USOO6950941B1
`
`(12) United States Patent
`Lee et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 6,950,941 B1
`Sep. 27, 2005
`
`(*) Notice:
`
`(54) COPY PROTECTION SYSTEM FOR
`PORTABLE STORAGE MEDIA
`(75) Inventors: Chang-Hyi Lee, Suwon (KR); Ho-Suk
`Chung, Suwon (KR); Eun-Seong
`Kang, Suwon (KR)
`(73) Assignee: Samsung Electronics Co., Ltd.,
`Suwon-si (KR)
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`(21) Appl. No.: 09/302,431
`(22) Filed:
`Apr. 30, 1999
`(30)
`Foreign Application Priority Data
`Sep. 24, 1998 (KR) ................................... 98-398O8
`Sep. 24, 1998 (KR) ................................... 98-39809
`(51) Int. Cl. ............................ H04L 9/00; H04L 9/32;
`G06F 11/30; G06F 12/14
`(52) U.S. Cl. ...................... 713/193; 713/189; 713/156;
`713/173; 713/175
`(58) Field of Search ................................ 713/193, 189,
`713/156, 173, 175
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`5,677.953 A * 10/1997 Dolphin ....................... 705/51
`
`3/2000 Davis .......................... 705/41
`6,041,314 A
`6,574,609 B1* 6/2003 Downs et al. ................ 705/50
`* cited by examiner
`Primary Examiner-Gilberto Barron
`Assistant Examiner-Benjamin E. Lanier
`(74) Attorney, Agent, or Firm-Robert E. Bushnell, Esq.
`
`(57)
`
`ABSTRACT
`
`Systems connected to users generate a plurality of keys
`which are mutually shared, and download and upload digital
`contents by using Secret channels formed between the Sys
`tems. An information provider receives an authorization
`from a certificate authority. A licensed SDMI compliant
`module (LCM) is authenticated through the information
`provider, and the information provider and the LCM form a
`channel. A portable device is authenticated from the infor
`mation provider through the LCM, and the LCM and the
`portable device form a channel. The digital content between
`the LCM and the portable device is downloaded and
`uploaded according to respective control State data of the
`LCM and the portable device. The system can use a physical
`address of a bad sector formed in the portable medium
`during the manufacturing process for preventing an illegal
`copy of the downloaded digital contents through the portable
`device after the digital contents have been downloaded.
`
`38 Claims, 9 Drawing Sheets
`
`First Ser
`
`
`
`140
`
`13O
`
`INTERNET
`SERVICE
`PROVIDER
`PROGRAM
`PROVIDER
`
`150
`
`PORTABLE
`DEVICE
`e.g., MP3
`
`PORTABLE
`DEVICE
`e.g. MP3
`
`150
`
`STORAGE
`MEDUM
`
`DISH-Blue Spike-246
`Exhibit 1017, Page 0001
`
`

`

`U.S. Patent
`
`Sep. 27, 2005
`
`Sheet 1 of 9
`
`US 6,950,941 B1
`
`
`
`First user
`
`130
`
`INTERNET
`SERVICE
`PROVIDER
`
`14O
`
`15O
`
`PORTABLE
`DEVICE
`e.g., MP3
`
`161
`
`13O
`
`INTERNET
`SERVICE
`PROVIDER
`PROGRAM
`PROVIDER
`
`PORTABLE
`DEVICE
`a.c. MP3
`
`15O
`
`DISH-Blue Spike-246
`Exhibit 1017, Page 0002
`
`

`

`U.S. Patent
`
`US 6,950,941 B1
`
`
`
`OL L
`
`2. ‘OM/
`
`DISH-Blue Spike-246
`Exhibit 1017, Page 0003
`
`

`

`US. Patent
`
`Sep. 27, 2005
`
`Sheet 3 0f 9
`
`US 6,950,941 B1
`
`Generate:
`
`
`
`SecurelyStore
`
`FIG.5
`
`DISH-Blue Spike-246
`
`Exhibit 1017, Page 0004
`
`(Prerylsp,PubKeyISP,Certo\(PubKey.sp))
`
`
`
`
`
`=K
`ISP)
`
`<Uv I 0
`
`Iu
`LIJ
`
`13O
`
`110
`
`DISH-Blue Spike-246
`Exhibit 1017, Page 0004
`
`

`

`U.S. Patent
`
`Sep. 27, 2005
`
`Sheet 4 of 9
`
`US 6,950,941 B1
`
`
`
`;--------------->
`
`
`
`TOE ("No.
`
`XX = (WDiffSDHCT®3 —> }
`
`DISH-Blue Spike-246
`Exhibit 1017, Page 0005
`
`

`

`U.S. Patent
`
`Sep. 27, 2005
`
`Sheet 5 of 9
`
`US 6,950,941 B1
`
`
`
`DISH-Blue Spike-246
`Exhibit 1017, Page 0006
`
`

`

`U.S. Patent
`
`Sep. 27, 2005
`
`Sheet 6 of 9
`
`US 6,950,941 B1
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`9 (0/0/
`
`DISH-Blue Spike-246
`Exhibit 1017, Page 0007
`
`

`

`U.S. Patent
`
`Sep. 27, 2005
`
`Sheet 7 of 9
`
`US 6,950,941 B1
`
`09 L
`
`
`
`DISH-Blue Spike-246
`Exhibit 1017, Page 0008
`
`

`

`U.S. Patent
`
`Sep. 27, 2005
`
`Sheet 8 of 9
`
`US 6,950,941 B1
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`? ?JOM/
`
`
`
`2|^[)OW|CUO||Dun | Old ........................?.|
`
`WS
`
`Wd
`
`0/8
`
`OG8
`
`09||
`
`DISH-Blue Spike-246
`Exhibit 1017, Page 0009
`
`

`

`U.S. Patent
`
`Sep. 27, 2005
`
`Sheet 9 of 9
`
`US 6,950,941 B1
`
`
`
`
`
`
`
`
`
`
`
`
`
`6. “JO//
`
`DISH-Blue Spike-246
`Exhibit 1017, Page 0010
`
`

`

`1
`COPY PROTECTION SYSTEM FOR
`PORTABLE STORAGEMEDIA
`
`US 6,950,941 B1
`
`CLAIM FOR PRIORITY
`
`This application makes reference to, incorporates the
`Same herein, and claims all rights accruing thereto under 35
`U.S.C. S 119 through our patent applications entitled The
`Digital Content Encryption Apparatus And Method Thereof
`earlier filed on the 24" day of Sep. 1998 in the Korean
`Industrial Property Office and there duly assigned Serial
`Nos. 1998/398O8 and 1998/39809.
`
`FIELD OF THE INVENTION
`
`15
`
`The present invention is generally related to encryption
`processes and apparatus, and, more particularly, to Secure
`and robust processes and apparatus for the generation and
`use of keys in the transmission and replay of digital infor
`mation for licensed Secure Digital Music Initiative (SDMI)
`compliant modules Such as personal computers and SDMI
`compliant portable devices in conjunction with Internet
`Service content provider and a certificate authority.
`
`BACKGROUND ART
`
`25
`
`35
`
`40
`
`Recently, with the flood of information provided by
`various media Such as broadcasting and press, an atmo
`Sphere has been created by the information providers who
`are interested in providing integrated information that covers
`all of the media. Other users want to selectively receive a
`specific item of digital information from the entire spectrum
`of information available from a particular information pro
`vider (IP). Accordingly, a digital content transmission Sys
`tem has been formed by the information providers who
`convert various types of information into a digital form and
`Store this digital information, and the users who Subscribe to
`this digital information System from the information pro
`vider via the network. Digital information transmission
`Systems endow an application program with easy download
`ability of the digital content. The user can get all the
`information desired by using this application program to
`access the digital information System through the network.
`The digital information may be provided to the user either
`for pay or for free. In case of paid digital information, the
`Server who provides the digital information via the trans
`mission System Sets the Service fee. The Service Server
`charges the user according to the quantity of information
`used when the digital information is downloaded to the user.
`MPEG software protocol for example, compresses audio
`files to a fraction of their original size, but has little
`perceptible effect upon the quality of the audio Sound.
`MPEG software protocol is now widely used by Internet
`Sites offering digitalized music, and is reported to be com
`monly used to offer digitalized versions of recorded music
`55
`without the consent of the musicians. When a user is
`connected to a Server that provides digital information
`commercially via a network, a few of the users may be able
`to inadvertently or illegally copy the digital information, a
`practice that, as was recently noted by Interdeposit and the
`French Agency for the Protection of Programs, a member of
`the European ASSociation of Authors and Information Tech
`nology Professional, in the Patent, Trademark & Copyright
`Journal, volume 57, No. 1416, page 385 (11 Mar. 1999),
`would be economically damaging to both the musicians and
`to the Server who is running the digital information trans
`mission System. Currently, the Server, as well as the musi
`
`45
`
`50
`
`60
`
`65
`
`2
`cians, can do little more than Seek redress by undertaking
`civil and criminal action in an effort to control the possibility
`of unlicensed reception of digital information. We have
`noticed that there is a need for a technique to preserve
`transmission Security of revenue bearing information while
`restricting access to the information by unauthorized entities
`and preventing unauthorized users from using any of the
`information that they may be able to illicitly obtain from the
`information provider by restricting the ability of the unau
`thorized users to decrypting whatever information they
`manage to obtain via the System.
`Also, it is difficult to prevent the illegal copy of the
`supplied digital contents or the CODEC recorded on the
`portable medium if the portable medium is copied after the
`digital content has been Supplied to a user and recorded on
`the portable medium.
`In particular, the MP3 which is the audio data of the above
`digital contents is downloaded to the first content output unit
`as well as the second content output unit such as an MP3
`player and then reproduced. In the meantime, the MP3 is
`downloaded to a content Storage unit Such as a Smartmedia
`card built in the first content output unit, and the MP3
`downloaded in the content Storage unit is reproduced
`through the Second content output unit.
`However, as stated above, there is a drawback in that the
`digital data downloaded to the first and Second content
`output units and the content Storage unit are easily copied to
`be illegally distributed.
`
`SUMMARY OF THE INVENTION
`
`It is therefore, one object of the present invention to
`provide improvements in cryptographic processes and appa
`ratuS.
`It is another object to provide a Secure and robust digital
`encryption proceSS and apparatus.
`It is yet another object to provide digital encryption
`processes and apparatus endowing a System with Secure and
`robust copy protection for a licensed Secure digital music
`initiative compliant module Such as personal computers and
`portable devices Such as disk and DVD players in conjunc
`tion with Internet Service provider and a certificate authority.
`It is still another object to provide digital encryption
`processes and apparatus able to encrypt and transmit digital
`information received from a transmission System, by the use
`of multiple cryptographic keys.
`It is still yet another object to provide digital encryption
`processes and apparatus for generating and using multiple
`cryptographic keys during the transmission of digital infor
`mation to a user.
`It is a further object to provide digital encryption pro
`ceSSes and apparatus that employ user information in the
`generation and use of multiple cryptographic keys during the
`transmission of digital information to the user.
`It is a yet further object to provide digital encryption
`processes and apparatus able to encrypt and transmit digital
`information obtained from a transmission System by using
`multiple cryptographic keys, and to decrypt and play the
`digital information at the terminal of the user by using a
`plurality of keys, one of which is common to the multiple
`keys.
`It is a Still further object to provide digital encryption
`processes and apparatus able to encrypt and transmit digital
`information obtained from a transmission System by using
`key information, a user's key, and a temporary validation
`
`DISH-Blue Spike-246
`Exhibit 1017, Page 0011
`
`

`

`3
`key, and to decrypt and play the digital information at the
`terminal of the user by using the key information and user
`authorization information.
`It is still yet a further object to provide encryption,
`transmission and reception protocols enabling encryption,
`transmission and decryption of digital information received
`from a transmission System.
`It is an additional object to provide encryption, transmis
`Sion and reception protocols enabling encryption and trans
`mission of digital information received from a transmission
`System by using multiple keys to encrypt the digital infor
`mation, and decryption and replay of the digital information
`at the terminal of the user by using a plurality of keys, one
`of which is common to the multiple keys.
`It is still yet a further object to provide encryption,
`transmission and reception protocols enabling encryption
`and transmission of digital information received from a
`transmission System, by using key information, a user's key,
`and a temporary validation key, and decryption and replay of
`the digital information at the terminal of the user by using
`the key information and user authorization information.
`It is also an object to provide a more Secure cryptograph
`and process for transmitting information to a terminal of a
`user who has requested the information.
`It is also a further object to provide a cryptograph and
`process that reliably restricts the ability of a registered
`subscriber who has validly obtained information from an
`information provider, to deliver that information to another
`entity in a readily usable form.
`These and other objects may be attained with an encryp
`tion process and apparatus that provides a Secure and robust
`copy protection system for a licensed secure digital music
`initiative compliant module Such as personal computers and
`portable devices, in conjunction with Iternet Service provid
`erS and certificate authorities, by responding to a user's
`request for transmission of items of digital information to
`the user's terminal unit, by providing copy protection during
`downloading and during uploading of the digital contents. In
`order to prevent the digital contents from being copied
`illegally, a plurality of keys is generated and held by both the
`user and the digital content provider, and a Secret channel is
`formed between both the user and the digital content pro
`vider. The header of the encrypted digital content is
`encrypted by using a physical address of a Sector of a
`licensed SDMI compliant module such as a portable com
`45
`puter or a portable media device in order to prevent the
`digital content from being copied illegally after the digital
`content is recorded in the portable media.
`The present invention includes a certificate authority, an
`information provider, a first content output unit, a Second
`content output unit, and a manufacturer of the Second output
`units.
`The certificate authority generates, encrypts, and outputs
`a first authentication qualification key and a first authenti
`cation qualification key data, and generates a manufacturing
`key and manufacturing key information in response to a
`registration request Signal from the manufacturer, The cer
`tificate authority forms a first table and a second table. The
`first table has a manufacturer key, a manufacturer key data,
`and information of the manufacturer key, and the Second
`table has a token, a token information encrypted by the
`manufacturer key, the identification of a portable device or
`terminal.
`The manufacturer of the Second output units Such portable
`devices sends a registration request Signal to the certificate
`authority and receives the manufacturing key and manufac
`turing key data.
`
`25
`
`35
`
`40
`
`50
`
`55
`
`60
`
`65
`
`US 6,950,941 B1
`
`15
`
`4
`The internet Service provider transmits the registration
`request Signal to the certificate authority, Stores the first
`authentication qualification key and the first authentication
`qualification key data inputted from the certificate authority
`in order to be authorized to Supply the encrypted digital
`contents, and generates a Second authentication qualification
`key and a Second authentication qualification key data. The
`internet Service provider outputs the Second registration
`request Signal to the certificate authority,
`The first content output unit Such as a personal computer
`outputs the registration request Signal to the internet Service
`provider in order to receive the digital contents, Stores the
`Second authentication qualification key and the Second
`authentication qualification key data, outputs the manufac
`turer key data to the internet Service provider, encodes and
`outputs the manufacturer key detected from the Second table
`in response to the manufacturer key data, and receives a
`public key, public key information and digital contents.
`The Second content output unit Such as a portable device
`outputs the first registration request signal to the certificate
`authority and Stores the manufacturer key and the manufac
`turer key data inputted from the certificate authority.
`In addition of alternatively, the present invention may use
`a physical address of a bad Sector formed in the portable
`recordable medium during the manufacturing process,
`encrypts a header of the encrypted digital contents Stored in
`the portable recordable medium, and records the encrypted
`header on the physical address of the bad sector of the
`portable recordable medium for preventing an illegal copy
`of the downloaded digital contents through a terminal after
`the digital contents have been downloaded.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`A more complete appreciation of this invention, and many
`of the attendant advantages thereof, will be readily apparent
`as the same becomes better understood by reference to the
`following detailed description when considered in conjunc
`tion with the accompanying drawings in which like refer
`ence Symbols indicate the same or Similar components,
`wherein:
`FIG. 1 is a block diagram illustrating the overall archi
`tecture of an implementation of the principles of the present
`invention;
`FIG. 2 is a block diagram illustrating a registration by an
`original equipment manufacture of a portable device with a
`certificate authority;
`FIG. 3 is a block diagram showing the registration of
`Internet Service provider's registration with a certificate
`authority;
`FIG. 4 is a block diagram showing the registration of a
`personal computer and a portable device with an Internet
`Service provider;
`FIG. 5 is a block diagram showing usage rules governing
`a database of a right management System;
`FIG. 6 is an exemplified format;
`FIG. 7 is a block diagram showing the basic architecture
`for various inputs;
`FIG. 8 is a block diagram showing control of outsource
`import, and
`FIG. 9 is a block diagram showing a copy protection
`System for portable media.
`
`DISH-Blue Spike-246
`Exhibit 1017, Page 0012
`
`

`

`S
`DETAILED DESCRIPTION OF PREFERRED
`EMBODIMENTS
`
`US 6,950,941 B1
`
`6
`EC DH(ISPLCM)-random secret value (key) shared
`between ISP and LCM by Elliptic Curve (Cryptosystem)
`based Diffie-Hellman Key Exchanging Protocol
`EC-ENC-Elliptic Curve-based Encryption of a content
`by utilizing a public key
`ENC-Symmetric Key Encryption of a content by utiliz
`ing a Secret key
`ICL-Import Control Layer
`ID-Identifier of A
`IP-Information Provider;
`ISP Internet Service Provider including Content Pro
`vider via the network
`LCM-Licensed SDMI Compliant Module
`MKIT Manufacturer Key Information Table
`MKPD-Manufacturer Key within a portable device
`PCS-Playback Control Status
`PD-SDMI Compliant Portable Device
`PDFM-Portable Device Functional Module
`PKC-Public Key Cryptosystem
`PM-Portable Media (SDMI Complaint Storage Media)
`PryKey A, PubKey A-Private Key and Public Key of A
`(A may be LCM, PD, ISP, CA, and the like)
`RMF Right Management Field
`RMS-DB-Right Management System-Data Base
`RNG-Random Number Generation Unit
`SDMI-Secure Digital Music Initiative
`SH-Secret Header
`SNAKE-Symmetric Key Encryption Algorithm, which
`is very effective for both software and hardware implements
`and has been World-wide cryptanalized
`SOI-Source Originator Indicator Field;
`UTD-Update Token Data.
`In the above items the Elliptic Curve based Public Key
`Cryptosystem is just an example as a candidate of Public
`Key Cryptosystem, and So any public key cryptosystem, for
`example RSA, can be used instead of it. But we Suggest that
`SDMI Compliant EMD System (Electronic Music Distrib
`uting System) adopt the ECC System for the next generation
`portable devices, since ECC can be efficiently implemented
`in Such Small devices with low cost.
`Also, an internet Service provider includes a content
`provider as well as an information provider via network. A
`personal computer or an LCM is examples as a candidate of
`the first content output unit. A portable device such as MP3
`is an example of a Second content output unit. A portable
`medium is a general recording medium including Smart
`media.
`FIG. 1 is a Schematic view for explaining a System for
`preventing an illegal copy of digital contents according to an
`embodiment of the present invention.
`A certificate authority 110 generates a first table having
`the manufacturer key and the manufacturer key data, and a
`second table having an identifier (ID) of the portable device
`150, a token, T, and the information (ENC(MK, T)) of the
`token encrypted by the manufacturing key. That is, the
`certificate authority 110 generates the manufacturer key,
`MK, and its certificate data, Cert(MK), in accordance
`with a first registration request Signal 121 inputted from a
`manufacturer 120 of portable devices 150, and outputs a
`manufacturer key and a manufacturer key data to the manu
`facturer 120.
`The manufacturer 120 of the portable devices 150 outputs
`the registration request Signal 121 to the certificate authority
`110 and receives the manufacturer key and the manufacturer
`key data generated by certificate authority 110 in accordance
`with the first registration request Signal 121.
`
`15
`
`40
`
`For the removal of Some ambiguities, in this Section, we
`define Some terminologies and list up Some abbreviated
`words for a simple description.
`First, we have to distinguish the two words, “Portability”
`and “Transferability” of a content.
`Portability means that a content in a portable media (PM)
`can be played in any portable device (PD).
`Transferability means that “portability” plus “upload of a
`content is allowed from a portable medium to even an
`LCM', in this case the contents uploadability is to be
`controlled by check-in/out System and its transferability
`Status.
`The digital contents which are used in the present inven
`tion mean all data including audio, Video data, as well as
`character data Such as Song words, movie caption, and the
`like to be provided through internet.
`Herein after we use the following abbreviated words.
`CA Stands for Certificate Authority (e.g., Secure digital
`music initiative (SDMI), or other trust third party).
`LCM stands for Licensed SDMI Compliant Module.
`PD stands for SDMI Compliant Portable Device.
`25
`PDFM stands for Portable Device Functional Module.
`ISP stands for Internet Service Provider (including Con
`tent Provider via the Internet).
`PM stands for Portable Media (SDMI Compliant Storage
`Media).
`Furthermore, here are presented Some notations to be used
`in the following Sections. Even though they are Some
`intricate, we are Sure that they would help the readers clearly
`understand the concrete method we intend. They are relevant
`to the algorithmic functional modules.
`35
`ECC-Elliptic Curve Cryptosystem
`PryKey, PubKey-Private Key and Public Key of A
`(this may be LCM, PD (optional), ISP, CA, . . . ), respec
`tively.
`Certa (PubKeyA)-A Certificate for a Public Key Pub
`Key issued by CA.
`MK. The Manufacturer Key within a PD
`ID-The Indicator of a Manufacturer Key.
`CK.--This is a Secure (Secret) channel key which
`is setup between PD and LCM.
`EC ENC(key, C)-Elliptic Curve based Encryption of a
`content C by utilizing a public key, key.
`EC DEC(key, C)-Elliptic Curve based Decryption of a
`ciphertext (encrypted text) C by utilizing a private key, key.
`EC DH(A,B)-A random secret value (key) shared
`between A and B by Elliptic Curve based Diffie-Hellman
`Key EXchanging Protocol.
`ENC(key, C) Symmetric Key Encryption of a content C
`by utilizing a Secret key, key;
`(DEC(key,C)-Symmetric key decryption of a ciphertext
`C by utilizing a Secret key, key;
`AIF Algorithm Identifying Field
`API-Applied Program Interface
`CCS.-Copy Control Status
`CDF Content Description Field
`CEK-Content Encryption Key
`CertCA (PubKeyA)-Certificate (Data) for PubKeyA
`issued by CA
`CHI-Copyright Holder Information Field
`CTC-Copyright, Transfer, Check-in/Check-out
`ECC-Elliptic Curve based Cryptosystem
`
`45
`
`50
`
`55
`
`60
`
`65
`
`DISH-Blue Spike-246
`Exhibit 1017, Page 0013
`
`

`

`7
`An internet service provider (ISP) 130 including a content
`provider via the internet outputs a request Signal 131 to the
`certificate authority 110, receives a pair of keys and the
`certificate of the key which are generated in the certificate
`authority 110 in response to the registration request Signal
`131 of the ISP, and the second table from the certificate
`authority 110.
`A licensed SDMI (secure digital music initiative) com
`pliant module (LCM) 140 as a first content output unit
`outputs a registration request Signal 141 to the internet
`service provider 130 in order to receive the digital contents,
`receives the public key and the data of the public key
`generated in response to the request Signal 141, bypasses the
`data of the manufacturing key of the portable device 150 to
`the ISP 130, and encodes and outputs the manufacturer key
`detected from the Second table in response to the manufac
`turer key data.
`The portable device 150 as a second content output unit
`Stores the manufacturer key and the manufacturer key data
`transferred from the certificate authority 110, outputs its
`manufacturer key to the internet service provider 130
`through the LCM 140, and receives the manufacturer key
`data of the Second table, which is encrypted, Supplied from
`the LCM in order to judge if the stored manufacturer key is
`authenticated.
`The first table, as shown in FIG. 2, contains the manu
`facturer key data (Cert(MK)), the manufacturer key
`(MK), and an identifier (ID) corresponding to the
`manufacturer key data and the manufacturer key, and is
`stored in only the certificate authority 110. Further, the
`second table is generated from the certificate authority 110
`and outputted to the internet service provider 130, and
`contains the identifier(ID), data (ENC(MK, T)), and a
`token(T) which is encoded by the manufacturing key.
`At this time, the certificate authority 110 forms a first
`channel key(k) which can be shared with the internet service
`provider 130 in accordance with the registration request
`signal 131 inputted from the internet service provider 130,
`and outputs the first authentication qualification key and the
`first authentication qualification key data 111 which are
`encoded into the internet service provider 130 through a
`Secret channel formed by the first channel key(k).
`The first channel key is a key generated from encryption
`of the certificate authority 110 by using the data which the
`internet service provider 130 has.
`Here, we present the minimum Substances (algorithms)
`that are needed for the insurance of the security of LCM and
`PD. It is assumed that the content compressing and decom
`pressing CODECs are built in each device in either S/W-
`form or HAW-form.
`For the LCM, Public Key Cryptosystem (PKC), Symmet
`ric Key Encryption Algorithm, and Secure Check-in/Check
`out System are explained hereinbelow.
`Public Key Cryptosystem (PCK) such as ECC, RSA, . . .
`(ECC is more preferable), is to be used for the secure key
`setup of LCM, the validity check of ISP's Public Key
`Certificate, and the secure channel construction between ISP
`and LCM. Symmetric Key Encryption Algorithm such as
`SNAKE, is to be used for the content encryption, the
`authentication to a PD, and the Secure channel construction
`between LCM and PD. Secure Check-in/Check-out System
`is to be presented in FIGS. 5 and 6 for explaining how to
`construct this System and how to Securely maintain it.
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`US 6,950,941 B1
`
`1O
`
`15
`
`25
`
`8
`For the PD, Public Key Cryptosystem (PKC), Symmetric
`Key Encryption Algorithm, and Manufacturer Key, MK
`are explained hereinbelow.
`Public Key Cryptosystem (PKC) is an optional to PD 150.
`Symmetric Key Encryption Algorithm such as SNAKE, is
`to be used for the content encryption, the authentication to
`the LCM, and the secure channel construction between PD
`and LCM.
`Manufacturer Key, MK, is the pre-set manufacturer key
`in a temper resistant area within the PD. This is to be used
`for the secure registration of a PD to LCM.
`For the PM, there needs an apparatus or a pre-Set special
`information within a PM to protect contents in it from the
`dead-copy to another PM. It is desirable, we think, to use the
`unique ID based approach, that is the method that the
`manufacturers of PM imbed a unique ID of each PM in the
`write-protected area of it while they manufacture it. This can
`be considered as a low cost method to dead-copy protection
`for the first generation PM.
`Regarding the initiation mechanism of the present inven
`tion, there are four registration mechanisms relative to ISPs,
`LCMs, and PDS. The four registration mechanisms include
`the registrations of the portable device manufacturers to the
`certificate authority, of ISP to the certificate authority, of
`LCM to ISP and of the portable device to LCM, and of
`multiple LCMs or multiple PDs. The manufacturers regis
`tration to CA precedes ahead all the others.
`The registration of the portable device manufacturer 120
`to the certificate authority 110 is illustrated in FIG. 2.
`When the manufacturer 120 requests its registration to CA
`110, CA 110 certifies it and then generates a manufacturer
`key, MK, and make its certificate data, Certa(MK), to
`deliver them to the manufacturer 120. At the same time CA
`110 generates a random token, T, to make (or update) the
`Manufacturer Key Information Table (MKIT) for an ISP
`registration. Once after the manufacturer 120 gets the data,
`{MK, Certa (MK), the manufacturer 120 can manu
`facture the portable devices by imbedding those Secret data
`within a temper resistant area of the portable devices.
`Therefore, the portable devices 150 manufactured by the
`manufacturer 120 are authorized by the certificate authority
`110 to store the downloaded, encrypted digital contents.
`FIG. 3 shows how for the ISP 130 to register to CA 110
`and what information to get from CA 110. For an ISP to
`register to CA, firstly it generates its ephemeral private
`public key pair (PrvKey, PubKey} to open a secure
`channel between CA and itself by EC DH(CA, ISP) and
`provide a Safe way to communicate each other without
`allowing an illegal copy of the downloaded information
`through the channel. A pair of keys and key data (PrvKey,
`PubKey, Certa (PubKeys)} are generated and stored in
`the certificate authority 110, and two tables are formed in
`dependence with the manufacture key. The certificate
`authority 110 encrypts and transmits the encrypted key and
`key data to internet service provider 130 through the channel
`in order to co-own the key and key data. Secondly the ISP
`130 gets its Semi-permanent private-public key pair
`{PrvKeyse, Certa (Pubkeys) and the manufacturer key
`information table data through the secure channel. Where
`CA's certification to the ISP should be proceded ahead all
`these procedures. ISP's key pair should be securely stored.
`The LCM’s key pair should be securely stored, where the
`host's various System parameters may be used for this goal.
`Here the LCM registration mechanism to an ISP together
`with PD registration is described. As in FIG. 4, LCM gets the
`ISP's Public Key Information PubKeys, Cert(Pub
`Keys) at first and verifies its validity by using the CA's
`
`DISH-Blue Spike-246
`Exhibit 1017, Page 0014
`
`

`

`US 6,950,941 B1
`
`15
`
`9
`public key Information which was already announced or
`preset within the LCM in a code-imbedded-like method.
`If the validity of the certificate for the ISP's public key is
`certified, the LCM 140 executes the handshaking protocol to
`get an ephemeral shared key by utilizing Elliptic Curve
`based (or other PCK based) Key Exchanging Protocol.
`Through this secure channel, the ISP can deliver in safe the
`LCMS permanent private-public key pair for a Static Secure
`communication and a Secure content transaction between the
`LCM and the ISP. When a request signal 151 is transmitted
`from the portable device 150 to the LCM 140, the portable
`device 150 tosses the certificate data for its ID of the
`manufacturer key to the LCM 140. The LCM 140 sends
`them to its connected ISP 130 in the encrypted form,
`EC ENC(PubKeys. Certa (ID)).
`The internet service provider 130 decrypts the encrypted
`information and compares the decrypted information with
`the information of the second table. If the decrypted infor
`mation is identical to the information of the Second table, the
`internet service provider 130 encrypts the content of the
`table and transmits it to the LCM 140 in a secure manner.
`The LCM 140 decrypts the encrypted information to obtain
`t