1111111111111111 IIIIII IIIII 11111 1111111111 1111111111 111111111111111 111111111111111 11111111
`US 20040255139Al
`
`(19) United States
`
`(12) Patent Application Publication
`Giobbi
`
`(10) Pub. No.: US 2004/0255139 Al
`(43) Pub. Date:
`Dec. 16, 2004
`
`(54) DIGITAL CONTENT SECURITY SYSTEM
`
`Publication Classification
`
`(76)
`
`Inventor: John J. Giobbi, Bend, OR (US)
`
`Correspondence Address:
`Michael J. Blankstein
`2014 Harrison Street
`Evanston, IL 60201 (US)
`
`(21)
`
`Appl. No.:
`
`10/847,135
`
`(22)
`
`Filed:
`
`May 17, 2004
`
`Related U.S. Application Data
`
`(63)
`
`Continuation-in-part of application No. 10/715,035,
`filed on Nov. 17, 2003, which is a continuation-in-part
`of application No. 10/153,979, filed on May 23, 2002,
`which is a continuation-in-part of application No.
`09/750,487, filed on Dec. 27, 2000, and which is a
`continuation-in-part of application No. 10/016,857,
`filed on Dec. 14, 2001.
`
`Int. Cl.7 .............................. G06F 12/14; H04L 9/00
`(51)
`(52) U.S. Cl. ............................. 713/193; 380/231; 705/51
`
`(57)
`
`ABSTRACT
`
`A Personal Digital Key Digital Content Security System
`(PDK-DCSS) is used to protect computers from unautho(cid:173)
`rized use and protect the digital content stored on computers
`from being wrongfully accessed, copied, and/or distributed.
`The basic components of the PDK-DCSS are (1) a standard
`hard drive device, with the addition of a PDK Receiver/
`Decoder Circuit (PDK-RDC) optionally integrated into the
`hard drive's controller, and (2) a PDK-Key associated with
`the PDK-RDC. The PDK-Key and RDC technology is
`utilized to provide two categories of protection: (1) hard
`drive access control for providing Drive-Level and Sector(cid:173)
`Level protection and (2) operating system-level independent
`file protection for providing File-Level and Network-Level
`protection.
`
`USER REQUESTS KEY
`WITH KEY CODE
`FROM KEY PROVIDER
`
`---10
`
`J
`KEY PROVIDER
`ESTABLISHES NEW
`USER ACCOUNT
`
`---12
`
`l
`
`KEY PROVIDER
`SENDS KEY
`TO USER
`
`---14
`
`l
`
`USER REQUESTS TO
`PURCHASE DIGITAL
`CONTENT FROM
`CONTENT PROVIDER
`
`l
`
`CONTENT PROVIDER
`REQUESTS KEY
`PROVIDER TO
`VALIDATE KEY
`
`l
`
`t---16
`
`r--....18
`
`~20
`
`KEY PROVIDER
`VERIFIES KEY
`IF VALID
`!
`CONTENT PROVIDER ,_zz
`PULLS AND ENCRYPTS
`DIGITAL CONTENT
`WITH UNLOCK CODE
`
`r-30
`
`PLAYING DEVICE
`DECRYPTS AND PLAYS
`DIGITAL CONTENT IF
`KEY CODE MATCHES
`UNLOCK CODE
`
`t
`
`PLAYING DEVICE
`READS KEY CODE
`AND UNLOCK CODE
`t
`USER ENTERS
`DIGITAL CONTENT
`INTO PLAYING DEVICE
`f
`CONTENT PROVIDER
`DELIVERS ENCRYPTED
`DIGITAL CONTENT
`TO USER
`
`Page 1 of 25
`
`GOOGLE EXHIBIT 1007
`
`

`

`Patent Application Publication Dec. 16, 2004 Sheet 1 of 13
`
`US 2004/0255139 Al
`
`USER REQUESTS KEY
`WITH KEY CODE
`FROM KEY PROVIDER
`
`KEY PROVIDER
`ESTABLISHES NEW
`USER ACCOUNT
`
`KEY PROVIDER
`SENDS KEY
`TO USER
`
`USER REQUESTS TO
`PURCHASE DIGITAL
`CONTENT FROM
`CONTENT PROV! DER
`
`CONTENT PROV! DER
`REQUESTS KEY
`PROVIDER TO
`VALIDATE KEY
`
`KEY PROVIDER
`VERIFIES KEY
`IF VALID
`
`10
`
`12
`
`14
`
`16
`
`18
`
`20
`
`FIG. 1
`
`PLAYING DEVICE
`DECRYPTS AND PLAYS
`DIGITAL CONTENT IF
`KEY CODE MATCHES
`UNLOCK CODE
`
`PLAYING DEVICE
`READS KEY CODE
`AND UNLOCK CODE
`
`USER ENTERS
`DIGITAL CONTENT
`INTO PLAYING DEVICE
`
`30
`
`28
`
`26
`
`CONTENT PROVIDER
`CONTENT PROVIDER
`DELIVERS ENCRYPTED
`PULLS AND ENCRYPTS
`DIGITAL CONTENT ----~ DIGITAL CONTENT
`WITH UNLOCK CODE
`TO USER
`
`22
`
`24
`
`Page 2 of 25
`
`

`

`Patent Application Publication Dec. 16, 2004 Sheet 2 of 13
`
`US 2004/0255139 Al
`
`100
`
`I
`
`NEW
`USER
`
`102
`I
`KEY
`PROVIDER
`
`STEP 10
`
`STEP 14
`
`FIG. 2
`
`STEP 12
`
`USER
`ACCOUNTS
`-
`-
`-r--104
`- -
`....
`-
`-
`-
`
`....
`
`106
`I
`CONTENT
`PROVIDER
`
`STEP 18
`
`STEP 20
`
`102
`I
`KEY
`PROVIDER
`
`STEP
`22
`-
`-
`-108
`-
`
`- 1
`
`12
`J
`
`-
`-
`-
`-
`
`100
`I
`
`USER
`
`-
`
`STEP 16
`STEP 24
`
`CONTENT
`
`-
`
`CODE! CODE I CODE
`
`FIG. 3
`
`110
`
`CONTENT
`
`STEP 26
`
`CODE CODE CODE
`
`(MP3 PLAYER)
`(
`
`PC
`
`( DVD PLA YE'9
`
`STEP 28
`
`) -vV\P$
`
`110
`
`FIG. 4
`
`STEP 30
`► PLAY
`
`( CD PLAYER)
`
`( CELL PHONE)
`
`114
`
`Page 3 of 25
`
`

`

`Patent Application Publication Dec. 16, 2004 Sheet 3 of 13
`
`US 2004/0255139 Al
`
`It) .
`(!) -LL
`
`CD
`N
`""""
`
`<C w
`I I-
`CZ zo
`
`0
`N
`""""
`
`Page 4 of 25
`
`

`

`Patent Application Publication Dec. 16, 2004 Sheet 4 of 13
`
`US 2004/0255139 Al
`
`I- w
`z en
`:::, c(
`om
`(,J c(
`(,J ~
`c( C
`
`co .
`(!) -LI.
`
`Cl)
`LU
`(.)
`0
`>
`z
`
`- -
`- ~
`[]== - []==
`- -
`® .
`- -
`- -
`- -
`- -
`- -
`- - -
`®
`® ®
`
`- -
`.
`- -
`- -
`- -
`- -
`- - -
`- -
`
`I- w
`z en
`w c(
`t- m
`z c(
`0~
`U C
`
`N
`It)
`
`0
`It)
`
`co
`~ co
`
`®
`□ 3 ...
`
`N
`
`~ -
`
`Page 5 of 25
`
`

`

`Patent Application Publication Dec. 16, 2004 Sheet 5 of 13
`
`US 2004/0255139 Al
`
`I- al
`
`I- w
`z en w<
`z~ o<
`Uc
`
`[] - -- -- -- -•
`
`"d'
`00
`• """"
`
`0 co
`""""
`
`CD
`
`....
`""""
`
`00
`t,..
`""""
`
`w
`en
`o<
`Cl) al
`0~
`< C
`
`N co
`""""
`
`CD co
`""""
`
`.......
`•
`
`(!) -u.
`
`[]- -- -- -- -- -0
`--
`-
`
`N
`N
`""""
`
`N ....
`""""
`
`0 ....
`
`'I'""
`
`Page 6 of 25
`
`

`

`Patent Application Publication Dec. 16, 2004 Sheet 6 of 13
`
`US 2004/0255139 Al
`
`N
`0)
`"'""
`
`N
`0
`N
`
`I- w
`z VJ
`:::, <C
`om
`0~
`0 <C
`<C Q
`
`w
`VJ
`0 <C
`VJ en
`0:: ~
`<C
`C
`
`co .
`0) -
`
`0)
`
`"'""
`
`C)
`LL
`
`[]- -== - -•
`--
`
`-
`
`-
`
`(_)
`
`en w
`0 > z
`
`,_.,L....::....L __ ...J
`
`co
`0)
`
`____ 1 .... ,...-:...-_-- -- -- - - -~ . i
`
`Page 7 of 25
`
`

`

`Patent Application Publication Dec. 16, 2004 Sheet 7 of 13
`
`US 2004/0255139 Al
`
`C'CS en .
`C) -LL
`
`.c en .
`C) -LL
`
`I~
`
`0
`0
`
`D 0
`
`®
`
`®
`
`N
`N
`N
`0
`N
`N
`
`0
`N
`N
`
`N
`N
`N
`
`Page 8 of 25
`
`

`

`Patent Application Publication Dec. 16, 2004 Sheet 8 of 13
`
`US 2004/0255139 Al
`
`• C> -LL
`
`0
`"11:t'
`N
`C"')
`
`"11:t'
`
`.... C"')
`
`V .... C"')
`
`"11:t'
`
`.... C"')
`
`"11:t'
`I
`....
`D C"')
`D
`
`It)
`
`.... C"')
`
`N .... C"')
`
`Page 9 of 25
`
`

`

`Patent Application Publication Dec. 16, 2004 Sheet 9 of 13
`
`US 2004/0255139 Al
`
`N
`M
`M
`
`co
`M
`M
`
`•
`
`C) -LL
`
`0
`M
`M
`
`i
`'t:
`C
`'E
`C'G :c
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\ ' \
`\ ' \
`' \
`
`\
`
`' \
`
`\
`
`Page 10 of 25
`
`

`

`Patent Application Publication Dec. 16, 2004 Sheet 10 of 13
`
`US 2004/0255139 Al
`
`co
`M
`M
`
`•
`
`(!) -LL
`
`0
`M
`M
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\
`
`\
`
`Page 11 of 25
`
`

`

`~ N
`
`'"""'
`>
`\0
`'"""' ~
`Ul
`Ul
`
`0
`0
`N
`'JJ.
`d
`
`'"""' ~
`'"""' 0 ....,
`'"""'
`~
`
`'JJ. =(cid:173)~
`
`,i;;..
`0
`0
`N
`'"""' ~~
`~ ri
`~
`
`(')
`
`~ .... 0 =
`§. -....
`~ .... 0 = ""C
`"Cl -....
`>
`~ = ....
`~
`""C
`
`(')
`
`"Cl
`
`Decrypt data
`
`Write sector
`
`Encrypt data
`
`•-----__ --◄-________________________________ Sector-Level Protection Lo9I~.
`
`Un-Locked
`Set drive to
`
`i L ................ ..
`
`Ignore command
`
`and
`
`Valid
`
`~----~
`
`signal-check
`Perform PDK
`
`Yes:____
`
`,
`
`f-
`------------------------.. ----------------------------------.. --------·
`!
`l
`i
`
`Rr:!'!'.'!i-.!'Y!!lE'!lll.Y.!'!i.s>.!'_l.qei!:
`
`timer
`
`:
`
`1
`______________________________________________ Inactivity Detection l,ogic _
`
`Increment
`
`FIG. 13
`
`command
`Execute
`
`Power up
`
`Page 12 of 25
`
`

`

`Patent Application Publication Dec. 16, 2004 Sheet 12 of 13
`
`US 2004/0255139 Al
`
`N
`M
`M
`
`co
`M
`M
`
`0
`M
`M
`
`U)
`M
`M
`
`•
`
`(!) -LL
`
`Page 13 of 25
`
`

`

`~
`
`'"""
`\0 >
`'"""
`Ul
`Ul
`,i;;.. -
`N
`0
`
`0
`0
`N
`'JJ.
`d
`
`'""" ~
`0 ....,
`'""" ~
`~ ....
`'JJ. =-~
`
`,i;;..
`0
`0
`N
`'"""
`~~
`ri
`~
`~
`
`(')
`
`0 =
`....
`~ ....
`""C = O' -....
`0 =
`....
`~ ....
`"Cl -....
`>
`~ = ....
`~ ....
`""C
`
`(')
`
`"Cl
`
`344
`
`344
`
`344
`
`344
`
`344
`
`FIG. 15
`
`342
`
`Wired
`
`E.K.V
`
`I Key#n
`
`I
`
`F,P,X
`
`Key#n
`
`Server
`
`s
`B,C,H
`
`Key#9
`Key#3
`
`A,H,Z
`A,B,C
`
`Key#2
`Key# 1
`
`340
`
`~ C!lal!:l!lOi! LISS ~ C!i111'1!l1X Lill
`
`Group#O00n
`
`Group #0001
`
`POK Document Controller Software Application (DC)
`
`Page 14 of 25
`
`

`

`US 2004/0255139 Al
`
`Dec. 16, 2004
`
`1
`
`DIGITAL CONTENT SECURITY SYSTEM
`
`REFERENCE TO RELATED APPLICATIONS
`[0001] This application is a continuation-in-part of U.S.
`patent application Ser. No. 10/715,035 filed Nov. 17, 2003,
`which is a continuation-in-part of U.S. patent application
`Ser. No. 10/153,979 filed May 23, 2002, which is a con(cid:173)
`tinuation-in-part of U.S. patent application Ser. No. 09/750,
`487 filed Dec. 27, 2000 and Ser. No. 10/016,857 filed Dec.
`14, 2001, all of which are incorporated herein by reference
`in their entirety.
`
`FIELD OF THE INVENTION
`[0002] The present invention relates generally to digital
`content security systems and, more particularly, to a digital
`content security system and method that provides different
`levels of protection of a computer or other storage device
`and the digital content stored thereon.
`
`BACKGROUND OF THE INVENTION
`[0003] The market for downloading digital content online
`is rapidly climbing because distribution of such content is
`inexpensive, fast, and easy and the quality of the content
`itself is acceptable. The market, however, remains disorga(cid:173)
`nized due to competing standards, competing companies,
`discontented artists and producers, and outright theft of
`digital content.
`
`[0004] Digital rights management (DRM) companies seek
`to solve the foregoing problems by delivering the digital
`content from the real producers to the right customers and
`ensuring that everyone who should be paid in fact is paid.
`DRM seeks to get everyone paid by managing the multiple
`steps for distributing digital content (music, video, software)
`online: watermarking, encryption, transaction management,
`and rights management. Some DRM companies perform all
`these steps, while other DRM companies specialize in one or
`two steps of the process.
`[0005] First, watermarking stamps each piece of digital
`content with a digital mark so it can be tracked wherever it
`goes. Digital watermarks are just like paper watermarks,
`except they cannot be seen or heard. Special software is
`required to read a digital watermark.
`
`[0006] Second, encryption scrambles watermarked digital
`content and stores it inside a digital safe for shipment around
`the Internet. The safe protects the content during shipping by
`allowing only those with the right software key to the safe
`to decrypt and use the content.
`[0007] Third, transaction management handles actual pay(cid:173)
`ments for the digital content using credit card techniques
`found elsewhere in e-commerce. An order is placed, a credit
`card number is taken, account status is checked, and the
`exchange is authorized.
`[0008] Finally, rights management manages the informa(cid:173)
`tion about the digital content itself: what it is, who gets it,
`how it is delivered, how many times it may be used, how
`long the rights last, who gets paid, how much they get paid,
`and how. This information travels with the digital content in
`something called a digital permit. The permits rests on top
`of the digital content as it travels the Internet and allows
`legal users to enjoy the digital content for as long as the
`rights last.
`
`[0009] The primary objective of DRM companies is to
`deploy technologies that protect digital content as it is
`distributed online. Some of these proposed technologies and
`DRM in general are discussed in the article "Digital Rights
`Management May Solve the Napster 'Problem' ,"Technology
`Investor, October 2000, pp. 24-27. Although such technolo(cid:173)
`gies should reduce the amount of digital theft, they generally
`favor the content provider at the expense of the consumer or
`favor the consumer at the expense of the content provider.
`That is, the rights of either the content provider or the
`consumer are compromised. For example, some technolo(cid:173)
`gies severely limit the consumer's ability to make extra
`copies of digital content even when the digital content is
`solely for personal use. Other technologies facilitate the
`making of copies of digital content which can be used by
`different consumers without the content provider being
`compensated by each consumer. The present inventor has
`discovered an improved DRM system and method that
`effectively balances and protects the rights of both the
`consumer and the content provider. In addition, the present
`inventor has discovered an associated digital content secu(cid:173)
`rity system for protecting computers and other storage
`devices from unauthorized use and protecting the digital
`content stored on computers and other storage devices from
`being wrongfully accessed, copied, and/or distributed.
`
`SUMMARY OF THE INVENTION
`
`[0010]
`In accordance with the foregoing, there is disclosed
`a Personal Digital Key Digital Content Security System
`(PDK-DCSS) for protecting computers from unauthorized
`use and protecting the digital content stored on computers
`from being wrongfully accessed, copied, and/or distributed.
`The basic components of the PDK-DCSS are (1) a standard
`hard drive device, with the addition of a PDK Receiver/
`Decoder Circuit (PDK-RDC) optionally integrated into the
`hard drive's controller, and (2) a PDK-Key associated with
`the PDK-RDC. The PDK-Key and RDC technology is
`utilized to provide two categories of protection: (1) hard
`drive access control for providing Drive-Level and Sector(cid:173)
`Level protection and (2) operating system-level independent
`file protection for providing File-Level and Network-Level
`protection. A number of alternative embodiments are also
`disclosed.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`[0011] The foregoing and other advantages of the inven(cid:173)
`tion will become apparent upon reading the following
`detailed description and upon reference to the drawings in
`which:
`[0012] FIG. 1 is a flow chart of a method of managing
`digital rights in accordance with the present invention;
`[0013] FIGS. 2, 3, and 4 are block diagrams of portions of
`a DRM system for implementing the method in FIG. 1;
`[0014] FIG. 5 is a conceptual model of core options for
`acquiring digital content that can be encoded to produce
`key-secured content and core options for playing back the
`key-secured content;
`[0015] FIG. 6 is a block diagram for implementing a core
`acquisition option of downloaded content;
`[0016] FIG. 7 is a block diagram for implementing a core
`acquisition option of store-bought content;
`
`Page 15 of 25
`
`

`

`US 2004/0255139 Al
`
`Dec. 16, 2004
`
`2
`
`[0017] FIG. 8 is a block diagram for implementing a core
`acquisition option of broadcast content;
`
`[0018] FIGS. 9a and 9b are block diagrams for imple(cid:173)
`menting a core playback option of stand-alone devices;
`[0019] FIG. 10 is a block diagram for implementing a core
`playback option of networked devices;
`[0020] FIG. 11 is a block diagram of a standard computer
`hard drive incorporating an integrated PDK-RDC (receiver/
`decoder circuit) for the purpose of enabling multiple meth(cid:173)
`ods of securing digital content;
`
`[0021] FIG. 12 is a block diagram for implementing
`Drive-Level protection and Sector-Level protection in con(cid:173)
`nection with the computer hard drive;
`
`[0022] FIG. 13 is a flow chart of the logic executed by the
`PDK-RDC for implementing Drive-Level protection and
`Sector-Level protection;
`
`[0023] FIG. 14 is a block diagram for implementing
`File-Level protection in connection with the computer hard
`drive; and
`
`[0024] FIG. 15 is a block diagram for implementing
`Network-Level protection by expanding File-Level protec(cid:173)
`tion to a network environment.
`
`[0025] While the invention is susceptible to various modi(cid:173)
`fications and alternative forms, specific embodiments have
`been shown by way of example in the drawings and will be
`described in detail herein. However, it should be understood
`that the invention is not intended to be limited to the
`particular forms disclosed. Rather, the invention is to cover
`all modifications, equivalents, and alternatives falling within
`the spirit and scope of the invention as defined by the
`appended claims.
`
`DESCRIPTION OF SPECIFIC EMBODIMENTS
`
`[0026] Turning now to the drawings and referring initially
`to FIG. 1, there is depicted a method of managing digital
`rights in accordance with the present invention. First, a new
`user requests a physical electronic key or data unit from a
`key provider (step 10). The key provider may offer a web
`site on the Internet, a toll free telephone number, and/or
`retail outlet where the key may be acquired. In addition, the
`key provider may allow a key to be requested in writing,
`preferably using a form designed by the key provider. In one
`model the user may acquire as many keys as desired, while
`in another model each user is only entitled to a single key.
`
`[0027] Second, in response to the user's request for a
`physical key, the key provider establishes a new secure
`account for that new user in a secure user account database
`(step 12). The new account may include the following data
`fields: account number, password, software encryption key,
`user label, number of users (linked to account), address,
`telephone number, e-mail address, and custom fields. The
`custom fields may, for example, include demographic infor(cid:173)
`mation such as the user's age, gender, marital status, income
`level, interests, hobbies, etc. The physical key may include
`the following data fields: user label, account number, soft(cid:173)
`ware decryption key, and a custom storage area. The user
`label and the account number serve as a first activation code
`( or key code) for the acquired physical key. All data fields
`on the physical key, except for the user label, are preferably
`
`encrypted. To allow the user to view his or her account in the
`future, the user is preferably assigned a login name and the
`above-noted password.
`[0028] Third, the key provider ships the physical elec(cid:173)
`tronic key to the new user via a package courier such as the
`U.S. Postal Service, United Parcel Service, or Federal
`Express (step 14). In one pricing model the physical key is
`sent to the user at no charge, while in another pricing model
`the physical key must be purchased by the user. If the
`physical key must be purchased by the user, either the user
`must provide credit/debit card information to the key pro(cid:173)
`vider in step 10 to pay with a credit/debit card, or the key
`provider includes an invoice with the shipped key in step 14.
`
`[0029] FIG. 2 is a block diagram of a system for imple(cid:173)
`menting steps 10, 12, and 14 of the method of managing
`digital rights. The system includes the new user 100, the key
`provider's web site 102, and the user account database 104.
`
`[0030] Referring back to FIG. 1, fourth, the user transmits
`his or her activation code in the physical key to a digital
`content provider, who may have a cooperative relationship
`with the key provider, and requests to purchase digital
`content (music, video, or software) from that content pro(cid:173)
`vider (step 16). The content provider may offer a web site on
`the Internet containing a listing of digital content available
`for purchase. To transmit the activation code to the content
`provider via the web site, the user may manually enter the
`activation code onto a secure page of the web site. Alterna(cid:173)
`tively, the transmission of the activation code may be
`automatically implemented with wireless technology. Spe(cid:173)
`cifically, the user's computer may be outfitted with a detec(cid:173)
`tor that detects the activation code in the user's physical key
`and then relays the activation code to the content provider
`via the web site. The content provider may be affiliated with
`the key provider or may be separate from the key provider
`but have an arrangement therewith.
`
`[0031] Fifth, the content provider requests the key pro(cid:173)
`vider to verify the activation code transmitted by the user
`(step 18). The content provider may send this request to the
`key provider's web site. Sixth, the key provider in turn
`accesses the user's account in the user account database and
`determines whether the activation code is in fact valid (step
`20). The key provider may also determine whether the
`activation code is associated with the user that transmitted
`the activation code to the content provider. If the activation
`code is rejected as being invalid, the content provider is so
`informed and the content provider in turn will not honor any
`request by the user to purchase digital content. If, however,
`the activation code is accepted as being valid, the content
`provider is so informed and the purchase transaction pro(cid:173)
`ceeds. As used herein, the term "key provider" generically
`refers to the entity or entities that manufacture, distribute,
`and validate the physical keys. These functions may actually
`be performed by multiple entities at different locations or by
`a single entity at a single location.
`
`[0032] Seventh, after securing validation of the first acti(cid:173)
`vation code in the physical key, the content provider pulls
`the requested digital content from a digital content database/
`library, marks the digital content with a second activation
`code ( or unlock code) associated with the first activation
`code in the physical key, and encrypts the marked digital
`content (step 22). The second activation code in the digital
`content may simply be the same as the first activation code
`
`Page 16 of 25
`
`

`

`US 2004/0255139 Al
`
`Dec. 16, 2004
`
`3
`
`in the physical key, but at least partially encrypted for
`security. In one embodiment, the "key-secured" content file
`includes the following data fields: user label, account num(cid:173)
`ber, and digital content. The user label and the account
`number serve as the second activation code for the digital
`content. If the content is merely for sampling (described in
`connection with FIG. 6), the file may include such addi(cid:173)
`tional data fields as a receiver/decoder circuit identification
`number, hour stamp, and life hours. All data fields on the
`content file, except for the user label, are preferably
`encrypted.
`
`[0033] Eighth, the content provider delivers the encrypted
`digital content to the user (step 24). The encrypted digital
`content may be delivered by downloading the encrypted
`digital content to the user's computer while the user is online
`at the content provider's web site, by attaching the digital
`content to an e-mail addressed to the user, or by shipping a
`disk containing the encrypted digital content to the user via
`a package courier. The user may pay for the digital content
`either by providing credit/debit card information to the
`content provider in step 16 or by paying off of an invoice
`included with delivered digital content. If the digital content
`is delivered online, the user is preferably required to provide
`the credit/debit card information and have such information
`approved as a prerequisite to delivery of the digital content.
`If the user possesses more than one physical electronic key
`and would like the acquired digital content to function with
`each of the user's keys, all of the activation codes are applied
`to the digital content. The content provider charges the user
`based on the number of keys with which the user would like
`the digital content to function. For example, the user may be
`charged the same amount for each activation code, or may
`be charged a larger amount for one activation code and lesser
`amounts (e.g., surcharges) for additional activation codes.
`
`[0034] FIG. 3 is a block diagram of a system for imple(cid:173)
`menting steps 16, 18, 20, 22, and 24 of the method of
`managing digital rights. The system includes the new user
`100, the content provider 106, the key provider's web site
`102, the digital content database 108, and the acquired
`digital content 110.
`
`[0035] Returning to FIG. 1, ninth, the user enters the
`encrypted digital content into a playing device of a type
`suitable for playing the digital content (step 26). The device
`may, for example, be an MP3 player, a personal computer,
`a DVD player, a CD player, a cellular phone, or other
`portable device. In one embodiment, the device contains a
`wireless transceiver adapted to receive a radio frequency
`signal transmitted by a corresponding wireless transceiver in
`the user's physical electronic key. The wireless transceiver
`in the device is optionally tracked and "secured" for audit
`purposes by permanently including a unique identifier
`assigned by the device manufacturer in the transceiver.
`
`[0036] Tenth, with the user's physical electronic key
`within a short range (e.g., few meters) of the playing device,
`the playing device reads (1) the first activation code carried
`in a secure radio frequency signal transmitted by the trans(cid:173)
`ceiver in the physical key to the transceiver in the device and
`(2) the second activation code marked on the encrypted
`digital content (step 28). The device contains decryption
`software or hardware for decrypting the encrypted digital
`content to the extent necessary to read any encrypted portion
`of the second activation code.
`
`[0037] Eleventh, the playing device compares the first
`activation code and the second activation code and deter(cid:173)
`mines whether the first activation code is associated with the
`second activation code (step 30). Steps 29 and 30 may be
`performed, for example, when the user presses a "play"
`button on the playing device or when the user first enters the
`encrypted digital content into the playing device. If the first
`activation code is associated with the second activation
`code, the device decrypts and plays the digital content. If the
`first activation code is not associated with the second
`activation code, the device does not play the digital content.
`If the second activation code is simply the same as the first
`activation code, then the foregoing comparison determines
`whether there is a match between the first activation code
`and the second activation code. In a preferred embodiment,
`the device continues to play the digital content only while
`the physical key is sufficiently close to the device to com(cid:173)
`municate the first activation code to the device and allow the
`device to compare the first activation code to the second
`activation code at least partially encrypted with the digital
`content even while the digital content is being played. If the
`physical key is moved out of range, the device is no longer
`enabled to decrypt and play the digital content. In an
`alternative embodiment, once the device is initially enabled
`to decrypt and play the digital content, the device remains
`enabled until either the "play" function is stopped, a play
`track/song ends, or the digital content is removed from the
`device, even if the physical key is moved out of range such
`that the key can no longer communicate the first activation
`code to the device.
`
`[0038] FIG. 4 is a block diagram of a system for imple(cid:173)
`menting steps 26, 28, and 30 of the method of managing
`digital rights. The system includes the encrypted digital
`content 110, the key-enabled playing devices 112, and the
`user's physical electronic key 114.
`
`[0039] As stated above, the user's physical electronic key
`and the key-enabled playing device contain respective wire(cid:173)
`less transceivers to communicate the activation code in the
`key to the device. In a preferred embodiment, the transceiv(cid:173)
`ers are small, inexpensive Bluetooth radio chips that operate
`in the unlicensed ISM band at 2.4 GHz and avoid interfer(cid:173)
`ence from other signals by hopping to a new frequency after
`transmitting or receiving a packet. The radio chips are
`plugged into electronic devices, which can then communi(cid:173)
`cate over short distances and through obstacles by means of
`radio waves. Bluetooth is a term used to describe the
`protocol of a short range (e.g., about 10 meters) frequency(cid:173)
`hopping radio link between devices containing the radio
`chips. These devices are then termed "Bluetooth-enabled."
`The secure radio link replaces a cable that would otherwise
`be used to connect the devices. Further details concerning
`Bluetooth wireless technology may be obtained from www(cid:173)
`.bluetooth.com.
`
`[0040] Wireless technologies other than Bluetooth may be
`used to communicate the activation code from the user's
`physical electronic key to the playing device. One example
`of an alternative wireless technology is known by a trade
`term "Wi-Fi," which is short for wireless fidelity and is
`another name for IEEE 802.llb. Products certified as Wi-Fi
`by the Wireless Ethernet Compatibility Alliance (WECA)
`are interoperable with each other even if they are from
`different manufacturers. A user with a Wi-Fi product can use
`
`Page 17 of 25
`
`

`

`US 2004/0255139 Al
`
`Dec. 16, 2004
`
`4
`
`any brand of access point with any other brand of client
`hardware that is built to the Wi-Fi standard.
`[0041]
`In other alternative embodiments, the communica(cid:173)
`tion between the user's physical electronic key and the
`playing device is not wireless. Rather, in one alternative
`embodiment, the user's physical electronic key communi(cid:173)
`cates the activation code to the playing device via a trans(cid:173)
`mission line such as a serial cable that plugs into the key at
`one end and the playing device at the other end. In another
`alternative embodiment, the key is a smart card or magnetic
`card into which the activation code is encoded, and the key
`is configured to physically fit into a card reader slot on the
`playing device.
`[0042] The above-described DRM method and system for
`implementing the method are advantageous in that they
`afford the key holder with tremendous versatility in copying
`and using encrypted digital content for personal use. At the
`same time, the rights of the content provider are protected
`because only the key holder with a key-enabled device can
`use the encrypted digital content. The key holder can copy
`the encrypted digital content as many times as desired, but
`can only play the encrypted digital content on a key-enabled
`device that is enabled with the physical electronic key coded
`to decrypt the encrypted digital content. Thus, the digital
`content, even when copied, remains personal to the key
`holder. Individuals other than the key holder cannot use the
`encrypted digital content, even if they copy it, because both
`the original and copies of the encrypted digital content are
`still encrypted and the individuals do not hold the physical
`electronic key coded to decrypt the digital content.
`[0043] A core element of the present invention is the
`concept of a portable, physical electronic key that is personal
`to a particular user. The physical key represents a DRM
`solution that fully addresses the needs of both consumers
`and publishers of digital content. The physical key is per(cid:173)
`manently associated with a user's digital content library. At
`the time of content acquisition, the physical key becomes
`permanently associated with the newly acquired content.
`The user is now "linked" to that acquired content. A user
`(e.g., individual or family) may own as many physical keys
`as desired, but every piece of encrypted digital content
`purchased is tied to one specific key. The user may duplicate
`or transfer the acquired content to any media or device for
`playback as many times as desired, as long as the associated
`physical key is present. Thus, the present invention guaran(cid:173)
`tees that the acquired content is played only by the user who
`has legitimately paid for it. The present invention gives
`consumers unprecedented freedoms and conveniences to use
`legitimately purchased content while still fully protecting
`content providers' rights.
`[0044] Referring to FIG. 5, the present invention fully
`supports the use of "key-secured" digital content 125 with
`all core content acquisition options and all core playback
`options. The key-secured digital content 125 is encoded with
`a second activation code associated with a first activation
`code stored on the user's physical electronic key. The core
`acquisition options include downloaded content 120, store(cid:173)
`bought content 122, and broadcast content 124. The core
`playback options include stand-alone devices 126 and net(cid:173)
`worked devices 128. Each of these options are described in
`further detail below.
`[0045] Referring to FIG. 6 generally, as already noted in
`FIGS. 1 through 4, a primary application of the present
`
`invention is its use in the downloading of digital content
`from the Internet. A consumer shops a content distributor's
`website and selects a piece of content they wish to purchase
`(music, movies, software, E-books, etc.). The consumer then
`provides the web site with standard on-line purchase infor(cid:173)
`mation including the selection's title and method