`Case 3:20-cv-03845 Document 1-2 Filed 06/11/20 Page 1 of 10
`
`EXHIBIT 2
`
`EXHIBIT 2
`
`
`
`
`
`
`
`
`
`Case 3:20-cv-03845 Document 1-2 Filed 06/11/20 Page 2 of 10
`I 1111111111111111 11111 1111111111 11111 11111 1111111111 11111 111111111111111111
`
`US007899187B2
`
`c12) United States Patent
`Messerges et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 7,899,187 B2
`Mar.1, 2011
`
`(54) DOMAIN-BASED DIGITAL-RIGHTS
`MANAGEMENT SYSTEM WITH EASY AND
`SECURE DEVICE ENROLLMENT
`
`(75)
`
`Inventors: Thomas Messerges, Schaumburg, IL
`(US); Ezzat A. Dabbish, Cary, IL (US);
`Larry Puhl, Dundee, IL (US); Dean
`Vogler, Algonquin, IL (US)
`
`(73) Assignee: Motorola Mobility, Inc., Libertyville, IL
`(US)
`
`( *) Notice:
`
`Subject to any disclaimer, the term ofthis
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 683 days.
`
`(21) Appl. No.: 10/306,494
`
`(22) Filed:
`
`Nov. 27, 2002
`
`(65)
`
`Prior Publication Data
`
`US 2004/0103312Al
`
`May 27, 2004
`
`(51)
`
`Int. Cl.
`H04L 9/00
`(2006.01)
`(52) U.S. Cl. ...................................................... 380/279
`(58) Field of Classification Search ......... 380/277-279,
`380/270, 281,282,283; 713/156, 155, 164,
`713/167, 171,172
`See application file for complete search history.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`9/2002
`6,452,925 Bl
`6,463,534 Bl * 10/2002
`6,694,025 Bl*
`2/2004
`6,912,657 B2 *
`6/2005
`6,980,660 Bl * 12/2005
`7,068,789 B2 *
`6/2006
`2002/0065778 Al *
`5/2002
`2002/0144116 Al* 10/2002
`2002/0157002 Al * 10/2002
`2003/0076955 Al*
`4/2003
`2003/0120920 Al*
`6/2003
`
`Sistanizadeh et al.
`Geiger et al.
`............... 713/168
`Epstein et al.
`.............. 380/279
`Gehrmann .................. 713/171
`Hind et al. .................. 380/282
`Huitema et al. ............. 380/277
`Bouet et al. ................... 705/57
`Giobbi ....................... 713/168
`Mes serges et al.
`.......... 713/155
`Alve et al.
`.................. 380/201
`Svensson .................... 713/168
`
`2003/0174838 Al *
`9/2003
`2003/0196089 Al* 10/2003
`2004/0003251 Al*
`1/2004
`2004/0006708 Al *
`1/2004
`2004/0054923 Al*
`3/2004
`2004/0062400 Al *
`4/2004
`2004/0096063 Al*
`5/2004
`2004/0103312 Al *
`5/2004
`
`Bremer ....................... 380/270
`Alve et al.
`.................. 713/172
`Narin et al. ................. 713/172
`Mukherjee et al ........... 713/201
`Seago et al.
`................ 713/201
`Sovio et al. ................. 380/286
`Carroni et al.
`.............. 380/279
`Messerges et al.
`.......... 713/201
`
`FOREIGN PATENT DOCUMENTS
`
`RU
`WO
`WO
`
`2183561 C2
`9833656 Al
`0115397 Al
`
`1/1998
`1/1998
`3/2001
`
`OTHER PUBLICATIONS
`
`Rene Struik, IEEE P802 .15 Wireless Personal Area Networks, Secu(cid:173)
`rity for the 802.15.3 Wireless PersonalAreaNetwork(Draft!), Dec. 3,
`2001. *
`
`(Continued)
`
`Primary Examiner-Beemnet W Dada
`
`(57)
`
`ABSTRACT
`
`New devices (101) are added to an existing domain by obtain(cid:173)
`ing domain information (e.g., domain name and private
`domain password) from devices (101) already in the domain
`that preferably are in close proximity. Once the domain infor(cid:173)
`mation has been transferred from the device already in the
`domain to the device being added to the domain, the device
`being added to the domain contacts a key issuer (105) to
`complete its registration into the domain. The key issuer
`returns a DRM domain private key (206) as well as a DRM
`certificate (202). Both are utilized by the device to obtain and
`render digital content (204) .
`
`17 Claims, 2 Drawing Sheets
`
`USER
`EQUIPMENT
`
`101
`
`KEY
`ISSUER
`
`RIGHTS
`ISSUER
`
`103
`
`
`
`Case 3:20-cv-03845 Document 1-2 Filed 06/11/20 Page 3 of 10
`
`US 7,899,187 B2
`Page 2
`
`OTHER PUBLICATIONS
`
`Venkatraman et al., A Novel Authentication Scheme for Ad hoc
`Networks, Wireless Communication and Networking Conference,
`2000. WCNC. 2000 IE, vol. 3, Sep. 23-28, 2000, pp. 1268-1273.*
`Gehrmann et al., Enhancements to Bluetooth Baseband Security.*
`Gehrmann et al., The Personal CA-PKI for a Personal Area Net(cid:173)
`work.*
`Rene Struik, IEEE P802.15 Wireless Personal Area Networks, Dec.
`2001.*
`"Secure Digital Music Initiative" SDMI Portable Device Specifica(cid:173)
`tion, Part 1, version 1.0; PDWG Los Angeles, Jul. 8, 1999.
`
`"IBM Response to DVB-CPT Call for Proposals for Content Protec(cid:173)
`tions & Copy Management: XCP Cluster Protocol", [Online] Oct.
`19, 2001: Retrieved from the Internet: Url:http://www.almaden.IBM.
`corn/Software/DS/contenentassurance/Papers/XCP _DVB.P>
`[retrieved on Oct. 19, 2001].
`Heuvel Van Den SAFA et al.: "Secure Content Management in
`Authorised Domains", International Broadcasting Convention, XX,
`XX, Sep. 15, 2002, pp. 467-474.
`European Patent Office, "Supplementary European Search Report",
`Application No. EP03786705, Oct. 28, 2010, 4 pages.
`
`* cited by examiner
`
`
`
`Case 3:20-cv-03845 Document 1-2 Filed 06/11/20 Page 4 of 10
`
`U.S. Patent
`
`Mar.1, 2011
`
`Sheet 1 of 2
`
`US 7,899,187 B2
`
`USER
`EQUIPMENT
`
`/-108
`
`USER
`EQUIPMENT
`
`101
`
`KEY
`ISSUER
`
`105
`
`RIGHTS
`ISSUER
`
`FIG. 1
`
`103
`
`.___,,fOf
`
`::-
`
`TO/FROM
`NETWORK
`
`-
`
`TO/FROM
`SECOND
`DEVICE
`
`DRM
`CERTIFICATE
`202
`-
`APPLICATION
`203
`DIGIT AL
`CONTENT
`204
`RIGHTS
`OBJECT
`205
`
`ORM
`PRIVATE KEY
`206
`UNIT
`CERTIFICATE
`207
`UNIT
`PRIVATE KEY
`208
`DOMAIN
`INFORMATION
`209
`
`LOGIC
`.__. CIRCUITRY
`210
`-
`
`SHORT-RANGE
`COMMUNICATION
`
`'--213
`
`-...,,211
`
`FIG. 2
`
`
`
`Case 3:20-cv-03845 Document 1-2 Filed 06/11/20 Page 5 of 10
`
`U.S. Patent
`
`Mar.1, 2011
`
`Sheet 2 of 2
`
`US 7,899,187 B2
`
`301
`/ '
`
`.305
`/ '
`
`JOl
`/ '
`
`USER DECIDES TO ENROLL A SECOND DEVICE INTO AN EXISTING DRM DOMAIN
`J03
`+
`/ '
`USER INITIATES THE TRANSFER OF DOMAIN INFORMATION FROM A FIRST DEVICE,
`WHICH IS ALREADY IN THE DOMAIN, TO THE SECOND DEVICE
`t
`THE FIRST AND SECOND DEVICES ESTABLISH A SECURE AUTHENTICATED CHANNEL
`OVER A SHORT-RANGE LINK
`+
`THE FIRST DEVICE USES THE SHORT-RANGE LINK TO COMMUNICATE ITS DOMAIN
`INFORMATION TO THE SECIND DEVICE
`+
`.309
`/ '
`THE SECOND DEVICE ANO THE KEY ISSUER ESTABLISH A SECURE AUTHENTICATED
`CHANNEL OVER THE NETWORK
`t
`THE SECOND DEVICE USES THE SECURE NETWORK CHANNEL TO COMMUNICATE ITS
`INFORMA TION{OBTAINED FROM THE FIRST DEVICE)
`UNIT CERTIFICATE ANO DOMAIN
`TO THE KEY ISSUER
`+
`THE KEY ISSUER USES THE RECEIVED DOMAIN INFORMATION TO REGISTER THE
`SECOND DEVICE INTO THE SAME DOMAIN AS THE FIRST DEVICE
`+
`315
`/ '
`THE KEY ISSUER COMPLETES THE REGISTRATION OF THE SECOND DEVICE INTO
`THE EXSISTING DOMAIN BY USING THE SECURE NETWORK CHANNEL TO COMMUNICATE
`A ORM PRIVATE KEY AND DRM CERTIFICATE TO THE SECOND DEVICE
`FIG. 3
`
`311
`/'"ยท
`
`313
`/ '
`
`DETERMINE THAT DOMAIN INFORMATION IS BEING TRANSFERRED TO DEVICE
`403
`
`DETERMINE TRANSMISSION MEANS
`
`DO NOT ACCEPT
`DOMAIN INFORMATION
`
`409
`
`ACCEPT
`DOMAIN INFORMATION
`
`FIG. 4
`
`
`
`Case 3:20-cv-03845 Document 1-2 Filed 06/11/20 Page 6 of 10
`
`US 7,899,187 B2
`
`1
`DOMAIN-BASED DIGITAL-RIGHTS
`MANAGEMENT SYSTEM WITH EASY AND
`SECURE DEVICE ENROLLMENT
`
`FIELD OF THE INVENTION
`
`The present invention relates generally to digital-rights
`management and in particular, to a method and apparatus for
`performing domain-based digital-rights management with
`easy and secure device enrollment.
`
`BACKGROUND OF THE INVENTION
`
`2
`ment with easy and secure device enrollment is provided
`herein. In accordance with the preferred embodiment of the
`present invention new devices are added to an existing
`domain by obtaining domain information ( e.g., domain name
`5 and private domain password) from devices already in the
`domain that preferably are in close proximity. Once the
`domain information has been transferred from the device
`already in the domain to the device being added to the
`domain, the device being added to the domain contacts a key
`10 issuer to complete its registration into the domain. The key
`issuer returns the DRM domain private key as well as a DRM
`certificate. Both are utilized by the device to obtain and render
`digital content.
`Both the use of a key issuer and the forced-short-range
`communication greatly improve ease of use, as well as secu(cid:173)
`rity. Once domain information has already been established
`(such as domain name, password, etc.) for an initial device, it
`is cumbersome for users to remember and reenter the same
`information when they want to add new devices to their DRM
`20 domain. It is especially difficult to enroll devices after a long
`period of time has elapsed since the initial device was added
`to the domain or to enroll devices that may have limited user
`interfaces, such as a cellular phone, car radio, or set-top box.
`It is much easier for a user if this DRM information can be
`obtained directly from a device that is already in the domain.
`However, merely allowing a new device to obtain domain
`information from an existing device is not sufficiently secure
`for enrolling the new device into the domain. Security is
`greatly enhanced if the new device then needs to send this
`DRM information to a trusted server (i.e., a key issuer) to
`complete its enrollment into the domain. With this approach,
`the key issuer can actively enforce domain enrollment and
`help improve security. A further security improvement over
`this approach is to force the DRM information to be trans(cid:173)
`ferred over a short-range-communication chamiel, rather than
`make it optional. Forcing short-range transfer ofDRM infor(cid:173)
`mation helps ensure that devices in the same domain were at
`one time physically near each other, which is one way to help
`enforce a security policy that devices cannot be added to a
`domain over large distances (e.g., using stolen DRM infor(cid:173)
`mation propagated over the Internet).
`Prior to describing the D RM system in accordance with the
`preferred embodiment of the present invention the following
`definitions are provided to set the necessary background.
`Public-Key Cryptography-Cryptographic technique that
`uses a pair of keys, a public and a private key. The private
`key is used for either decrypting data or generating digi(cid:173)
`tal signatures and the public key is used for either
`encrypting data or verifying digital signatures.
`Certificate-A digital certificate is block of data issued by
`a trusted certification authority. It contains expiration
`dates and a copy of the certificate holder's public key
`and identification data (e.g., address or serial number).
`The certificate-issuing authority signs the digital certifi(cid:173)
`cate so that a recipient can verify that the certificate is
`valid and thereby authenticate the certificate holder.
`Some digital certificates conform to a standard, X.509.
`Digital signature-A digital signature (not to be confused
`with a digital certificate) is an electronic signature that
`can be used to authenticate the identity of the sender of
`a message or the signer of a document, and possibly to
`ensure that the original content of the message or docu(cid:173)
`ment that has been sent is unchanged.
`Digitally-signed object-a digital object comprised of data
`that is digitally signed. The digital signature is attached
`to the object.
`
`The ease at which valuable digital content ( e.g., music,
`games, video, pictures, and books) can be copied and shared 15
`is worrisome to content owners. It is critical that content
`owners are fairly reimbursed. Because of this, it is a require(cid:173)
`ment that content distributors implement secure measures
`that help prevent piracy. Digital-Rights Management (DRM)
`is a popular phrase used to describe such protection of rights
`and the management of rules related to accessing and pro(cid:173)
`cessing digital items. Content owners hope to protect their
`valuable digital content using a DRM system that is imple(cid:173)
`mented by secure, tamper-resistant electronic devices.
`One method of DRM protection allows content sharing 25
`among a domain of devices. Such a domain of devices, may
`for example share the same payment method/account infor(cid:173)
`mation (e.g., share the same credit card number, account
`number, ... , etc.), as well as sharing access to digital works.
`For example, a user may pay to access a certain digital work 30
`( e.g., a movie) a single time. Since all devices that are part of
`a domain share account information, any device may access
`the digital work. However, after any device accesses the work,
`all other devices will be prevented from accessing the work.
`Similarly, a user may choose to pay each time a digital work 35
`is accessed. Accessing the digital work by any device within
`the domain will cause the user's account to be charged
`accordingly.
`While such a DRM system enables a user-friendly method
`for content sharing, such a system presents two problems. The 40
`first problem is that a user faces the potentially cumbersome
`task of registering all of his devices into a domain. The second
`problem is that the security of content in a domain is poten(cid:173)
`tially threatened if users can remotely register devices into a
`domain over a long distance. Therefore a need exists for 45
`domain-based digital-rights management with easy and
`secure device enrollment that increases the security of con(cid:173)
`tent.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`50
`
`FIG. 1 is a block diagram of a digital-rights management
`system in accordance with the preferred embodiment of the
`present invention.
`FIG. 2 is a block diagram of the user equipment of FIG. 1
`in accordance with the preferred embodiment of the present 55
`invention.
`FIG. 3 is a flow chart showing operation of the digital(cid:173)
`rights management system of FIG. 1 in accordance with the
`preferred embodiment of the present invention.
`FIG. 4 is a flow chart showing operation of the user equip- 60
`ment of FIG. 2 in accordance with the preferred embodiment
`of the present invention.
`
`DETAILED DESCRIPTION OF THE DRAWINGS
`
`To address the above-mentioned need, a method and appa(cid:173)
`ratus for performing domain-based digital-rights manage-
`
`65
`
`
`
`Case 3:20-cv-03845 Document 1-2 Filed 06/11/20 Page 7 of 10
`
`US 7,899,187 B2
`
`3
`Authentication-The process of determining whether
`someone or something is, in fact, who or what it is
`declared to be. Authentication of a device or user can
`entail the use of a digital certificate and a challenge
`response protocol that involves the use of public-key 5
`cryptography. Authentication of a certificate entails veri(cid:173)
`fication of the digital signature of the certificate.
`Turning now to the drawings, wherein like numerals des(cid:173)
`ignate like components, FIG. 1 is a block diagram of DRM
`system 100 in accordance with the preferred embodiment of
`the present invention. As shown, DRM system 100 comprises
`user equipment 101, key issuer 105, rights issuer 103, and
`network 107. User equipment 101 comprises those devices
`such as computers, cellular telephones, personal digital assis(cid:173)
`tants, ... , etc. that are capable of running an application that 15
`renders digital content. For example, user equipment 101 may
`be a personal computer equipped with an application to
`"play" an MPEG Audio Layer 3 (MP3) file, with an applica(cid:173)
`tion such as a standard MP3 player. Similarly, user equipment
`101 may comprise a cellular telephone equipped to play an 20
`MPEG Video Layer 4 file with a standard MPEG video codec.
`Other possible embodiments for user equipment 101 include,
`but are not limited to, set-top boxes, car radios, networked
`MP3 players, Personal Digital Assistants, ... , etc. Other
`possible embodiments for digital content include, but are not 25
`limited to music, games, video, pictures, books, maps, soft-
`ware, ... , etc.
`Regardless of the form that user equipment 101 takes, user
`equipment 101 is configured so that short-range communica(cid:173)
`tion between various user devices 101 can take place. In the
`preferred embodiment of the present invention short-range
`communication can utilize any physical connection ( e.g., a
`cable, docking connector, etc.) or a number of over-the-air
`communication system protocols such as, but not limited to
`Bluetooth, 802.11, 802.15, infrared, ... , etc. As shown in
`FIG. 1, short-range communication takes place over short(cid:173)
`range communication link 108.
`Key issuer 105 comprises an application that establishes
`authenticated communications with user equipment 101 and
`then provides user equipment 101 with a DRM certificate and
`a DRM private key. The authenticated communications
`between key issuer 105 and user equipment 101 comprise a
`challenge-response protocol whereby a unit certificate and
`domain information are exchanged. The manufacturer of
`equipment 101 installs the unit certificate into equipment 101. 45
`This certificate identifies user equipment 101 as a trusted
`DRM-enabled device. The domain information includes
`information such as the domain name, private domain pass(cid:173)
`word, and desired domain action (e.g., creates a new domain,
`register into an existing domain, leave a domain, etc).
`The DRM certificate, which is obtained via the authenti(cid:173)
`cated communications with key issuer 105, is utilized by user
`equipment 101 when obtaining rights objects (i.e., licenses to
`digital content) from rights issuer 103. Rights issuer 103
`utilizes the DRM certificate to authenticate equipment 101
`and pass rights objects (licenses) associated with digital con(cid:173)
`tent to user equipment 101. Particularly, the DRM certificate
`comprises a DRM public key (the corresponding DRM pri(cid:173)
`vate key is securely stored in user equipment 101), identifi(cid:173)
`cation information ( e.g., the unique serial number or model
`number belonging to the user equipment 101), and a digital
`signature generated by key issuer 105.
`In accordance with the preferred embodiment of the
`present invention all long-range communication between
`devices takes place over network 107. Network 107 may take
`various forms such as but not limited to a cellular network, a
`local-area network, a wide-area network, ... , etc. For
`
`4
`example, user equipment 101 may comprise a standard cel(cid:173)
`lular telephone, with network 107 comprising a cellular net(cid:173)
`work such as a code-division, multiple-access communica-
`tion system.
`Regardless of the form of user equipment 101, key issuer
`105, short-range communication link 108, network 107, and
`rights issuer 103, it is contemplated that these elements within
`DRM system 100 are configured in well known manners with
`processors, memories, instruction sets, and the like, which
`10 operate in any suitable manner to perform the function set
`forth herein.
`As discussed above, it is necessary that content distributors
`implement secure measures that help prevent piracy. There(cid:173)
`fore, in the preferred embodiment of the present invention
`when a user purchases equipment 101 the user must first
`register equipment 101 with key issuer 105. After executing a
`secure authentication protocol, key issuer 105 will grant
`equipment 101 a DRM certificate and a DRM private key,
`allowing equipment 101 to obtain rights to digital content
`from rights issuer 103. In order to obtain the DRM certificate
`and the DRM private key, user equipment 101 and key issuer
`105 must first execute a secure authentication protocol utiliz(cid:173)
`ing a unit certificate and unit private key that was installed on
`the equipment by the manufacturer. Domain information,
`such as the domain name, private domain password and
`desired domain action ( e.g., create a new domain, register into
`an existing domain, leave a domain, etc), is also exchanged
`during the protocol.
`Key issuer 105 authenticates the unit certificate (belonging
`30 to equipment 101) and then checks the domain information. If
`the domain information indicates that equipment 101 is being
`added to a new domain, key issuer 105 creates a new DRM
`public/private key pair. If equipment 101 is being added to an
`existing domain, key issuer 105 looks up that domain's DRM
`35 public/private key pair in a database. Key issuer 105 then
`creates a DRM certificate that contains all necessary infor(cid:173)
`mation ( e.g., the DRM public key, serial number, model num(cid:173)
`ber, etc.) for equipment 101 to obtain rights to digital content
`from rights issuer 103. Key issuer 105 then sends equipment
`40 101 the D RM certificate and the D RM private key utilized by
`the domain.
`When a user wishes to purchase rights to digital content
`from rights issuer 103, it provides rights issuer 103 with a
`DRM certificate. Thus in accordance with the preferred
`embodiment of the present invention, a DRM certificate
`(which contains the DRM public key) must be provided to
`rights issuer 103 before any rights to digital content will be
`transferred to the user. Rights issuer 103 will verify the
`authenticity of the DRM certificate and then generate a rights
`50 object based on information (e.g. the DRMpublic key) in the
`DRM certificate. Rights issuer 103 will then digitally sign the
`rights object and provide it to equipment 101. The rights
`object contains an encrypted encryption key ( content encryp(cid:173)
`tion key) needed to render (execute) the digital content. The
`55 content encryption key is encrypted with the DRM public key
`so it can be decrypted only using the DRM private key.
`As discussed above many customers prefer to access their
`digital content with several devices 101 ( domain of devices)
`they may own. For example, a user may own a cellular tele-
`60 phone and a personal computer, both equipped with an MP3
`player. The user may wish to utilize the same account to
`purchase digital content for both devices. Prior art solutions
`have attempted to solve this problem by allowing users to
`register their devices into a domain where digital content can
`65 be freely shared. While such a domain-based DRM system
`enables a user-friendly method for content sharing, such a
`system presents two problems. The first problem is that the
`
`
`
`Case 3:20-cv-03845 Document 1-2 Filed 06/11/20 Page 8 of 10
`
`US 7,899,187 B2
`
`20
`
`25
`
`5
`user faces the potentially cumbersome task of registering all
`of his devices into a domain. For example, the domain infor(cid:173)
`mation (such as domain name and private domain password,
`credit card information, ... , etc.), exchanged with key issuer
`105, needs to be manually entered into user equipment 101 5
`before it can be added to an existing domain. The second
`problem is that the security of content in a domain is poten(cid:173)
`tially threatened if users can remotely register devices into a
`domain over a long distance. For example, if domain infor(cid:173)
`mation ( e.g. domain name and private domain password) was 10
`public information ( e.g. perhaps stolen and then propagated
`on the Internet), then anyone could register their device in the
`domain and have access to digital content bought for that
`domain. The key issuer can revoke the DRM domain certifi(cid:173)
`cate to minimize damage, but the ability to remotely register 15
`devices into an existing domain will always make this a
`vulnerability. If the only method to register devices into an
`existing domain was done via a close proximity channel with
`another device already in the domain, the opportunity for
`intruders to breach the domain is reduced.
`In order to address these issues, in the preferred embodi(cid:173)
`ment of the present invention new devices are added to an
`existing domain by obtaining domain information (e.g.,
`domain name and private domain password) from devices
`already in the domain that preferably are in close proximity.
`In order to assure that devices are in close proximity, the
`domain information may be allowed to be shared only over a
`physical connection or a short-range connection, where the
`user has physical control over both the device being added to
`the domain and the device already in the domain. In a first
`embodiment, a touch pad is utilized as an interface between
`devices. The transfer of domain information from one device
`to another is automatically initiated when contact between the
`two touch pads is made. In another embodiment, each device
`can have a button that initiates the setup of the "close prox(cid:173)
`imity" channel. Allowing the transfer of domain information
`only over a "close proximity" link creates added security
`since the two devices must be physically nearby and under the
`direct physical control of the owner of the devices.
`Regardless of the transmission means, once the domain
`information has been transferred from the device already in
`the domain to the device being added to the domain, the
`device being added to the domain contacts key issuer 105 to
`complete its registration into the domain. For example, the
`device being added to the domain (i.e., equipment 101) pro(cid:173)
`vides its unit certificate and the domain information ( acquired
`from equipment 101 already in the domain) to key issuer 105
`and executes the previously mentioned authentication proto(cid:173)
`col.
`FIG. 2 is a block diagram ofuser equipment 101 of FIG. 1
`in accordance with the preferred embodiment of the present
`invention. As shown, user equipment 101 comprises storage
`211 for storing DRM certificate 202, application 203, digital
`content 204, rights object 205, DRM private key 206, unit
`certificate 207, unit private key 208, and domain information
`209. As known in the art, storage 211 may comprise any
`number of storage means, including, but not limited to hard
`disk storage, random-access memory (RAM), and smart card
`storage ( e.g., Wireless Identity Module used in cellular tele(cid:173)
`phones), ... , etc. User equipment 101 additionally includes
`logic circuitry 210, which in the preferred embodiment of the
`present invention comprises a microprocessor controller such
`as but not limited to a Motorola MC68328 DragonBall inte(cid:173)
`grated microprocessor or a TI OMAPl 510 processor. Finally, 65
`user equipment 101 comprises short-range communication
`unit 213.
`
`6
`FIG. 3 is a flow chart showing operation of the digital(cid:173)
`rights management system of FIG. 1 in accordance with the
`preferred embodiment of the present invention. The descrip(cid:173)
`tion that follows assumes that a first device is already regis(cid:173)
`tered with an existing domain. That is, it has domain infor(cid:173)
`mation ( e.g., domain name and private domain password) and
`has already obtained a DRM certificate that enables it to
`acquire rights to digital content from rights issuer 103.
`The logic flow begins at step 301 where a user decides to
`enroll a second device into an existing DRM domain. At step
`303 the user initiates the transfer of domain information 209
`from the first device, which is already enrolled in the domain,
`to the second device. Although data may be transferred
`among devices in many ways ( e.g., via floppy discs, via
`email, ... , etc.), in the preferred embodiment of the present
`invention, domain information 209 will only be accepted by a
`device if it is transferred via a short-range communication
`link, however in alternate embodiments the transfer of
`domain information 209 can take place utilizing any method
`(short/long range) for transferring data between devices.
`At step 305 the first and second devices establish a secure
`authenticated channel over a short-range communication
`link. This link may be authenticated by various means. For
`example authentication can be established by the fact that the
`user has physical control over each device (perhaps by press-
`ing a button), or by entering a temporary PIN or password into
`each device. The security of the link is established using
`known protocols, such as the Wireless Transport Layer Secu(cid:173)
`rity (WTLS) or Secure Sockets Layer (SSL). Once secure
`30 short-range link 108 is established, the first device commu(cid:173)
`nicates its domain information 209 to the second device at
`step 3 07. At step 3 09, the second device uses the network link
`107 (e.g., the cellular network or Internet) to contact key
`issuer 105. The second device follows the same protocol with
`35 key issuer 105 as the first device did when establishing the
`domain, as already described above.
`At step 311, the second device communicates its unit cer(cid:173)
`tificate 207 to key issuer 105 and may use its unit private key
`40 208 to respond to a challenge. Once the channel is established
`it sends the domain information 209 to key issuer 105. At step
`313, the key issuer receives the domain information 209,
`validates it ( e.g., determines if domain name and domain
`password are valid), and if valid, registers the second device
`into the same domain as the first device. Finally, at step 315,
`key issuer 105 completes the registration of the second device
`into the existing domain by using the secure network channel
`107 to communicate the DRM private key 206 (utilized by
`every device within the domain) and a newly created DRM
`certificate 202 to the second device.
`As discussed above, once a DRM certificate 202 has been
`obtained, rights object 205 to digital content 204 can now be
`obtained from rights issuer 103. This process begins with
`DRM certificate 202 being provided to rights issuer 103 along
`55 with a request for digital content. In response, user equipment
`101 receives rights object 205, which enables access to digital
`content 204. Both are stored in memory 211. In order to
`execute digital content 204, user equipment 101 must access
`DRM private key 206 and uses it to decrypt the content
`60 encryption key from rights object 205. Content 204 is
`decrypted, and is rendered by application 203. Logic circuitry
`210 controls these functions.
`FIG. 4 is a flow chart showing operation of user equipment
`101 ofFIG. 3 in accordance with the preferred embodiment of
`the present invention. In particular, the following steps show
`those necessary to obtain domain information 209 from
`another device 101 over a short-range communication link.
`
`45
`
`50
`
`
`
`Case 3:20-cv-03845 Document 1-2 Filed 06/11/20 Page 9 of 10
`
`US 7,899,187 B2
`
`7
`The logic flow begins at step 401 where logic unit 210 deter(cid:173)
`mines that domain information 209 is being transferred to
`device 101. As discussed above, domain information 209 may
`be transferred among devices in many different ways. For
`example, domain information 209 may be received as an 5
`attachment to an email application (not shown), or may be
`received by a floppy disk drive (not shown). In this embodi(cid:173)
`ment of the present invention logic circuitry 210 determines
`the transmission means for domain information 209 (step
`403), and at step 405 determines if the transmission means is 10
`a short-range transmission means. If at step 405 it is deter(cid:173)
`mined that the transmission means is a short-range transmis(cid:173)
`sion means, then the logic flow continues to step 409 where
`domain information 209 is accepted and stored in storage
`211, otherwise the logic flow continues to step 407 where 15
`domain information is not accepted.
`As discussed above, prior art domain-based DRM systems
`allow devices to be enrolled into a domain by simply obtain(cid:173)
`ing a user's domain information. This is potentially insecure
`if devices are allowed to enroll that may not be in physical 20
`possession of the same individual. For example, a user may
`add a new device into a domain by simply typing in the
`domain information, which could be obtained via email or the
`Internet. The above procedures would not allow new devices
`to be enrolled into a domain unless the steps of FIG. 3 and 25
`FIG. 4 were followed.
`If all subsequent enrollments into the family of devices are
`forced to use short-range communication for enrollment, the
`newly added device are forced to be in direct physical control
`of the user, resulting in a more secure DRM system. Addi- 30
`tionally, the use of key issuer 105 greatly improves security.
`For example, if a key issuer were not used then devices would
`need to share their DRM private keys and issue DRM certifi(cid:173)
`cates. Hackers would have an easier time breaching the secu(cid:173)
`rity of such a system since they have physical access to their 35
`devices and can tamper with the hardware to try and create
`false DRM certificates. In the preferred embodiment of this
`invention, the key issuer is a trusted entity that is not physi(cid:173)
`cally accessible to the users to the DRM system. Hackers may
`attempt to breach the security of the key issuer, but since it 40