US20160315776A1

Movatterモバイル変換

Info

Publication number: US20160315776A1
Application number: US15/202,100
Authority: US
Inventors: Joshua D. Hug
Original assignee: Intel Corp
Current assignee: Intel Corp
Priority date: 2003-11-21
Filing date: 2016-07-05
Publication date: 2016-10-27
Also published as: WO2007041567A3; WO2007041567A2; US20130305052A1; JP2014195298A; EP1955278B1; JP5805825B2; JP2013041589A; JP2013122767A; KR20080059420A; EP1955278A2; US8498942B2; US8185475B2; JP2009515238A; US20060085351A1; KR101363460B1; JP5717713B2; US20120215699A1; KR101428958B1; KR20130103810A; EP1955278A4

Abstract

A device initialization method includes generating a license request for a personal media device. A timeout indicator may be obtained for a subscription associated with the personal media device. The license request and the timeout indicator may be combined to form a device license for the personal media device. The device license may be digitally-signed to form a signed device license.

Description

RELATED APPLICATIONS

This application is a continuation-in-part of the following application, which is herein incorporated by reference: U.S. Ser. No. 10/719,981; filed 21 Nov. 2003, entitled: DIGITAL RIGHTS MANAGEMENT FOR CONTENT RENDERING ON PLAYBACK DEVICES.

TECHNICAL FIELD

This invention relates to sharing media content and, more particularly, to sharing media content between multiple personal media devices.

BACKGROUND

Media distribution systems (e.g., the Rhapsody™ and Rhapsody-to-Go™ services offered by RealNetworks™ of Seattle, Wash.) distribute media content to a client electronic device (e.g., an MP3 player) from a media server. A media distribution system may distribute media content by allowing a user to download media data files and/or receive and process media data streams.

When media data files are traditionally downloaded to a user's client electronic device, each media data file downloaded is licensed for exclusive use on the user's client electronic device, such that the usage rights (associated with the downloaded media data file) are passed to the client electronic device at the time that the media data file is downloaded.

Often, a user of a first client electronic device may wish to share a media data file (e.g., a song) with a user of a second client electronic device. Unfortunately, as the media data files are licensed for exclusive use on a specific client electronic device, the media data file may not be directly transferred from the first client electronic device to the second client electronic device. Accordingly, the user of the second client electronic device would typically be required to obtain the media data file from the media distribution system.

SUMMARY OF DISCLOSURE

In a first implementation, a device initialization method includes generating a license request for a personal media device. A timeout indicator may be obtained for a subscription associated with the personal media device. The license request and the timeout indicator may be combined to form a device license for the personal media device. The device license may be digitally-signed to form a signed device license.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagrammatic view of a DRM process, a media distribution system, a client application, a proxy application, and a personal media device coupled to a distributed computing network;

FIG. 2 is an isometric view of the personal media device ofFIG. 1;

FIG. 3 is a diagrammatic view of the personal media device ofFIG. 1;

FIG. 4 is a display screen rendered by the client application ofFIG. 1;

FIG. 5 is a display screen rendered by the client application ofFIG. 1;

FIG. 6 is a display screen rendered by the client application ofFIG. 1;

FIG. 7 is a display screen rendered by the client application ofFIG. 1;

FIG. 8 is a display screen rendered by the client application ofFIG. 1;

FIG. 9 is a display screen rendered by the proxy application ofFIG. 1;

FIG. 10 is a display screen rendered by the proxy application ofFIG. 1;

FIG. 11 is a display screen rendered by the proxy application ofFIG. 1;

FIG. 12ais a diagrammatic view of the media distribution system, personal media device, and distributed computing network ofFIG. 1;

FIG. 12bis a flowchart of a process executed by the DRM process ofFIG. 1;

FIG. 13ais a diagrammatic view of the media distribution system, personal media device, and distributed computing network ofFIG. 1;

FIG. 13bis a flowchart of a process executed by the DRM process ofFIG. 1;

FIG. 14ais a diagrammatic view of two personal media devices coupled to each other via a secure communication channel;

FIG. 14bis a flowchart of a process executed by the DRM process ofFIG. 1; and

FIG. 15 is a diagrammatic view of an asymmetric key block.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTSSystem Overview

Referring toFIG. 1, there is shown a DRM (i.e., digital rights management)process10 that may be resident on and executed bypersonal media device12. As will be discussed below in greater detail,DRM process10 allows a user (e.g., user14) ofpersonal media device12 to managemedia content16 resident onpersonal media device12. Examples ofpersonal media device12 include a laptop/notebook computer, a PDA (i.e., personal digital assistant), a cellular telephone, a portable media player (e.g., an MP3 player), a pager, a wireless email device (e.g., a Blackberry™ device), and/or a portable gaming device (e.g., a Playstation™ Portable), for example.Personal media device12 typically receivesmedia content16 frommedia distribution system18.

As will be discussed below in greater detail, examples of the format of themedia content16 received frommedia distribution system18 may include: purchased downloads received from media distribution system18 (i.e., media content licensed to e.g.,user14 for use in perpetuity); subscription downloads received from media distribution system18 (i media content licensed to e.g.,user14 for use while a valid subscription exists with media distribution system18); and media content streamed frommedia distribution system18, for example. Typically, whenmedia content16 is streamed from e.g., computer28 (i.e., which may include, but is not limited to, a server computer, a desktop computer, a laptop computer, a personal digital assistant, or a series of servers, for example) topersonal media device12, a copy of themedia content16 is not permanently retained onpersonal media device12. In addition tomedia distribution system18,media content16 may be obtained from other sources, examples of which may include but are not limited to files ripped from music compact discs.

Examples of the types ofmedia content16 distributed bymedia distribution system18 include: audio files (examples of which may include but are not limited to music files, audio news broadcasts, audio sports broadcasts, and audio recordings of books, for example); video files (examples of which may include but are not limited to video footage that does not include sound, for example); audio/video files (examples of which may include but are not limited to a/v news broadcasts, a/v sports broadcasts, feature-length movies and movie clips, music videos, and episodes of television shows, for example); and multimedia content (examples of which may include but are not limited to interactive presentations and slideshows, for example).

Media distribution system

18 typically provides media data streams and/or media data files to a plurality of users (e.g.,

users

14,20,22,24,26). Examples of such amedia distribution system18 include the Rhapsody™ service and Rhapsody-To-Go™ service offered by RealNetworks™ of Seattle, Wash. Prior to transmission,media distribution system18 may encode the media data streams and/or media data files into e.g., MP3 (i.e., Motion Picture Experts Group Audio Layer 3) format, AAC (i.e., Advanced Audio Coding) format, RealAudio™ format, Quicktime™ format, and AVI (i.e., Audio Video Interleave) format, for example. Upon receipt, the streams/files may be decoded (using the appropriate decoder) and rendered.

Media distribution system

18 is typically a server application that resides on and is executed by computer28 (e.g., a server computer) that is connected to network30 (e.g., the Internet). Computer28 may be a web server (or series of many connected servers) running a network operating system, examples of which may include but are not limited to Microsoft Windows 2000 Server™, Novell Netware™, or Redhat Linux™.

Typically, computer28 also executes a web server application, examples of which may include but are not limited to Microsoft IIS™, Novell Webserver™, or Apache Webserver™, that allows for HTTP (i.e., HyperText Transfer Protocol) access to computer28 vianetwork30.Network30 may be connected to one or more secondary networks (e.g., network32), such as: a local area network; a wide area network; or an intranet, for example.

The instruction sets and subroutines ofmedia distribution system18, which are typically stored on astorage device34 coupled to computer28, are executed by one or more processors (not shown) and one or more memory architectures (not shown) incorporated into computer28.Storage device34 may include but are not limited to a hard disk drive, a tape drive, an optical drive, a RAID array, a random access memory (RAM), or a read-only memory (ROM).

Users

14,20,22,24,26 may accessmedia distribution system18 directly throughnetwork30 or throughsecondary network32. Further, computer28 (i.e., the computer that executes media distribution system18) may be connected tonetwork30 throughsecondary network32, as illustrated withphantom link line36.

Users

14,20,22,24,26 may accessmedia distribution system18 through various client electronic devices, examples of which may include but are not limited to

personal media devices

12,38,40,42, client computer44, laptop computers (not shown), personal digital assistants (not shown), cellular telephones (not shown), televisions (not shown), cable boxes (not shown), internet radios (not shown), or dedicated network devices (not shown), for example.

The various client electronic devices may be directly or indirectly coupled to network30 (or network32). For example, client computer44 is shown directly coupled tonetwork30 via a hardwired network connection. Further, client computer44 may execute a client application46 (examples of which may include but are not limited to Microsoft Internet Explorer™, Netscape Navigator™, RealRhapsody™ client, RealPlayer™ client, or a specialized interface) that allows e.g.,user22 to access and configuremedia distribution system18 via network30 (or network32). Client computer44 may run an operating system, examples of which may include but are not limited to Microsoft Windows™, or Redhat Linux™.

The instruction sets and subroutines ofclient application46, which are typically stored on astorage device48 coupled to client computer44, are executed by one or more processors (not shown) and one or more memory architectures (not shown) incorporated into client computer44.Storage device48 may include but are not limited to a hard disk drive, a tape drive, an optical drive, a RAID array, a random access memory (RAM), or a read-only memory (ROM).

As discussed above, the various client electronic devices may be indirectly coupled to network30 (or network32). For example,personal media device38 is shown wireless coupled tonetwork30 via awireless communication channel50 established betweenpersonal media device38 and wireless access point (i.e., WAP)52, which is shown directly coupled tonetwork30.WAP52 may be, for example, an IEEE 802.11a, 802.11b, 802.11g, Wi-Fi, and/or Bluetooth device that is capable of establishingsecure communication channel50 betweenpersonal media device38 andWAP52.

As is known in the art, all of the IEEE 802.11x specifications use Ethernet protocol and carrier sense multiple access with collision avoidance (i.e., CSMA/CA) for path sharing. The various 802.11x specifications may use phase-shift keying (i.e., PSK) modulation or complementary code keying (i.e., CCK) modulation, for example. As is known in the art, Bluetooth is a telecommunications industry specification that allows e.g., mobile phones, computers, and personal digital assistants to be interconnected using a short-range wireless connection.

In addition to being wirelessly coupled to network30 (or network32), personal media devices may be coupled to network30 (or network32) via a proxy computer (e.g.,proxy computer54 forpersonal media device12,proxy computer56 forpersonal media device40, andproxy computer58 forpersonal media device42, for example).

Personal Media Device:

For example and referring also toFIG. 2,personal media device12 may be connected toproxy computer54 via adocking cradle60. Typically,personal media device12 includes a bus interface (to be discussed below in greater detail) that couplespersonal media device12 to dockingcradle60. Dockingcradle60 may be coupled (with cable62) to e.g., a universal serial bus (i.e., USB) port, a serial port, or an IEEE 1394 (i.e., FireWire) port included withinproxy computer54.

The bus interface included withinpersonal media device12 may be a USB interface, anddocking cradle60 may function as a USB hub (i.e., a plug-and-play interface that allows for “hot” coupling and uncoupling ofpersonal media device12 and docking cradle60).

Proxy computer

54 may function as an Internet gateway forpersonal media device12. Accordingly,personal media device12 may useproxy computer54 to accessmedia distribution system18 via network30 (and network32) and obtainmedia content16. Specifically, upon receiving a request formedia distribution system18 frompersonal media device12, proxy computer54 (acting as an Internet client on behalf of personal media device12), may request the appropriate web page/service from computer28 (i.e., the computer that executes media distribution system18). When the requested web page/service is returned toproxy computer54,proxy computer54 relates the returned web page/service to the original request (placed by personal media device12) and forwards the web page/service topersonal media device12. Accordingly,proxy computer54 may function as a conduit for couplingpersonal media device12 to computer28 and, therefore,media distribution system18.

Further,personal media device12 may execute a device application64 (examples of which may include but are not limited to RealRhapsody™ client, RealPlayer™ client, or a specialized interface).Personal media device12 may run an operating system, examples of which may include but are not limited to Microsoft Windows CE™, Redhat Linux™, Palm OS™, or a device-specific (i.e., custom) operating system.

DRM process

10 is typically a component of device application64 (examples of which may include but are not limited to an embedded feature ofdevice application64, a software plug-in fordevice application64, or a stand-alone application called from within and controlled by device application64). The instruction sets and subroutines ofdevice application64 andDRM process10, which are typically stored on astorage device66 coupled topersonal media device12, are executed by one or more processors (not shown) and one or more memory architectures (not shown) incorporated intopersonal media device12.Storage device66 may be, for example, a hard disk drive, an optical drive, a random access memory (RAM), a read-only memory (ROM), a CF (i.e., compact flash) card, an SD (i.e., secure digital) card, a SmartMedia card, a Memory Stick, and a MultiMedia card.

Anadministrator68 typically accesses and administersmedia distribution system18 through a desktop application70 (examples of which may include but are not limited to Microsoft Internet Explorer™, Netscape Navigator™, or a specialized interface) running on anadministrative computer72 that is also connected to network30 (or network32).

The instruction sets and subroutines ofdesktop application70, which are typically stored on a storage device (not shown) coupled toadministrative computer72, are executed by one or more processors (not shown) and one or more memory architectures (not shown) incorporated intoadministrative computer72. The storage device (not shown) coupled toadministrative computer72 may include but are not limited to a hard disk drive, a tape drive, an optical drive, a RAID array, a random access memory (RAM), or a read-only memory (ROM).

Referring also toFIG. 3, a diagrammatic view ofpersonal media device12 is shown.Personal media device12 typically includes microprocessor150 (e.g., an ARM™ microprocessor produced by Intel™ of Santa Clara, Calif.), non-volatile memory (e.g., read-only memory152), and volatile memory (e.g., random access memory154); each of which may be interconnected via one or more data/

system buses

156,158.Personal media device12 may also include anaudio subsystem160 for providing e.g., an analog audio signal to anaudio jack162 for removable engaging e.g.,headphone assembly164,remote speaker assembly166, orear bud assembly168, for example. Alternatively,personal media device12 may be configured to include one or more internal audio speakers (not shown).

Personal media device

12 may also include auser interface170 and adisplay subsystem172.User interface170 may receive data signals from various input devices included withinpersonal media device12, examples of which may include (but are not limited to): rating switches74,76; backward skipswitch78; forward skipswitch80; play/pause switch82;menu switch84;radio switch86; andslider assembly88, for example.Display subsystem172 may provide display signals to displaypanel90 included withinpersonal media device12.Display panel90 may be an active matrix liquid crystal display panel, a passive matrix liquid crystal display panel, or a light emitting diode display panel, for example.

Audio subsystem

160,user interface170, anddisplay subsystem172 may each be coupled withmicroprocessor150 via one or more data/

system buses

174,176,178 (respectively).

During use ofpersonal media device12,display panel90 may be configured to display e.g., the title and artist of various pieces of

media content

92,94,96 stored withinpersonal media device12.Slider assembly88 may be used to scroll upward or downward through the list of media content stored withinpersonal media device12. When the desired piece of media content is highlighted (e.g., “Phantom Blues” by “Taj Mahal”),user14 may select the media content for rendering using play/pause switch82.User14 may skip forward to the next piece of media content (e.g., “Happy To Be Just . . . ” by “Robert Johnson”) using forward skipswitch80; or skip backward to the previous piece of media content (e.g., “Big New Orleans . . . ” by “Leroy Brownstone”) usingbackward skip switch78. Additionally,user14 may rate the media content as they listen to it by using rating switches74,76.

As discussed above,personal media device12 may include astorage device66 for storing the instruction sets and subroutines ofdevice application64 andDRM process10. Additionally,storage device66 may be used to store media data files downloaded frommedia distribution system18 and to temporarily store media data streams (or portions thereof) streamed frommedia distribution system18.

Storage device

66,bus interface180, andwireless interface182 may each be coupled withmicroprocessor150 via one or more data/

system buses

188,190,192 (respectively).

As discussed above,media distribution system18 distributes media content to

users

14,20,22,24,26, such that the media content distributed may be in the form of media data streams and/or media data files.

Accordingly,media distribution system18 may be configured to only allow users to download media data files. For example,user14 may be allowed to download, frommedia distribution system18, media data files (i.e., examples of which may include but are not limited to MP3 files or AAC files), such that copies of the media data file are transferred from computer28 to personal media device12 (being stored on storage device66).

Alternatively,media distribution system18 may be configured to only allow users to receive and process media data streams of media data files. For example,user22 may be allowed to receive and process (on client computer44) media data streams received frommedia distribution system18. As discussed above, when media content is streamed from e.g., computer28 to client computer44, a copy of the media data file is not permanently retained on client computer44.

Further,media distribution system18 may be configured to allow users to receive and process media data streams and download media data files. Examples of such a media distribution system include the Rhapsody™ and Rhapsody-to-Go™ services offered by RealNetworks™ of Seattle, Wash. Accordingly,user14 may be allowed to download media data files and receive and process media data streams frommedia distribution system18. Therefore, copies of media data files may be transferred from computer28 to personal media device12 (i.e., the received media data files being stored on storage device66); and streams of media data files may be received from computer28 by personal media device12 (i.e., with portions of the received stream temporarily being stored on storage device66). Additionally,user22 may be allowed to download media data files and receive and process media data streams frommedia distribution system18. Therefore, copies of media data files may be transferred from computer28 to client computer44 (i.e., the received media data files being stored on storage device48); and streams of media data files may be received from computer28 by client computer44 (i.e., with portions of the received streams temporarily being stored on storage device48).

Typically, in order for a device to receive and process a media data stream from e.g., computer28, the device must have an active connection to computer28 and, therefore,media distribution system18. Accordingly, personal media device38 (i.e., actively connected to computer28 via wireless channel50), and client computer44 (i.e., actively connected to computer28 via a hardwired network connection) may receive and process media data streams from e.g., computer28.

As discussed above,

proxy computers

54,56,58 may function as a conduit for coupling

personal media devices

12,40,42 (respectively) to computer28 and, therefore,media distribution system18. Accordingly, when

personal media devices

12,40,42 are coupled to

proxy computers

54,56,58 (respectively) via e.g., dockingcradle60,

personal media devices

12,40,42 are actively connected to computer28 and, therefore, may receive and process media data streams provided by computer28.

User Interfaces:

As discussed above,media distribution system18 may be accessed using various types of client electronic devices, which include but are not limited to

personal media devices

12,38,40,42, client computer44, personal digital assistants (not shown), cellular telephones (not shown), televisions (not shown), cable boxes (not shown), internet radios (not shown), or dedicated network devices (not shown), for example. Typically, the type of interface used by the user (when configuringmedia distribution system18 for a particular client electronic device) will vary depending on the type of client electronic device to which the media content is being streamed/downloaded.

For example, as the embodiment shown (inFIG. 2) ofpersonal media device12 does not include a keyboard and thedisplay panel90 ofpersonal media device12 is compact,media distribution system18 may be configured forpersonal media device12 viaproxy application98 executed onproxy computer54.

The instruction sets and subroutines ofproxy application98, which are typically stored on a storage device (not shown) coupled toproxy computer54, are executed by one or more processors (not shown) and one or more memory architectures (not shown) incorporated intoproxy computer54. The storage device (not shown) coupled toproxy computer54 may include but are not limited to a hard disk drive, a tape drive, an optical drive, a RAID array, a random access memory (RAM), or a read-only memory (ROM).

Additionally and for similar reasons, personal digital assistants (not shown), cellular telephones (not shown), televisions (not shown), cable boxes (not shown), internet radios (not shown), and dedicated network devices (not shown) may useproxy application98 executed onproxy computer54 to configuremedia distribution system18.

Further, the client electronic device need not be directly connected toproxy computer54 formedia distribution system18 to be configured viaproxy application98. For example, assume that the client electronic device used to accessmedia distribution system18 is a cellular telephone. While cellular telephones are typically not physically connectable to e.g.,proxy computer54,proxy computer54 may still be used to remotely configuremedia distribution system18 for use with the cellular telephone. Accordingly, the configuration information (concerning the cellular telephone) that is entered via e.g.,proxy computer54 may be retained within media distribution system18 (on computer28) until the next time that the user accessesmedia distribution system18 with the cellular telephone. At that time, the configuration information saved onmedia distribution system18 may be downloaded to the cellular telephone.

For systems that include keyboards and larger displays (e.g., client computer44),client application46 may be used to configuremedia distribution system18 for use with client computer44.

Referring also toFIG. 4, when usingclient application46 to accessmedia distribution system18,user22 may be presented with aninformation display screen200 rendered byclient application46.Client application46 typically includes a user interface202 (e.g., a web browser) for interfacing withmedia distribution system18 and viewinginformation display screen200.

When e.g.,user22 streams/downloads media content from e.g., computer28,media distribution system18 may monitor the media content streamed/downloaded to the user's client electronic device (e.g., client computer44, for example), resulting in the generation of a media history file100 (FIG. 1) for that user. Whilemedia history file100 is typically maintained locally (e.g., maintained on client computer44),media history file100 may alternatively/additionally be maintained remotely (e.g., maintained on computer28) as a remotemedia history file100′.

The user (e.g., user22) may save this media history file (or portions thereof) as a playlist. A playlist is typically a group of tracks (examples of which may include, but are not limited to, songs, videos, news broadcasts, sports broadcasts, etc) thatmedia distribution system18 will render in sequence. This, in turn, allows the user to compile custom music compilations (in the form of multiple playlists).

Ahistory window204 may be rendered byclient application46 that itemizes the information contained withinmedia history file100. In this example,history window204 itemizes ten (10) media data streams (e.g., “Jailhouse Rock”; “Surf City”; “Runaround Sue”; “The Wanderer”; “The Great Pretender”; “Blueberry Hill”; “I'm Walkin'”; “Blue Christmas”; “Yakety Yak”; and “Peggy Sue”), thus indicating thatuser22 had previously listened to those ten (10) media data streams.

In addition to media data streams (i.e., media data streams received from a remote device e.g., computer28),client application46 allowsuser12 to render local media data files. As discussed above, a local media data file may be a purchased download received from media distribution system18 (i.e., media content licensed to e.g.,user14 for use in perpetuity); a subscription download received from media distribution system18 (i.e., media content licensed to e.g.,user14 for use while a valid subscription exists with media distribution system18); and/or a media data file extracted (i.e., ripped) from e.g., a music compact disc, for example. These local media data files are typically stored locally on e.g.,storage device48 coupled to client computer44.

Ifuser22 wishes to render a local media data file (i.e., a file stored on client computer44),user22 may e.g., select the file(s) to be rendered usingclient application46. Accordingly,user22 may select the dropdown “File”menu206 usingscreen pointer208, which may be controllable by a pointing device (e.g., a computer mouse, not shown). Selecting the “Open” command may result inclient application46 renderingfile management window210, which allowsuser22 to select local media data files for playback.

In this example,file management window210 defines three (3) local media data files, namely: “Chantilly Lace”212; “Great Balls of Fire”214; and “Tutti Frutti”216, all of which are stored within the folder “My Music”.User22 may select any (or all) of these files for playback onclient application46.

Asearch window218 allows a user (e.g., user22) to search for media content. For example,user22 may enter search terms (e.g., “Elvis Presley”), select the appropriate term type (e.g., artist), and execute a query. In the event that multiple artists satisfy the query, a result set may be generated from whichuser22 may select e.g., the appropriate artist. Once the appropriate artist is selected,user22 may review the various albums released by the selected artist (or that include tracks by the selected artist).User22 may then stream or download one or more of the various tracks included within any of the albums. Once a track is rendered, identifying information concerning the track rendered may be added to localmedia history file100 and/or remotemedia history file100′ and may be included inhistory window204. In addition to being able to search for media content by artist,user14 may also be able to search for media content by e.g., keyword, track, album and/or composer, for example.

Referring also toFIG. 5 and assuming thatuser22 selects all three local media data files for playback,media history file100 may be amended to include three additional entries, namely one for “Chantilly Lace”; one for “Great Balls of Fire”; and one for “Tutti Frutti”. Accordingly, ashistory window204 itemizes the information contained withinmedia history file100,history window204 will include three additional entries (i.e.,

entries

220,222,224), which correspond to local media data file “Chantilly Lace”212; local media data file “Great Balls of Fire”214; and local media data file “Tutti Frutti”216.

Assuming thatuser22 wishes to save this collection of music for future playback,user22 may save the current media history file100 (or a portion thereof) as a playlist102 (FIG. 1). Whileplaylist102 is typically maintained locally (e.g., maintained on client computer44),playlist102 may alternatively/additionally be maintained remotely (e.g., maintained on computer28) as aremote playlist102′.

Referring also toFIG. 6,user22 may select the “save” button240 (using screen pointer208). Once the “save”button240 is selected, aplaylist naming window242 may be rendered (by client application46) that allowsuser22 to specify a unique name forplaylist102 within thename field244 ofplaylist naming window242.

Assuming thatuser22 selects “50's Hits” as a playlist name,playlist102 is saved (i.e., as “50's Hits”) and defines the location of all of the pieces of media content itemized withinhistory window204.

Referring also toFIG. 7, onceplaylist102 is stored, alink260 to playlist102 (e.g., “50's Hits”) appears indirectory window262.User22 may then select link260 usingscreen pointer208. Once selected, the tracks included within playlist102 (e.g., “50's Hits”) are itemized within a playlist window264 (e.g., a web page) viewable viauser interface202. As discussed above, ten of these entries (namely “Jailhouse Rock”; “Surf City”; “Runaround Sue”; “The Wanderer”; “The Great Pretender”; “Blueberry Hill”; “I'm Walkin'”; “Blue Christmas”; “Yakety Yak”; and “Peggy Sue”) define the location of media data streams and three of these entries (namely “Tutti Frutti”; “Chantilly Lace”; and “Great Balls of Fire”) define the location of media data files.

Typically,playlist window264 includes hyperlinks that locate (i.e., provide addresses for) the streams/files associated with the individual entries itemized withinplaylist102. This location information may be stored withinplaylist102. For example, the following table correlates the track name of an entry inplaylist102 with an address for the stream/file associated with that track name:


Track Name	Address

Jailhouse	www.musicshop.com\songs\jailhouse_rock.ram
Rock
Surf City	www.musicshop.com\songs\surf_city.ram
Runaround Sue	www.musicshop.com\songs\runaround_sue.ram
The Wanderer	www.musicshop.com\songs\the_wanderer.ram
The Great	www.musicshop.com\songs\the_great_pretender.ram
Pretender
Blueberry Hill	www.musicshop.com\songs\blueberry_hill.ram
I'm Walkin'	www.musicshop.com\songs\im_walkin.ram
Blue	www.musicshop.com\songs\blue_christmas.ram
Christmas
Yakety Yak	www.musicshop.com\songs\yakety_yak.ram
Peggy Sue	www.musicshop.com\songs\peggy_sue.ram
Tutti Frutti	c:\my music\tutti_frutti.mp3
Chantilly	c:\my music\chantilly_lace.mp3
Lace
Great Balls	c:\my music\great_balls_of_fire.mp3
of Fire

As the first ten entries (namely “Jailhouse Rock”; “Surf City”; “Runaround Sue”; “The Wanderer”; “The Great Pretender”; “Blueberry Hill”; “I'm Walkin'”; “Blue Christmas”; “Yakety Yak”; and “Peggy Sue”) identify media data streams, the address provided for each entry points to a media stream available from e.g.,media distribution system18. Further, as the last three entries (namely “Tutti Frutti”; “Chantilly Lace”; and “Great Balls of Fire”) identify media data files, the address provided for each entry points to a media data file available from e.g., client computer44.

Playlist window

264 is typically tabular and may include acolumn266 identifying a media type (i.e., media data stream or media data file, for example) for each entry withinplaylist window264. Typically,column266 includes icons that identify the media type (e.g.,icon268 identifies a media data file andicon270 identifies a media data stream).User22 may select the “play”button272 to renderplaylist102.

As discussed above,media distribution system18 typically provides media data streams and/or media data files to users (e.g., user22). Typically, metadata is associated with each media data stream provided bymedia distribution system18. This metadata may include (but is not limited to) an artist identifier, an album identifier, a track identifier, an album cover image, and a music genre identifier, for example.

Accordingly, whenever e.g.,user12 renders a remote media data stream,media distribution system18 may compile and save this metadata (on a per-user basis) to track e.g., listening trends and musical preferences of individual users, for example.

As discussed above, a local digital media data file may be a purchased download received from media distribution system18 (i.e., media content licensed to e.g.,user14 for use in perpetuity); a subscription download received from media distribution system18 (i.e., media content licensed to e.g.,user14 for use while a valid subscription exists with media distribution system18); and/or a media data file extracted (i.e., ripped) from e.g., a music compact disc, for example.

If the purchased download and/or the subscription download were provided bymedia distribution system18, these local media data files would typically also include the metadata described above. Accordingly, when these purchased/subscription downloads are rendered by e.g.,user22, the metadata concerning these purchased/subscription downloads may be transmitted from computer44 to computer28, such that the metadata may be compiled and saved (on a per user basis) to track e.g., listening trends and musical preferences, for example.

However, for media data files that were e.g., extracted from music compact discs, these data files may not include the above-described metadata. As discussed above, media data files (i.e., files stored on client computer44) may to be rendered usingclient application46 and added to playlists (e.g., playlist102). Accordingly, wheneveruser22 attempts to add a media data file (that does not include metadata) to a playlist (e.g., playlist102),user22 may be prompted to provide metadata concerning that media data file.

Referring also toFIG. 8 and continuing with the above-stated example, ifuser22 attempts to save a playlist (e.g., playlist102) that includes three local media data files (namely “Tutti Frutti”; “Chantilly Lace”; and “Great Balls of Fire”), assuming that these three local media data files do not include metadata,client application46 may render ametadata entry form280 that allowsuser22 to enter metadata concerning each of the three media data files.

In this example,metadata entry form280 includes five user-editable fields, namely anartist field282, analbum field284, a track field286, an albumcover image field288, and amusic genre field290. Albumcover image field288 may allowuser22 to define a drive, a path, and a filename for an album cover image.Music genre field290 may be a drop-down menu (operable via screen pointer208) that allowsuser22 to select a music genre from a number of predefined music genres (not shown).

Typically, if the title of the media data file is descriptive of the track name, the track field286 may be automatically-populated with whatclient application46 suspects is the track title. As the first local media data file is named “tutti frutti”, track field286 would typically be populated with the suspected name “tutti frutti”.User22 may populate the remaining fields and select the save button292 (using screen pointer208) or alternatively select the cancelbutton294.

In order to further automate the metadata generation process, client application44 may interface with a remote metadata database (not shown) served by e.g.,media distribution system18 or a third party (not shown). This metadata database may define metadata for various tracks and albums. An example of such a database is the CDDB™ database maintained by Gracenote™ of Emeryville, Calif. (www.gracenote.com). For example, ifuser22 ripped each track from an entire compact disc, the metadata database may be accessed by client application44 and a query may be structured that defines e.g., the total number of tracks included on the compact disc, the length of each track included on the compact disc, and the total length of the compact disc. Assuming that a definitive result is produced by this query, the metadata for each track ripped from the compact disc would be produced. In the event that an indefinite result set (i.e., one that identifies multiple possible compact discs) is generated,user22 may be prompted to select the appropriate compact disc from a list of possible matches (not shown).

As discussed above, the type of interface used by the user (when configuringmedia distribution system18 for a client electronic device) may vary depending on the type and the capabilities of the client electronic device to which the media content is being streamed/downloaded. Accordingly and as discussed above,media distribution system18 may be configured forpersonal media device12 viaproxy application98 executed onproxy computer54.

Proxy application

98 may be automatically executed uponpersonal media device12 being placed intodocking cradle60 by e.g.,user14. Alternatively,proxy application98 may be fully or partially loaded upon boot up ofproxy computer54.Proxy application98 may then operate in the background untilpersonal media device12 is placed intodocking cradle60, at whichtime proxy application98 may be fully loaded and/or moved to the foreground for execution. Further,proxy application98 may be manually executed byuser14. As will be discussed below in greater detail, proxy application98 (once executed) may be used to e.g., configurepersonal media device12 and transfer media data files to and remove media data files frompersonal media device12, for example.

Referring also toFIG. 9, when usingproxy application98 to accessmedia distribution system18,user14 may be presented with ainformation display screen300 rendered byproxy application98.Proxy application98 typically includes a user interface302 (e.g., a web browser) for interfacing withmedia distribution system18 and viewinginformation display screen300.

Asearch window304 allows a user (e.g., user14) to search for media content. For example,user14 may enter search terms (e.g., “Elvis Presley”) intosearch field306, select the appropriate term type (e.g., artist), and execute a query. In the event that multiple artists satisfy the query, a result set may be generated from whichuser14 may select e.g., the appropriate artist. Once the appropriate artist is selected,user14 may review the various albums released by the selected artist (or that include tracks by the selected artist).User14 may then download (for use on personal media device12) one or more of the various tracks included within any of the albums. In addition to being able to search for media content by artist,user14 may also be able to search for media content by e.g., keyword, track, album and/or composer.

Additionally, in a fashion similar to that ofclient application46,proxy application98 may be configured to allowuser12 to render (via proxy computer54) one or more of the various tracks included within any of the albums of the selected artist.

Acontent window308 may be rendered byproxy application98 that allowsuser14 to review the contents ofpersonal media device12. As discussed above,personal media device12 may be coupled toproxy computer54 via e.g., a USB port, serial port, or FireWire port. Upon or during execution ofproxy application98,proxy application98 may pollpersonal media device12 to retrieve information concerning the media content currently ondevice12. This polling may occur in a fashion similar to the manner in which the content of a USB hard drive is determined. In this particular example,content window308 includes ten (10) entries, namely: “Jailhouse Rock”; “Surf City”; “Runaround Sue”; “The Wanderer”; “The Great Pretender”; “Blueberry Hill”; “I'm Walkin'”; “Blue Christmas”; “Yakety Yak”; and “Peggy Sue”, thus indicating that ten (10) media data files had been previously downloaded topersonal media device12, which are typically stored onstorage device66 ofpersonal media device12.

Content window

308 may be tabular and itemize various pieces of information concerning the downloaded files, including the track310, theartist312, thetrack length314 and thetrack size316. Additionally,proxy application98 my pollpersonal media device14 to retrieve device identification information, which may be rendered within adevice type field320 and a deviceserial number field322 included withincontent window308. Further,content window308 may include asummary information field324 concerning the current capacity ofdevice12, including one or more of e.g., “Unused Space” in gigabytes; “Used Space” in gigabytes; “Unused Space” in percentage of total capacity; and “Used Space” in percentage of total capacity, for example.

Referring also toFIG. 10 and continuing with the above-stated example, assume thatuser14 enters the search term “Elvis Presley” intosearch field306 ofsearch window304, selects the term type “artist” viadropdown menu340, and executes the query by selecting the “Go”button342 withscreen pointer208.

Assuming that no other artist satisfies the query,information screen300 may be presented touser14 with information concerning Elvis Presley, which may include: anartist information screen344, atop track list346, analbum list348, and asimilar artist list350, for example.

User

14 may download media data files frommedia distribution system18 for use onpersonal media device12 by selecting thedownload button352 corresponding to the track to be downloaded. Additionally,user14 may download groups of tracks (e.g., each track included withintop track list346, or all tracks included within an single album) by selecting the download allbutton354 corresponding to the tracks to be downloaded.

Onceuser14 selects a track for downloading,proxy application98 may render adownload window356 that e.g., includes atrack title field358 that identifies the title of the track being downloaded and anartist field360 that identifies the artist of the track being downloaded.

As discussed above, files may be downloaded frommedia distribution system18 as purchased downloads (i.e., media content licensed to e.g.,user14 for use in perpetuity), or subscription downloads (i.e., media content licensed to e.g.,user14 for use while a valid subscription exists with media distribution system18). Provideduser14 has a current subscription withmedia distribution system18, there is typically no additional fee charged for each subscription download, as the downloaded media content is only renderable while the user has a valid subscription. However, a user typically must pay a fee (e.g., 79¢, 89¢, or 99¢, for example) for each purchased download, as the media content is renderable regardless of the status of the user's subscription.

Accordingly,download window356 may include apurchase button362 and adownload button364, both of which are selectable viascreen pointer208. In this example, ifuser14 selectspurchase button362 withscreen pointer208, a media data file for “Hound Dog” by “Elvis Presley” will be transferred from computer28 topersonal media device12. Typically,user14 will be charged e.g., a one-time download fee for downloading this media data file. However, as this is a purchased download, the media data file received is renderable regardless of the status of the user's subscription withmedia distribution system18.

Alternatively, ifuser14 selectsdownload button364 withscreen pointer208, a media data file for “Hound Dog” by “Elvis Presley” will be transferred from computer28 topersonal media device12. Typically,user14 will not be charged a fee for downloading this media data file. However, as this is a subscription download, the media data file received is only renderable whileuser14 has a valid subscription withmedia distribution system18.

Download window

356 typically also includes a cancelbutton366 for allowinguser14 to cancel the download andclose download window356.

Ifuser14 selects eitherpurchase button362 ordownload button364, the download of the selected media data file will be initiated.Download window356 may include adownload status indicator368 for indicating the progress of the download of e.g., “Hound Dog” by “Elvis Presley”.

Referring also toFIG. 11, once the download of the media data file for “Hound Dog” by “Elvis Presley” is completed,content window308 will be updated to include anentry380 for “Hound Dog” by “Elvis Presley”, indicating that “Hound Dog” by “Elvis Presley” was successfully downloaded frommedia distribution system18 topersonal media device12.

Assuming thatuser14 selects “50's Hits” as a playlist name, playlist104 (FIG. 1) named “50's Hits” may be defined that locates (within personal media device12) all of the pieces of media content itemized withinplaylist104. Onceplaylist104 is stored, alink388 to playlist104 (e.g., “50's Hits”) appears indirectory window390.User14 may then select link388 usingscreen pointer208.

Once selected, the tracks included within playlist104 (e.g., “50's Hits”) are typically itemized within a playlist window392 (e.g., a web page) viewable viauser interface302.

As with the playlists described above as being generated using client application44, playlists generated usingproxy application98 are typically maintained locally (e.g., maintained on personal media device12). However and as discussed above, playlists may alternatively/additionally be maintained remotely (e.g., maintained on computer28) asremote playlist104′.

Device Initialization:

Media distribution system

Typically, uponpersonal media device12 being placed intodocking cradle60,personal media device12 establishes a connection withmedia distribution system18 viaproxy computer54. As discussed above,proxy computer54 may function as an Internet gateway forpersonal media device12 and, therefore, allowpersonal media device12 to access computer28 andmedia distribution system18.

Once a connection is establish withmedia distribution system18,DRM process10 may be initiated.DRM process10 is typically executed at the timepersonal media device12 is initially configured (i.e., the first timepersonal media device12 establishes a connection with media distribution system18). As will be discussed below in greater detail,DRM process10 may be systematically and repeatedly executed to verify that device12 (and/or user14) are active subscribers ofmedia distribution system18.

Referring also toFIGS. 12a&12b, at the time of manufacture,personal media device12 may include a private encryption key (e.g., device private key400) and a public encryption key (e.g., device public key402) stored in non-volatile memory (e.g.,ROM152 and/or storage device66).

Keys

400,402 may be 1024-bit asymmetric encryption keys and may be referred to as DRM (i.e., digital rights management) keys.

As is known in the art, a private key/public key encryption methodology allows users of an unsecure network (e.g., the Internet) to securely exchange data through the use of a pair of encryption keys, namely the private encryption key (e.g., device private key400) and the public encryption key (e.g., device public key402). The private key/public key encryption methodology is typically referred to as an asymmetric encryption methodology, in that the key used to encrypt a message is different than the key used to decrypt the message.

In private key/public key encryption, the private encryption key (e.g., device private key400) and the public encryption key (e.g., device public key402) are typically created simultaneously using the same algorithm (e.g., the RSA algorithm created by Ron Rivest, Adi Shamir, and Leonard Adlemana, for example). Deviceprivate key400 is typically given only to the requesting party and devicepublic key402 is typically made publicly available (e.g., as part of digital certificate404). Typically, deviceprivate key400 is not shared and is maintained securely within e.g.,personal media device12.

Accordingly, when a secure message is to be sent from a sender to a recipient, the public key (e.g., device public key402) of the recipient (which is readily accessible to the sender) is used to encrypt the message. Once encrypted, the message may be sent to the recipient and can only be decrypted using the recipient's private key (e.g., device private key400). Asprivate key400 is maintained securely by the recipient, only the recipient can decrypt the encrypted message.

In addition to encrypting and decrypting messages, a sender may authenticate their identity by using their private key (e.g., device private key400) to encrypt a digital certificate, which is then sent to a recipient (i.e., the person to which they are authenticating their identity). Accordingly, when the digital certificate is received by the recipient, the recipient can decrypt the encrypted digital certificate using the sender's public key (e.g., device public key402), thus verifying that the digital certificate was encrypted using the sender's private key (e.g., device private key400) and, therefore, verifying the identity of the sender.

DRM process

10 may generate achallenge406, which is typically a random number generated by a random number generation process (not shown) included withinpersonal media device12. Once generated,challenge406 may be paired with device digital certificate404 (which typically includes device public key402) to generate450 alicense request408. Devicedigital certificate404, which may be referred to as a DRM digital certificate, may include additional information such as a device serial number (e.g., 137660523-1 from deviceserial number field322,FIG. 9), for example.

As discussed above,proxy application98 allows the owner of device12 (e.g., user14) to: configuredevice12 for use withmedia distribution system18; and configuremedia distribution system18 for use withdevice12. Typically, whenproxy application98 is configured onproxy computer54,user14 may be required to provide user credentials that identify the user (e.g., user14) and define a valid subscription that would allowuser14,device12, andproxy application98 to accessmedia distribution system18. Alternatively or additionally,personal media device12 may be configured to allow the user (e.g., user14) to directly enter the user credentials (via device12) whendevice12 is initially configured.

DRM process

10 may provide452 license request408 (vianetwork30 and/or network32) tomedia distribution system18. Additionally, if defined withinpersonal media device12, a user ID410 (e.g., enumerating the user credentials described above) may also be included withinlicense request408. As discussed above, the user credentials (i.e., included within user ID410) may include, but are not limited to, a user name, a user password, a user key, a device name, a device password, a device key, and/or one or more digital certificates. Prior to being provided452 tomedia distribution system18,DRM process10 may digitally sign454

license request

408 using deviceprivate key400.

A digital signature is an electronic signature that uses the private key/public key encryption methodology (described above) and allows a sender of a message to authenticate their identity and the integrity of message sent. A digital signature may be used with both encrypted and non-encrypted messages and does not impede the ability of the receiver of the message to read the message.

For example, assume thatDRM process10 digitally signed454

license request

408 prior to providing452

license request

408 tomedia distribution system18. When digitally signing454

license request

408, a mathematical function is typically performed on the content oflicense request408. For example, a message hash oflicense request408 may be calculated bypersonal media device12, such that a message hash is the mathematical output of a known one-way hash function that transforms a string of characters (e.g., license request408) into a usually shorter fixed-length value that represents the original string of characters. As the hashing function is a one-way mathematical function, once a message hash is generated, the original message cannot be retrieved by processing the message hash.DRM process10 may then encrypt the message hash (using device private key400) to create the digital signature (not shown). This digital signature may then be attached to licenserequest408. Accordingly, while the digital signature is encrypted, the original message (i.e., license request408) need not be. Therefore,license request408 may be processed bymedia distribution system18 even if the digital signature is not processed.

Continuing with the above-stated example,license request408 and the digital signature may be received bymedia distribution system18, andmedia distribution system18 may use the same hash function to generate a message hash oflicense request408.Media distribution system408 will also decrypt the digital signature received frompersonal media device12 using device public key402 (included within device digital certificate404) to recreate the message hash calculated bypersonal media device12.Media distribution system18 may then compare the decrypted digital signature to the message hash calculated by themedia distribution system408. If the message hashes match, the integrity oflicense request408 and the identity ofpersonal media device12 are both verified456.

Additionally, the integrity of device digital certificate404 (and, therefore, device public key402) may be verified whenlicense request408 is received frompersonal media device12. Digital certificates are typically issued and digitally signed by e.g.,certification authority412 using CAprivate key414. Accordingly, devicedigital certificate404 may be verified by obtaining the CApublic key416 to verify the digital signature of devicedigital certificate404.

Oncechallenge406, devicedigital certificate404, and user ID410 (i.e., license request408) are received bymedia distribution system18,media distribution system18 may accessdata store418 to obtain458 subscription information concerning user14 (i.e., the user defined within user ID410) and determine e.g., the date at which the current subscription ofuser14 will expire.Data store418 may be maintained onstorage device34 coupled to computer28.

Assume, for illustrative purposes, thatmedia distribution system18 is configured to automatically bill each subscriber on the first of each month for the subscription fee for the upcoming month. Accordingly, on 1 Mar. 2005,user14 will be billed for the cost of their March 2005 subscription. Therefore, ifmedia distribution system18 obtains458 subscriptioninformation concerning user14 on 6 Mar. 2005, the subscription information obtained458 will indicate thatuser14 has a valid subscription until 31 Mar. 2005.

Accordingly and continuing with the above-stated example, whenlicense request408 is received,media distribution system18 may obtain458 subscriptioninformation concerning user14. In this example, the subscription information will indicate thatuser14 is a valid subscriber (to media distribution system18) through 31 Mar. 2005.

Media distribution system

18 may generate460 atimeout indicator420, which indicates e.g., the user's subscription information and the expiration date of the user's current subscription. In this example,timeout indicator420 will indicate that e.g., the subscription ofuser14 will expire on 31 Mar. 2005.Media distribution system18 may obtain user encryption key422 (i.e., the encryption key for user14) fromdata store418.Media distribution system18 may then encryptuser encryption key422, using devicepublic key402, to generate encrypteduser encryption key422′ (shown with a hash fill).Timeout indicator420,challenge406, device digital certificate404 (including device public key402),user ID410, and encrypteduser encryption key422′ may be combined462 (by media distribution system18) to formdevice license424.

Device license

424 may further include asystem time indicator426, which indicates the system time as defined bymedia distribution system18.System time indicator426 may be used to synchronize a system clock194 (FIG. 3) included withinpersonal media device12 with asystem clock428 included withinmedia distribution system18.

Device license

424 may further include a licensing service (i.e., LS)digital certificate430, which typically includes a licensing service (i.e., LS)public key432.

Media distribution system

18 may digitally sign464

device license

424 using licensing service (i.e., LS) private key434 (of media distribution system18) and provide466

device license

424 topersonal media device12. Licensing systemprivate key434 may be stored ondata store418.

Whendevice license424 is received frommedia distribution system18,DRM process10 may verify the integrity of LS digital certificate430 (and, therefore, LS public key432). As discussed above, digital certificates are typically issued and digitally signed by e.g.,certification authority412 using CAprivate key414. Accordingly, LSdigital certificate430 may be verified by obtaining the CApublic key416 to verify the digital signature of LSdigital certificate430.

DRM process

10 may use LS public key432 (included within LS digital certificate430) to verify468 device license424 (which was digitally signed using LS private key434).DRM process10 may additionally verifychallenge value406, devicepublic key402, and the device serial number (included within device digital certificate404) to ensure thatdevice license424 is intended forpersonal media device12.DRM process10 may then decrypt, with deviceprivate key400, encrypteduser encryption key422′ (that was encrypted using device public key402) to generateuser encryption key422, which may be stored in non-volatile memory, examples of which may include ROM152 (FIG. 3) and/or storage device66 (FIG. 3).User ID410,user encryption key422, andtimeout indicator420 may be saved on e.g., non-volatile memory, examples of which include ROM152 (FIG. 3) and/or storage device66 (FIG. 3), for use whenpersonal media device12 renders media content downloaded frommedia distribution system18. Additionally, as will discussed below in greater detail,DRM process10 may retain a copy ofdevice license424 for use when transferring media content betweenpersonal media device12 and e.g.,personal media device40.

Obtaining Media Content:

As discussed above, onceuser14 subscribes tomedia distribution system18,user14 may obtain frommedia distribution system18 media content (for use with personal media device12) in the form of: purchased downloads received from media distribution system18 (i.e., media content licensed to e.g.,user14 for use in perpetuity); subscription downloads received from media distribution system18 (i.e., media content licensed to e.g.,user14 for use while a valid subscription exists with media distribution system18); and media content streamed frommedia distribution system18, for example.

Referring also toFIGS. 13a&13b, each

media data file

500,502,504,506,508 downloadable frommedia distribution system18 may be encrypted550 using a unique CEK (i.e., content encryption key)510,512,514,516,518 respectively. For example, ifmedia distribution system18 includes 1,000,000 media data files available for downloading to e.g.,personal media device12,media distribution system18 will encrypt550 each media data file using a unique encryption key. Accordingly, for 1,000,000 media data files, 1,000,000 unique CEK's will be required, each of which is bound552 to the media data file to which the CEK is related. Accordingly,CEK510 may be bound552 to media data file500, andCEK512 may be bound552 to media data file502, for example.

Each CEK (e.g.,

keys

510,512,514,516,518) may be a symmetric encryption key, in that the key used to encrypt a media data file may also be used to decrypt the same media data file. Typically, each media data file may be stored on e.g.,storage device34 attached to computer28.

As discussed above, search window304 (FIG. 10) ofproxy application98, may allowuser14 to search for media data files. Additionally,user14 may download media data files frommedia distribution system18 for use onpersonal media device12 by selecting the download button352 (FIG. 10) corresponding to the media data file to be downloaded.

Once the download of a media data file is initiated,personal media device12 may submit the appropriate download request(s) tomedia distribution system18. For example, assume thatuser14 wished to download three media data files, namely media data files500,504,506.DRM process10 would submit

download requests

520,522,524 respectively, each of which requests the desired file. For security and authentication purposes, download requests520,522,524 may be e.g., encrypted by personal media device12 (using e.g., LS public key432) and/or digitally signed by personal media device12 (using e.g., device private key400). Accordingly, if a download request is encrypted (using e.g., LS public key432), the encrypted download request may subsequently be decrypted554 bymedia distribution system18 using LSprivate key434. Further, if a download request is digitally signed (using e.g., device private key400), the signed download request may subsequently be verified556 bymedia distribution system18 using devicepublic key402.

Once e.g., download requests520,522,524 are received558 and processed554,556 bymedia distribution system18,media distribution system18 may retrieve the requested media data files500,504,506 from e.g.,storage device34. As discussed above, each media data file is currently encrypted using a unique CEK, such that the CEK is bound to the media data file.

Prior to being downloaded topersonal media device12, each media data file to be downloaded may be bound560 to the user (e.g., user14) who requested the download. As discussed above, during device initialization,personal media device12 provideslicense request408 tomedia distribution system18.Media distribution system18 in turnprocesses license request408 and obtains current subscription information concerning the user associated with license request408 (e.g., user14). As discussed above, this initialization process may occur periodically and, therefore, may occur at the time thatpersonal media device12 is placed into docking cradle60 (FIG. 2). Accordingly and for this example, assume thatpersonal media device12 has provided the required user credentials to properly accessmedia distribution system18. As discussed above, the user credentials provided tomedia distribution system18 may include, but are not limited to, a user name, a user password, a user key, a device name, a device password, a device key, and/or one or more digital certificates.

Oncemedia distribution system18 retrieves the requested media data files500,504,506 from e.g.,storage device34,media distribution system18

binds

560 the retrieved media distribution files500,504,506 touser14 e.g., the user requesting the media data files, thus creating bound media data files526,528,530. Accordingly, the content encryption key (e.g., CEK510) associated with each media data file (e.g., media data file500) may be encrypted562 using the encryption key (e.g., user encryption key422) of the user requesting the media data files (e.g., user14). Accordingly,CEK510 may be encrypted562 to generateCEK510′,CEK514 may be encrypted562 to generateCEK514′, andCEK516 may be encrypted562 to generateCEK516′. Once encrypted562, bound media data files526,528,530 (including encrypted CEK's510′,514′,516′ respectively) may be provided564 topersonal media device12.

As the CEK of each bound media data file526,528,530 may be encrypted562 using e.g.,user encryption key422, bound media data files526,528,530 may only be processed (e.g., rendered) by a personal media device in possession ofuser encryption key422. As discussed above, a copy ofuser encryption key422 may be stored on non-volatile memory withinpersonal media device12. Once bound media data files526,528,530 are received bypersonal media device12,

files

526,528,530 may be stored on e.g.,storage device66 withinpersonal media device12.

Media Content Playback:

As discussed above,user ID410,user encryption key422, andtimeout indicator420 may be saved for use whenpersonal media device12 renders media content downloaded frommedia distribution system18.

Continuing with the above-stated example, ifuser14 wishes to render one of bound media data files526,528,530,user14 may select the appropriate media data file via the controls (e.g., backward skip switch78 (FIG. 3); forward skip switch80 (FIG. 3); play/pause switch82 (FIG. 3); menu switch84 (FIG. 3); radio switch86 (FIG. 3); and slider assembly88 (FIG. 3), for example) and display panel90 (FIG. 3) ofpersonal media device12. Once one or more media data files are selected for playback, the appropriate file(s) are retrieved from e.g.,storage device66. As discussed above, prior to each media data file being provided topersonal media device12, the CEK of each media data file may be encrypted (by media distribution system18) usinguser encryption key422. As discussed above,user encryption key422 may be a symmetric encryption key and, therefore, the key used to e.g., encryptCEK510 may also be used to decryptencrypted CEK510′.

Once the appropriate bound media data files are retrieved from e.g.,storage device66,DRM process10 may decrypt the appropriate CEK (using user encryption key422) so that the media data file can be processed and rendered onpersonal media device12. For example, ifuser14 wished to render bound media data files526,528,personal media device12 would decryptencrypted CEK510′ to generateCEK510.CEK510 may then be used byDRM process10 to decrypt media data file500 for playback bypersonal media device12. Further,DRM process10 would decryptencrypted CEK514′ to generateCEK514.CEK514 may then be used byDRM process10 to decrypt media data file504 for playback bypersonal media device12.

Typically, prior to processing and rendering e.g., bound media data files526,528,DRM process10 will verify that e.g.,user14 has sufficient rights to process and render the bound media data files.

As discussed above,media distribution system18 is typically a subscription-based service, in that e.g.,user14 subscribes tomedia distribution system18 and pays e.g., a monthly subscription fee to be granted access tomedia distribution system18. Further,user14 may obtain frommedia distribution system18 subscription downloads that allowuser14 to process and playback the subscription downloads only while a valid subscription exists withmedia distribution system18.

Assuming that bound media data files526,528,530 are subscription downloads (as opposed to purchased downloads that are licensed in perpetuity for use by user14), prior to rendering and/or processing bound media data files526,528,530,DRM process10 may obtaintimeout indicator420, which as discussed above may be stored on e.g., non-volatile memory, examples of which include ROM152 (FIG. 3) and/or storage device66 (FIG. 3).DRM process10 may then compare the expiration date (e.g., 31 Mar. 2005) defined withintimeout indicator420 to the date and/or time defined withinsystem clock194 to determine if e.g.,user14 is still allowed to render bound media data files526,528,530. In this example, asuser14 has a valid subscription through 31 Mar. 2005 and the current date and time (as defined by system clock194) is 17:53 GMT on 6 Mar. 2005, the subscription of user14 (with respect to media distribution system18) is valid and current. Accordingly, bound media data files526,528,530 may be processed for playback.

As discussed above,DRM process10 may be systematically and repeatedly executed to verify that device12 (and/or user14) are active subscribers ofmedia distribution system18. For example,DRM process10 may be executed each time thatpersonal media device12 is placed intodocking cradle60.DRM process10 may provide452 license request408 (vianetwork30 and/or network32) tomedia distribution system18. Upon receivinglicense request408,media distribution system18 may obtain458 subscriptioninformation concerning user14, includingtimeout indicator420.

As discussed above,media distribution system18 may be configured to automatically bill each subscriber on the first of each month for the subscription fee for the upcoming month. Accordingly, each time thatpersonal media device12 is placed intodocking cradle60, updated subscription information (e.g., a timeout indicator) may be obtained frommedia distribution system18. Therefore, provideduser14 continues to pay their e.g., monthly subscription fees,personal media device12 will continue to be systematically updated to include the current timeout indicator.

However, in this example, the subscription information (e.g., the timeout indicator) is only updated whenpersonal media device12 is placed intocradle60. Accordingly, even ifuser14 continues to pay their e.g., monthly subscriptions fees, ifpersonal media device12 is not placed intocradle60 prior to e.g., 31 Mar. 2005 (i.e., the date of the current timeout indicator),personal media device12 may be prohibited from rendering media data files after 31 Mar. 2005 even ifuser14 has a valid and current subscription (aspersonal media device12 will be unable to obtain an undated timeout indicator.

Device-to-Device Media Content Transfer:

As discussed above,media distribution system18 is typically a subscription-based service, in that e.g.,user14 subscribes tomedia distribution system18 and pays e.g., a monthly subscription fee to be granted access tomedia distribution system18. Further,user14 may obtain frommedia distribution system18 subscription downloads that allowuser14 to process and playback the subscription downloads only while a valid subscription exists withmedia distribution system18. Accordingly, since the rights associated with a subscription download are based upon the existence of a valid subscription withmedia distribution system18, subscription downloads may be transferred from a first personal media device to a second media device, as long as a valid subscription exists concerning the second personal media device.

Referring also toFIGS. 14a&14band continuing with the above-stated example, assume thatuser14 has downloaded bound media data files526,528,530 which are stored on e.g.,storage device66 withinpersonal media device12. Further, assume that user26 (i.e., the owner of personal media device40) wishes to obtain a copy of bound media data file526 for playback onpersonal media device40. As discussed above, when a device is initialized, a copy of a device license may be transferred to and retained on the personal media device for use when transferring media content between personal media devices. Accordingly,personal media device12 includessource device license424 andpersonal media device40 includestarget device license600.

Typically, a device-to-device content transfer is initiated by the user of the source device. In the above-stated example,personal media device12 is the source device andpersonal media device40 is the target device. Accordingly, user14 (i.e., the owner of personal media device12) may initiate the transfer of bound media data file526 frompersonal media device12 topersonal media device40.

Referring again toFIG. 2, if e.g.,user14 wishes to transfer a media data file to another personal media device,user14 may e.g., depressmenu switch84, resulting in the generation of e.g., pop-upmenu106. Usingslider assembly88,user14 may select the “Share Content”command108 from pop-upmenu106, resulting in the generation ofcontent window110. Fromcontent window110,user14 may select the appropriate file for transfer. Assume thatuser14 selects “Peggy Sue”, which corresponds to bound media data file526. Onceuser14 selects the track for transfer,device application64 may render atransfer window112 that e.g., includes atrack title field114 that identifies the title of the track being transferred and anartist field116 that identifies the artist of the track being transferred.

Transfer window

112 may include a transfer button118 (selectable via slider assembly88) for initiating the transfer of bound media data file526 to e.g.,personal media device40. In this example, ifuser14 selectstransfer button118 withslider assembly88, the transfer of bound media data file526 (i.e., “Peggy Sue” from “Buddy Holly”) frompersonal media device12 to (in this example)personal media device40 is initiated.Transfer window112 may include atransfer status indicator120 for indicating the progress of the transfer of e.g., “Peggy Sue” by “Buddy Holly”.Transfer window112 may further include a cancelbutton122 for allowinguser14 to cancel the file transfer andclose download window112.

Referring again toFIGS. 14a&14b, once the transfer of bound media data file526 is initiated, the devices may exchange device digital certificates for authentication purposes. For example,DRM process10 may provide source device digital certificate404 (which includes source device public key402) to devicepersonal media device40 for authentication. Once received650 and as discussed above, the integrity of source device digital certificate404 (and, therefore, source device public key402) may be verified652 (by personal media device40) via CA public key416 (a copy of which is typically stored innon-volatile memory602 of personal media device40), as source devicedigital certificate404 was issued and digitally signed by e.g., certification authority412 (FIG. 12a) using CA private key414 (FIG. 12a).

Further,personal media device40 may provide target device digital certificate604 (which includes target device public key606) topersonal media device12 for authentication. Once received654, the integrity of target device digital certificate604 (and, therefore, target device public key606) may be verified656 byDRM process10 via CA public key416 (a copy of which is typically stored innon-volatile memory66/152 of personal media device12), as target devicedigital certificate604 would typically also have been issued and digitally signed by e.g., certification authority412 (FIG. 12a) using CA private key414 (FIG. 12a).

As discussed above and as illustrated inFIG. 3, personal media devices (e.g., personal media device12) may include awireless interface182 for wirelessly-couplingpersonal media device12 to network30 (or network32) and/or other personal media devices.Wireless interface182 may be coupled to anantenna assembly184 for RF communication to e.g.,WAP52, and/or an IR (i.e., infrared)communication assembly186 for infrared communication with e.g., a second personal media device (such as personal media device40). Accordingly, communication between

personal media devices

12,40 may occur wirelessly via RF communication and/or infrared communication. Additionally, an external connector (not shown) may be included within each personal media device that allows for the hardwired-interconnection of multiple personal media devices.

Once

certificates

404 and604 are verified652,656,personal media device40 providestarget device license600 topersonal media device12. As with device license424 (FIG. 12a),target device license600 may include: LS digital certificate608 (which includes LS public key432),system time indicator612, timeout indicator614 (i.e., for the subscription of user26), encrypted user encryption key616 (i.e., for user26), user ID618 (i.e., for user26),challenge620, and target device digital certificate604 (which includes a copy of target device public key606). As with device license424 (FIG. 12a),target device license600 may have been digitally-signed (bymedia distribution system18 using LS private key434) prior to being provided topersonal media device40.

Upon receiving658

target device license

600 frompersonal media device40,DRM process10 may verify660 the integrity oftarget device license600. Accordingly,DRM process10 may verify the integrity of LS digital certificate608 (and, therefore, LS public key432). As discussed above, digital certificates are typically issued and digitally signed by e.g., certification authority412 (FIG. 12a) using CA private key414 (FIG. 12a). Accordingly, LSdigital certificate608 may be verified byDRM process10 using CApublic key416.

DRM process

10 may use LS public key432 (included within LS digital certificate608) to verify target device license600 (which was digitally signed using LS private key434 (FIG. 12a)).DRM process10 may additionally verify665 thatuser26 has a valid subscription tomedia distribution system18 by obtainingsignal662 and comparing664 timeout indicator614 tosystem clock194. For example, asuser26 has a valid subscription through 22 Mar. 2005 (as defined by timeout indicator614) and the current date and time (as defined by system clock194) is 22:06 GMT on 13 Mar. 2005, the subscription of user26 (with respect to media distribution system18) is valid and current.

Assuming that the integrity oftarget device license600 is verified, the transfer of bound media data file526 may begin. Depending on the manner in whichDRM system10 is configured,user26 may be required to have a valid and current subscription (with media distribution system18) prior to initiating the transfer of any media data files topersonal media device40, or else the transfer may be prohibited666. However and as discussed above, since personal media devices check for the existence of a valid and current subscription prior to rendering media data files, even if the transfer was effectuated whileuser26 did not have a valid and current subscription withmedia distribution system18,user26 would be prohibited from rendering the transferred media data files. Accordingly,DRM system10 may be configured to allow for the transfer of one or more media data files fromsource device12 to targetdevice40 even ifuser26 does not have a valid and current subscription, since (as discussed above)target device40 will not be allowed to render the transferred media data file(s) untiluser26 has a valid and current subscription.

Additionally, source device12 (and/or user14) may be required to have a valid and current subscription prior to being allowed to transfer a media data file to targetdevice40. Accordingly, prior to transferring a media data file,source device12 may examine their own timeout indicator (i.e.,timeout indicator420,FIG. 12a) to verify thatuser14 has a valid and current subscription. Alternatively/additionally,target device40 may receive (from source device12) and process device license424 (FIG. 12a) so thattimeout indicator420 of thesource device12 can be verified prior to the media data file being transferred.

In order to effectuate the media data file transfer,DRM process10 generates668 a random session key (i.e., RSK)622, which may be encrypted using target device public key606 (included within target device digital certificate604) to generateencrypted RSK622′.DRM process10 provides670

encrypted RSK

622′ topersonal media device40, which may be decrypted (using target device private key (not shown)) to retrieveRSK622.RSK622 may be a 1024-bit symmetric encryption key.

Aspersonal media device12 andpersonal media device40 each contain a copy ofRSK622, asecure communication channel624 may be established672 between

devices

12,40, in which all data transferred674 acrosssecure communication channel624 may be encrypted (using RSK622) prior to transmission and decrypted (using RSK622) upon receipt.Secure communication channel624 may be a wireless communication channel (using e.g., RF communication and/or infrared communication), or a wired communication channel (using an external connector (not shown) ondevices12,40).

DRM process

10 may retrieve (from e.g., storage device66) bound media data file526 for transmission topersonal media device40. However and as discussed above, asCEK510′ of bound media data file526 was encrypted using the encryption key of user12 (e.g., user encryption key422), bound media data file526 will not be accessible (in its current form) byuser26. Therefore, bound media data file526 must be unbound676 fromuser12 and bound touser26. Accordingly,DRM process10 obtains bound media data file526 from e.g.,storage device66 and decryptsCEK510′ (using user encryption key422) to obtainCEK510. Unbound media data file626 may be transferred678 (via secure communication channel624) frompersonal media device12 topersonal media40. Upon receipt,personal media device40 may encrypt680

CEK

510 of unboundmedia data file626, using the encryption key of user26 (i.e., user encryption key628) to generate682 bound media data file630, which includesencrypted CEK510″.Personal media device40 may store bound media data file630 for subsequent rendering innon-volatile memory602.

User encryption key

422 is described above as typically being a symmetric encryption key, in that the same key that may be used to encrypt a CEK may also be used to decrypt the encrypted version of the CEK. Further and as described above, the sameuser encryption key422 may be used to encrypt all CEK's. Therefore, if one-hundred bound media data files are downloaded to and stored uponpersonal media device12, the sameuser encryption key422 may be used to decrypt each of the one-hundred encrypted CEKs. However, other configurations ofuser encryption key422 are possible.

While various user encryption keys are defined within symmetrickey block700 by shifting the starting point of each individual user encryption key, other configurations are possible. For example, keys may be defined using only odd or even bits in conjunction with a bit shift. Additionally and/or alternatively, keys may be defined within symmetrickey block700 algorithmically, in that an algorithm may be used to define the individual bits used (within symmetric key block700) to define a unique user encryption key.

A number of implementations have been described. Nevertheless, it will be understood that various modifications may be made. Accordingly, other implementations are within the scope of the following claims.