a one way function h(Kch|DEVno), such as
MD5 or SHA-1. It sis stored in the secure module 270(figure 2) and is protected from access by any other module but 270.
CARDno: The serial number of an access card. It is generated by the clearinghouse
and satisfies some restriction, e.g., E(n|n, Kch), where n is a number. Every
access card has a unique number CARDno.
CDno: The serial number of a CD-ROM. Every CD-ROM has a serial number CDno.
CDkey: The decryption key of content in a CD-ROM.
Clearinghouse: A central trusted organisation, which has a secret key Kch and a
database. It provides the services such as issuing access cards, device secret keys DEVkey and distributing decryption keys to users.
Retailer: Obtains the CD-ROM from the content manufacturers or content providers. The contents stored in the CD-ROM are encrypted.
User: Owner of a dedicated device. A legal user has one access card CARDno for a
legal CD-ROM. A valid card has an item in the database of the clearinghouse. This access card should be intact when the user get it from a retailer.
5.2 Registration Process
Referring to figure 5, at 500, the user purchases a CD-ROM from a retailer as well as an access card. When the user scratches the cover of the card or opens the package, a valid serial number CARDno is shown. The CD-ROM has a serial number CDno that is
printed on the cover and is readable.
At 510, the user connects to the clearinghouse to request the content decryption key of the CD-ROM. He/she sends the clearinghouse the serial number CARDno encrypted
CDno, a nonce r and a checkword Sig. The checkword is used to provide the packet
integrity.
At 520, the clearinghouse receives the request and checks the integrity of the request message with the check word.
At 530, the clearinghouse calculates the device key DEVkey = h(Kch|DEVno).
At 540, the clearinghouse decrypts the request with the device key DEVkey to get the
card number. The clearinghouse can reject the request if at least one of following cases occurs.
• An illegal card number. The clearinghouse can verify the card number based on some format requirement. For example, if a valid card number is formed as E(n|n, Kch), where n is a number, the clearinghouse can decrypt the card
number with its secret key so that the clear text is the concatenation of two same texts ( or numbers).
• Expire
• License infringement. The database of the clearinghouse records the information of the access card when a registration request is successful. One record indicates that a device can access to one kind of CD-ROM. It is a license infringement that no record indicates the requesting device (serial number DEVno) can use the CD-ROM (serial number CDno) and there is no
license left.
At 550, the clearinghouse searches its database to find the decryption key CDkey
indexed by the CD-ROM serial number CDno.
At 560, the clearinghouse encrypts CDkey and r+1 with DEVkey, and sends the
ciphertext E(CDkey|r+1, DEVkey) to the user. If there are a few legal requests for
content keys, the clearinghouse should make sure that every requesting device can get the required content keys, for example, encrypting CDkey with every requesting device
secret key.
At 565, the clearinghouse updates the access card number database. If there is no record on the CDno and DEVno in the database, add a record on them to it.
At 570, The user device receives the response message and passes it to the secure module 270.
At 580, the secure module 270 reads the device DEVkey and decrypts the response
At 590, if the reply is incorrect for some reasons, e.g., network troubleshoot, the user can try again or quit. Otherwise, at 595, the user device stores the E(CDkey, DEVkey)
and the CD-ROM serial number CDno in storage 230 (figure 2) for later use. 5.3 Play
To make use of a CD-ROM, indexed by the CD-ROM serial number, the secure module 270 can read E(CDkey, DEVkey) from the storage. Because the secure module
can access to the device secret key DEVkey, the decryption key CDkey can be
decrypted be used to decrypt the CD-ROM content. The content plaintext can be outputted to the terminal 210.
5. Claims
1. A method for distributing electronic content in a controlled manner, the method comprising the steps of:
• User submiting a registration request for electronic goods to a clearinghouse; • The clearinghouse disposing the request;
• The clearinghouse preparing a coupon based on the request; • The user making use of the coupon.
2. A method according to claim 1, wherein said clearinghouse is a trusted central party.
3. A method according to claim 1, wherein said clearinghouse has a secret key and a database. Said database stores all the keys to the electronic goods.
4. A method according to claim 1, wherein said user is the owner of said electronic goods, at least one access card and at least one dedicated device.
5. A method according to claim 4, wherein access card issued by said clearinghouse includes expire date, number of licenses, and serial number. The information of the access card is stored in the database of said clearinghouse.
6. A method according to claim 5, wherein no one but the owner of said access card can access to the card before a successful registration.
7. A method according to claims 5, wherein the format of said serial number should be acceptable by said clearinghouse.
8. A method according to claim 7, wherein said format may be the ciphertext generated by encrypting the concatenation of two same text with said clearinghouse’s secret key.
9. A method according to claim 1, wherein said clearinghouse is authorised to issue device key.
10. A method according to claim 9, wherein said device key is a unique number of a dedicated device that includes at least a secure module and a public device identification.
11. A method according to claim 10, wherein only said secure module can make use of said device key.
12. A method according to claims 9 and 10, wherein said device key is generated from said device identification and said clearinghouse’s secret key.
13. A method according to claim 1, wherein said electronic goods has a unique number.
14. A method according to claim 1, wherein said registration request includes the ciphertext of an access card, device identifications, the electronic goods number, a nonce and a check code.
15. A method according to claim 14, wherein said ciphertext is formed by encrypting said access card number with at least one of said device keys.
16. A method according to claim 14, wherein said check code is the hash value of said ciphertext, said device identifications, said goods number and said nonce.
17. A method according to claim 1, wherein said disposing request including verifying it, searching electronic goods key, reconstructing device keys, and updating the database of said clearinghouse.
18. A method according to claim 17, wherein said verifying request includes checking the formats of the access card, expire date of the access card, and the licenses. 19. A method according to claim 17, wherein said good key may be found from the
database of said clearinghouse based on the goods number.
20. A method according to claim 17, wherein process of device key reconstruction is the same as claim 12.
21. A method according to claim 1, wherein said coupon is the ciphertext of said goods key generated as claim 17, and a mapping of a nonce as claim 14.
23. A method according to claim 21, wherein mapping may be an addition with a constant.
24. A method according to claim 1, wherein said usage of coupons, executing at the device side, includes decrypting the coupons into plaintexts, and analysing said plaintext.
25. A method according to claim 24, wherein said decrypting processes are executed in the secure module of said device.
26. A method according to claim 24, wherein the key for decrypting the response is the device key.
27. A method according to claim 24, wherein said plaintext includes the goods key and a mapping value as claim 23 said.
Producer 1 Producer i Producer n
Clearing House
Retailer 1 Retailer j Retailer m
User 1 User j Figure 1 100 110 120 130
Terminal Interface Storage Device Network Interface
Processor I/O Interface Terminal Secure Module Network Keyboard Figure 2 200 210 290 280 220 230 240 270 250 260
CD serial number (optional) Number of licenses Card Number Expire Date Figure 4 400 410 420 430 440 300 350 310 352 CD serial number decryption Key Figure 3 Access card information device numbers CD serial numbers 354 356 312 318
590 No Yes Yes stop Figure 5 Gets CD & access card
Request to clearinghouse
Is a valid card? Calculates Device key
Searches decryption key
Packs & sends the response
Is a valid reply?
Save the response message 500 510 530 540 550 560 570 595 Receive the response
message
520
580
Receives the request
User and device Clearinghouse
Updates access card database
565 E(CARDno,DEVkey) DEVno,CDno, r, Sig
E(CDkey|r+1,DEVkey)
No