`
`PCT/US99/16638
`
`2/16
`
`
`
`.:..
`
`Probability Distribution
`of DCT Coefficient Value
`
`Quantized%'
`
`Coefficients
`
`FIG. 21
`
`
`
`Probability Distribution of DCT Coefficient Residue
`
`FIG. 2B
`
`SUBSTITUTE SHEET (RULE 25)
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2001
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2001
`
`
`
`wo oo/ossss
`
`'
`
`'
`
`.
`
`PCT/US99/16638
`
`3/16
`
`Probability Distribution of
`DCT Coefficient Value
`
`
`
`Reference Points
`
`FIG. 31!
`
`Probability Distribution of DCT Coefficient Residue
`
`FIG. 3B
`
`SUBSTITUTE SHEET (RULE 26)
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2002
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2002
`
`
`
`wo 00/Q5898
`
`‘
`
`-
`
`PCT/US99/16638
`
`4/16
`
`
`
`.—._
`
`Probability Distribution
`of DCT Coefficient Value
`
`Quantize<{iT
`
`FIG . 3C
`
`Coafficients
`
`Reference
`Point \/\
`
`ms.
`
`313
`
`I
`
`\/\ Difference
`
`SUBSTITUTE SHEET (RULE 26)
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2003
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2003
`
`
`
`WO 00/05898 .
`
`-:
`
`:
`
`PCT/US99/1 6638
`
`' 5/16
`
` 4'-'—-1- 410
`
`Input an original DCT coefficient. OC. and its
`corresponding base layer quantized DCT
`coefficienl. QC.
`
`
`
`
`Find absolute values oi OC and QC.
`AOC and AQC. and signs of OC and QC. SOC
`and SOC. respectively.
`
`4—-j 420
`
`
`
`‘ref = lower boundary oi
`quantization bin
`
`not the optional
`
`(
`reconstruction point
`
`
`)
`
`FIG. 4
`
` this last DC
`coefficient
`?
`
`' See Figure 3.
`Example:
`ll Base Layer quantization is
`AQC = ADC I (2'Q)
`lower boundary is AOC ’ (2'O)
`optimal point is AQC'(2'O) * 0
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2004
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2004
`
`
`
`WO 00/05898
`
`.-
`
`PCT/US99/1 6638
`
`6/16
`
`500
`
`
`
`510
`
`
`
`520
`
`Input a difference value
`
`
`
`max-bit-plane =[_|<;g2 (max-value?”
`
`560
`
`FIG. 5'
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2005
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2005
`
`
`
`WO 00/05898
`
`PCT/US99/16638
`
`7/16
`
`600
`
`610
`
`
`
` Stan
`
`Input a btock of DCT
`coefficient differences
`
`Input a bit-plane of the
`block of DCT ooefficient
`differences
`
`
`
`Is this
`the last
`non-zero bit
`
`
`
`
`
`
`
`in this bit-plane
`
`
`
`Symbol =
`
`(RUN, 0)
`
`FIG. 6
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2006
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2006
`
`
`
`WO 00/05898
`
`PCT/US99/1 6638
`
`8/16
`
` 710
`
`
`
`Put max-bit-plane
`value into bit stream
`
`
`
`with 4 bits
`
`
`
`_
`
`
`
`
`lnput (RUN. EOP) symbols and
`sign-enh values of one bit-plane of a
`frame
`
`
`
`700
`
`720
`
`730
`
`740
`
`values of one DCT block of the bit-plane.
`
` this the last
`
`bit-plane?
`
` FIG. 7
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2007
`
`
`
`
`Input (RUN, EOP) symbols and
`sign-enh values of one DCT block of
`the bit-plane
`
`
`
`""" SEE FLOW DIAGRAM 800 '“
`Encode (RUN, EOP) symbols and Sign-enh
`
`
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2007
`
`
`
`WO 00/05898
`
`PCT/US99/16638
`
`9/16
`
`and
`
`_/\_/
`
`
`
`Put code for the
`
`symbol into bitstream
`
`840
`
`_
`
`the symbol
`(All zeros)
`
`Put 6 bits for RUN»
`into bitstream
`
`Put 1 bit for EOP
`
`into bitstream
`
` Put code for (All zero)
`
`FIG. 8
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2008
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2008
`
`
`
`W0 00/05898
`
`PCT/US99/16638
`
`10/16
`
`900
`
`Yes
`
` _ls
`Sign-enh Value
`2 or 3?
`
`910
`
`
` 920
`
`
`
`Put one bit of Sign-enh
`value into bitstream
`
`Set sign-enh = 3
`
`930
`
`FIG. 9
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2009
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2009
`
`
`
`W0 00/05898
`
`PCT/US99/16638
`
`11/16
`
`Stan
`
`-/Xi
`
`1000
`
`1010
`
`
`
` Input a om value and a
`corresponding base tayer
`quantified DCT coetficient QC
`
`
`
`
`
`Find absolute value and sign
`of QC: AQC and SOC
`
`1 1030
`30
`. [L]
`
`-
`
`ref = tower boundary of quantization bin
`(not optimal reconstruction point)
`
`get sign bit and
`assign it to
` SRC:
`it sign bit 3 0.
`
`SRC = 1
`if sign bit = 1.
`SRC = -1
`
`
`
`
`
`'RC=SRC'ARC
`
`104°
`
`is
`this the 1351
`DCT coefficient
`
`
`
`
`RC is the constructed DCT
`coefficient.
`
`SRC is the sign oi RC and
`
`ARC is the absolute vaiue
`I of RC. —
`
`
`
`FIG. 10
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2010
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2010
`
`
`
`W0 00/05898
`
`PCT/US99/16638
`
`12/16
`
`*
`
`A
`
`_
`
`.._ '
`
`1'1oo
`
`'
`
`1 17°
`
`set bit-index = max_bit_pIane -1
`
`get one bit. b, from bit-plane
`bufier of bit-index
`
`111°
`
`1120
`
`1 1 30
`
`diff += b'2 ''‘-''°''
`
`1 140
`
`115°
`
`
`last decoded
`bit-plane reached
`
`1 1 so
`
`, ..................... - - Jes. ................. .. .. ..
`
`No
`
`Y
`
`as
`
`
`
`
`diff = base layer optimal
`reconstruction point - ref
`
`EX>1
`bit_ind
`7
`
`FIG. 11
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2011
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2011
`
`
`
`wo 00/05898
`
`’
`
`1
`
`«
`
`PCT/US99/16638
`
`13/16
`
`1200
`
`1210
`
`1 220
`
`Is
`this the last block
`
`
`
`of the last bit-plane
`
`or the end of the
`
`bit-stream of the
`‘me?
`
`1230
`
`
`
`FIG. 12
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2012
`
`
`
`Get max_bit_plane value from
`bitstream by reading 4 bits
`
`
`
`"SEE FLOW DIAGRAM 1300"
`Decode (RUN. EOP) symbols and
`sign__enh values of one DCT block
`of one bit-plane
`
`»
`
`
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2012
`
`
`
`WO 00/05898
`
`PCT/US99/1 6638
`
`14/ 16
`
`@
`
`Decode a symbol
`
`1300
`
`_/-\/
`
`133
`
`1 320
`
`Yes
`
`
`
`Is
`Symbol = (All zero)
`
`_________________ _ _
`No
`
`'
`
`put 64 0s to the
`bit-plane nutter
`
`symbol an
`escape code
`7
`
`
`
`
`
`Get RUN from
`the symbol
`
`Get RUN from the next
`
`
`6 hits in the bitstream
`
`
`
`Get EOP from the next
`1 bit in the bitstream
`
` ' Put RUN Os and a
`
`1 into bit-plane buffer
`
`FLOW DIAGRAM
`S
`1400Deoode sin enh value‘
`
`Yes
`
`Put Os to the bit-
`plane butter until the
`end at the block
`
`9
`
`_
`
`-
`
`FIG. 13
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2013
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2013
`
`
`
`W0 00/05898
`
`15 / 16
`
`PCT/US99/16638
`
`1 400
`
`
`
` ls
`Sign-enh Value
`
`-1 or 3
`?
`
`1410 *
`
`get one bit from the
`bitstneam as sign bit
`
`
`
`Set sign-enh = 3
`
`1 420
`
`1430
`
`
`
`FIG. 14
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2014
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2014
`
`
`
`WO 00/05898
`
`PCT/US99/I 6638
`
`. 16/16
`
`.mG>:&<>>m2K
`
`E3
`
`.E<w_O_w_n_
`
`.m_ca_32$.Erfi
`
`mMO.rwm_>_<w_u_
`
`>.m_O_>_m_>_
`
`FEE
`
`NEFE
`
`
`
`DNDOOMDZO_._.O_>_
`
`
`
`wm._n=>_<wZO_._.<mZmn=>_OO
`
`m_mmm>z_
`
`._.0o
`
`:o»<s_m_s_
`
`6528
`
`zo_»<mE<m
`
`
`
`$e\.%$\£..K.ZO_H<m_._.Z<DOmmmm>Z_
`
`O_._.m_>_I.Ew_<
`
`mmmm>z_
`
`z<om
`
`NEFEQ
`
`
`
`W.mN§Q‘N..,K%3%\2%,.n~®
`
`
`
`ZO_.r<w_._.Z<DCwmmm>Z_
`
`O_.rm_>_I._._m_<
`
`O(
`
`D
`
`mmmm>z_
`
`xihé
`
`
`
`
`
`I._.OZm._m:m<_m<>omooo
`
`ozaoomo<20
`
`
`
`mm>Smm>>3
`
`
`
`mm><._.pzm_sm_oz<_._zm
`
`
`
`
`
`I._.0Zw._m:m<_m<>omooo
`
`
`
`ozaoomo<._.<o
`
`- SUBSTITUTE SHEET (RULE 25) I
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2015
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2015
`
`
`
`
`
`
`
`
`
`
`worm) INTELLECTUAL PROPERTY ORGANIZATION
`International Bureau
`
`
`
`INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT)
`
`(51) I“t°"“3‘i°“al Pate“! Classmmfion 7 ‘
`H04L 9/00
`'
`
`(11) International Publication Number:
`_
`(43) International Publition Date:
`
`WO 00/59152
`
`5 October 2000 (05.l0.00)
`
`(21) International Application Number:
`
`PCT/US00/04983
`
`(22) International Filing Date:
`
`25 February 2000 (25.02.00)
`
`(81) Designated States: AE, AL, AM, AT, AU, AZ, BA, BB, BG,
`BR, BY, CA, CH, CN, CR, CU, CZ, DE, DK, DM, E,
`GD, GE, GH, GM, HR, HU, ID, IL, IN, IS, JP,
`KE, KG, KP, KR, KZ, LC, LK, LR. LS, LT, LU, LV, MA,
`
`(30) Priority Data:
`60/126,614
`O9/290,363
`09/482,928
`
`27 March 1999 (27.03.99)
`12 April 1999 (12.04.99)
`13 January 2000 ( 13.01.00)
`
`US
`Us
`US
`
`(71) Applicant: MICROSOFI‘ CORPORATION [US/US]; One
`Microsoft Way, Redmond, WA 98052 (US).
`
`ARIPO patent (GH, GM, KE, LS,
`G, ZW). Eurasian patent (AM. AZ.
`TJ, TM), European patent (AT. BE,
`FI, FR, GB, GR, IE, IT, LU, MC,
`SE), OAPI patent (BF, BJ, CF, CG, CI, CM, GA,
`, ML, MR, NE, SN, TD, TG).
`
`(72) Inventors: BLINN, Amold, N.; 9401 NE 27th Street. Bellevue, Published
`WA 98004 (US). JONB, 'I1iomas,C.; 23617 NE 6th Street,
`Without international search report and to be republished
`Redmond, WA 98053-3618 (US).
`upon receipt of that report.
`
`(74) Agents: ROCCI, Steven, J. et al.; Woodcock Washbum Kuriz
`Mackiewicz & Norris LLP, 46th floor, One Liberty Place,
`Philadelphia, PA 19103 (US).
`
`(54) Title: METHOD FOR INTERDEPENDENTLY VALIDATING A DIGITAL CONTENT PACKAGE AND A CORRESPONDING
`DIGITAL LICENSE
`
`(57) Abstract
`
`0
`A method is disclosed for a device to interdependently validate a
`digital content package having a piece of digital content in an encrypted
`fonn, and a conesponding digital license for rendering the digital content.
`A first key is derived from a source available to the device, and a first
`digital signature is obtained from the digital content package. The first key
`is applied to the fitst digital signature to validate the first digital signature
`the digital content package.‘ A second key is derived based on the first
`digital signature, and a second digital signature 1S obtained from the license.
`The second key is applied to the second digital signature to validate the
`second digital signature and the license.
`
`.
`- 3
`PR 8 (PU 880(0))
`
`=
`
`(KB)
`
`-
`
`1001
`
`KD(KD (PU-C5))'=(PU-C5)'1°°3
`
`vaiidaig Kn (PU-cs) S (PR-C$)- 1005
`
`Validate cam’ (PU-LS) s (PR-CS) - 1oo7
`
`Obtain (PU-LS) - 1009
`
`DRL Enabling? - 1015
`
`Yu
`
`KD (KD (Content)) I Content - 1017
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2016
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2016
`
`
`
`FOR THE PURPOSES OF INFORMATION ONLY
`
`Codes used to identify States party to the PCI‘ on the front pages of pamphlets publishing international applications under the PCI‘.
`
`Albania
`Annenia
`Austria
`Australia
`Azerbaijan
`Bosnia and Herzegovina
`Barbados
`Belgium
`Burkina Faso
`Bulgaria
`Benin
`Brazil
`Belarus
`Canada
`Central African Republic
`Congo
`Switzerland
`Cote d’Ivoire
`Cameroon
`China
`Cuba
`Czech Republic
`Germany
`Denmark
`Estonia
`
`ES
`Fl
`FR
`GA
`GB
`GE
`GH
`GN
`GR
`HU
`IE
`IL
`IS
`IT
`JP
`KB
`KG
`KP
`
`KR
`KZ
`LC
`Ll
`LK
`LR
`
`Spain
`Finland
`France
`Gabon
`United Kingdom
`Georgia
`Ghana
`Guinea
`Gtewe
`Hungary
`Ireland
`Israel
`Iceland
`Italy
`Japan
`Kenya
`Kyrgyzstan
`Dernocratic People's
`Republic of Korea
`Republic of Korea
`Kazakstan
`Saint Lucia
`Liechtenstein
`Sri Lanka
`Liberia
`
`LS
`LT
`LU
`LV
`MC
`MD
`MG
`MK
`
`ML
`MN
`MR
`MW
`MX
`NE
`NL
`N0
`NZ
`PL
`Fl‘
`R0
`RU
`SD
`SE
`SG
`
`Lesotho
`Lithuania
`Luxembourg
`Latvia
`Monaco
`Republic of Moldova
`Madagascar
`The fonner Yugoslav
`Republic of Macedonia
`Mali
`Mongolia
`Mauritania
`Malawi
`Mexico
`Niger
`Netherlands
`Norway
`New Zealand
`Poland
`Portugal
`Romania
`Russian Federation
`Sudan
`Sweden
`Singapore
`
`sr
`SK
`SN
`SZ
`TD
`TG
`TJ
`TM
`TR
`TI‘
`UA
`UG
`US
`UZ
`VN
`YU
`ZW
`
`Slovenia
`Slovakia
`Senegal
`Swaziland
`Chad
`Togo
`Tajikistan
`'I‘urlcmenistan
`Ttn'key
`Trinidad and Tobago
`Ukraine
`Uganda
`United States of America
`Uzbekistan
`Viet Nam
`Yugoslavia
`Zimbabwe
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2017
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2017
`
`
`
`WO 00/59152
`
`PCT/US00/04983
`
`METHOD FOR INTERDEPENDENTLY VALIDATING A DIGITAL CONTENT
`
`PACKAGE AND A CORRESPONDING DIGITAL LICENSE
`
`CROSS-REFERENCE TO RELATED APPLICATIONS
`
`This application is a continuation of U.S. Patent Application No.
`
`09/290,363, filed April 12, 1999 and entitled “ENFORCEMENT ARCI-HTECTURE
`
`AND METHOD FOR DIGITAL RIGHTS MANAGEMENT". and claims the benefit
`
`of U.S. Provisional Application No. 60/21,614, filed March 27, 1999 and entitled
`
`“ENFORCEMENT ARCHITECTURE AND METHOD FOR DIGITAL RIGHTS
`
`MANAGEMENT”, both of which are hereby incorporated by reference.
`
`TECHNICAL FIELD
`
`The present invention relates to an architecture for enforcing rights in
`
`digital content. More specifically, the present invention relates to such an enforcement
`
`architecture that allows access to encrypted digital content only in accordance with
`
`parameters specified by license rightsacquired by a user of the digital content.
`
`BACKGROUND OF THE INVENTION
`
`Digital rights management and enforcement is highly desirable in
`
`connection with digital content such as digital audio, digital video. digital text, digital
`
`data, digital multimedia, etc., where such digital content is to be distributed to users.
`
`Typical modes of distribution include tangible devices such as a magnetic (floppy)
`
`disk, a magnetic tape, an optical (compact) disk (CD). etc., and intangible media such
`
`as an electronic bulletin board, an electronic network, the Internet, etc. Upon being
`
`received by the user, such user renders or ‘plays’ the digital content with the aid of an
`
`appropriate rendering device such as a media player on a personal computer or the like.
`
`Typically, a content owner or rights-owner. such as an author, a
`
`publisher, a broadcaster, etc. (hereinafter “content owner"). wishes to distribute such
`
`digital content to a user or recipient in exchange for a license fee or so1ne other
`
`consideration. Such content owner, given the choice. would likely wish to restrict what
`
`15
`
`20
`
`25
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2018
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2018
`
`
`
`W0 00/59152
`
`PCT/US00/04983
`
`-2-
`
`the user can do with such distributed digital content. For example, the content owner
`would like to restrict the user from copying and re-distributing such content to a second
`
`user, at least in a manner that denies the content owner a license fee from such second
`
`user.
`
`In addition, the content owner may wish to provide the user with the
`
`flexibility to purchase different types of use licenses at different license fees, while at
`
`the same time holding the user to the terms of whatever type of license is in fact
`
`purchased. For example, the content owner may wish to allow distributed digital
`
`content to be played only a limited number of times, only for a certain total time, only
`
`on a certain type of machine, only on a certain type of media player, only by a certain
`
`type of user, etc.
`
`However, after distribution has occurred, such content owner has very
`
`little if any control over the digital content. This is especially problematic in view of
`
`the fact that practically every new or recent personal computer includes the software
`
`and hardware necessary to make an exact digital copy of such digital content, and to
`
`download such exact digital copy to a write-able magnetic or optical disk, or to send
`
`such exact digital copy over a network such as the Internet to any destination.
`
`Of course, as part of the legitimate transaction where the license fee
`
`was obtained, the content owner may require the user of the digital content to promise
`
`not to re-distribute such digital content. However, such a promise is easily made and
`
`easily broken. A content owner may attempt to prevent such re-distribution through
`
`any of several known security devices, usually involving encryption and decryption.
`
`However, there is likely very little that prevents a mildly determined user from
`
`decrypting encrypted digital content, saving such digital content in an un-encrypted
`
`form, and then re-distributing same.
`
`A need exists, then, for providing an enforcement architecture and
`
`method that allows the controlled rendering or playing of arbitrary forms of digital
`
`content, where such control is flexible and definable by the content owner of such
`
`digital content. A need also exists for providing a controlled rendering environment
`
`10
`
`15
`
`20
`
`25
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2019
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2019
`
`
`
`WO 00/59152
`
`PCT/US00/04983
`
`'1
`-_,._
`
`on a computing device such as a personal computer. where the rendering environment
`
`includes at least a portion of such enforcement architecture. Such controlled rendering
`
`environment allows that the digital content will only be rendered as specified by the
`
`content owner, even though the digital content is to be rendered on a computing device
`
`which is not under the control of the content owner.
`
`Further, a need exists for a trusted component running on the
`
`computing device, where the trusted component enforces the rights of the content
`
`owner on such computing device in connection with a piece of digital content, even
`
`against attempts by the user of such computing device to access such digital content
`
`in ways not permitted by the content owner. As but one example. such a trusted
`
`software component prevents a user of the computing device from making a copy of
`
`such digital content, except as otherwise allowed for by the content owner thereof.
`
`SUMMARY OF THE INVENTION
`
`The aforementioned needs are satisfied at
`
`least
`
`in part by an
`
`enforcement architecture and method for digital rights management, where the
`
`architecture and method enforce rights in protected (secure) digital content available
`
`on a medium such as the Internet, an optical disk. etc. For purposes of making content
`
`available, the architecture includes a content server from which the digital content is
`
`accessible over the Internet or the like in an encrypted form. The content server may
`
`also supply the encrypted digital content for recording on an optical disk or the like,
`
`wherein the encrypted digital content may be distributed on the optical disk itself. At
`
`the content server, the digital content is encrypted using an encryption key, and public
`
`/ private key techniques are employed to bind the digital content with a digital license
`
`at the user’s computing device or client machine.
`
`When a user attempts to render the digital content on a computing
`
`device, the rendering application invokes a Digital Rights Management (DRM) system
`
`on such user’s computing device. If the user is attempting to render the digital content
`
`for the first time, the DRM system either directs the user to a license server to obtain
`
`a license to render such digital content in the manner sought. or transparently obtains
`
`10
`
`15
`
`20
`
`25
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2020
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2020
`
`
`
`W0 00/59152
`
`PCT/US00/04983
`
`-4-
`
`such license from such license server without any action necessary on the part of the
`
`user. The license includes:
`
`- a decryption key (KD) that decrypts the encrypted digital content;
`
`- a description of the rights (play, copy, etc.) conferred by the license
`
`and related conditions (begin date, expiration date, number of plays,
`
`etc.), where such description is in a digitally readable form; and
`
`- a digital signature that ensures the integrity of the license.
`
`The user cannot decrypt and render the encrypted digital content without obtaining
`
`such a license from the license server. The obtained license is stored in a license store
`
`10
`
`in the user’s computing device.
`
`Importantly, the license server only issues a license to a DRM system
`
`that is ‘trusted’ (i.e., that can authenticate itself). To implement ‘trust’. the DRM
`
`system is equipped with a ‘black box’ that performs decryption and encryption
`
`functions for such DRM system. The black box includes a public / private key pair,
`a version number and a unique signature, all as providediby an approved certifying
`
`15
`
`authority. The public key is made available to the license server for purposes of.
`
`encrypting portions of the issued license, thereby binding such license to such black
`
`box. The private key is available to the black box only. and not to the user or anyone
`
`else, for purposes of decrypting information encrypted with the corresponding public
`
`key. The DRM system is initially provided with a black box with a public / private key
`
`pair, and the user is prompted to download from a black box server an updated secure
`
`black box when the user first requests a license. The black box server provides the
`
`updated black box, along with a unique public/private key pair. Such updated black
`
`box is written in unique executable code that will run only on the user’s computing
`
`device, and is re-updated on a regular basis. When a user requests a license. the client
`
`machine sends the black box public key. version number. and signature to the license
`
`20
`
`25
`
`server, and such license server issues a license only if the version number is current
`
`and the signature is valid. A license request also includes an identification of the
`
`digital content for which a license is requested and a key ID that identifies the
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2021
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2021
`
`
`
`W0 00/59152
`
`PCT/US00/04983
`
`-5-
`
`decryption key associated with the requested digital content. The license server uses
`
`the black box public key to encrypt the decryption key. and the decryption key to
`
`encrypt the license terms, then downloads the encrypted decryption key and encrypted
`
`license terms to the user’s computing device along with a license signature.
`
`Once the downloaded license has been stored in the DRM system
`
`license store, the user can render the digital content according to the rights conferred
`
`by the license and specified in the license temts. When a request is made to render the
`
`digital content, the black box is caused to decrypt the decryption key and license terms,
`
`and a DRM system license evaluator evaluates such license terms. The black box
`
`decrypts the encrypted digital content only if the license evaluation results in a decision
`
`that the requestor is allowed to play such content. The decrypted content is provided
`
`to the rendering application for rendering.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The foregoing summary, as well as the following detailed description
`
`of the embodiments of the present invention. will be better understood when read in
`
`conjunction with the appended drawings. For the purpose of illustrating the invention,
`
`there are shown in the drawings embodiments which are presently preferred. As
`
`should be understood, however, the invention is not limited to the precise arrangements
`
`and instrumentalities shown. In the drawings:
`
`Fig.
`
`1
`
`is a block diagram showing an enforcement architecture in
`
`accordance with one embodiment of the present invention;
`
`Fig. 2 is a block diagram of the authoring tool of the architecture of
`
`Fig. 1 in accordance with one embodiment of the present invention:
`
`Fig. 3 is a block diagram of a digital content package having digital
`
`content for use in connection with the architecture of Fig. 1
`
`in accordance with one
`
`embodiment of the present invention;
`
`Fig. 4 is a block diagram ofthe user's computing device of Fig. 1 in
`
`accordance with one embodiment of the present invention;
`
`10
`
`15
`
`20
`
`25
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2022
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2022
`
`
`
`W0 00/59152
`
`PCTlUS00/04983
`
`-6-
`
`Figs. 5A and 5B are flow diagrams showing the steps performed in
`
`connection with the Digital Rights Management (DRM) system of the computing
`
`device of Fig. 4 to render content in accordance with one embodiment of the present
`
`invention;
`
`Fig. 6 is a flow diagram showing the steps performed in connection
`
`with the DRM system of Fig. 4 to determine whether any valid, enabling licenses are
`
`present in accordance with one embodiment of the present invention;
`
`Fig. 7 is a flow diagram showing the steps performed in connection
`
`with the DRM system of Fig. 4 to obtain a license in accordance with one embodiment
`
`10
`
`of the present invention;
`
`Fig. 8 is a block diagram of a digital license for use in connection with
`
`the architecture of Fig. 1 in accordance with one embodiment ofthe present invention;
`
`Fig. 9 is a flow diagram showing the steps performed in connection
`
`with the DRM system of Fig. 4 to obtain a new black box in accordance with one
`
`15
`
`embodiment of the present invention;
`
`Fig. 10 is a flow diagram showing the key transaction steps performed
`
`in connection with the DRM system of Fig. 4 to validate a license and a piece of digital
`
`content and render the content in accordance with one embodiment of the present
`
`invention;
`
`20
`
`Fig. 11 is a block diagram showing the license evaluator of Fig. 4 along
`
`with a Digital Rights License (DRL) of a license and a language engine for interpreting
`
`the DRL in accordance with one embodiment of the present invention; and
`
`Fig. 12 is a block diagram representing a general purpose computer
`
`system in which aspects of the present invention and/or portions thereof may be
`
`25
`
`incorporated.
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2023
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2023
`
`
`
`WO 00/59152
`
`PCT/US00/04983
`
`-7-
`
`Detailed Description of the Invention
`
`U1
`
`1
`
`0
`
`1
`
`5
`
`20
`
`Ix) U1
`
`Referring to the drawings in details, wherein like numerals are used to
`
`indicate like elements throughout, there is shown in Fig. 1 an enforcement architecture
`
`10 in accordance with one embodiment of the present invention. Overall,
`
`the
`
`enforcement architecture 10 allows an owner ofdigital content 12 to specify license
`
`rules that must be satisfied before such digital content 12 is allowed to be rendered on
`
`a user’s computing device 14. Such license rules are embodied within a digital license
`
`16 that
`
`the user / user’s computing device 14 (hereinafter,
`
`such terms are
`
`interchangeable unless circumstances require otherwise) must obtain from the content
`
`owner or an agent thereof. The digital content 12 is distributed in an encrypted form,
`
`and may be distributed freely and widely. Preferably, the decrypting key (KD) for
`
`decrypting the digital content 12 is included with the license 16.
`COMPUTER ENVIRONMENT
`
`Fig. 12 and the following discussion are intended to provide a brief
`
`general description of a suitable computing environment in which the present invention
`
`and/or portions thereof may be implemented. Although not required, the invention is
`
`described in the general context of computer-executable instructions. such as program
`
`modules, being executed by a computer, such as a client workstation or a server.
`
`Generally, program modules include routines. programs. objects, components, data
`
`structures and the like that perfomi particular tasks or implement particular abstract
`
`data types. Moreover, it should be appreciated that the invention and/or portions
`
`thereof may be practiced with other computer system configurations,
`
`including
`
`hand-held devices, multi-processor systems, microprocessor—based or programmable
`
`consumer electronics, network PCs, minicomputers. mainframe computers and the like.
`
`The invention may also be practiced in distributed computing environments where
`
`tasks are performed by remote processing devices that are linked through a
`
`communications network. In a distributed computing environment. program modules
`
`may be located in both local and remote memor_\' storage devices.
`
`As shown in Fig. 12, an exemplary general purpose computing system
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2024
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2024
`
`
`
`WO 00/59152
`
`PCT/US00/04983
`
`_3_
`
`includes a conventional personal computer 120 or the like. including a processing unit
`
`121, a system memory 122, and a system bus 18 that couples various system
`
`components including the system memory to the processing unit 121. The system bus
`
`18 may be any of several types of bus structures including a memory bus or memory
`
`controller, a peripheral bus, and a local bus using any of a variety of bus architectures.
`
`The system memory includes read—only memory (ROM) 19 and random access
`
`memory (RAM) 20. A basic input/output system 21 (BIOS). containing the basic
`
`routines that help to transfer information between elements within the personal
`
`computer 120, such as during start-up, is stored in ROM 19.
`
`The personal computer 120 may further include a hard disk drive 22 for
`
`reading from and writing to. a hard disk (not shown). a magnetic disk drive 128 for
`
`reading from or writing to a removable magnetic disk 129, and an optical disk drive
`
`25 for reading from or writing to a removable optical disk 13] such as a CD-ROM or
`
`other optical media. The hard disk drive 22. magnetic disk drive 128, and optical disk
`
`drive 25 are connected to the system bus 18 by a hard disk drive interface 27, a
`
`magnetic disk drive interface 28, and an optical drive interface 29. respectively. The
`
`drives and their associated computer-readable media provide non-volatile storage of
`
`computer readable instructions, data structures, program modules and other data for the
`
`personal computer 20.
`
`Although the exemplary enviromnent described herein employs a hard
`
`disk, a removable magnetic disk 129, and a removable optical disk 131. it should be
`appreciated that other types of computer readable media which can store data that is
`
`accessible by a computer may also be used in the exemplary operating environment.
`
`Such other types of media include a magnetic cassette. a flash memory card. a digital
`
`video disk, a Bernoulli cartridge, a random access memory (RAM). a read—only
`
`memory (ROM), and the like.
`
`A number of program modules may be stored on the hard disk,
`
`magnetic disk 129, optical disk 131. ROM 19 or RAM20. including an operating
`
`system 30. one or more application programs 136. other program modules 137 and
`
`10
`
`15
`
`20
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2025
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2025
`
`
`
`WO 00/59152
`
`PCT/US00/04983
`
`-9-
`
`program data 138. A user may enter commands and information into the personal
`
`computer 120 through input devices such as a keyboard 35 and pointing device 142.
`
`Other input devices (not shown) may include a microphone, joystick, game pad,
`
`satellite disk, scarmer, or the like. These and other input devices are often connected
`
`to the processing unit 121 through a serial port interface 41 that is coupled to the
`
`system bus, but may be connected by other interfaces, such as a parallel port, game
`
`port, or universal serial bus (USB). A monitor 42 or other type of display device is
`
`also connected to the system bus 18 via an interface, such as a video adapter 148. In
`
`addition to the monitor 42, a personal computer typically includes other peripheral
`
`output devices (not shown), such as speakers and printers. The exemplary system of
`
`Fig. 12 also includes a host adapter 50, a Small Computer System Interface (SCSI) bus
`
`156, and an external storage device 162 connected to the SCSI bus 156.
`
`The personal computer 120 may operate in a networked environment
`
`using logical connections to one or more remote computers, such as a remote computer
`
`149. The remote computer 149 may be another personal computer. a server, a router,
`
`a network PC, a peer device or other common network node, and typically includes
`
`many or all of the elements described above relative to the personal computer 120,
`
`although only a memory storage device 150 has been illustrated in Fig. l2. The logical
`
`connections depicted in Fig. 12 include a local area network (LAN) 46 and a wide area
`
`network (WAN) 47. Such networking environments are commonplace in offices,
`
`enterprise-wide computer networks, intranets, and the Internet.
`
`When used in a LAN networking environment. the personal computer
`
`120 is connected to the LAN 46 through a network interface or adapter 48. When used
`
`in a WAN networking enviromnent. the personal computer I20 typically includes a
`
`modem 49 or other means for establishing communications over the wide area network
`
`47, such as the Internet. The modem 49. which may be internal or external,
`
`is
`
`connected to the system bus 18 via the serial port interface 4|.
`
`In a networked
`
`environment, program modules depicted relative to the personal computer I20, or
`
`portions thereof, may be stored in the remote memory storage device.
`
`It will be
`
`I0
`
`15
`
`20
`
`Petitioner Apple Inc. — Exhibit 1002, p. 2026
`
`Petitioner Apple Inc. - Exhibit 1002, p. 2026
`
`
`
`WO 00/59152
`
`PCT/US00/04983
`
`-10-
`
`appreciated that the network connections shown are exemplary and other means of
`
`establishing a communications link between the computers may be used.
`
`ARCHITECTURE
`
`Referring again to Fig. 1, in one embodiment of the present invention,
`
`the architecture 10 includes an authoring-tool 18, a content-key database 20, a content
`
`server 22, a license server 24, and a black box server 26, as well as the aforementioned
`
`user’s computing device 14.
`
`ARCHITECTURE - Authoring Tool 18
`
`10
`
`15
`
`20
`
`The authoring tool 18 is employed by a content owner to package a
`
`piece of digital content 12 into a form that is amenable for use in connection with the
`
`architecture 10 of the present invention. In particular. the content owner provides the
`
`authoring tool 18 with the digital content 12, instructions and/or rules that are to
`
`accompany the digital content 12, and instructions and/or rules as to how the digital
`
`content 12 is to be packaged. The authoring tool 18 then produces a digital content
`
`package 12p having the digital content 12 encrypted according to an encryption /
`
`decryption key, and the instructions and/or rules that accompany the digital content 12.
`
`In one embodiment of the present invention. the authoring tool 18 is
`
`instructed to serially produce several different digital content 12 packages 12p, each
`
`having the same digital content 12 encrypted according to a different encryption /
`
`decryption key. As should