Receiving device for protective preservation of a unit of content and reproduction device
FIELD: engineering of systems for loading and reproducing protective unit of content.
SUBSTANCE: in accordance to invention, in receiving device 110 for protected preservation of unit 102 of content on carrier 111 of information unit 102 of content is stored in protected format and has associated license file, file 141 of license being encrypted with usage of open key, associated with a group of reproduction devices 120,121, and, thus, each reproduction device 121 in group can decrypt file 141 of license and reproduce unit 102 of content, and devices not belonging to group can not do that, while device 121 for reproduction may provide the open key, specific for given device, to system for controlling content distribution, and then system for controlling content distribution returns secret key for group, encrypted with open key of device 121 for reproduction, after that device 121 of reproduction by protected method receives secret key of group and may decrypt file 141 of license.
EFFECT: creation of system for loading and reproducing protected unit of content, making it possible to constantly control usage of unit of content.
3 cl, 4 dwg
This invention relates to a receiving device for the protected conservation units of content with the download tool to download the content unit, the recorder to record the downloaded content unit on the storage medium and the licensing tool to obtain the license file from the server license, the license file, at least, containing the resolution of the uploaded content unit on the storage medium.
Additionally this invention relates to a playback device for playback of the content units stored on the storage media containing the means of reproduction of the content unit in accordance with the rights in the license file for the content unit stored on the storage media.
The Internet is widely known services division of resources, such as Napster (http://www.napster.com or Gnutella (http://www.gnutella.co.uk). They are used by millions of users to share content items such as music, usually in MP3 format. Each user is able to offer its own music collection to any other, allowing each to have a large selection of music available for download. However, the music offered by these services, file sharing, is usually popular music and is offered without the permission of the owners of the waveguide is rsky rights. In order to ensure that copyright owners that they are entitled to the license fee, some services file sharing began to charge a subscription fee from their users. Part of the proceeds from the subscription fees can then be used for the payment of copyright.
In order to prevent the spread of users downloaded their content items without authorization, these units are made available in secured form. For example, they can be distributed in an encrypted format in accordance with the software in the device playback allows playback but not record unencrypted. One way to protect content items is technology "Digifile" Intertrust known, for example, from U.S. patent 5892900. According to this patent, the music is stored in secure digital form, Digifile. The receiving device must obtain the license file from the license server. The license file provides a number of resolutions, such as resolution music playback, or permission of preserving the content unit on the storage media. Naturally, the user must pay a certain sum of money for each permit. The license file also contains the decryption key or other information required to access the music inside Digifile. When the device is istwo play receives a license, it can decrypt the music and play it to the user. The user can pass Digifile other, but they will not be able to decrypt the music, not buying their own license file. Other methods of protection of the content units are approximately the same way.
Permissions can be transferred together with Digifile to another device so that the other device will be able to play the content. However, usually for transmission Digifile and permissions you want another device connected to the receiving device. Alternatively, the license file can be tied to the user, but has the disadvantage that it is necessary to authenticate the user on each device on which it wants to reproduce the content.
The known methods have the disadvantage that they do not fulfill the expectations of the user in respect of the purchase and licensing of music. If you bought the compact disc (CD) in the store, he pays once and then can play the CD on any own device or even on devices provided by others. It is not expected that should pay every time plays music, or producing burdensome steps to transfer music and the associated permissions to other devices. Moreover, the scheme of payment for each use of the tre is the duty to regulate, to the playback device was connected to the network to make it possible to make payment and receive the license file. This approach is difficult to apply in portable devices.
According to the preamble, the purpose of this invention is to provide a playback device that runs constant monitoring of the use of the content unit on the storage medium and also corresponds to the user's view on its application.
This object of the invention is implemented according to the present invention in the receiving device, characterized by the fixation device license to encrypt the license file with the encryption key associated with the group of playback devices, and to provide the encrypted license file to a recorder for recording the encrypted license file on the media. The media, which with such a receiving device recorded unit of content (content), may be copied without restrictions, but these units of content can be played only on playback devices group, which is associated encryption key and in accordance with the license file.
The user need only once to determine the group of playback devices on which he wants to lose the unit content. It can is so that, for example, by adding to the group each playback device directly after buying it. Then he can use the media data stored in the receiving device. As will become clear hereinafter, it is also possible to expand the group, when the user buys a new device playback, as they can be added at any time, and the unit of content (content) is written so that any device in the group has access to it.
In itself it is known how to encrypt information so that only a specific device can read it, for example, by using data encryption with the public key of that particular device, preferably with the use of the session key (session). This means that the license file can be encrypted alternative many times using many public keys, once for each playback device in the group. The disadvantage is that the amount of data on the storage media increases slightly, but more important, then you cannot add a new device and to provide access to the unit content. In this case, the license file is encrypted so that it can decrypt only the playback device, which was already present in the group during encryption, is that the receiving device has no way to retrieve the license file, to encrypt it with the public key of the newly added device. When using a group key of the receiving device does not require further action and does not require modification of the media. Newly added playback device simply obtains the decryption key for the group and then it is able to decrypt the license file.
In a variant of the invention, the means of fixation of the license are adapted to encrypt the license file with the Encryption Key lock License (KSFL), encryption XFL with the encryption key associated with the group of playback devices, and additionally provide encrypted KSFL a recorder for recording the encrypted XFL on the media. The playback device is able to decrypt the encoded XFL may then decrypt the license file. The license file can then be used to play content unit in accordance with the resolutions contained therein. This provides additional flexibility.
In another embodiment of the invention, the encryption key is a public key of a pair of public/secret key. The corresponding secret key is available in the playback devices of the group, so they can easily decrypt the encrypted license file. Updat the additional advantage lies in the fact, now that the decryption key does not need protection, so that the playback device must not take any measures to protect this key. If the encryption key is secret (symmetric) key, a malicious user can steal the key from the receiver and then to decrypt the license file and to reproduce the unit of content (content) on any device.
In another embodiment of the invention the unit content includes at least either audio or video. The popularity of the services shared music content (content), such as Napster, clearly shows that there is a great demand for the distribution of music and other audio content. The same is expected for the video, because the network bandwidth was high enough to ensure wide dissemination of video data. Providing, according to the present invention the receiving device, which can implement secure distribution on the storage medium, it becomes possible to spread among groups of people.
In another embodiment the invention, the means of fixation of the license is additionally adapted to receive the selection of the group identifier and to obtain the encryption key associated with the choice of otserver keys. If the user has identified many groups, is preferred, so he could choose which one to use when recording the content unit on the storage medium. While providing a public key for the group on the key server, it becomes possible for one user to secure the entry of certain units of content that another user will be able to play. For example, the user can load and save a set of songs on the media information using the public key of the group registered other. He can then give the media another, for example, as a gift, which will then be able to play it on any device of their group. This will allow the user to include only those content units, which, as he knows, like his friend, thus creating a personal gift.
Another object of the invention is the provision of a playback device, according to the preamble, which runs constant monitoring of the use of the content unit on the storage medium and also meets the user's expectations about its use.
This object of the invention is implemented according to the invention in the playback device, characterized by the fact that the license file is stored on the storage medium and the device vosproizvedeny which further comprises a secure storage means for storing one or more decryption keys, associated with a corresponding group of playback devices, decoding means for checking whether the stored decryption key for decrypting the encrypted license file, and if so, decrypting the license file using the stored decryption key and providing the decrypted license file to the player. Because the license file is stored encrypted, only the playback device that can decrypt it, can access the unit of content and use it. If the playback device belongs to the correct group, which is selected by the user when recording a content unit on the storage medium, the correct decryption key will be provided on a secure means of storage.
In the embodiment of the invention the encrypted license file is stored with the Encryption Key lock License (CSFL)specified KSFL is stored on the media information encrypted with the decryption key XFL, one or more decryption keys are decryption keys XFL, and the decoding means is adapted to check whether the stored decryption key XFL suitable for decrypting the encrypted XFL, and if Yes, obtain XFL from the encrypted XFL using the stored decryption key XFL, and decryption f the La licenses, using XFL. Use KSFL a session key provides additional flexibility.
In another embodiment of the invention, the decryption key is a secret key pair of public/secret key. The use of public key encryption makes the encryption key distribution is much more simple, because you do not want them protected storage. The encryption key can now be opened transferred to the receiving device, which encrypts it using the license file. Only the playback device having the corresponding decryption key can then decrypt the license file and to access the license file.
In another embodiment of the invention, the playback device further comprises a registration tool to register the public key pair of public/secret key associated with the playback device in the system of content distribution management (SURC), the secret key of the specified pair of public/secret key is stored on a medium secure storage, and for receiving the decryption key, encrypted with the specified public key, decryption of the specified encrypted decryption key, and storing the decryption key on the tool protected storage. When using the distribution secret key for the group of mouth is the main play in this form, is reached that there are no moments when the secret key is open to a malicious user, and no playback device cannot gain access to a secret key without registration.
Additionally, the invention relates to a computer program product enabling a programmable device when executing the specified computer program product to function as a receiving device according to the present invention.
Additionally, the invention relates to a computer program product enabling a programmable device when executing the specified computer program product to function as a playback device according to the present invention.
These and other aspects of the present invention will be apparent and better understood with references to embodiments of the invention shown in the drawings, in which:
figure 1 schematically shows a first variant implementation of the system according to the present invention;
figure 2 in more detail schematically shows a receiving device according to the present invention;
figure 3 shows schematically in more detail the playback device according to the present invention; and
figure 4 schematically shows a second variant implementation of the governance system.
In all the drawings the same reference position indicate similar or corresponding features. Some of the signs indicated in the drawings, typically implemented in software and thus represent software entities, such as software modules or objects.
Figure 1 schematically depicts a system 100 that contains the transmitting device 101 and the receiving device 110 connected via a network 105 such as the Internet. The network is also connected to the server 130 keys and the server 140 licenses, whose function will become clear below. The system 100 allows the receiving device 110 to download the content unit, such as unit 102 of the content (content), from the transmitting device 101. In a preferred embodiment of the invention the transmitting device 101 and the receiving device 110 is connected by way of point-to-point, which allows them to share files with each other. In this embodiment of the invention can be provided in the server directory (not shown) in order to allow the receiving device 110 to find what files are available on the sending device 101, without the need for direct contact with the transmitting device 101. This is especially useful if the transmitting device 101 is one of the many transmitting devices connected to each other and to foster what device 110 by way of point-to-point. In this case, the receiving device 110 may optionally be adapted to function as a transmitting device to other devices in the system by way of point-to-point. In another embodiment of the invention the transmitting device 101 is a file server from which the receiving device 110 may download a piece of content (content).
The term "unit" content (content) refers to the materials of any kind that people may wish to download. In particular, it relates to such units as television programs, movies, music, articles or books. Unit 102 of the content is made available on the sending device 101 in a secure manner. In predpochtitelno embodiment of the invention, the unit 102 of the content made available in the format of "Digifile" Intertrust known, for example, from U.S. patent 5892900. Can also be used other methods of protection of content items, such as CD-2. Unit 102 of the content in a protected format may not be accompanied by a "teaser"that represents a unit of content in an unprotected format. This allows the user to view the teaser in order to determine how he liked the unit content, not buying it.
The receiving device 110 can load unit 102 of the content, if it is made available in this Conn is nom format as will become clear below. The receiving device 110 may be, for example, set top box, a personal computer, a gateway to the home network or device electronics (EB). With appropriate permissions, it can then play back unit 102 of the content, perhaps using a separate playback device (not shown). For example, the receiving device 110 may be a set top box that loads unit 102 of the content and transmits it to the personal entertainment system that can play it to the user.
The user can buy the license file for use with the unit 102 from content server 140 licenses. This license file provides a set of permissions, for example, allowing playback of music or permission to save a unit of content on the storage media. Of course, the user must pay a certain sum of money for each permit. This money can be provided when reporting information about a user's credit card or by using the user identification and transfer some amount of money to the account of the user, or any other way of making payments through the network. The license file also contains the decryption key or other information required to access the unit 102 of the content.
When the user p is bathing permission to write unit 102 content the receiving device 110 may record unit 102 of the content on the storage media 111 information, preferably recordable compact disc, although other media, such as recordable versatile disks (DVD), hard disks or solid state memory card. Unit 102 of the content recorded on the storage media 111 information in a secure manner, for example, in the same protected format, in which you were downloading. However the big advantages of using another way of protected content distribution, for example, if the device proposed for the reading unit 102 of the content of the media 111 information cannot handle secure format in which the loaded unit 102 of the content.
The user can then provide the carrier 111 of the information, which is preferably removable media, in a suitable playback device, such as device 120 video playback or device 121 audio playback. They can then read unit 102 content from media 111 information and play it for the user. In order to do this, they need permission to reproduce granted in the license file for unit 102 of the content. How they can get this permission, explained below with reference to figna 2 more detail is about schematically shows a receiving device 110. Unit 102 of the content is loaded by the module 201 boot, as explained above. Module 201 load may be, for example, a well-known client shared file Napster. Module 202 transcoding processes loaded unit 102 content, converting it into a format suitable for storage on the storage media 111 information. This may include the decryption unit 102, and content encrypted using a different encryption method. However, if the original protected format is acceptable, the need for module 202 transcoding is missing. Then the module 203 records unit 102 of the content on the storage media 111 information.
Module 204 receives licensing file 141 license from the server 140 licenses. This file 141 license must contain at least write permission unit 102 of the content on the storage media 111 information. If write permission does not imply permission to reproduce the stored unit 102 of the content, the file 141 license must also have permission to reproduce. Module 204 licensing is an interface between the server 140 licenses and user and may be implemented as a well-known license module, for example module license provided in option Intertrust. This module license grants the user in ERPAs, with the help of which the user can pick up the license terms for unit 102 of the content, such as allowing single playback for a small sum of money, a single free play in exchange for filling out the questionnaire, or playing in a month for a large sum of money.
Module 204 licensing provides file 141 license, if he has the appropriate permission, the module 205 fixation license, which produces an encrypted version of the file 141 license, which is below referred to as the Latch License. File 141 license preferably encrypted using the session key (session), to which the following referred to as the Encryption Key lock License (CSFL). KSFL can be generated using known methods generation of the session keys, for example, by hashing the output signal of the pseudo-random number generator to obtain a sequence of desired length, such as 128-bit hash function such as MD5, when a file encryption 141 license applies 128-bit encryption algorithm.
Module 205 fixation license provides the Latch License module 203 write, which writes it to the media 111 information together with unit 102 of the content. For some media, such as recordable compact discs, it is required that h is ordinary all data were recorded at one time. When using such media, the module 203 entries can have the buffer of data to write, until, until you have received all the data. Of course, such as removable hard drives, this is not necessary.
Then XFL also recorded on the storage media 111 information, but in encrypted form. A playback device that can read XFL media 111 information and decrypt it, can decrypt the file 141 license from the retainer License and then be able to reproduce the unit 102 of the content. When providing unit 102 content and file 141 license in this way, the invention allows the user to play back a saved unit 102 of the content playback device that is not required to be connected to the network 105.
Alternatively, the use of the session key file 141 license can also be encrypted directly with the encryption key, the corresponding decryption key is available on the playback device, which later will have access to the media 111 information. Encryption can be symmetric and asymmetric.
It is desirable that the playback unit 102 of the content was limited to a certain limited number of playback devices, because it allows the owner autorski the rights to control the use of unit 102 of the content. However, the management of devices that can play the content must be independent from the storage unit 102 of the content on the storage medium 111 of the information in order to make the system 100 corresponding to the user's expectations. Usually the buyer is content not only plays it himself, but also his family plays it on different devices owned by the family. Friends and neighbors may also desire to listen to the unit 102 of the content. Generally speaking the right play unit 102 content should be provided to a specific group of people or a group of devices owned by the specified group of people. In order to define a group of devices, each group is assigned a Group ID. Unit 102 of the content associated with the Group Identifier, so that any device in the group can play back unit 102 content from media 111 information. To this end, the license file is encrypted so that any device in the group can decrypt it, but the device outside of the group.
In a preferred embodiment of the invention KSFL is encrypted with the public key of a pair of public/secret key associated with the group, whereby all devices in the group have access to the corresponding private key. Alternatively, you may apply the encryption scheme Secretary the private key. Module 205 fixation license prompts the user to select a Group ID, for example, from the list displayed on the display connected to the receiving device 110, and obtains the public key for the group, for example, removing it from the server 130 keys. Then it encrypts XFL public key of the group and provides an encrypted XFL module 203 entries for recording on the storage media 111 information. After that, the carrier 111 information may be provided to the playback device, such as device 120 video playback or device 121 audio playback.
The receiving device 110 may be implemented as a computer program product 200, which is arranged so that the processor performs the steps described above. The computer program product 200 enables a programmable device when executing the specified computer product to function as a receiving device 110. Since the receiving device 110 does not require access to the secret key, then the encryption scheme with public key becomes possible the full realization of the receiving device in the form of a computer program product 200, which can be downloaded and run on a personal computer, for example, as a plug-in to the program file-sharing such as Napster. It provides excellent which ensures the client extension Napster, with which users can upload and distribute music files, but without removal of control desired by the copyright owners.
Figure 3 shows schematically in more detail unit 121 playback. Other playback device, such as device 120 video playback can be implemented in the same way. The user can provide the carrier 111 information device 121 playback, for example, inserting it into the receiving device 301. Module 302 decode reads the encrypted file 141 license with media 111 information and decrypts it using the secret key stored in the module 309 protected storage. In a preferred embodiment of the invention, the module 302 reads the encrypted decode XFL media 111 information and uses the stored secret key to decrypt the encrypted XFL. Module 302 then uses the decoding thus obtained KSFL to decrypt the Release of a License and gets the file 141 licenseyou happen that stage decryption requires the private key that is not stored in the module 309 protected storage. In this case, the module 302 decoding will not be able to decrypt the file 141 license. The device 121 playback can be included in more than one group. In this case the E. it will have many decryption keys, stored in the module protected storage, one key for each group. Thus, the module 302 decoding must first check whether the correct key in module 309 protected storage, and depending on test results or decrypt the file 141 license or notify the user that a file 141 licenses impossible due to the lack of a decryption key.
Such verification may be conducted in several ways, for example by comparing the key identifier for the stored secret key with the key ID stored together with the encrypted file 141 license. Alternatively, the file 141 license may contain a known piece of information, such as version number or a fixed text string. In this case, the module 302 decoding may attempt to decrypt the file 141 license and then compare the result against a known piece of information. If the output signal of the expected piece of information is missing, then used the decryption key is incorrect. Alternatively, the secret key can contain the IDs of the groups to which they belong, and the carrier 111 information may contain the identifiers of the groups that have been encrypted file 141 license. Module 302 decoding can then retrieve the last ID, and so the search for the secret key, containing an appropriate identifier in module 309 protected storage. The decoding module can also simply try to decrypt the file 141 license with each decryption key up until one of them is not suitable to obtain the correct license file.
Stage decryption can be implemented in many ways, partly depending on how you store the secret key in module 309 protected storage. Module 309 may be implemented as a hardware module with a built-in software decryption, so that the module 302 decoding can provide an encrypted file 141 license module 309, which decrypts it using the appropriate decryption key, and returns the file 141 license in a simple form module 302 decoding. This provides a higher level of protection, because the real secret key stored in a hardware module, resistant to external influences, and cannot be read by a malicious user. Alternatively, the module 309 protected storage can be simply read-only memory (ROM)from which the module 302 decoding can read the secret decryption key and decrypt the file 141 license. Module 309 may be provided on the smart card.
Module 302 decoding provides file 141 license is odulu 305 playback. Module 305 reads the stored playback unit 102 content from media 111 information and checks whether the resolution of the playback file 141 license. If so, he loses the unit 102 of the content, for example, generating the audio signals to the loudspeaker 306.
The secret key is installed in the device 121 playback module 309 protected storage may just be the secret key of the group corresponding to the public key used by the receiver 111, as described in connection with figure 2. This requires the distribution of a secret key group among all devices added to a group that is not very practical and certainly not safe, unless you are highly resistant to external influences hardware, such as smart cards. However, this requires that the user has purchased a number of smart cards, one for each device in the group, which is burdensome.
Therefore, it is preferable that each device in the group had their own pair of public/secret key associated with it, whereby the secret key is securely set in the playback device. This can be done, for example, at the factory where it is made, the playback device. For greater security, a pair of public/secret key d is I the device can be generated using a separate device, such as a Certification Service (SS), and provided to the factory for installation by the manufacturer.
The device 121 playback has the module 306 of the Desk, which can provide a public key for registration in the System 310, the Content Distribution Management (SURC) together with a unique identifier for device playback. This unique identifier may, for example, include the manufacturer, type number and serial number. Registration can be done at the user's request or when the device 121 playback is enabled for the first time, or at another suitable time. Alternatively, the public key can be registered C when installing the manufacturer a pair of public/secret key.
As will be explained below with reference to figure 4, SWRK 310 then encrypts the secret key of the group once for each device in the group, using the registered public key of the device. The encrypted secret key is then sent in response modules check playback devices that can decrypt them using their own secret keys. Then they store the secret key in their modules protected storage. From this moment they can decrypt any file 141 license encrypted with the public key of the group, using the appropriate CE the specific key group. When distributing a secret key group in this way there are no moments when the secret key is open to a malicious user, and there are no playback devices that can access the secret key without pre-registration. This makes it possible, for example, to charge users a great card, if he wishes to obtain permission to distribute units 102 content to a larger group of devices. Additionally, the number of devices in the group may be restricted in accordance with the wishes of the copyright owner.
The device 120 playback can be implemented as a computer program product 300, which is arranged so that the processor performs the steps described above. The computer program product 300 enables a programmable device when executing the specified computer product to function as the device 120 playback. Must be taken measures to ensure that the secret key is not copied to another device, as this would allow another device to simulate the device 120 playback, which violates the opportunity to charge for each device on which to play the saved unit 102 of the content.
Figure 4 schematically shows another variant of implementation of the image the value 100, which illustrates the registration process groups and devices. SWRK 310 maintains a list 402 of registered groups G1, G2, G3 and devices D1,..., D9 in each group. The user can request SURC create a new group on SWRK 310. Then SORC generates a pair of public/secret key for the group. The public key may then be provided to the server 130 keys to load receiver 110. When providing a public key for the group on the server 130 keys, it becomes possible for one user to save in protected form of the unit of content that another user will be able to play. For example, the user can load and save a set of songs on the carrier 111 information using the public key of the group registered other. He can then give the carrier 111 information to each other, for example, as a gift, and then he will be able to play it on every device in the group. Including only those content units, which, as he knows, like his friend, and saving them using a group of his friends, the user creates a personalized gift.
After the user has registered the group, he can add it to the playback device. If the device that he wants to add, not yet registered, the user must first register it, that is s it was added to the list of 403 devices for example, activating the module 306 of the device registration. Adding devices to a group of SWRK 310 encrypts the secret key with the public key of the device. For example, if the user has added the device D6 in the group G1, SWRK 310 encrypts the secret key public key G1 PK6 reservoir units. This encrypted secret key required module 302 decoding device D6. After the device that he wishes to add, was registered SWRK 310, it may simply choose it from the list 403 devices provided by SWRK 310 and contains the device IDs UID1,..., UID9 and associated public keys DC1,..., RK and add it to the group.
The user can also remove devices from a group, for example, in order to make space for the new device, if the number of devices in the group are limited to SWRK 310. This makes it possible for the user to remove the device from the list for a group, but still loses on this device content intended for this group. This is possible due to the fact that the device still has the secret key groups with which to decrypt XFL, so that the file 141 license may be decrypted and unit 102 of the content can be played. This can be prevented, for example, periodic replacement of a pair of public/secret key groups and provision of new Sekretno the key devices only, in the group list at the moment. Moreover, the purpose of the registration fee for each device added to a group or remote from it, will reduce the prompting of the user to the frequent manipulation of the list of his group.
In order to guarantee the authenticity of the public key provided by the server 130 keys, they can be certified by a Certification Service (SS) before it will become available on the server 130 keys. The receiving device 110 may be provided with a certificate of the SS, so that it can verify the authenticity of certificates and thereby confirm the authenticity of the public key groups. The certificate or public key for MOP can be loaded in the receiving device 110 by the manufacturer, or can be downloaded from the server 130 keys if necessary. However, loading the certificate for the SS in the receiving device 130 by the manufacturer is more secure because it provides for malicious users less able to replace this certificate.
An additional advantage of the recording unit 102 of the content on the storage media 111 information in this way is that the playback device that does not belong to the appropriate group can still access unit 102 of the content, if it will receive a new license file. Unit 102 of the information is finally stored in a protected format, which can be obtained with the appropriate license file. Thus, the user who created the media 111 information with his favourite musical tracks that can lend a carrier 111 information friend, whose devices are not included in the user group. Then one can buy a license for one-time playback and access tracks on the storage media 111 information in order to learn something the user. If they will like it, he can ask the user, so he added it to your group, or to download tracks. The user can also create a new group, which includes its devices, and his friend, and then create a new storage media that contains tracks that I like them both.
1. Device (121) to play back unit (102) of the content stored on the media (111) information containing means (305) playback playback unit (102) of the content in accordance with the resolution in the file (141) license for unit (102) of the content, and use of the decryption key contained in the license file, to decrypt the content unit, and the file (141) the license is stored on storage media (111) information in encrypted form, medium (309) protected storage for storing one or more key is her decryption device play each decryption key is associated with a corresponding group of playback devices, means (306) registration to register the public key pair of public/secret key associated with the device (121) playback on a remote server, called a Distribution Management System Content (SURC) (310), and the secret key mentioned pair of public/secret key stored in the means (309) protected storage, and for receiving in response to the decryption key associated with the group of playback devices, encrypted mentioned public key decryption mentioned the encrypted decryption key and save the aforementioned decryption key tool (309) protected storage means (302) decoding to verify whether the stored decryption key to decrypt an encrypted file (141) license, and, if so, decrypt file (141) license using the stored decryption key, and providing the decrypted file (141) license means (305) playback.
2. Device (121) playback according to claim 1, in which the file (141) the license is stored encrypted by the session key, called the Encryption Key Lock License (KSFL), and mentioned XFL saved on the media (111) information encrypted by the encryption key XFL, one ilible decryption keys are decryption keys XFL, and means (302) decoding is configured to check whether the stored decryption key KSFL to decrypt the encrypted XFL, and if Yes - get XFL from the encrypted XFL using the stored decryption key XFL, and decrypt the file (141) license, using XFL.
3. Device (121) playback according to claim 1, in which the unit (102) of the content includes at least one of video data or audio data.
4. Device (121) playback according to claim 1, in which the stored decryption key is a secret key of a pair of public/secret key.
5. Device (121) playback according to claim 1, in which the carrier (111) of the information card is solid-state memory.
6. Device (121) playback according to claim 1, in which the device (309) protected storage is a removable mass storage device.
7. The computer software product (300) to enable a programmable device when executing the aforementioned computer product to function as a device (121) playback containing means (305) playback playback unit (102) of the content in accordance with the resolution in the file (141) license for unit (102) of the content, and use of the decryption key contained in the license file, to decrypt mentioned unit contin is a, the file (141) the license is stored on storage media (111) information in encrypted form, means (306) registration to register the public key pair of public/secret key associated with the device (121) playback on a remote server, called a Distribution Management System Content (SURC) (310), and the secret key mentioned pair of public/secret key stored in the means (309) protected storage, and for receiving in response to the decryption key associated with the group of playback devices, encrypted mentioned public key decryption mentioned encrypted decryption key and save the above decryption key tool (309) protected storage means (302) decoding to verify whether the stored decryption key to decrypt an encrypted file (141) license, and, if so, decrypt file (141) license using the stored decryption key, and providing the decrypted file (141) license means (305) playback.
8. The system (100)that contains the device (121) playback according to claim 1 and the server (310), the device (121) playback further comprises means (306) registration to register the public key pair of public/secret key associated with the device (121) play on the server (310), while the server (310) is configured to encrypt the decryption key, associated with the group member which is a device (121) playback referred to a registered public key and transmitting the encrypted decryption key to the device (121) playback, the device (121) playback is performed with the opportunity to take an encrypted decryption key, desirability mentioned the encrypted decryption key to save the above decryption key tool (309) protected storage.
9. The system (100) of claim 8, in which the server is configured to limit the number of playback devices in the group.
10. The system (100) of claim 8, in which the server is configured to periodically change the encryption keys and decryption for the group and serve only replaced the decryption key to devices that are members of these groups.
FIELD: digital audio and video technologies.
SUBSTANCE: device for storing information is made with possible receipt of data carrier, decoder is made with possible receipt of compressed encoded signals from data carrier and transmitting signals to decrypter. Decrypter is made with possible decryption of compressed encoded data encrypted data and transmitting these to decompressor. Decompressor is made with possible receipt of compressed encoded signals from decrypter and decompression of compressed encoded signals to reproduce the image.
EFFECT: higher precision, higher efficiency.
3 cl, 17 dwg
FIELD: broadcasting systems.
SUBSTANCE: method includes broadcasting of message, including text portion intended to reach user, while said message is transferred in form of conditional access message.
EFFECT: broader functional capabilities.
5 cl, 7 dwg
SUBSTANCE: device converts signals to digital video information. Compression device is made in such a way, that it receives digital video data, coming from source data generator, and compresses digital images. Encoding device receives compressed digital video data coming from compression device and encodes compressed digital video data. Recording device stores encoded compressed digital audio data at data carrier.
EFFECT: higher data transfer speed.
3 cl, 17 dwg
FIELD: access control systems.
SUBSTANCE: proposed signal processing method involves reception of digital input signal incorporating first component of scrambled signal and second component of scrambled signal; binding of input signal with detachable intelligent card unit for processing first scrambled signal component and generation of first descrambled signal which is internal with respect to intelligent card unit and for processing second scrambled signal component in case of response to first descrambled signal to generate second descrambled signal and to integrate first scrambled signal component of input signal and second descrambled signal so as to produce output signal; reception of output signal from intelligent card unit and processing of second descrambled signal to shape signal adapted for display.
EFFECT: improved control of access.
1 cl, 9 dwg
FIELD: access to protected system restriction technics; avoidance of accidental persons access to system.
SUBSTANCE: fingerprint image is registered with following user personality identification. Some peculiarities of papillary pattern coordinates are determined and using difference of coordinates of peculiarities of received fingerprint image and stored in database positive or negative decision to grant access to system is made.
EFFECT: increased level of protection against access of accidental persons.
3 cl, 2 dwg
FIELD: mobile communications including mobile terminal control systems using digital signature.
SUBSTANCE: proposed system designed for controlling mobile terminal in compliance with information about mobile terminal condition has user-mounted server that functions to produce instruction message for respective mobile terminal in compliance with information about its condition, to add digital signature to compiled instruction message, and to transfer resultant message; mobile terminal functions to authenticate instruction message transferred from server and to execute power turn-off operations, as well as to mobile terminal input and output records in compliance with authenticated instruction message.
EFFECT: improved design of mobile terminal control system.
14 cl, 4 dwg
SUBSTANCE: generator of random alphabet-numeric codes is installed on mail server. Generator generates random alphabet-numeric code, which is valid limited times for a limited time interval. Its graphical representation, called "electronic postage stamp", marks the outgoing mail, and recipient user's server check the compliance of the code in the mail to sender's address, recipient address, validity time and times of usage of "electronic postage stamp".
EFFECT: avoidance of automatic mass-delivery of unauthorized mails and virus distribution.
FIELD: unauthorized access protected development of executable program code for programmable portable information medium.
SUBSTANCE: initial program text is created on user's computer, transferred to information medium issuer's computer, where initial text is compiled and assembled; executable program code is created, which is enciphered and converted to transport code, which is downloaded to information medium through user's computer. At the same time during preliminary assembly information medium is equipped with instrumental program means for restoring executable program code from transport code, which is presented in intermediate format. Also system for distributed development of executed program for portable information medium, and information medium are disclosed.
EFFECT: increased data protection.
20 cl, 9 dwg
FIELD: cryptography technique; hidden storage and transfer of confidential information through open communication channels; marking of images containing large amounts of additional information.
SUBSTANCE: method for embedding additional information into digital images consists in substitution of separate bits in bytes of initial image. The remaining part of bits is used for correction of final digital image. The initial digital image is separated into bit layers. One of the obtained bit layers which is represented by bit sequence is chosen for writing additional information. Writing of additional information into obtained bit sequence is made using code. During writing of additional information using code bits in the obtained bit sequence, that are located on the margins of all changes of same bit sequences of zeroes and ones, are replaced in accordance to bits of written additional information.
EFFECT: increased volume of embedded information and ensured high tolerance of messages against some steganoanalysis methods.
2 dwg, 4 tbl
FIELD: mobile communication systems.
SUBSTANCE: proposed method for reallocating radio network server subsystem includes definition of radio link servo subsystem reallocation in network; transfer of radio resource control message corresponding to mentioned subsystem reallocation to terminal so as to enable controlled data exchange with terminal; and transfer of response radio resource control message corresponding to reallocation of radio network server subsystem to radio network controller that also receives radio resource control message.
EFFECT: enlarged functional capabilities.
70 cl, 12 dwg
FIELD: converting primary documents of enterprises into electronic type.
SUBSTANCE: proposed method enables work-out of documents electronically signed by any client with aid of single signing device, client's signature being identified using biometrical data on client which serve as integral part of electronic document and cannot be transferred to other document. Device for affixing electronic analog-digital signature to documents has protective case with built-in opening sensor accommodating memory, secret key content, microprocessor, data input device, biometrical data input device, and port for outputting electronically signed document to peripheral medium or to database. Electronic document is formed upon data input from document and client's biometrical data and signed by means of secret key. Signature is checked by means of open signature key stored in peripheral medium.
EFFECT: facilitated procedure.
13 cl, 1 dwg
FIELD: digital radio communications, satellite communications, cellular communications, and computer networks.
SUBSTANCE: proposed method designed to provide privacy and/or protection of data bursts transferred in communication system involves generation of cryptographic-algorithm sync pulse by means of special conversion. In the process sync pulse is generated for multiple-access communication systems from unique values assigned to each communication resource within which data bursts being protected are transferred thereby ensuring uniqueness of sync pulses for various messages and their strict ordering in communication resource space. Assignment of unique values to communication resource includes type of multiple access used in communication system. For instance, time interval number and frequency band number are used as unique value assigned to communication resource for communication systems built around time-frequency division of communication channel.
EFFECT: ability of ensuring privacy and/or simulation protection.
7 cl, 7 dwg
FIELD: electric communications and computer engineering, in particular, information safety of telecommunication systems, possible use in cryptographic systems with open distribution of encryption keys.
SUBSTANCE: at information receiver side, open encryption key is generated in form of two multi-bit binary numbers p and α. First multi-bit binary number is selected so that Eiler function φ(p) contains at least one simple multiplier γ in form of ξ-bit binary number. Second multi-bit binary number α is calculated from formula α=βφ(p)/γmod p. Then open encryption key is transferred to information sender, where image of encryption key is formed R=[αWmodp]tmodp, where t≥2 - coefficient, previously given by information sender and information receiver, and W - randomly generated multi-bit binary number. After that image of encryption key is transferred to information receiver, where encryption key is calculated from formula K=RZmodp, where Z=tγ-2modγ. Also proven is that when using the invention, amount of encryption key computation is reduced 4-16 times.
EFFECT: decreased encryption key generation time while preserving required encryption tolerance.
FIELD: data transfer technologies.
SUBSTANCE: device which should be transmission destination, is authenticated, and if device is not authorized, then encrypted data, read from memorizing device, are decoded to produce decoded data, which are then encrypted again on basis of data of specific device key, received from device, which should be transmission destination for receiving re-encrypted data. Re-encrypted data are then transferred to device, which should be transmission destination.
EFFECT: forbidden unauthorized copying of data.
8 cl, 13 dwg
FIELD: computer engineering; data processing devices; reduced instruction set microprocessor systems.
SUBSTANCE: cache memory reading device contains address forming unit, pipeline latches 1A, 1B, 2A, 2B, address conversion unit, data memory, tags memory, comparison unit, control unit with two outputs, and timing pulse generator with two outputs.
EFFECT: increased performance of pipeline microprocessor system with reduced instruction set, reduced time of cache hit flag generation, and reduced power consumption.