US 20050071663 A1
Management of rights to content is provided within an authorized domain. In a single authorized domain, where a plurality of domain interfaces are protected using a common rights management system, a copy of particular content may be allowed to be provided on all devices or only on specific devices coupled to the domain via the interfaces. Copy protection information, for outputs to external devices not protected by the common rights management system, is also specified. Rules can be provided for specifying whether particular content may be copied or moved to another protected domain. A number of rendering devices permitted to render the content simultaneously may be specified. Content rules are provided for use in managing rights to content within an authorized domain. Such rules can be associated with content that is persistently stored by a consumer device, as well as with content that is only rendered by a consumer device.
1. A method for managing rights to content within an authorized domain comprising:
specifying, for a single authorized domain where a plurality of domain interfaces are protected using a common rights management system, if a copy of particular content is allowed to be provided on all devices or only on specific devices coupled to the domain via said interfaces; and
specifying copy protection information for outputs to external devices not protected by said common rights management system.
2. A method in accordance with
specifying if particular content may be copied or moved to another domain protected by a rights management system.
3. A method in accordance with
specifying, for said single authorized domain, a number of rendering devices permitted to render said content simultaneously.
4. A method in accordance with
5. A method in accordance with
6. A method in accordance with
7. A method in accordance with
8. A method in accordance with
9. A method in accordance with
10. A method in accordance with
11. A method in accordance with
preserving content rights for content that is transferred to another domain.
12. A method in accordance with
13. A method in accordance with
(i) a copy protection state,
(ii) an analog protection system parameter,
(iii) a parameter disabling a particular output type.
14. A method according to
(i) an analog output;
(ii) a digital compressed output;
(iii) a digital uncompressed output.
15. A method according to
16. A method according to
(i) an analog output;
(ii) a digital compressed output;
(iii) a digital uncompressed output.
17. A set of content usage rules for use in managing rights to content within an authorized domain, comprising:
(a) persistent entitlements, which are rules associated with content that is persistently saved by a consumer device; and
(b) copy protection rules associated with content that is rendered but not saved by a consumer device.
18. A set of persistent content rules in accordance with
an analog output element,
a digital compressed output element,
a digital uncompressed output element,
a redistribution element,
a playback element,
a multicast limit element,
a fingerprint element, and
a device capabilities element.
19. A set of persistent content rules in accordance with
a device security level,
a designation of whether a device supports secure time,
a designation of codecs associated with a device,
a designation of watermarks a device can check,
a designation of fingerprints a device can provide.
20. A set of persistent content rules in accordance with
a playback count element,
a rental element,
a pause time element.
21. A set of content usage rules in accordance with
legacy device rules for restricting copies over at least one of an analog, compressed digital or uncompressed digital interface, and
copy protection rules for non-persistent content to be displayed within said authorized domain.
22. A system for distributing content to end users, comprising:
a content or service provider; and
a network for coupling said provider to deliver licensed content to a home network;
said home network comprises an authorized domain where a plurality of domain interfaces are protected using a common rights management system;
said licensed content is associated with rights data specifying whether the content is allowed to be provided on all devices or only specific devices coupled to the domain via said interfaces; and
copy protection information is provided for outputs from said home network to external devices not protected by said common rights.
23. A system in accordance with
an additional network coupled to said home network for receiving said licensed content;
wherein said additional network comprises an authorized domain where all interfaces thereto are protected using a rights management system.
24. A system in accordance with
This invention relates to digital rights management (DRM), and more particularly to methods and systems for providing copy protection of digital content within an authorized domain. Such a domain can comprise, for example, a home network that is licensed to play content such as movies, games, music and the like on various different entertainment appliances coupled to the network.
Providers of digital content, such as music on compact discs (CD) and movies on digital versatile discs (DVD) often desire protection from unauthorized copying of the content. Such content can also be streamed to users via networks such as cable and satellite television plants, as well as over the Internet. Existing copy protection rules, such as those defined by the Society of Motion Picture and Television Engineers (SMPTE), generally do not take into account the existence of authorized domains, where devices (televisions, DVD players, game consoles, personal computers, and the like) owned by a single authorized user can securely exchange content.
Known copy protection standards include states such as “Copy One Generation”, “Copy No More”, and “Copy Free.” Such states make sense when content is communicated over an external unprotected interface or stored on media such as a CD or DVD. However, these standards can make it very difficult for an authorized (e.g., licensed) user to use the content on different devices on that user's authorized domain (e.g. home network).
It would be advantageous to provide copy protection systems and methods that maintain an adequate level of protection for content and service providers, while allowing the content to be easily copied or moved within a protected authorized domain. It would be further advantageous for such systems and methods to maintain compatibility with traditional copy protection solutions (e.g., CGMS—“Copy Generation Management System”). This would allow external devices, such as digital televisions or computer monitors, to continue to display the content in accordance with the traditional copy protection rules.
It would be still further advantageous to allow content users to legally share content over protected interfaces (e.g., on-line or removable media). As it is rarely acceptable to allow a user to share pay content with everyone, it would also be advantageous to enable a list of authorized domains to be specified for the sharing of content.
The present invention provides systems and methods for implementing digital rights management having the aforementioned and other advantages.
In accordance with one aspect of the invention, a method is provided for managing rights to content within an authorized domain. In a single authorized domain, where a plurality of domain interfaces are protected using a common rights management system, the method specifies if a copy of particular content is allowed to be provided on all devices or only on specific devices coupled to the domain via the interfaces. Copy protection information, with separately defined rules for outputs to external devices not protected by the common rights management system, is also specified.
Such a method may also specify whether particular content may be copied or moved to another domain protected by a rights management system. A number of rendering devices permitted to render the content simultaneously may also be specified.
Another aspect of the invention provides a ruleset for use in managing rights to content within an authorized domain. The ruleset can include, for example, rules defining capabilities of devices associated with the domain, rules defining persistent entitlements, and copy protection rules.
Rules defining capabilities of devices associated with the domain can include, for example, one or more of a device security level, a designation of whether a device supports secure time, a designation of codecs associated with a device, a designation of watermarks a device can check, and a designation of fingerprints a device can provide.
Rules defining persistent entitlements can include, for example rules for forwarding content on legacy analog, digital compressed and digital uncompressed interfaces, for peer-to-peer content sharing, content playback controls, limit on the number of simultaneous devices rendering the content, fingerprint algorithms and required device capabilities to render the content. Copy protection rules can include, for example, legacy device rules for restricting copies over at least one of an analog, compressed digital or uncompressed digital interface. Copy protection rules can also include rules for non-persistent content to be displayed within the authorized domain.
In another aspect, the invention provides a system for distributing content to end users. A network is used for the delivery of licensed content to a home network. The home network can be an authorized domain where a plurality of domain interfaces are protected using a common rights management system. Licensed content is associated with rights data specifying whether the content is allowed to be provided on all devices or only specific devices coupled to the domain via the interfaces. Copy protection information is provided for outputs from the home network to external devices not protected by the common rights.
An additional network can be coupled to the home network for receiving the licensed content. In such an embodiment, the additional network can also be an authorized domain, where all interfaces thereto are protected using the common rights management system.
For a further understanding of the present invention, reference will be made to the following detailed description of the invention which is to be read in association with the accompanying drawings, wherein:
The growing interest in streaming distribution of multimedia content over Internet Protocol (IP) networks brings a need for secure delivery of such content to legitimate customers. For purposes of the present disclosure, the term IP Rights Management (IPRM) encompasses conditional access as well as the various issues surrounding persistent access, defined as access to content after the customer has received and decrypted it the first time. Persistent access can be accommodated, for example, by storing the decrypted content on a hard drive provided, e.g., in a Personal Video Recorder (PVR) or Personal Computer (PC). IPRM, which is within the realm of Digital Rights Management (DRM), can be viewed as a generalization of conditional access technology.
The present disclosure describes Extensible Markup Language (XML) interfaces that are used by external systems in order to use services provided by the IPRM system. These XML documents need to be processed and understood by Caching Servers that deliver content to viewers (viewers comprise one category of IPRM clients) as well as by the IPRM clients that need to follow copy protection rules for the content that is being rendered and/or persistently stored.
Extensible Markup Language describes a class of data objects called XML documents and partially describes the behavior of computer programs which process them. XML is an application profile or restricted form of SGML, the Standard Generalized Markup Language (ISO 8879). By construction, XML documents are conforming SGML documents.
XML documents are made up of storage units called entities, which contain either parsed or unparsed data. Parsed data is made up of characters, some of which form character data, and some of which form markup. Markup encodes a description of the document's storage layout and logical structure. XML provides a mechanism to impose constraints on the storage layout and logical structure.
A software module called an XML processor is used to read XML documents and provide access to their content and structure. It is assumed that an XML processor is doing its work on behalf of another module, called the application.
The following acronyms are used herein:
The following terms are used herein:
Content Provider An entity that creates, licenses, aggregates and/or distributes content to the Cache Servers. A content provider does not typically consume content. A content provider is responsible for specifying content access rules and possibly user selection if the user actually makes the purchase at the content provider's web portal. Otherwise, user selection is made by the Confirmation Server.
Cache Server An intermediate entity that stores and redistributes content to Consumers and optionally to other Cache Servers. Besides streaming content to viewers, it also enforces the content access rules against the user selection and user entitlements.
Confirmation Server An application facilitating the creation of a session rights object.
Consumer An entity such as an end-user that consumes content obtained from a Cache Server and optionally, if permitted by the copyright holder, redistributes content to other Consumers in the system. The user is given a set of entitlements by the provisioning center that are used to determine the satisfaction of content access rules. When a user makes a purchase of specific content, the user's selection is included in the Session Rights object.
Entitlements A set of authorization attributes that allow users to access content.
Provisioning Center An application that registers a new consumer (e.g. Viewer) with the network, provisions it with the Key Distribution Center (KDC) and creates a set of entitlements for the new user.
Session Rights Object A signed version of content access rules for a given piece of content and specific user's purchase option selection.
Ticket A token of trust issued to a viewer by the KDC in order to access content at a particular caching server. It also includes the user's entitlements.
Viewer A consumer of video content.
A main purpose of the disclosed IPRM system is to provide digital rights management functions such as authentication, privacy, security, integrity and access control tools to any multimedia streaming network based on IP protocols. The system supports point-to-point (VOD) and multicast delivery of content. Additional features relate to persistent (i.e., stored) content rights management, such as copy protection.
The system can be based purely on software protection, with a limited trust placed upon the clients. However, other implementations are possible, including those in which a hardware security module is provided. Such a hardware security module may be optional. Alternatively, hardware security may be mandatory to obtain rights to high quality content from copyright owners requiring high security levels.
A Session Rights XML document can be generated by a content provider or any other entity (e.g. a Confirmation Server) that provides final interaction with the end-user. The content of the Session Rights document may be encoded in a Session Rights Object. A Rights element is the root element of the Session Rights document. It is a sequence of Content and Selection elements, which are required, and Provider and Rule elements, which are optional.
An authorization XML document can be maintained by the Provisioning Server and included in each ticket given to a Viewer by the KDC. A Rights Manager module on the Caching Server can be provided to evaluate the rules and user selection against the authorization data in the ticket to allow or disallow access to the specified content.
Each XML document may consist of a root element and a set of nested elements.
A provider element 14 can optionally specify a ProviderID (“pid” attribute) and the provider name as a text string.
The rule element 16 specifies a set of rules for the content specified by the content element 12. An “extern” attribute can be provided for the rule element 16 to specify whether the rules are defined in this document (e.g., value “false”) or in an external document (e.g., value “true”). The default value can be, for example, “false.” The rules do not change often and can be cached, for instance at a Caching Server, where the user can retrieve protected content. In order to minimize bandwidth overhead, the “extern” attribute may be set to “true” when the rules are being cached. Such an implementation will significantly reduce the size of each Session Rights Object (SRO).
A selection element 18 specifies a purchase selection made by a user, on whose behalf this Session Rights document is presented. An “optionID” attribute can be provided for the selection element 18 to identify a particular PurchaseOption defined within the Rule element that was selected by the user. Each option may be associated with different copy protection rules for persistent or non-persistent content. An “extern” attribute may also be provided for the selection element 18, to specify whether the selection is defined in this document (e.g., value “false”) or in an external document (e.g., value “true”). The default value may, for example, be “false.” A “deviceBound” attribute may also be provided for the selection element 18. If, for example, this attribute is set to ‘Y’, the content will not be shared outside the access device. If it is set to ‘N’, then the content will be shared across the user's authorized domain. If this attribute is not specified within the selection element 18, the system can be implemented to check the same “deviceBound” attribute inside the persistent entitlements to find out whether or not to share particular content across the authorized domain. The deviceBound attribute affects how blackout verification is performed. For example, if the content is not shared outside the access device, then the blackout check may only apply to the locations (listed inside Authorization Data) that have an “AccessPoint” attribute set to “Y.” Otherwise, all locations listed in the Authorization Data will need to be checked. The value of this attribute must be consistent with the persistent entitlements that are associated with the user selection.
The rule element 16 is illustrated in greater detail in
In one possible implementation, in order to get access to such content, a purchase element in the user Selection must be set to FREE.
The PurchaseOption element 20 defines copy protection rules or DRM rules for persistent data associated with a specific option for purchasing this content. This option is also associated with a price and a list of subscription services under which this option may be selected for free or at a decreased cost. Multiple PurchaseOption elements may be included to indicate different options for the user to purchase the content. Some of the options may restrict the purchase to only initial rendering of the content, while other options may allow the user to save a copy of the content with varying DRM rules.
The “optionID” of the Selection element 18 (
A Blackout element 22 provides a mechanism for geographically restricting access to given content. It provides the ability to define an area specified by a list of country codes or other types of location designators where the content is or is not allowed. The Blackout element is described in greater detail in connection with
A GenericRating element 24 specifies the content rating level for a particular rating scale or standard (e.g., MPAA rating, TV rating, etc.). This element can be repeated multiple times in order to define the rating levels for multiple rating scales. The GenericRating element is described in greater detail in connection with
Fingerprint elements 26 shown in
DeviceCapabilities element 28 specifies security requirements for a consumer device receiving the content. Some of these security requirements can apply to content rendering, while others may apply when a device makes a persistent copy of the content. For content rendering, one or more of the following attributes can be provided:
For copying, the following attribute can be provided:
As indicated in
A Cost element 32 associated with the PurchaseOption element 20 specifies the price of the content. A “currency” attribute specifies the currency expressed as a 3-letter acronym defined by ISO 4217. US dollar can, for example, be the default value. If a different currency representation is needed in the future, the “format” attribute can be used to specify other formats. This element is not applicable when content is made available on subscription basis only.
If the Cost element 32 is not specified, the content cannot be purchased and may be available for subscription. If the Subscription element (discussed below) is not specified either, the content is assumed to be free of cost.
Additional nested elements can be provided to specify different ways to buy the content. For example, a OneTimePay element can be provided to specify the price for a pay-per-view purchase mechanism. The “price” attribute can specify the cost for accessing this content.
A PBT element can be used to provide a mechanism to purchase content at time increments. An “increment” attribute can be provided to specify the time interval (in minutes) that the “price” is associated with. For instance, if the “price” is 95 cents and the increment value is thirty, the user will be charged 95 cents for each thirty minutes that the content is viewed. This rule will be checked against the Payment element in the Selection element 18 (
Table 1 defines the relationship between elements of the PurchaseOption (in columns) and user Selection (in rows). When a particular value of Selection is present, the value YES specifies that the element of PurchaseOption in that column must be present and will be evaluated. The value N/A specifies that the corresponding element may be present but will not be used for evaluating access rights. The value NO means that the rule must not be present. The value DENIED means that access will be denied. In addition, the rightmost column shows the required value of the Pay element from the user authorization.
If the Payment element (
SubscriptionGroup 34 includes the following two elements:
The aSubscription element specifies a list of services on which a piece of content is available for subscription, as illustrated in
It is noted that the number of bytes for the various elements and attributes disclosed herein is not meant to be limiting, and other implementations can be made within the scope of the present invention.
The Blackout element is illustrated in
Each element of the Blackout sequence is a substitution group, needed to accommodate different types of location codes. The element aLocation (50) is an abstract placeholder for a specific location element. The substitution elements for aLocation are:
The GenericRating element 24 specifies a content rating, as illustrated in
MPAARating (62)—a string with no white space that represents one of the MPAA rating levels.
TvRating (64)—a string with no white space that represents one of the North American TV rating levels.
It is possible to have multiple content rating elements in both Session Rights and Authorization Data XML documents. In that case, pairs of content rating elements from Session Rights and Authorization Data that are of the same type must be compared. For example, MPAARating element 62 in Session Rights would be compared to an MPAARating element in Authorization Data. If the rating ceiling set in Authorization Data is not exceeded for every such pair of rating elements, then the content rating check passes. If both Session Rights and Authorization Data have content rating elements but none of them have matching types, then the content rating check passes as well.
The Selection element 18 illustrated in
The Authorization element 80 of
The Authorization element has several attributes:
The Authorization element is also a sequence of the following elements:
The PersistentEntitlements element 90 is illustrated in an example embodiment in
PersistentEntitlements contains the following attributes:
PersistentEntitlements 90 is also a sequence of the following elements, shown in
The RuleSet element 92 described in
A RuleSet element contains a deviceBound attribute, which is a Boolean flag that when set, e.g., to ‘Y’ means that once a Viewer saves a copy of this content, no further copies of the content may be made, even within the same authorized domain (user's personal network) protected by IPRM security. RuleSet is a sequence with each element (for the exemplary embodiment) as described below.
The AnalogOutput element 100 restricts copies over an analog interface. It can also define analog proprietary system (APS) parameters, where APS is a mechanism to prevent analog copies of a video signal and would normally be used when the ‘copyRestriction’ attribute defined below is set, e.g., to NOCOPY (i.e., analog copies are not allowed). An example of an APS is the well known Macrovision system. At the present time, within most commercially available devices, no such equivalent exists for analog audio. Therefore, in most cases when ‘copyRestriction’ for analog is set to NOCOPY for an audio-only (e.g., music) content, analog output has to be completely disabled.
The AnalogOutput element 100 consists of the following attributes which apply specifically to analog output:
The DigitalCompressedOutput element 101 restricts copies over an external digital compressed interface that is not protected with the IPRM system. An example of such an interface would be IEEE-1394 (Firewire bus). However, if there is an IP stack running on top of IEEE-1394 and IPRM is used to protect content over this interface, this element would be ignored.
DigitalCompressedOutput consists of the following attributes:
The DigitalUncompressedOutput element 102 restricts copies of the content that is received over an external digital uncompressed interface (e.g., Digital Video Interface “DVI”) that is not protected with IPRM. This element consists of the following attributes:
The Redistribution element 103 defines rules for retransmission of the content beyond the current authorized domain. Note that this element does not apply to super distribution, where a copy of the content is sent to another consumer (in a new authorized domain) without any rights to use the content. This element is used in the cases when an initial set of persistent content entitlements already allows the content to be lawfully shared between multiple authorized domains without an additional cost. The Redistribution element has the following attribute:
The Redistribution element 103, illustrated in greater detail in
A Destination element contains the following attributes:
The Redistribution element can also optionally include a GeographicalRestriction element 112 that might prevent movement or copying of content into authorized domains listed in Destination elements, if they are located in blacked out geographical regions.
The Playback element 104 places restrictions on playback of stored content. It defines conditions which determine when stored content becomes expired and may no longer be used. The Playback element is illustrated in greater detail in
A Playback element is a sequence of one or more of the following elements:
The MulticastLimit element 105 limits the number of devices that the content can be simultaneously streamed to from a residential home gateway. This does not have to be an IP multicast. If the same content is being streamed to several clients simultaneously over multiple point-to-point connections, that would also qualify as a multicast in this case. A value of, e.g., zero means that the number of such simultaneous devices is unrestricted. Each single multicast of the content is counted as a single playback.
The Fingerprint element 106 identifies a fingerprint algorithm that is to be inserted into the content as it is being decompressed and delivered over an external analog or digital uncompressed interface. Several Fingerprint elements may be included in order to provide a choice to the rendering device. This element has the following attribute:
The DeviceCapabilities element 107 places some requirements on a device that is allowed to render or store a copy of the content. It has the following attributes:
The OptionCost element 96 is a sub-element of a RenewalOption 94 as shown in
OptionCost element 96, illustrated in greater detail in
The CopyProtectionRules element 140 is the root element of the IPRM Copy Protection Rules schema, and is illustrated in
CopyProtectionRules is a sequence of the following elements:
Various video, audio and/or multimedia appliances may be coupled to the home gateway for reproduction and/or storage of licensed content. Such devices, referred to as device N and device N+1 are illustrated in
A home network 157 is also coupled to the home gateway 152 to distribute content to appliances (e.g., PCs, televisions, PVRs, CD/DVD players, etc.) coupled to the home network. The home network 157 may be any type of available network, including wired and wireless (e.g., any of the IEEE 802.11 Wi-Fi standards, Bluetooth, etc.). The home network 157 may also be coupled, via a suitable gateway 158 as well known in the art, to other authorized networks 159. Such a network 159 may comprise, for example, another home network to which the subscriber at home network 157 is authorized to forward licensed content. This can be useful, for example, where the subscriber at home network 157 has a second (e.g., vacation) home where it is desired to view content.
It should now be appreciated that the present invention provides methods for IP rights management within an authorized domain. The methods provide flexibility in that rules for separate systems do not have to be tied together. Instead, a universal set of rules is provided to enable rights management in an authorized network that may include many different products, including both analog and digital video, audio, and multimedia appliances. Moreover, rules are provided for both streaming content and locally stored content.
While the present invention has been shown and described with reference to the preferred mode as illustrated in the drawings, it will be understood by those skilled in the art that various changes in detail may be effected therein without departing from the spirit and scope of the invention as defined by the following claims.