TWI298981B - Method and system for providing secure codecs - Google Patents

Description

Translated fromChinese

1298981 九、發明說明：1298981 IX. Description of invention:

L發明所屬技名餘領域;I 發明領域 本申請案主張在2004年9月24曰提出申請且序列號為 5 60/612,757的美國臨時申請案的利益，該臨時申請案的名稱 為“Method and System for Providing Secure CODECS”，該 較早申請日期之臨時申請案的利益在35 U.S.C.§ 119(e)下被 主張，且在此處被更進一步併入參考。 本發明是關於數位拷貝保護的技術，尤其是關於用於 10提供一安全數位壓縮器/解壓縮器（CODEC)的系統和方法。 L· It 發明背景 在電信和電子產業的最近改良以及，尤其是在數位壓 縮技術中的前進，已導致對一消費者增加數位内容(digital 15 content)的有效性。例如，藉由使用一壓縮器/解壓縮器 (compresser/decompresser，CODEC)壓縮數位音訊和視訊内 容，以及隨後在一消費者的接收機上解壓縮被發送的壓縮 内容，該等進展(advance)對消費者提供音樂、電影、隨選 視訊(videos-on-demand)和互動電視(interactive televisi〇n， 20 iTV)。 隨著在一網路之上增加的數位内容有效性，内容所有 者和提供者已注意到智慧財產權偷竊行為的增長。該種偷 编4亍為可Mb舍生在内谷被揭路的任何地方。實質上沿著内 谷所有者、^供者和消費者之間，甚至在消費者之位置上 1298981 的一市場流(111虹1^4比以111)’揭露可能發生在任何地方。沒 有適當的保護，内容可被非法截取、偷竊、拷貝和再分配 ，從而剝奪内容所有者和提供者的利益。 實際上，美國電影協會(theMotionPictureAss〇ciati〇n 5 of America，MPAA)估計由於電影盜版行為，該產業每年損 失上億美元。由於如出租(hacking)、偽造(sp〇〇fing)和文檔 共用的行為，可知音樂產業也損失主要收入。因此，相對 於δ亥專和其他考慮，本發明被提出。 、 C 明内】 10 發明概要 一種裝置用於安全提供數位内容，包含： 一通訊介面，被設計成接收數位内容； 一鑑別元件，與該通訊介面相通訊，且被安排為執行 行為（action)，包括以下行為： 15 決定該數位内容的一來源是否可信； 基於一數位權利和許可權，決定存取該數位内容是否 被授權；以及 如果該來源是可信的且存取該數位内容是被授權的， 則使該數位内容能被安全解壓縮。 20 圖式簡單說明 芩考以下圖式，本發明的非限制和非窮舉的實施例被 描述。在圖式中，除非另外指定，否則於多個圖式中，相 同的參考數值表示相同的部分。 為了更好地理解本發明，將對本發明之詳細描述給出 .1298981 苓考，該參考在有關的附圖中可見，其中·· 第1圖是說明本發明在其中被實現的一示範運作環境 的功能方塊圖。 第2圖是使用安全c〇DEC系統之實施例的功能方塊圖。 5 第3圖是如第2圖所述之安全CODEC之實施例的方塊 圖，用於安全壓縮和解壓縮數位内容。 第4圖說明一流程圖，通常顯示本發明各方面的過程的 一實施例，該過程用於安全解壓縮内容。 【實施方式]| 10 較佳實施例之詳細說明 在以下本發明之示範實施例的詳細描述中，附圖作為 麥考，本發明之具體示範實施例被實行，該等附圖構成本 說明書的一部分且以圖表形式被顯示。每一實施例被充分 詳細描述，使得本領域熟習該項技藝的人士可以實行本發 15明，且需要理解的是，被利用的其他實施例以及作出的其 他改變，仍沒有脫離本發明的精神或範圍。因此，以下的 詳細描述並不被認為是本發明範圍的一限制，且本發明的 範圍僅被附加的申請專利範圍所定義。 本說明書和申請專利範圍中，除非文中另有明讀指示 20 ，否則以下術語採用與本文明確相關的意思。本文使用的 片語“在一實施例中’’不必要參考相同的實施例，雖然它是 有可能的。本文使用的片語“在另一實施例中，，不必要參考 不同的實施例，雖然它是有可能的。除非文中另有明確指 示，否則在本文被使用的術語“或，，意思是包括“或，，的運算 7 1298981 秦 子，及相當於術語“和/或”。除非文中另有明確指示，否則 術語“基於(based on)”不排除且允許是基於未描述的額外因 數。另外，遍及該說明書中，“一個⑻”、“一個（an)，，和“节 (the)的意思包括複數涵義。“在(in)’’的意思包括“在 中 5 (in)”和“在······上(on)”。 如在本文被使用的術語“權利(rights)，，通常指的是根據 内容(content)可被實現的一組一個或多個行為。該種權利源 自内容所有者’且包括—内容發行者對内容所作的行為和 (/或）一消費者對内容所作的行為。在一實施例中，一内容 1〇發行者可獲得發行該内容的權利。然而，該内容發行者還 可具有與該内容有關的其他權利。内容所有者射規定= 費者對内容作何種可作的行為（即使用者對内容具有哪些 權利）。 15 20 如山 組兄許的行為可能不同 使用二Γ乍者的權利與其他使用者或可_^ 同。在一貫施例中，典型的内容發 =3“（但不限於)在不早於—決α日期/時間β 於日_±期/時間2時播放内容-次的權利，在不早 守間1或晚於日期/時間2時播放内容數 者内容的權利 獲得的—_利有關。—貫施例中’支付款與 使用者對於内容的一組典型權利可包括（但不限於） J298981 ，在觀看内容的權利；—次、預定次數^限次數觀看内 奋的權利；限制使用者對内容不能拷貝、一次或預定次數 拷貝的權利；基於一預定日期/時間觀看内容的權利 似的權利。 5 術語“許可權"(entitlement)描述發自内容發行者（如電 ♦見作了星或電信運作者)對—發行網路上的_消費者或使用 H組-個❹個權利。許可權可包括由内容所有者提 Φ 卩的所有或一子組權利(subset of the dghts}。在-實施例中 ’使用者許可權可包括(但不限於)被授予現在觀看内容的權 1〇利；一次、數次或不限次數觀看内容的權利；對内容不能 拷貝、一次或數次或任何次數拷貝的權利；在一指定日期/ 時間之前觀看内容的權利；一到一指定曰期辦間就觀看内 容的權利；僅在一指定裝置、一些裝置或不限數目的裝置 上觀看的權利；僅在透過一類比電缓或類似物連接的顯示 15纟置上觀看内容的權利；如果顯示裝置存在_安全頻道， 魯 、i在透過數位電纜連接的一顯示器上觀看内容的權利； 或類似的權利。 本务月著重於(is directed at)處理上述缺點、不利條件 2〇問題’且藉由閱讀和研究以下詳述本發明可被理解。 簡單地說，本發明著重於(is directed t〇)描述在一安全 方式下，提供數位内容之壓縮和解壓縮的一種系統和方法 ▲ α亥系統仙容提供者在—安全方式下傳送廣播、隨選視 =類似數位内容給—消f者。該純被設計成接收數位 内各、鑑別（authenticate)數位内容的一來源，以及更進一步 9 1298981 決定一消費者存取該數位内容的許可權（entitleinent)和權 利。基於消費者的存取許可權和權利，系統解密和解壓縮 該數位内容。在一實施例中，該系統的一元件和另一元件 建立一信任關係，以最小化盜版數位内容的機會。在另一 5實施例中，一安全時鐘(c〇lck)著重於提供對抗駭客的保護 ，該等駭客可使用接入電路(in-circuit)的仿真器（emulat〇r) 或類似元件。 說明性環墁 第1圖是說明本發明在其中被實現的一示範運作環境 10的功能方塊圖。如圖中所示，運作環境100包括内容提供者 102、網路104和消費者1〇6(1到叫。該内容提供者1〇2經由 網路104與消費者ι〇6(ι到n)通訊。 該運作環境100可包括比第丨圖所示之元件更多的元件 。不過，所示之元件對於揭露實施本發明的一說明性實施 15例是充分的。此外，該運作環境100僅是一合適的運作環境 的範例並不疋對本發明之使用或功能性的任何限制。 該内容提供者102可包括著重於提供數位内容給消費 者106的公司（buSiness)。該内容提供者1〇2可包括提供及管 理一基礎結構的公司，該基礎結構在消費者106和服務運: 20者的裝置之間。該内容提供者1〇2還可包括内容所有者，如 生產者、開發者和可被發行給該等消費者106之數位内容的 所有者。該内容提供者1〇2可更進一步包括發行者和從一上 游内合所有者（圖未示）獲得發行數位内容之權利的其他公 司。如此，該内容提供者1〇2可從一個或多個内容所有者獲 1298981 得备行數位内谷的權利。該内容提供者1〇2還可重新包裝、 儲存以及規劃數位内容供隨後銷售或許可其他内容提供者 (圖未示）。 Π亥數位内谷可包括付費電視(pay f〇r_ 或時間和收 5 費電視(time and subscription televisi〇n)、電影、互動視訊 遊戲(interactive vide〇 game)、互動電視、目錄流覽 browsing)、遠距教學、視訊會議和類似内容。很顯然，數 位内容並不僅限於視訊内容，可只包括音訊服務，且沒有 脫離本發明的範圍或精神。因此，數位内容打算包括(但不 10限於)廣播、隨選視訊、音訊、視訊、靜態影像卿i脱㈣ 文本圖形和類似内容。此外，該内容提供者1〇2可提供 C縮的或編碼的、定向格式的（f〇rmat 數位内容， 以改良其經由網路104的轉換。該内容提供者1〇2還選擇以 -安全方讀供數灿容給消f者iQ6，迫使—消費者獲得 15存取數位内容的適當許可權或權利。此外，該内容提供者 1〇2選擇提供未加密和“清楚，，(in the clear)的内容，如公共電 視、無線電和類似物。 忒内谷提供者102可使用多種裝置和機制 以傳送數位 内容。該等裝置包括(但不限於)個人電腦、桌上型電腦、多 20處理杰系統、基於微處理器或程式化的消費者電子設備、 網路PCS、飼服器和類似裝置。該内容提供者舰還可使用 夕種通Λ傳輸機械裝置，包括(但不限於）電視機、無線電傳 輸機禕ί生傳輸機/接收機或類似裝置。在一實施例中，該 内合提供者102可使用一使用安全c〇deCs的安全系統，如 11 1298981 下文連同第2圖所描述的系統。 该等消費者106可包括數位内容的終端使用者、消費者 或類似消費者。該等消費者1〇6可使用多種裝置以欣賞 (enjoy)數位内容，包括(但不限於）電視設備、數位答錄機、 • 5視訊盒(set-top-boxes，STB)、蜂巢式電話、行動裝置、個 人數位助理(PDAs)、個人電腦、紀錄庫〇1^也〇狀8)和類似 裝置。该等消費者1〇6可請求内容提供者1〇2直接傳送數位 # 内容。此外，該等消費者106可在市場流(market stream)内 經由多源接收數位内容。另外，該等消費者1〇6可選擇傳送 10給其他消費者或與其他消費者共用數位内容。 網路104被設計成耦接一個電腦裝置和另一電腦裝置 。亥網路104被啟動以使用任何形式的電腦可讀媒體，用於 傳达貝afi攸-個電子裝置到另一個。該網路1〇4還可包括除 區域網路(LANs)、廣域網路(wide area netw〇rk, WANs)、直 15接連接之外的網際網路，該直接連接如以—萬用串列匯流 φ _SB)埠、其他形式的電腦可讀媒體或其等任意組合連接 - 。在包括那些基於不同構造和協定的一組互連1^1^上，一 路由器充當LANs之間的一連接’使得訊息可從一個lan發 送到另-個。LANS_通訊連接通常還包括雙絞線或同軸 20電纜(C〇axial Cable)，而網路之間的通訊連接可利用類比電 話線、包括ΤΙ、T2、T3和T4的全部或部分專用數位線 (dedicated digital line)、整體服務數位網路㈨哞加以FIELD OF THE INVENTION This application claims the benefit of a US Provisional Application Serial No. 5 60/612,757 filed on Sep. 24, 2004, entitled "Method and System for Providing Secure CODECS, the benefit of this provisional application of earlier filing date is claimed under 35 USC § 119(e) and is hereby incorporated by reference. This invention relates to digital copy protection techniques, and more particularly to systems and methods for providing a secure digital compressor/decompressor (CODEC). L·It BACKGROUND OF THE INVENTION Recent improvements in the telecommunications and electronics industries, and especially in digital compression techniques, have led to an increase in the effectiveness of digital 15 content for a consumer. For example, by compressing digital audio and video content using a compressor/decompresser (CODEC), and subsequently decompressing the transmitted compressed content on a consumer's receiver, the progress is advanced. Provide music, movies, videos-on-demand and interactive television (interior televisi〇n, 20 iTV) to consumers. With the increasing effectiveness of digital content over a network, content owners and providers have noticed an increase in intellectual property theft. This type of sneak peek is anywhere in the valley where Mb can be degraded. In essence, a market flow (111 rainbow 1^4 ratio to 111)' along the inner valley owner, the supplier and the consumer, or even at the consumer's location, may occur anywhere. Without proper protection, content can be illegally intercepted, stolen, copied, and redistributed, thereby depriving content owners and providers of interest. In fact, the Motion Picture Association (the Motion Picture Ass〇ciati〇n 5 of America, MPAA) estimates that the industry loses hundreds of millions of dollars annually due to movie piracy. Due to behaviors such as hacking, sp〇〇fing, and document sharing, the music industry also loses its main income. Therefore, the present invention has been proposed with respect to δ hai and other considerations. , C 明内] 10 SUMMARY OF THE INVENTION A device for securely providing digital content includes: a communication interface designed to receive digital content; an authentication component that communicates with the communication interface and is arranged to perform an action , including the following acts: 15 determining whether a source of the digital content is authentic; determining whether access to the digital content is authorized based on a digital right and permission; and if the source is authentic and accessing the digital content is Authorized, the digital content can be safely decompressed. 20 BRIEF DESCRIPTION OF THE DRAWINGS Non-limiting and non-exhaustive embodiments of the invention are described with reference to the following drawings. In the drawings, the same reference numerals are in the For a better understanding of the present invention, a detailed description of the present invention will be given. 1298981, which is hereby incorporated by reference in the accompanying drawings, in which: FIG. 1 is an exemplary operating environment in which the present invention is implemented. Functional block diagram. Figure 2 is a functional block diagram of an embodiment using a secure c〇DEC system. 5 Figure 3 is a block diagram of an embodiment of a secure CODEC as described in Figure 2 for securely compressing and decompressing digital content. Figure 4 illustrates a flow diagram generally showing an embodiment of a process for various aspects of the present invention for securely decompressing content. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS In the following detailed description of the exemplary embodiments of the present invention, the accompanying drawings Part of it is displayed in the form of a chart. Each of the embodiments is described in sufficient detail to enable those skilled in the art to practice this invention, and it is understood that the other embodiments utilized and other changes made are not departing from the spirit of the invention. Or range. Therefore, the following detailed description is not to be considered as a limitation of the scope of the invention, and the scope of the invention is defined by the scope of the appended claims. In the present specification and claims, the following terms are intended to be expressly associated herein unless the context indicates otherwise. The phrase "in an embodiment" as used herein does not necessarily refer to the same embodiment, although it is possible. The phrase "in another embodiment, it is not necessary to refer to the different embodiments," Although it is possible. The term "or," as used herein, is used to include the operation of "or, 7, 12,989,981, and equivalent to the term "and/or" unless the context clearly dictates otherwise. Unless the context clearly indicates otherwise, the term "based on" is not excluded and is allowed to be based on additional factors not described. In addition, throughout the specification, the meaning of "a", "an", "the" and "the" includes the plural. The meaning of "in (in)" includes "in 5 (in)" and "on" (on). As used herein, the term "rights" usually refers to Is a set of one or more behaviors that can be implemented based on content. Such rights are derived from the content owner' and include—the behavior of the content publisher's content and/or a consumer's behavior on the content. In one embodiment, a content publisher may obtain the right to distribute the content. However, the content publisher may also have other rights related to the content. The content owner shoots the rule = what the fee maker does to the content (ie, what rights the user has to the content). 15 20 Rushan Brothers may act differently. The rights of the second person may be the same as other users. In the consistent application, the typical content = 3 "(but not limited to) the right to play the content - times before the date / time β is in the day / time / time 2, in the early days 1 or later than the date/time 2 when the content of the content of the content is obtained - _ profit related - in the example of 'payment and user's typical set of rights for content may include (but not limited to) J298981, The right to watch the content; the number of times, the number of times of the reservation, the right to view the content of the internal; the right of the user to copy the content, the copying of the content once or a predetermined number of times; the right to view the content based on a predetermined date/time. 5 The term “entitlement” is used to describe the issue from the content issuer (eg, as a star or telecom operator) to the _consumer on the distribution network or to use the H group. Permissions may include all or a subset of rights (subset of the dghts) by the content owner. In an embodiment, the user permission may include, but is not limited to, the right to be granted to view content now. Profit; the right to view content once, several times or an unlimited number of times; the right to copy, one or several times or any number of copies of the content; the right to view the content before a specified date/time; one to one specified period The right to view content during the office; the right to view only on a designated device, some devices, or an unlimited number of devices; the right to view content only through a display that is connected to a type of connection or the like; The display device has a _secure channel, and the right to view content on a display connected via a digital cable; or similar rights. This is the first month to deal with the above disadvantages and disadvantages. The present invention can be understood by reading and studying the following detailed description. Briefly, the present invention focuses on (is directed t〇) describing the provision of digital content in a secure manner. A system and method for shrinking and decompressing ▲ 亥 系统 仙 仙 提供 提供 传送 传送 传送 传送 传送 α α α α α α α α α α α α α α α α α α α α α α α α α α α α α α α α α α α α α α α a source of digital content, and further 9 1298981 determines a consumer's access to the digital content (entitleinent) and rights. Based on the consumer's access permissions and rights, the system decrypts and decompresses the digital content. In one embodiment, one element of the system establishes a trust relationship with another element to minimize the chance of pirating digital content. In another five embodiment, a secure clock (c〇lck) focuses on providing protection against hackers. Protection, such hackers may use an in-circuit emulator (emulat〇r) or similar components. Illustrative Loop Figure 1 is an exemplary operating environment in which the present invention is implemented. Functional block diagram. As shown in the figure, the operating environment 100 includes a content provider 102, a network 104, and a consumer 1〇6 (1 to call. The content provider 1〇2 communicates with the consumer via the network 104 〇6 (ι to n) communication. The operating environment 100 may include more elements than those shown in the figures. However, the elements shown are sufficient to disclose an illustrative embodiment of the invention. Moreover, the operating environment 100 is merely an example of a suitable operating environment and does not impose any limitation on the use or functionality of the present invention. The content provider 102 can include a company (buSiness) that focuses on providing digital content to the consumer 106. The content provider 1.2 can include a company that provides and manages an infrastructure between the consumer 106 and the device that services 20 people. The content provider 102 can also include content owners such as producers, developers, and owners of digital content that can be issued to such consumers 106. The content provider 1-2 may further include an issuer and other companies that have the right to issue digital content from an upstream owner (not shown). Thus, the content provider 1〇2 can obtain 1298981 from one or more content owners to reserve the right to the number of rows. The content provider 1〇2 can also repackage, store, and plan digital content for subsequent sale or license to other content providers (not shown). Π海数内谷 can include pay TV (pay f〇r_ or time and subscription televisi〇n, movie, interactive video game (interactive vide〇game), interactive TV, directory browsing browsing) , distance learning, video conferencing, and the like. It is apparent that the digital content is not limited to video content, but may include only audio services without departing from the scope or spirit of the invention. Therefore, digital content is intended to include (but not limited to) broadcast, video on demand, audio, video, still images, text graphics, and the like. In addition, the content provider 112 can provide C-reduced or encoded, directional format (f〇rmat digital content to improve its conversion via the network 104. The content provider 1〇2 also selects to - secure The party reads the number to give the iQ6, forcing the consumer to obtain the appropriate permission or rights to access the digital content. In addition, the content provider 1〇2 chooses to provide unencrypted and "clear," (in the Clear) content, such as public television, radio, and the like. The intranet provider 102 can use a variety of devices and mechanisms to transfer digital content. These devices include, but are not limited to, personal computers, desktop computers, and more Handling Jay systems, microprocessor-based or stylized consumer electronics, network PCS, feeders and similar devices. The content provider ship can also use the overnight communication mechanism, including but not limited to A television set, a radio transmitter, a transmitter/receiver or the like. In an embodiment, the escort provider 102 can use a security system using a secure c〇deCs, such as 11 1298981. Described The consumer 106 may include end users, consumers or similar consumers of digital content. The consumers may use a variety of devices to enjoy digital content, including but not limited to TV equipment, digital answering machine, • 5 set-top-boxes (STB), cellular phones, mobile devices, personal digital assistants (PDAs), personal computers, record banks, etc. 8) Similar devices. The consumers 1-6 can request the content provider to directly transfer the digital content. In addition, the consumers 106 can receive digital content via multiple sources within a market stream. Consumers may choose to transmit 10 to other consumers or share digital content with other consumers. Network 104 is designed to couple one computer device to another. The network 104 is activated to use any form. Computer readable medium for communicating to another electronic device. The network 1 〇 4 may also include, in addition to area networks (LANs), wide area networks (wide area netw〇rk, WANs), Internet connection outside the direct connection, this The connection is connected, for example, by a multi-purpose serial confluence φ _SB), other forms of computer readable media, or any other combination thereof - including a set of interconnections 1^1^ based on different configurations and protocols, The router acts as a connection between LANs' so that messages can be sent from one lan to another. LANS_communication connections usually include twisted pair or coaxial cable (C〇axial Cable), and communication between networks It can be used with analog telephone lines, all or part of dedicated digital lines including ΤΙ, T2, T3 and T4, and the overall service digital network (9)

Services Digital Networks，ISDNs)、數位用戶回路(Digital Subscriber Lines ’ DSLs)、包括衛星連接的無線連接或本領 12 1298981 域技藝人士所知的其他通訊連接。此外，遠端電腦(rem〇te computer)和其他相關電子裝置可經由一數據機(m〇dem)和 臨時電話連接被遠端連接到LANs或WANs。 該網路104可更進一步包括任何各種無線子網，該等無 5線子網可更進一步覆蓋獨立隨意網路(stand-alone ad-hoc network)和類似網路，以提供一導向基礎結構連接。該等子 網可包括網狀網路(mesh network)、無線LAN(WLAN)網路 、蜂巢式網路和類似網路。該網路1〇4還可包括被無線的無 線電連接和類似物連接的終端、閘道(gateway)、路由器或 10 類似物的一自主系統(autonomous system)。該等連接器可被 設計成自由和隨機移動且任意組織其等，因此該網路的 佈局（topology)可快速改變。 15Services Digital Networks (ISDNs), Digital Subscriber Lines (DSLs), wireless connections including satellite connections, or other communication connections known to those skilled in the art. In addition, remote computers and other related electronic devices can be remotely connected to LANs or WANs via a modem (m〇dem) and a temporary telephone connection. The network 104 can further include any of a variety of wireless subnets that can further cover stand-alone ad-hoc networks and similar networks to provide a guided infrastructure connection. . The subnets may include a mesh network, a wireless LAN (WLAN) network, a cellular network, and the like. The network 1 4 may also include an autonomous system of terminals, gateways, routers or the like connected by wireless wireless connections and the like. These connectors can be designed to move freely and randomly and arbitrarily organize them, so the topology of the network can be changed quickly. 15

20 該網路104可更進一步使用複數個存取技術，包括對蜂 果式糸統、WLAN、無線路由器網狀(wireiess Rou(er mesh) 和類似系統的第2代(2G)、第2.5代、第3代(3G)、第4代(4G) 無線電存取。存取技術如2G、3G和將來存取網路技術可使 得以多行動度(various degrees of mobility)廣域覆蓋行動裝 置。例如，透過一無線電網路存取，如全球行動通訊系統 (Global System for Mobile communication，GSM)、整合封 包無線電服務(General Packet Radio Services，GPRS)、增強 型資料GSM環境(Enhanced Data GSM Environment，EDGE) 、寬頻分碼多工存取（Wideband Code Division Multiple Access，WCDMA)、CDMA 2000和類似網路，該網路l〇4 可實現一無線電連接。實質上，該網路104實際上可包括任 13 (§) 1298981 何有線和(/或）無線通訊機制，藉由該等裝置，資訊可在一 電腦裝置和另一電腦裝置、網路和類似裝置之間傳播。 另外’通訊媒體通常包括有在一已調資料信號中，如 一載波、資料信號或其他傳送機制中的電腦可讀指令、資 5料結構、程式模組或其他資料，且包括任何資訊傳送媒體 。術语已调資料信號”(m〇(juiate(j data signal)和“載波信號 " ”(carrier-wave siSnal)包括一信號，該信號具有一個或多個 其的特性組，或在該種方式下改變以編碼信號中的資訊、 ® 指令、資料和類似物。經由範例，通訊媒體包括有線媒體 10如雙絞線、同軸電纟覽、光纖、導波管(wave guide)和其他有 線媒體，以及無線媒體如聲學的、RF、紅外線和其他無線 媒體。無載波调幅/相位調變(carrierless AM/PM，CAP)、離 散多頻聲傳輸(discrete multitone transmission，DMT)和分頻 多工(frequency division multiplexing，FDM)也以調變技術 15被包括，該等技術被用於產生已調資料信號，以藉由第1圖 ^ 的運作環境100傳送信號内容。 ，第2圖是使用一安全壓縮器/解壓縮器（codec)的一安 全系統的一實施例之功能方塊圖。系統2〇〇被設計成接收數 位内容；接收與接收之數位内容有關的許可權和權利；以 20及鑑別數位内容來源。該系統200更進一步被設計成基於接 收的許可權和權利，解密及解壓縮該數位内容。如此，該 系統200可被内部的消費者106使用，或被耦接到一電視設 備、數位答錄機、視訊盒、蜂巢式電話、行動裝置、pDA 、個人電腦、紀錄庫、混合線上音樂播放器/家庭音響元件 14 1298981 系統（Internet-music-player/home-stereo-component-system) 或類似裝置。另外，該系統200可被用於說明内容提供者102 的一元件。 如第2圖所示’糸統200包括介面元件202、剖析器 5 (parser)204、安全CODEC(secure CODEC，簡稱SC)驅動器 206、清楚内容CODEC(clear content CODEC，CCC)驅動器 208、女全CODEC 212、客戶端安全(client side security， CSS)214和系統時鐘(system clock)216。另外，安全CODEC ® 驅動器206包括信任連接(trust link)210。該系統200可包括 10 比第2圖所示之元件更多的元件。不過，所示之元件對於揭 露實施本發明之說明性實施例是充分的。 該介面元件202與剖析器204相通訊。該剖析器204與SC 驅動器206和CCC驅動器208相通訊。該SC驅動器206和CCC 驅動器208與安全CODEC 212相通訊。CSS 214與安全 I5 CODEC 212和糸統時鐘216相通訊。 _ 6亥”面元件202可包括網路介面卡（network interface card ’ NICs)、行動介面卡、數位多功能光碟（digital versatile disc ’ DVD)介面、文檔系統介面，或被設計成耦接系統2〇〇 和第1圖之網路104的另一機制，且管理數位内容之交換、 20内容提供者102和消費者106之間的許可權和權利。有時該 介面元件202也可知是一收發器（transceiver)。 剖析204可被設計成分析接收自介面元件202的資訊 ，以及決定該資訊是否是安全内容、許可權、權利或“清 楚(in the clear)”傳送的數位内容。該剖析器204可被更進一 15 1298981 步設計成傳送安全内容、許可權和權利給sc驅動器206，及 傳送“清楚’’(in the clear)的數位内容給CCC驅動器208。該剖 析器204還可被設計成接收來自sc驅動器2〇6和cCC驅動器 208的數位内谷，以及組合或多路(muitipie)傳送通訊上游 5 (upstream)的數位内容給内容提供者1〇2。 女全CODEC(SC)驅動器206可被設計成使得安全客戶 如互動電視(iTV)客戶’安全應用如剖析器204，以及類 似客戶能夠與安全CODEC 212通訊。在一實施例中，該Sc 驅動器206以一軟體驅動器被實現，被設計成安全連接安全 10 CODEC 212和一運作系統。 清楚内容CODEC(CCC)驅動器208可被設計成使得客 戶如一iTV客戶、剖析器204、無保護的客戶和類似客戶能 夠與安全CODEC 212的無保護方面通訊。 信任連接210可被設計成建立一信任關係。一“信任關 15係指的是在傳遞資訊的兩個裝置、元件或團體之間建立的 一鑑別。一信任關係還可對元件之間的通信量(traffic)提供 資訊保護。藉由多個安全機制，該信任連接21〇可使得元件 之間有一信任關係，該等安全機制如公/私餘對、χ·5〇9公 錄證書、共用密錄或類似元件。然而，實質上任何形式的 20加密/解密機制可被使用。該種機制可包括（但不限於）先進 加密標準（Advanced Encryption Standard，AES)、RC6、國 際資料加密演算法(International Data Encryption Algorithm ’ IDEA)、資料加密標準(Data Encryption Standard，DES) 、三重(triple)DES、PGP或類似標準。 16 1298981 因此，該信任連接210可使得元件之間的通訊能共用一 相互信任關係，以經由加密的訊息進行通訊。該等加密的 A息可使用用於建立信任關係的相同或不同機制。因此， 在貝靶例中，利用例如一公/私鑰，一信任關係可被建立 5 ，然後一相互同意的私人的或共用的密鑰可被用於加密/解 密共用的訊息。 此外，儘管該信任連接210在SC驅動器206中被說明， 一“任連接也可與其他元件有關。例如，剖析器2〇4、介面 元件202、客戶端安全214、安全CODEC 212和CCC驅動器 10 208也可包括一信任連接，實質上類似於信任連接21〇。另 外，一實質上類似於信任連接21〇的信任連接也可被包括在 一遠端伺服器中，如被第1圖之内容提供者1〇2所使用的， 或類似裝置。 安全C Ο D E C 212在下文連同第3圖被更詳細描述。然而 15 ，簡要地說，該安全CODEC 212可被啟動以鑑別安全内容 的一來源以及，基於接收的與該安全内容有關的許可權和 權利以解密和解壓縮該安全内容。該安全C〇DEc 212還可 被設計成解壓縮接收到的“清楚”的内容。此外，該安全 CODEC 212可被設計成傳送解壓縮内容給一内容再現 20 (rendering)裝置，如一音訊裝置、圖形裝置或類似裝置。 客戶端安全（CSS)214可被設計成比較來自安全 CODEC 212的安全時序信號和來自系統時鐘216的時序信 號。藉由檢驗接收的時序信號，該CSS 214被啟動以決定篡 改(tampering)是否發生。此外，CSS 214可被啟動以提供一 ③ 17 1298981 訊息給内容提供者1〇2(在第1圖中）、安全CODEC 212或類 似者，以改變其等的可能篡改。20 The network 104 can further use a plurality of access technologies, including the second generation (2G), 2.5th generation of the bee-quality system, WLAN, wireless router mesh (wireiess Rou (er mesh) and similar systems). Third-generation (3G), fourth-generation (4G) radio access. Access technologies such as 2G, 3G, and future access network technologies enable wide-degree coverage of mobile devices with varying degrees of mobility. For example, access via a radio network, such as Global System for Mobile communication (GSM), General Packet Radio Services (GPRS), Enhanced Data GSM Environment (EDGE) ), Wideband Code Division Multiple Access (WCDMA), CDMA 2000, and the like, which can implement a radio connection. In essence, the network 104 can actually include any 13 (§) 1298981 He wired and/or wireless communication mechanism by which information can be transmitted between a computer device and another computer device, network and similar devices. Includes computer readable instructions, material structures, program modules or other materials in a modulated data signal, such as a carrier, data signal or other transmission mechanism, and includes any information transmission media. """""""""""""''''''''''''''''''''' Information in the signal, ® instructions, data, and the like. By way of example, communication media includes wired media 10 such as twisted pair, coaxial power, fiber optics, wave guides, and other wired media, as well as wireless media such as Acoustic, RF, infrared, and other wireless media. Carrierless AM/PM (CAP), discrete multitone transmission (DMT), and frequency division multiplexing (FDM) Also included in modulation technique 15, these techniques are used to generate a modulated data signal to convey signal content by operating environment 100 of Fig. 1. Fig. 2 is A security system compressor / decompressor (codec) is a security of a functional block diagram of an embodiment. System 2 is designed to receive digital content; to receive permissions and rights associated with the received digital content; 20 and to identify digital content sources. The system 200 is further designed to decrypt and decompress the digital content based on the received permissions and rights. As such, the system 200 can be used by an internal consumer 106 or coupled to a television device, a digital answering machine, a video box, a cellular phone, a mobile device, a pDA, a personal computer, a record library, and a hybrid online music player. / home audio component 14 1298981 system (Internet-music-player/home-stereo-component-system) or similar device. Additionally, the system 200 can be used to illustrate one element of the content provider 102. As shown in FIG. 2, the system 200 includes an interface component 202, a parser 204, a secure CODEC (SC) driver 206, a clear content CODEC (CCC) driver 208, and a full female CODEC (CCC) driver 208. CODEC 212, client side security (CSS) 214, and system clock 216. Additionally, the secure CODEC® driver 206 includes a trust link 210. The system 200 can include more than 10 components than those shown in FIG. However, the elements shown are sufficient to disclose illustrative embodiments for practicing the invention. The interface component 202 is in communication with the parser 204. The parser 204 is in communication with the SC driver 206 and the CCC driver 208. The SC driver 206 and CCC driver 208 are in communication with the secure CODEC 212. The CSS 214 communicates with the secure I5 CODEC 212 and the slave clock 216. The _6 hai surface element 202 can include a network interface card 'NICs', a mobile interface card, a digital versatile disc 'DVD' interface, a document system interface, or be designed to couple the system 2 And another mechanism of the network 104 of Figure 1, and managing the exchange of digital content, the permissions and rights between the content provider 102 and the consumer 106. Sometimes the interface component 202 is also known to be a transceiver. Transparency 204 can be designed to analyze information received from interface element 202 and to determine whether the information is secure content, permissions, rights, or "in the clear" transmitted digital content. 204 can be further configured to transfer secure content, permissions, and rights to the sc drive 206, and to transmit "in the clear" digital content to the CCC driver 208. The parser 204 can also be designed to receive digital valleys from the sc driver 2〇6 and the cCC driver 208, and combine or multiply the digital content of the communication upstream 5 to the content provider 1〇2 . The female full CODEC (SC) driver 206 can be designed to enable secure customers such as interactive television (iTV) client' security applications such as parser 204, and similar clients to communicate with secure CODEC 212. In one embodiment, the Sc drive 206 is implemented as a software driver designed to securely connect the secure 10 CODEC 212 to an operational system. The Clear Content CODEC (CCC) driver 208 can be designed to enable a customer, such as an iTV client, profiler 204, unprotected client, and the like, to communicate with the unprotected aspects of the secure CODEC 212. Trust connection 210 can be designed to establish a trust relationship. A "trust 15" refers to an authentication established between two devices, components, or groups that transmit information. A trust relationship can also provide information protection for traffic between components. The security mechanism, the trust connection 21, can have a trust relationship between the components, such as public/private pairs, χ·5〇9 public certificate, shared secret record or the like. However, in virtually any form The 20 encryption/decryption mechanism can be used. Such mechanisms can include, but are not limited to, Advanced Encryption Standard (AES), RC6, International Data Encryption Algorithm (IDEA), and Data Encryption Standard. (Data Encryption Standard, DES), triple DES, PGP, or the like. 16 1298981 Thus, the trust connection 210 enables communications between components to share a mutual trust relationship for communication via encrypted messages. The encrypted A-share can use the same or different mechanisms used to establish the trust relationship. Therefore, in the target case, for example, a public/private key, The relationship can be established 5, and then a mutually agreed private or shared key can be used to encrypt/decrypt the shared message. Further, although the trusted connection 210 is illustrated in the SC driver 206, a "any connection" is also Can be related to other components. For example, parser 2〇4, interface component 202, client security 214, secure CODEC 212, and CCC driver 10 208 may also include a trust connection, substantially similar to trust connection 21〇. In addition, a trust connection substantially similar to the trust connection 21 can also be included in a remote server, such as used by content provider 1〇2 of Figure 1, or a similar device. Safety C Ο D E C 212 is described in more detail below in conjunction with Figure 3. However, in brief, the secure CODEC 212 can be activated to authenticate a source of secure content and to decrypt and decompress the secure content based on the received permissions and rights associated with the secure content. The secure C〇DEc 212 can also be designed to decompress the received "clear" content. Additionally, the secure CODEC 212 can be designed to transmit decompressed content to a content rendering device, such as an audio device, graphics device, or the like. Client Security (CSS) 214 can be designed to compare secure timing signals from secure CODEC 212 with timing signals from system clock 216. By examining the received timing signal, the CSS 214 is activated to determine if tampering has occurred. In addition, CSS 214 can be activated to provide a 3 17 1298981 message to content provider 1 〇 2 (in Figure 1), secure CODEC 212, or the like to change their possible tampering.

第3圖是一安全C〇DEC的一實施例之功能方塊圖，如 第2圖之安全CODEC 212,使用安全壓縮和解壓縮數位内容 5的元件。如第3圖所示，安全CODEC 300包括通訊介面302 、鑑別（authentication)/授權（authorization)(簡稱 AA)元件 304 、安全儲存306、安全時鐘308、不對稱密碼單元(asymnietriC crypt〇graphy)310、對稱密碼單元312和CODEC 314。 該通訊介面302與AA元件304、不對稱密碼單元31〇、 10對稱岔碼單元312以及CODEC 314通訊。該安全儲存3〇6與 AA元件304以及安全時鐘308通訊。儘管沒有顯示，但該安 全儲存306可隨意地與不對稱密碼單元31〇以及對稱密碼單 兀312通訊。該對稱密碼單元312與(：：〇£^(：： 314通訊。不對 稱密碼單元31〇也與CODEC 314通訊。 15 該通訊介面302可被啟動以傳送第2圖之SC驅動器206 和CCC驅動器208以及安全CODEC 300内的一適當元件之 間的貧訊。在一實施例中，該通訊介面3〇2可使用與其他元 件的一信任關係，該等元件與該通訊介面相通訊。因此， 該通訊介面302可使用上述的一信任連接，以至少部分建立 2〇信任關係。該通訊介面302還可被設計成管理在安全 CODEC 300内之適當元件的請求(inv〇cati〇n)。 鑑別/授權（AA)元件304被設計成提供單向（〇ne_〜叮)和 雙向鑑別以及決定存取安全内容的授權。該AA元件3〇4著 重於提供對安全内容的來源、許可權和存取權利的來源的 18 1298981 身份驗證，也對通訊元件的身份驗證，如第2圖之安全 CODEC(SC)驅動器206或類似元件。該AA元件304還可被設 計成提供資訊給安全儲存306以及接收來自該安全儲存306 的資訊。在一實施例中，該AA元件304提供鑑別和驗證， 5 以使得一信任關係在元件之間被建立。在一實施例中，在 電源中斷的情形，該AA元件304可提供持久(persistent)鑑別 和身份。在一實施例中，AA元件304的鑑別和授權兩方面 是分別的元件。Figure 3 is a functional block diagram of an embodiment of a secure C DEC, such as the secure CODEC 212 of Figure 2, which uses components that securely compress and decompress digital content 5. As shown in FIG. 3, the secure CODEC 300 includes a communication interface 302, an authentication/authorization (AA) component 304, a secure storage 306, a secure clock 308, and an asymnietriC crypt〇graphy 310. , symmetric cryptographic unit 312 and CODEC 314. The communication interface 302 is in communication with the AA component 304, the asymmetric cryptographic unit 31A, the 10 symmetric symmetry unit 312, and the CODEC 314. The secure storage 3〇6 communicates with the AA component 304 and the secure clock 308. Although not shown, the secure storage 306 is free to communicate with the asymmetric cryptographic unit 31A and the symmetric cryptographic unit 312. The symmetric cryptographic unit 312 communicates with (:: ^£^(:: 314. The asymmetric cryptographic unit 31 通讯 also communicates with the CODEC 314. 15 The communication interface 302 can be activated to transmit the SC driver 206 and the CCC driver of FIG. 208 and a poor interface between a suitable component within the secure CODEC 300. In one embodiment, the communication interface 〇2 can use a trust relationship with other components that communicate with the communication interface. The communication interface 302 can use the trust connection described above to at least partially establish a trust relationship. The communication interface 302 can also be designed to manage requests for appropriate components within the secure CODEC 300 (inv〇cati〇n). The Authorization (AA) component 304 is designed to provide one-way (〇ne_~叮) and two-way authentication and authorization to determine access to secure content. The AA component 3〇4 focuses on providing sources, permissions and deposits of secure content. The source of the rights is 18 1298981 authentication, also authentication of the communication component, such as the secure CODEC (SC) driver 206 or similar component of Figure 2. The AA component 304 can also be designed to provide information to the secure storage. 306 and receiving information from the secure storage 306. In an embodiment, the AA component 304 provides authentication and verification, 5 such that a trust relationship is established between the components. In one embodiment, the power is interrupted. In this case, the AA component 304 can provide persistent authentication and identity. In one embodiment, the authentication and authorization of the AA component 304 are separate components.

10 安全儲存306可被設計成接收以及保護資訊，該等資訊 與元件身份、資訊來源如内容或類似物以及與内容有關的 許可權和權利有關。該等資訊可包括（但不限於）公/私鑰對 、X·509證書、對稱金鑰、指紋、來源識別符（identifier)、 内容識別符，以及與内容有關的權利和許可權資訊或類似 資訊。 安全時鐘308可被設計成提供時序信號給客戶端安全 (CSS)214(第2圖中），以與系統時鐘216相比較。該安全時鐘 308還可被設計成提供時序信號給安全儲存3〇6，儘管沒有 顯示，其也提供給AA元件304、通訊介面302、CODEC 314 、不對稱密碼單元310和對稱密碼單元312。 不對稱密碼單元310可被設計成提供基於密碼行為的 公/私鑰。該等公/私密碼行為包括(但不限於)金鑰產生、數 位簽名、加密、解密和完整性(integrity)檢查。該不對稱密 碼單元310還使得加密/解密金鑰有一安全交換。該不對稱 密碼單元310可更進一步被啟動以接收來自通訊介面302的 0) 19 1298981 .* 安全内容，使用獲得自安全儲存306的資訊以解密該安全内 容，以及發送該解密的内容給CODEC 314。實質上，任何 不對稱密碼機制可被不對稱密碼單元310使用，該等機制包 括（但不限於)Diffie-Hellman、RSA、EIGama卜 DSS、Elliptic 5 Curve、Paillier密碼系統或類似裝置。 對稱密碼單元312可被設計成提供基於密碼行為的對 ' 稱金鑰或私鑰。例如，該對稱密碼單元312可被啟動以接收10 Secure storage 306 can be designed to receive and protect information relating to component identities, sources of information such as content or the like, and permissions and rights associated with the content. Such information may include, but is not limited to, public/private key pairs, X.509 certificates, symmetric keys, fingerprints, source identifiers, content identifiers, and rights and permission information or similar to the content. News. The secure clock 308 can be designed to provide timing signals to the client security (CSS) 214 (in FIG. 2) for comparison with the system clock 216. The secure clock 308 can also be designed to provide timing signals to the secure storage 3〇6, although not shown, to the AA component 304, the communication interface 302, the CODEC 314, the asymmetric cryptographic unit 310, and the symmetric cryptographic unit 312. Asymmetric cryptographic unit 310 can be designed to provide a public/private key based on cryptographic behavior. Such public/private password behaviors include, but are not limited to, key generation, digital signature, encryption, decryption, and integrity checking. The asymmetric cipher unit 310 also causes the encryption/decryption key to have a secure exchange. The asymmetric cryptographic unit 310 can be further activated to receive 0) 19 1298981 .* security content from the communication interface 302, using information obtained from the secure storage 306 to decrypt the secure content, and to send the decrypted content to the CODEC 314 . In essence, any asymmetric cryptographic mechanism can be used by asymmetric cryptographic unit 310, including but not limited to Diffie-Hellman, RSA, EIGama DS, Elliptic 5 Curve, Paillier cryptosystem or the like. The symmetric cryptographic unit 312 can be designed to provide a pair of keys or private keys based on cryptographic behavior. For example, the symmetric cryptographic unit 312 can be activated to receive

來自通訊介面302的安全内容，使用獲得自安全儲存306的 ’籲 資訊以解密該安全内容，以及發送該解密的内容給CODECThe secure content from the communication interface 302 uses the 'claims' obtained from the secure storage 306 to decrypt the secure content and send the decrypted content to the CODEC.

10 314。該對稱密碼單元312也可被啟動以接收來自CODEC 314的壓縮内容，使用獲得自安全儲存306的資訊以加密該 壓縮内容，以及發送該加密内容給通訊介面302。實質上， 任何對稱密碼機制可被該對稱密碼單元312使用，該等機制 包括(但不限於)AES、RC4、SEAL、DES、IDEA或類似裝 15 置。 CODEC 314包括多種壓縮/解壓縮機制的任一種，該等 機制被設計成接收壓縮内容及解壓縮該内容以供消費者欣 賞的數位格式。例如’該CODEC 314可使用動晝專家群 (Moving Pictures Experts Group，MPEG)、聯合照相專家君羊 20 (Joint Photographic Experts Group，JPEG)、小波(wavelet) 和用於壓縮及解壓縮接收之數位内容的其他機制。該 CODEC 314還可被設計成接收未壓縮的數位内容且壓縮該 内容。 不同於在第2圖和第3圖中所說明的本發明，習知方法 ⑧ 20 1298981 提供CODEC_^其他安全特徵，如在實際不同的裝置或 系統中的解密和鐘別。本發明已確定該等特徵和功能性的 區別傾向造成女全性的漏洞（security h〇le)和介面（介於裝 置或系統之間）的攻擊點(p〇int)。此外，習知方法導致安全 5特徵之間的通訊内容實質上“清楚(in the dear)，，且未被保護 。另外，在習知方法中的安全特徵通常不能在彼此之間建 立信任關係，從而增加了其等暴露給駭客、偽造和盜版内 容的機會。 藉由在其他行為之中綜合上述的安全特徵，本發明著 10 重於尋找上述缺點、不利條件和問題。 廣義運作（generalizes operation、 第4圖說明一流程圖，通常顯示本發明各層面的過程的 一實施例，該過程用於安全解壓縮内容。過程4〇〇可在第2 圖所示之系統200内被使用。 15 如圖中所示的400，在一開始方塊後，過程移動到方塊 402，在此數位内容被接收。然後過程進入決定方塊4〇4， 在此作出接收之内容是否安全的一決定。 在該決定方塊404 ’如果決定該接收之内容是不安全的 ，則過程流向方塊412。否則，在該決定方塊4〇4，如果決 20 定該接收之内容是安全的，則過程進入決定方塊4〇6。 在決定方塊406，作出與接收之内容有關的一來源是否 可信任的一決定。在一實施例中，接收之内容被與該内容 有關的來源數位標έ己。與遠來源有關的 <一公錄被用於鑑別 該來源以及決定該接收之内容的完整性。不過，本發明並 21 1298981 不強制使用公錄。例如，接收之内容可利用一共用的私鑰 或類似物被標記或被加密，而沒有脫離本發明的範圍或精 神。在任何情形下，在決定方塊4〇6，如果決定該來源鑑別 或接收之内容的完整性是無效的，則過程移到一結束方塊 5且返回執行其他行為。鑑別或來源完整性無效有多種原因 ，包括（但不限於）一無效或過期的χ·5〇9證書、不匹配的公/ • 私鑰對、不正確的共用私鑰、過期的證書授權簽名、接收 之内容已被篡改(tamper with)或類似原因。在一實施例中， @ 一 Λ息或其他#號可被發送到被察覺(perceive(j)接收之内 10容的内容所有者、一裝置所有者或類似者，用以表示系統 不能鑑別該内容來源。 否則，在決定方塊406，如果決定該來源鑑別和接收之 内谷的完整性是有效的，則過程移到決定方塊4〇8，在此作 出一消費者是否已存取接收之内容的一決定。對存取接收 15之内谷的決定包括（但不限於）對與接收之内容有關的接收 之許可權和權利的一分析。 在決定方塊408,如果決定該消費者沒有被如與安全内 容有關的許可權和(/或)權龍權存取安全内容，則過程移 到-結束方塊且返回執行其他行為。在一實施例中，一訊 2〇息或類似信號可被提供給消費者，以表示存取安全内容被 拒絕。否則，如果決定消費者被授權存取接收之内容，則 過程進入方塊41〇。 在方棟410’利用對稱加密金鑰、不對稱加密金錄或對 稱和不對稱加密金鑰的組合，接收之内容被解密。在方塊 ㊣ 22 1298981 » 410完成後’過程進入方塊412。 在方塊412，利用多種解壓縮機制的任一種，接收之内 容被解壓縮，該等機制可以提供被再現的内容。例如，方 塊412可使用動畫專家群(]^1^(5)、聯合照相專家群(11^(3) 5 、小波和其他用於壓縮及解壓縮接收之内容的機制。在方 塊412完成後，過程進入方塊4H，在此解壓縮内容被發送 . 到至少一個其他過程以提供消費者欣賞再現該内容。下一 步，過程移到一結束方塊，在此過程然後返回以執行其他 •行為。 10 需要理解的是，該說明流程圖的每一方塊和該說明流 程圖中的方塊組合，都可被電腦程式指令實現。該等程式 指令可被提供給一處理器以產生一機器，因此在處理器上 執行的指令可產生用於實現在流程方塊或多個方塊中指定 行為的裝置。該等電腦程式指令可被一處理器執行以引起 15 一連串運作步驟，該等步驟被處理器執行以產生一電腦實 現的過程，因此在處理器上執行的該等指令提供用於實現 在流程方塊或多個方塊中指定行為的步驟。 因此，說明流程圖的方塊支持用於執行指定行為之裝 置的組合、用於執行指定行為之步驟的組合以及用於執行 20指定行為之程式指令裝置。還需要理解的是，該說明流程 圖的每一方塊和該說明流程圖中的方塊組合，可被基於特 殊用途之硬體的系統或特殊用途之硬體和電腦指令的組合 實現，該等系統執行指定行為或步驟。 上述詳述、範例和資料提供了對製造和使用本發明構 23 1298981 成的-完整說明。因為本發明的很多實施例可在沒有脫離 本毛明之精神和範圍下被實施，所以本發明在下文附加的 申請專利範圍内。 【圖式簡辱》說^明】 5 第1圖疋說明本發明在其中被實現的一示範運作環境 的功能方塊圖。 第2圖疋使用安全C0DEC系統之實施例的功能方塊圖。 第3圖是如第2圖所述之安全CODEC之實施例的方塊 酴》，帛时妓姊賴紐㈣容。 10 第4圖說明1程圖，通常顯示本發明各方面的過程的 一貫施例，該過程用於安全解壓縮内容。 【主要元件符號說明】 100…運作環境 212···安全壓縮器/解壓縮器 102…内容提供者 214· ··客戶端安全 104...網路 216···系統時鐘 106...消費者 300···安全壓縮器/解壓縮器 200...系統 302. .·通訊介面 202…介面元件 304…働J/授權元件 204...剖析器 306···安全儲存 206· ··安全壓縮器/解壓縮器驅 308…安全時鐘 動器 310…不對稱密碼單元 208· ··清楚内容壓縮器/解壓縮 312···對稱密碼單元 器驅動器 314···壓縮器/解壓縮器 210…信任連接 4CXM14···步驟方塊 2410 314. The symmetric cryptographic unit 312 can also be activated to receive compressed content from the CODEC 314, use the information obtained from the secure storage 306 to encrypt the compressed content, and send the encrypted content to the communication interface 302. In essence, any symmetric cryptographic mechanism can be used by the symmetric cryptographic unit 312, including but not limited to AES, RC4, SEAL, DES, IDEA, or the like. The CODEC 314 includes any of a variety of compression/decompression mechanisms designed to receive compressed content and decompress the content in a digital format that is appreciated by the consumer. For example, 'The CODEC 314 can use Moving Pictures Experts Group (MPEG), Joint Photographic Experts Group (JPEG), wavelets, and digital content for compression and decompression reception. Other mechanisms. The CODEC 314 can also be designed to receive uncompressed digital content and compress the content. Unlike the invention illustrated in Figures 2 and 3, the conventional method 8 20 1298981 provides CODEC_ other security features, such as decryption and clocking in actual different devices or systems. The present invention has determined that the difference in the characteristics and functionality tends to result in a female vulnerability and an attack point (p〇int) between the device (between devices or systems). Moreover, conventional methods result in communication content between security 5 features being substantially "in the dear" and not protected. In addition, security features in conventional methods are generally not capable of establishing trust relationships with each other, This increases the chances of exposure to hackers, counterfeit and pirated content. By combining the above-mentioned security features among other behaviors, the present invention focuses on finding the above disadvantages, disadvantages and problems. Figure 4 illustrates a flow diagram generally showing an embodiment of the process of the various aspects of the present invention for securely decompressing content. Process 4 can be used within system 200 shown in Figure 2. 400, after the start block, the process moves to block 402 where the digital content is received. The process then proceeds to decision block 4〇4, where a determination is made as to whether the received content is safe. Decision block 404 'If it is determined that the received content is unsecure, then the process flows to block 412. Otherwise, at decision block 4〇4, if the decision is received The content is secure, and the process proceeds to decision block 4-6. At decision block 406, a determination is made as to whether a source associated with the received content is trustworthy. In an embodiment, the received content is associated with the content. The source number is labeled as follows. The "one record associated with the far source is used to identify the source and determine the integrity of the content received. However, the invention does not enforce the use of the record. For example, the content received It may be marked or encrypted with a shared private key or the like without departing from the scope or spirit of the invention. In any case, in decision block 4〇6, if the integrity of the content identified or received by the source is determined If it is invalid, the process moves to an end block 5 and returns to perform other actions. There are several reasons for invalidation or source integrity, including (but not limited to) an invalid or expired χ·5〇9 certificate, a mismatched public / • Private key pair, incorrect shared private key, expired certificate authorization signature, received content has been tampered with (tamper with) or the like. In one embodiment, @一The suffocation or other ## can be sent to the content owner, a device owner, or the like, within the perceived (j) reception, to indicate that the system cannot identify the source of the content. Otherwise, in the decision block 406. If it is determined that the integrity of the source identification and reception is valid, the process moves to decision block 4-8 where a decision is made as to whether the consumer has accessed the received content. The decision within the valley of 15 includes, but is not limited to, an analysis of the permissions and rights of the recipient in connection with the received content. At decision block 408, if it is determined that the consumer is not permitted by the security-related content and (/or) The right to access secure content, the process moves to the end block and returns to perform other actions. In one embodiment, a message or similar signal may be provided to the consumer to indicate that access to secure content is denied. Otherwise, if it is determined that the consumer is authorized to access the received content, then the process proceeds to block 41. The received content is decrypted at the square 410' using a symmetric encryption key, an asymmetric encryption record, or a combination of symmetric and asymmetric encryption keys. After the block is 22 1298981 » 410 is completed, the process proceeds to block 412. At block 412, the received content is decompressed using any of a variety of decompression mechanisms that can provide the rendered content. For example, block 412 may use an animation expert group ()^1^(5), a joint photographic expert group (11^(3)5, wavelets, and other mechanisms for compressing and decompressing received content. After completion at block 412 The process proceeds to block 4H where the decompressed content is sent. To at least one other process to provide consumer appreciation for rendering the content. Next, the process moves to an end block where it then returns to perform other behaviors. It will be understood that each block of the flowchart illustrations and combinations of blocks in the flowchart of the description can be implemented by computer program instructions. The program instructions can be provided to a processor to produce a machine, and therefore processed The instructions executed on the device may generate means for implementing the specified behavior in the process block or blocks. The computer program instructions may be executed by a processor to cause 15 a series of operational steps that are executed by the processor to generate A computer-implemented process, such that the instructions executed on the processor provide steps for implementing the specified behavior in the process block or blocks. The blocks of the flowcharts support combinations of means for performing the specified acts, combinations of steps for performing the specified acts, and program instruction means for performing the specified actions. It is also understood that each of the illustrated flowcharts The blocks and combinations of blocks in the flow chart of the description can be implemented by a special purpose hardware system or a combination of special purpose hardware and computer instructions that perform specified actions or steps. The above detailed description, examples and materials The present invention is provided with a full description of the invention and the use of the present invention. The invention is intended to be limited to the scope of the appended claims. [Description of Insults] [5] Figure 1 illustrates a functional block diagram of an exemplary operating environment in which the present invention is implemented. Figure 2 is a functional block diagram of an embodiment using a secure C0DEC system. The figure is a block diagram of the embodiment of the secure CODEC as described in Fig. 2, and the time is shown in Fig. 4 A consistent embodiment of the process of various aspects of the present invention for safely decompressing content. [Main Component Symbol Description] 100...Operating Environment 212···Safe Compressor/Decompressor 102...Content Provider 214··· Client Security 104...Network 216··System Clock 106...Consumer 300···Safe Compressor/Decompressor 200...System 302..·Communication Interface 202...Interface Element 304...働J/Authorization Element 204... Parser 306···Safe Storage 206···Safe Compressor/Decompressor Drive 308... Secure Clock Aperture 310...Asymmetric Cryptographic Unit 208···Clear Content Compressor/Solution Compression 312···symmetric crypto unit driver 314···compressor/decompressor 210...trust connection 4CXM14···Step block 24

Claims (1)

Translated fromChinese

1298981 户年/月)s日修g 十、申謗專利範面： 第94132827號申請案申請專利範圍修正本 97.〇1 28 1· 一種用於安全提供數位内容之裝置，包含· · 一通訊介面，被設計成接收數位内容； -鐘別元件’與該通訊介面相通訊，且被 行動作，包括以下動作： 為執 決定該數位内容的一來源是否可信； 基於-數位_和許可權，蚊麵該數位内容3 否被授權；以及 & 10 如果該來源是可信的且存取該數位内容是被授權 的’則使該數位内容能被安全解壓縮。 2·如申睛專利範圍第1項所述之裝置，更進一步包含一 a 全儲存，被設計成包括一加密金鑰、一信任金鑰、一來 源識別符、該許可權或該數位權利中的至少一個。 15 3.如申請專利範圍第1項所述之裝置，更進一步包含一通 訊介面，被設計成在一網路上接收該數位内容且經由一 信任連接朝向該鑑別元件發送該數位内容。 4.如申請專利範圍第1項所述之裝置，更進一步包含： 一安全壓縮器/解壓縮器，被設計成安全接收來自 20 該通訊介面的數位内容且解壓縮該數位内容。 5·如申請專利範圍第4項所述之裝置，其中，該安全壓縮 器/解壓縮器使用與該通訊介面的一安全信任關係接收 該數位内容。 6.如申請專利範圍第1項所述之裝置，其中，該接收之數 25 1298981 位内容被加密。 7·如申請專利範圍第1項所述之裝置，其中，該裝置存在 於一電視機、一數位答錄機、視訊盒、行動裝置或一記 錄庫中的至少一個内。 5 8·如申請專利範圍第1項所述之裝置，更進一步包含： 一安全時鐘，被設計成利用一安全通訊機制提供安 全時序信號；以及 一客戶端安全元件，與該安全時鐘相通訊且被設計 成執行動作，包括以下動作： 10 接收一系統時序信號； 接收该安全時鐘的時序信號； 如果該系統時序信號和該安全時鐘之時序信號的 一比較結果表示出篡改，則發送_表示檢測出篡改的訊 息。 15 9· 一種提供數位内容的方法，包含以下步驟： 接收數位内容； 鑑別3亥數位内容的一來源；以及 在部分基於與一使用者有關的一權利和一許可權 以及該來源_下，如果存取該數仙容被允許，則解 20 W數位内容’ •湘—安全壓縮H/解壓縮ϋ安全解 壓縮該解密的數位内容。 1〇.二申請專利範圍第9項所述之方法，其中，該安全壓縮 器/解壓縮器利用—安全信任連接接收該數位内容。 11.如申請專利範圍第9項所述之方法，其中，鑑別該來源 26 1298981 更進一步包含以下步驟： 决疋一與该數位内谷之來源有關的數位簽名、一數 位證書或一金鑰中的至少一個的有效性。 12.如申請專利範圍第9項所述之方法，更進一步包含以下 5 步驟： 接收一時序信號； 接收一安全時序信號， 如果該時序信號和該安全時序信號表示出篡改，則 提供一表示檢測到篡改的訊息。 10 13.如申請專利範圍第9項所述之方法，更進一步包含以下 步驟：以一加密格式接收該權利或許可權。 14.如申請專利範圍第9項所述之方法，更進一步包含以下 步驟： 15 20 如果該來源是未鑑別的，㈣止解密和解壓縮該數 位内容。 15·—種用於提供數位内容之系統，人 -剖析器，被設計成執行動::包括以下動作： 接收數位内容； 如果接收之數位内容I去 禾加密的，則提供該未加密 的數位内容給一清楚内容壓 至、、、佑裔/解壓縮器以被解壓縮 ，以及 如果該接收之數位内交B ^ I加密的，則提供該加密的 數位内容給-安全壓縮器/解壓縮器； 該安全壓縮器/解壓給哭 ° '、、裔與該剖析器相通訊，且被 27 1298981 設计成執行動作，包括以下動作·· 、二由^任連接安全接收該加密之數位内容； 鑑別該加密之數位内容的一來源； 決定與該數位内容有關的一權利和—許可權；以及 5 ^果該來源被決定是可信的且該權利和該許可權 使贱夠存取該數_容，顧後解密該數位内容及解 壓縮該未加密的數位内容。 16·如申請專利_第15項所述之系統，其中，鑑別該來源 更進-步包含：決與該數位内容之來源有關的—數 1〇 位簽名、-數位證書或-金鑰中的至少—個的有效性。 17.如申請專利範圍第15項所述之系統，其中，建立該信任 連接更進—步包含使用一數位加密/解密金鑰、-散列 或一數位證書中的至少一個。 18·如申請專利範圍第15項所述之系統，其中，該安全壓縮 器/解壓縮器更進一步包含： 一鐘別元件，被設計成決定一來源的鐘別，以及部 分基於權利和許可權，決定存取數位内容；以及 至少一個密碼元件’被設計成接收和解密被加密 之數位内容。 2〇 1 q •—種用於提供數位内容之設備，包含： 一收發器，被設計成接收數位内容； 用於安全決定對該數位内容的一來源的鑑別之裝置； 用於安全決定與該數位内容一使用有關的_權利 或許可權之裴置；以及 28 1298981 用於使該數位内容能被安全解密和解壓縮之裝置 ，如果決定該數位内容之來源是可信的且該權利或許可 權使該數位内容能使用，則用於使該數位内容能被安全 解密和解壓縮。 5 20.如申請專利範圍第19項所述之設備，其中，用於使得該 數位内容能被安全解密和解壓縮的該裝置更進一步包 含用於與該設備的至少一個其他元件建立一信任關係 之裝置。 21.如申請專利範圍第19項所述之設備，更進一步包含： 10 用於安全檢測一時序信號的篡改之裝置；以及 用於提供一訊息之裝置，如果該篡改被檢測到，則 用於提供一訊息。 291298981 Household Year/Month) s day repair g X. Application for patents: Application No. 94132827 Application for revision of patent scope 97.〇1 28 1· A device for securely providing digital content, including · · Communication The interface is designed to receive digital content; - the clock component communicates with the communication interface and is acted upon, including the following actions: determining whether a source of the digital content is trusted; based on - digital _ and permissions , the mosquito content of the digital content 3 is authorized; and & 10 if the source is trusted and the access to the digital content is authorized 'then the digital content can be safely decompressed. 2. The device of claim 1, further comprising a full storage, designed to include an encryption key, a trust key, a source identifier, the permission or the digital rights At least one of them. The device of claim 1, further comprising a communication interface designed to receive the digital content over a network and to transmit the digital content to the authentication component via a trusted connection. 4. The apparatus of claim 1, further comprising: a secure compressor/decompressor designed to securely receive digital content from the communication interface and decompress the digital content. 5. The device of claim 4, wherein the secure compressor/decompressor receives the digital content using a secure trust relationship with the communication interface. 6. The apparatus of claim 1, wherein the received number of 25 1298981 bits of content is encrypted. 7. The device of claim 1, wherein the device is present in at least one of a television set, a digital answering machine, a video box, a mobile device, or a recording library. 5 8. The apparatus of claim 1, further comprising: a secure clock designed to provide a secure timing signal using a secure communication mechanism; and a client security component in communication with the secure clock Designed to perform an action, including the following actions: 10 receiving a system timing signal; receiving a timing signal of the safety clock; if a comparison result of the system timing signal and the timing signal of the safety clock indicates tampering, transmitting _ indicates detection A message of tampering. 15 9. A method of providing digital content, comprising the steps of: receiving digital content; identifying a source of 3 liter content; and based in part on a right and a license associated with a user and the source _ if If the number of accesses is allowed, then the 20 W digital content is solved. • • The security compression H/decompression ϋ securely decompresses the decrypted digital content. The method of claim 9, wherein the secure compressor/decompressor receives the digital content using a secure trust connection. 11. The method of claim 9, wherein the identifying the source 26 1298981 further comprises the step of: determining a digital signature, a digital certificate or a key associated with the source of the digit valley The validity of at least one. 12. The method of claim 9, further comprising the steps of: receiving a timing signal; receiving a safety timing signal, providing a representation detection if the timing signal and the safety timing signal indicate tampering To the tampering message. 10. The method of claim 9, further comprising the step of: receiving the right or license in an encrypted format. 14. The method of claim 9, further comprising the steps of: 15 20 if the source is unidentified, (4) decrypting and decompressing the digital content. 15. A system for providing digital content, a human-parser, designed to perform actions: includes the following actions: receiving digital content; providing unencrypted digits if the received digital content I is encrypted The content is given a clear content to, ,, the devotee/decompressor to be decompressed, and if the received digit is B ^ I encrypted, the encrypted digital content is provided to the secure compressor / decompressed The security compressor/decompression gives the crying ', the communication with the parser, and is designed to perform the action by 27 1298981, including the following actions, and the secure connection of the encrypted digital content by the connection Identifying a source of the encrypted digital content; determining a rights and permissions associated with the digital content; and 5^ the source is determined to be authentic and the rights and the permissions enable access to the Number_容, after decrypting the digital content and decompressing the unencrypted digital content. The system of claim 15, wherein the identifying the source further comprises: determining the source of the digital content - a 1-digit signature, a digital certificate, or a - key At least one of the validity. 17. The system of claim 15 wherein establishing the trust connection further comprises using at least one of a digit encryption/decryption key, a hash, or a digital certificate. 18. The system of claim 15 wherein the secure compressor/decompressor further comprises: a clock component, designed to determine a source of time, and based in part on rights and permissions Determining access to digital content; and at least one cryptographic element 'is designed to receive and decrypt the encrypted digital content. 2〇1 q • A device for providing digital content, comprising: a transceiver designed to receive digital content; means for securely determining a source of the digital content; for security decision and The digital content is used in conjunction with the relevant rights or permissions; and 28 1298981 is used to enable the digital content to be securely decrypted and decompressed, if the source of the digital content is determined to be authentic and the rights or permissions Making the digital content usable is used to enable the digital content to be securely decrypted and decompressed. 5. The device of claim 19, wherein the means for enabling the digital content to be securely decrypted and decompressed further comprises establishing a trust relationship with at least one other component of the device. Device. 21. The device of claim 19, further comprising: 10 means for safely detecting tampering of a timing signal; and means for providing a message, if the tamper is detected, for Provide a message. 29