`
`
`(19) United States
`
`
`
`
`
`
`
`
`(12) Patent Application Publication (10) Pub. No.: US 2005/0257260 A1
`
`
` Lenoir et al. (43) Pub. Date: NOV. 17, 2005
`
`
`
`
`
`
`
`
`
`US 20050257260A1
`
`
`
`
`
`
`
`
`(54) SYSTEM FOR AUTHENTICATION
`BETWEEN DEVICES USING GROUP
`
`
`
`CERTIFICATES
`
`
`
`
`
`(75)
`
`
`
`
`
`
`
`Inventors: Petrus Johannes Lenoir, Eindhoven
`
`
`
`
`(NL); Johan Cornelis Talstra,
`
`
`
`
`Eindhoven (NL); Sebastiaan Antonius
`Fransiscus Arnoldus Van Den Heuvel,
`
`
`
`
`
`
`
`
`
`Eindhoven (NL); Antonius Adriaan
`
`
`
`
`Maria Staring, Eindhoven (NL)
`
`
`
`
`
`Correspondence Address
`
`
`
`511-41AIIICIIIEEEEEELLECTUAL PROPERTY &
`
`P.O. BOX 3001
`
`
`
`BRIARCLIFF MANOR NY 10510 (US)
`
`
`
`
`’
`
`
`
`
`
`(73) Assignee: Koninklijke Philips Electronics N.V.,
`
`
`Eindhoven (NL)
`
`l0/517,926
`
`
`May 27, 2003
`PCT/IBO3/02337
`
`
`
`
`(21) Appl. No.:
`
`
`
`(22) PCT Filed:
`(86) PCT No.:
`
`
`
`
`
`
`
`
`
`(30)
`
`
`
`
`
`
`Foreign Application Priority Data
`
`
`
`Jun. 17,2002
`
`
`
`(EP) ........................................ 020774220
`
`
`
`
`
`Publication Classification
`
`
`
`
`
`
`
`
`
`(51)
`Int. Cl.7 ....................................................... H04L 9/00
`
`
`
`
`
`(52) U-S- 0- ~
`~~~~~ 726/21; 713/169
`
`
`
`
`
`
`
`ABSTRACT
`(57)
`III Whilelist-based authentication, a first device (102) in a
`
`
`
`
`
`
`
`
`
`
`
`
`
`system (100) authenticates itself to a second device (103)
`
`
`
`
`
`
`using a group certificate identifying a range of non—revoked
`device identifiers, said range encompassing the device iden-
`
`
`
`
`
`
`
`tifier of the first device (102). Preferably the device identi-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`fiers correspond to leaf nodes in a hierarchically ordered
`
`
`
`
`
`
`
`
`tree, and the group certificate identifies a node (202—207) in
`
`
`
`
`
`
`
`
`
`the tree representing a subtree in which the leaf nodes
`
`
`
`
`
`
`
`
`correspond to said range. The group certificate can also
`
`
`
`
`
`
`
`Identify a further node (308, 310, 312) in the subtree Wthh
`represents a sub-subtree in which the leaf nodes correspond
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`to revoked device identifiers. Alternatively, the device iden-
`tifiers are selected from a sequentially ordered range, and the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`group certificate identifies a subrange of the sequentially
`ordered range, said subrange encompassing the Whitclisted
`
`
`
`
`
`
`
`device identifiers.
`
`
`
`
`
`
`
`;
`
`.
`
`0 (l1)
`~ 40 bits
`
`
`
`
`
`Sign[S1]
`
`Sign[Sz]
`)
`5
`tozcd-blLs
`
`.
`
`
`
`
`
`
`Sign[Sk]
`
`
`.
`
`
`
`
`
`
`
`s13,< Sign[s1sz...sk]
`S182...Sk Sign[s1sz...s,,]
`x.__v—/\_V——/ WW
`
`
`C - 1024 bits
`6 ~ 1024 bits
`2n ~ 80 bits C - 1024 blts
`
`
`
`
`
`
`
`
`
`
`
`
`404
`
`
`
`406
`
`
`
`402
`
`
`
`Page 1 of 14
`
`GOOGLE EXHIBIT 1017
`
`Page 1 of 14
`
`GOOGLE EXHIBIT 1017
`
`

`

`
`
`
`
`
`
`
`
`Patent Application Publication Nov. 17, 2005 Sheet 1 0f 5
`
`
`
`US 2005/0257260 A1
`
`C’)
`
`O1—
`
`
`
`
`I
`
`
`\/\
`
`EIEIEI
`DUE]
`
`DUE]
`
`104
`
`
`
`102
`
`
`
`100
`
`
`
`111
`
`
`
`110
`
`101
`
`
`
`
`-H
`
`FIG.1
`
`v105/
`
`
`120\
`
`Page 2 of 14
`
`Page 2 of 14
`
`

`

`Patent Application Publication Nov. 17, 2005 Sheet 2 0f 5
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`US 2005/0257260 A1
`
`
`
`207
`
`
`
`
`
`O 201
`
`
`
`Page 3 of 14
`
`«m
`
`GBGD
`
`FIG.2
`
`
`
`Page 3 of 14
`
`

`

`
`
`
`
`
`
`
`Patent Application Publication Nov. 17, 2005 Sheet 3 0f 5
`
`
`
`US 2005/0257260 A1
`
`
`
`LO
`‘—
`
`V\
`
`—
`
`or)
`\—
`
`N\
`
`—
`
`FIG.3
`
`
`
`
`
`
`
`Page 4 of 14
`
`Page 4 of 14
`
`

`

`
`
`
`
`
`
`
`Patent Application Publication Nov. 17, 2005 Sheet 4 0f 5
`
`
`
`US 2005/0257260 A1
`
`.
`
`VF
`
`00
`
`v Nv
`
`Vr OV
`
`
`
`
`
`FIG.4
`
`‘9?
`
`
`
`@ 5
`
`4
`
`W
`
`
`@®®cfib®2
`
`3 30,7
`
`
`
`
`
`
`
`Page 5 of 14
`
`Page 5 of 14
`
`

`

`Patent Application Publication Nov. 17, 2005 Sheet 5 0f 5
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`US 2005/0257260 A1
`
`
`
`1m...flméc9wv.mFm
`
`\||\f.|ll.}}
`
`53VNQFlU33onl:N
`
`33%me0$3.32.0
`
`352‘lEo.
`
`mo¢vow
`
`3:
`
`
`
`Nov
`
`
`
`
`
`Page 6 of 14
`
`Page 6 of 14
`
`
`
`

`

`
`
`US 2005/0257260 A1
`
`
`
`Nov. 17, 2005
`
`
`
`
`
`SYSTEM FOR AUTHENTICATION BETWEEN
`
`
`
`DEVICES USING GROUP CERTIFICATES
`
`
`
`
`[0001] The invention relates to a system comprising a first
`
`
`
`
`
`
`
`device and a second device, the first device being assigned
`
`
`
`
`
`
`
`
`
`a device identifier, and being arranged to authenticate itself
`
`
`
`
`
`
`
`
`to the second device.
`
`
`
`
`BACKGROUND OF THE INVENTION
`
`
`
`[0002]
`In recent years, the amount of content protection
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`systems has grown at a rapid pace. Some of these systems
`only protect the content against illegal copying while others
`
`
`
`
`
`
`
`
`
`are also prohibiting the user to get access to the content. The
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`first category is called Copy Protection (CP) systems and has
`been traditionally the main focus for Consumer Electronics
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`(CE) devices, as this type of content protection is thought to
`be implementable in an inexpensive way and does not need
`
`
`
`
`
`
`
`
`bidirectional interaction with the content provider. Examples
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`are CSS (Content Scrambling System), the protection sys—
`tem of DVD ROM discs and DTCP (Digital Transmission
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Content Protection), the protection system for IEEE 1394
`connections. The second category is known under several
`
`
`
`
`
`
`
`names. In the broadcast world they are generally known as
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`CA (Conditional Access) systems, while in the Internet
`
`
`
`
`
`
`
`
`world they are generally known as DRM (Digital Rights
`
`
`
`
`
`
`Management) systems. Recently new content protection
`systems have been introduced (like SmartRight from Thom-
`
`
`
`
`
`
`
`
`son, or DTCP from DTLA) in which a set of devices can
`
`
`
`
`
`
`
`
`authenticate each other through a bi-directional connection.
`
`
`
`
`
`
`Based on this authentication,
`the devices will trust each
`
`
`
`
`
`
`
`
`other and this will enable them to exchange protected
`
`
`
`
`
`
`
`
`content. In the licenses accompanying the content,
`it is
`
`
`
`
`
`
`
`
`described which rights the user has and what operations
`
`
`
`
`
`
`
`
`
`he/she is allowed to perform on the content.
`
`
`
`
`
`[0003] The trust, which is necessary for intercommunica-
`
`
`
`
`
`
`
`tion between devices, is based on some secret, only known
`
`
`
`
`
`
`
`
`to devices that were tested and certified to have secure
`
`
`
`
`
`
`
`
`
`
`implementations. Knowledge of the secret is tested using an
`
`
`
`
`
`authentication protocol. The best solutions for these proto-
`
`
`
`
`
`
`
`
`cols are those which employ “public key’ cryptography,
`
`
`
`
`
`
`
`
`which use a pair of two different keys. The secret to be tested
`
`
`
`
`
`
`
`
`
`is then the secret key of the pair, while the public key can be
`
`
`
`
`
`
`
`
`
`
`
`
`used to verify the results of the test. To ensure the correct-
`
`
`
`
`
`
`
`
`
`
`ness of the public key and to check whether the key-pair is
`
`
`
`
`
`
`
`
`
`a legitimate pair of a certified device,
`the public key is
`
`
`
`
`
`
`
`
`
`accompanied by a certificate, that is digitally signed by the
`
`
`
`
`
`
`Certification Authority, the organization which manages the
`
`
`
`
`
`
`distribution of public/private key-pairs for all devices. In a
`
`
`
`
`
`
`simple implementation the public key of the Certification
`
`
`
`
`
`
`
`Authority is hard-coded into the implementation of the
`
`
`
`
`
`
`
`device.
`
`[0004] Acertificate is a bit-string, which contains an M-bit
`
`
`
`
`
`
`message-part and a C-bit signature-part appended to it. C is
`
`
`
`
`
`usually in the range of 512 .
`. 2048 bits and typically 1024
`.
`
`
`
`
`
`
`
`
`
`
`bits. For M<C,
`the signature is computed based on the
`
`
`
`
`
`
`
`
`
`message itself, for M>C it is computed based on a summary
`
`
`
`
`
`
`
`of the message. Below,
`the first case: M<C, is the more
`
`
`
`
`
`
`
`
`
`
`relevant one. The signature depends sensitively on the
`
`
`
`
`
`
`
`
`contents of the message, and has the property that it can be
`
`
`
`
`
`
`
`
`
`constructed only by the Certification Authority; but verified
`
`
`
`
`
`
`by everybody. Verification in this context means: checking
`
`
`
`
`
`
`
`that the signature is consistent with the message. If some-
`
`
`
`
`
`
`
`
`body has changed but a single bit of the message,
`the
`
`
`
`
`
`
`
`
`
`
`signature will no longer be consistent.
`
`
`
`
`
`[0005]
`there are several
`In typical security scenarios ,
`
`
`
`
`
`
`
`
`different devices involved, which might not all be imple-
`
`
`
`
`
`
`
`
`
`mented with equal levels of tamper-proofing. Such a system
`
`
`
`
`
`
`
`should therefore be resistant to the hacking of individual
`
`
`
`
`
`
`
`
`devices, which might enable illegal storing, copying and/or
`
`
`
`
`
`
`
`
`redistribution of digital content. An important technique to
`
`
`
`
`
`increase the resistance is the so-called revocation of these
`
`
`
`
`
`
`
`hacked devices.
`
`
`[0006] Revocation means the withdrawal of the trust in
`
`
`
`
`
`
`
`
`that device. The effect of revocation is that other devices in
`
`
`
`
`
`
`
`
`the network do not want to communicate anymore with the
`
`
`
`
`
`
`
`
`revoked device. Revocation can be achieved in several
`
`
`
`
`
`
`
`
`different manners. Two different techniques would be to use
`
`
`
`
`
`
`
`so-called black lists (a list of revoked devices) or white lists
`
`
`
`
`
`
`
`
`(a list of un—revoked devices).
`
`
`
`
`
`[0007]
`In the black list scenario, the device that is to verify
`
`
`
`
`
`
`
`
`
`
`the trust of its communication partner, needs to have an
`
`
`
`
`
`
`
`
`up-to-date version of the list and checks whether the ID of
`
`
`
`
`
`
`
`
`
`the other device is on that list. The advantage of black lists
`
`
`
`
`
`
`
`
`
`is that the devices are trusted by default and the trust in them
`
`
`
`
`
`
`
`
`
`
`is only revoked, if their ID is listed on the revocation list.
`
`
`
`
`
`
`
`
`
`This list will be initially very small, but it can potentially
`
`
`
`
`
`
`
`
`
`grow unrestrictedly. Therefore both the distribution to and
`
`
`
`
`
`
`
`
`the storage on CE devices of these revocation lists might be
`
`
`
`
`
`
`
`
`
`
`
`problematic in the long run.
`[0008]
`In the white list scenario, a device has to prove. to
`
`
`
`
`
`
`
`
`
`others that it is still on the list of allowed communication
`
`
`
`
`
`
`
`
`
`
`partners. It will do this by presenting an up-to-date version
`
`
`
`
`
`
`of a certificate, which states that the device is on the white
`
`
`
`
`
`
`
`
`
`
`list. The white list techniques overcomes the storage prob-
`
`
`
`
`
`
`
`
`
`lem, by having only a fixed length certificate stored in each
`
`
`
`
`
`
`
`
`device which proves that that device is on the white list. The
`
`
`
`
`
`
`
`
`
`
`revocation acts by sending all devices, except
`for the
`
`
`
`
`
`
`
`
`
`revoked ones, a new version of the white list certificate.
`
`
`
`
`
`
`
`
`
`Although now the storage in the devices is limited, the
`
`
`
`
`
`
`
`
`
`distribution of the white list certificates is an almost insur-
`
`
`
`
`
`
`
`
`mountable problem if no efficient scheme is available.
`
`
`
`
`
`SUMMARY OF THE INVENTION
`
`
`
`[0009]
`It is one object of the invention to provide a system
`
`
`
`
`
`
`according to the preamble, which enables efficient distribu-
`
`
`
`
`
`
`tion and storage of white list certificates.
`
`
`
`
`
`
`[0010] This object is achieved according to the invention
`
`
`
`
`
`
`
`in a system comprising a plurality of devices, said plurality
`
`
`
`
`
`
`
`comprising at least a first device and a second device, the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`devices of said plurality being assigned a respective device
`identifier, the first device being arranged to authenticate
`
`
`
`
`
`
`
`itself to the second device by presenting to the second device
`
`
`
`
`
`
`
`
`a group certificate identifying a range of non-revoked device
`
`
`
`
`
`
`
`identifiers, said range encompassing the device identifier of
`
`
`
`
`
`
`
`the first device.
`
`
`
`[0011] The invention provides a technique which com-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`bines the advantages of black lists (initially small distribu—
`tion lists) with the main advantage of white lists (limited
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`storage). Preferably,
`this technique additionally rises
`a
`device certificate, which proves the ID of a device. This
`
`
`
`
`
`
`
`
`device certificate is already present in the devices (indepen-
`
`
`
`
`
`
`
`dent of revocation) as the basis for the initial trust and is
`
`
`
`
`
`
`
`
`
`installed, e.g., during production in the factory.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`[0012] Every device now only needs to store a single
`group certificate, i.e. the group certificate that identifies a
`
`
`
`
`
`
`
`
`
`
`
`
`Page 7 of 14
`
`Page 7 of 14
`
`

`

`
`
`US 2005/0257260 A1
`
`
`
`Nov. 17, 2005
`
`
`
`range encompassing its own device identifier. This means
`
`
`
`
`
`
`
`that the storage requirements for certificates are fixed and
`
`
`
`
`
`
`
`
`
`can be computed in advance. It is now possible to optimize
`
`
`
`
`
`
`the implementation of these devices, for example by install-
`
`
`
`
`
`
`
`ing a memory that is exactly the right size, rather than a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`“sufficiently large” memory as would be necessary in the
`prior art.
`
`
`
`
`
`
`
`
`
`[0013] As to distribution, it is now no longer necessary to
`always send out separate certificates for every single device
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`in the system. By choosing an appropriate grouping of
`device identifiers, a single group certificate suffices for all
`
`
`
`
`
`
`
`
`the devices in the group.
`
`
`
`
`[0014] Of course the authentication of the first device to
`
`
`
`
`
`
`
`
`the second device may comprise other steps in addition to
`
`
`
`
`
`
`
`
`the presenting of the group certificate. For instance, the first
`
`
`
`
`
`
`
`
`
`device could also establish a secure authenticated channel
`
`
`
`
`
`
`
`with the second device, present a certificate containing its
`
`
`
`
`
`
`
`device identifier to the second device, and so on. Authenti-
`
`
`
`
`
`
`
`
`cation is succesful if the second device determines that the
`
`
`
`
`
`
`
`
`device identifier of the first device is actually contained in
`
`
`
`
`
`
`
`the range given in the group certificate. The authentication
`
`
`
`
`
`
`
`
`can be made mutual by simply also having the second device
`
`
`
`
`
`
`
`
`present its own group certificate to the first device.
`
`
`
`
`
`
`
`
`
`[0015]
`In an embodiment the respective device identifiers
`
`
`
`
`
`
`correspond to leaf nodes in a hierarchically ordered tree, and
`
`
`
`
`
`
`
`the group certificate identifies a node in the hierarchically
`
`
`
`
`
`
`
`ordered tree, said node representing a subtree in which the
`
`
`
`
`
`
`
`
`leaf nodes correspond to the range of non-revoked device
`
`
`
`
`
`
`
`identifiers. This has the advantage that using a hierarchy
`
`
`
`
`
`
`
`
`makes it possible to very efficiently identify a group. A very
`
`
`
`
`
`
`large group of devices can be identified with a single
`
`
`
`
`
`
`
`
`
`identifier corresponding to a node high in the hierarchy.
`
`
`
`
`
`
`[0016]
`In an improvement of this embodiment the group
`
`
`
`
`
`
`
`certificate further identifies a further node in the subtree, said
`
`
`
`
`
`
`
`
`further node representing a further subtree in which the leaf
`
`
`
`
`
`
`
`
`nodes correspond to device identifiers excluded from the
`
`
`
`
`
`
`
`range of non-revoked device identifiers. In the previous
`
`
`
`
`
`
`
`
`approach, if a device in the subtree is revoked, a number of
`
`
`
`
`
`
`new certificates needs to be issued for the remaining non-
`
`
`
`
`
`
`
`
`revoked subtrees. The present improvement has the advan—
`
`
`
`
`
`
`
`
`tage that when a small number of devices in a subtree is
`
`
`
`
`
`
`
`revoked,
`is not
`immediately necessary to issue new
`it
`
`
`
`
`
`
`
`
`certificates for a lot of new subtrees.
`
`
`
`
`
`[0017] As an enhancement, another group certificate can
`
`
`
`
`
`
`
`be issued that identifies a yet further subtree, part of the
`
`
`
`
`
`
`
`
`
`
`further subtree. This way, this part of the subtree can be
`
`
`
`
`
`
`
`
`
`
`maintained in the range of non—revoked device identifiers.
`
`
`
`
`
`
`[0018]
`It may be desirable to agree in advance to always
`
`
`
`
`
`
`
`revoke one device ID in the group, for example the device
`
`
`
`
`
`
`
`
`
`ID zero. This way, even if no actual devices are revoked, the
`
`
`
`
`
`
`
`
`
`
`group certificate is always consistently formed.
`
`
`
`
`
`[0019]
`In a further embodiment
`the respective device
`
`
`
`
`
`
`
`identifiers are selected from a sequentially ordered range,
`
`
`
`
`
`
`
`and the group certificate identifies a subrange of the sequen-
`
`
`
`
`
`
`
`tially ordered range, said subrange encompassing the range
`
`
`
`
`
`
`
`
`of non—revoked device identifiers. This advantageously com—
`
`
`
`
`
`
`
`bines the small transmission size of the simple black listing
`
`
`
`
`
`
`
`
`
`method discussed above with the small storage size of the
`
`
`
`
`
`
`
`
`
`white listing methods. If a sorted list of all revoked devices
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`in ascending order) is created, then the authorized
`(e.g.,
`groups consist of the devices between any two elements of
`
`
`
`
`
`
`
`
`
`this list. Now the transmission size is at most equal to the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`size in the simple black listing case (of course, the data that
`is transmitted is identical to the black list, but the interpre-
`
`
`
`
`
`
`
`
`
`tation is different).
`
`
`[0020]
`In a further embodiment the system further com-
`
`
`
`
`
`
`
`
`prises a gateway device arranged to receive a group certifi-
`
`
`
`
`
`
`
`cate from an external source and to distribute said received
`
`
`
`
`
`
`
`
`group certificate to the devices in the system if the device
`
`
`
`
`
`
`
`
`
`identifier of at least one device in the system falls within the
`
`
`
`
`
`
`
`
`
`particular range identified in said received group certificate.
`
`
`
`
`
`
`
`This has the advantage that the devices in the system, many
`
`
`
`
`
`
`
`
`
`
`of which are expected to have low processing power, now no
`
`
`
`
`
`
`
`
`longer need to process all group certificates sent by the
`
`
`
`
`
`
`
`
`external source, but only those filtered by the gateway
`
`
`
`
`
`
`
`
`
`device.
`
`[0021]
`In a further embodiment the gateway device is
`
`
`
`
`
`
`
`further arranged to cache at least a subset of all the received
`
`
`
`
`
`
`
`group certificates. This way, if later a new device is added
`
`
`
`
`
`
`
`
`to the system,
`the gateway device can locate a group
`
`
`
`
`
`
`
`
`
`certificate for the new device from the cache and distribute
`
`
`
`
`
`
`
`
`
`
`the cached group certificate to the new device. The new
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`device can then immediately start authenticating itself to the
`other devices in the system.
`
`
`
`
`[0022]
`In a filrther embodiment a single group certificate
`
`
`
`
`
`
`
`identifies plural respective ranges of non—revoked device
`
`
`
`
`
`
`
`identifiers. This way, a device like the gateway device
`
`
`
`
`
`
`
`
`mentioned earlier can easily tell, without verifying many
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`digital signatures at great computational cost, whether a
`particular group certificate could be relevant to particular
`
`
`
`
`
`
`
`devices. It can then filter out those group certificates that are
`
`
`
`
`
`
`
`
`
`
`not relevant at all, or verify any digital signatures on those
`
`
`
`
`
`
`
`
`
`group certificates that are relevant.
`
`
`
`
`
`[0023]
`In a variant of this embodiment the plural respec-
`
`
`
`
`
`
`
`tive ranges in the single group certificate are sequentially
`
`
`
`
`
`
`
`
`ordered, and the single group certificate identifies the plural
`
`
`
`
`
`
`
`
`
`respective ranges through an indication of the lowest and
`
`
`
`
`
`
`
`
`highest respective ranges in the sequential ordering. This
`
`
`
`
`
`
`
`allows the filter to decide whether this certificate might be
`
`
`
`
`
`
`
`
`
`relevant. This can then be verified by the destination device
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`itself inspecting the signature. It allows the rapid rejection of
`the bulk of certificates that are irrelevant.
`
`
`
`
`
`
`[0024]
`In a further embodiment the group certificate com-
`
`
`
`
`
`
`
`prises an indication of a validity period and the second
`
`
`
`
`
`
`
`
`
`device authenticates the first device if said validity period is
`
`
`
`
`
`
`
`
`acceptable. “Acceptable” could mean simply “the current
`
`
`
`
`
`
`
`day and time fall within the indicated period”, but preferably
`
`
`
`
`
`
`
`
`
`
`also some extensions to the indicated period should be
`
`
`
`
`
`
`
`
`
`acceptable. This way, delays in propagating new group
`
`
`
`
`
`
`
`certificates do not automatically cause a device to fail
`
`
`
`
`
`
`
`
`authentication.
`
`[0025]
`the second device is
`In a further embodiment
`
`
`
`
`
`
`
`arranged to distribute protected content comprising an indi-
`
`
`
`
`
`cation of a lowest acceptable certificate version to the first
`
`
`
`
`
`
`device upon successful authentication of the first device, and
`
`
`
`
`
`
`to successfully authenticate the first device if a version
`
`
`
`
`
`
`indication in the group certificate is at least equal to the
`
`
`
`
`
`
`
`
`
`indication of the lowest acceptable certificate version.
`
`
`
`
`
`
`[0026] Although devices could require from their commu-
`
`
`
`
`
`
`
`
`nication partners a version that is at least as new as the one
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`they are using themselves, this might provide problems as
`devices that are on the list that are revoked are completely
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 8 of 14
`
`Page 8 of 14
`
`

`

`
`
`US 2005/0257260 A1
`
`
`
`Nov. 17, 2005
`
`
`
`locked out of any exchange of content. They are even locked
`
`
`
`
`
`
`
`
`out from old content, which they were allowed to play
`
`
`
`
`
`
`
`
`
`before the new revocation list was distributed.
`In this
`
`
`
`
`
`
`
`
`
`embodiment these problems are avoided. Even if later the
`
`
`
`
`
`
`
`
`first device is revoked, it is still able to access old content
`
`
`
`
`
`
`
`
`
`using its old group certificate.
`
`
`
`
`[0027] A “version” could be identified numerically, e.g.
`
`
`
`
`
`
`“version 3.1” or be coupled to a certain point in time, e.g.
`
`
`
`
`
`
`
`
`“the January 2002 version”. The latter has the advantage that
`
`
`
`
`
`
`
`
`
`
`it is easier to explain to humans that a particular version is
`
`
`
`
`
`
`
`
`no longer acceptable because it is too old, which can be
`
`
`
`
`
`
`
`
`
`easily seen by comparing the point
`in time against
`the
`
`
`
`
`
`
`
`
`
`current time. With a purely numerical version number this is
`
`
`
`
`
`
`
`
`much more difficult.
`
`
`
`
`
`
`
`
`
`[0028] The indication is preferably securely incorporated
`in the content, for example by making it part of a digital
`
`
`
`
`
`
`
`
`
`rights container, an Entitlement Management Message
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`(EMM), and so on. This way an attacker cannot modify the
`indication.
`
`[0029]
`the second device is
`In a further embodiment
`
`
`
`
`
`
`
`
`arranged to distribute protected content upon successful
`
`
`
`
`
`
`authentication of the first device, and to successfully authen-
`
`
`
`
`
`
`ticate the first device if a version indication in the group
`
`
`
`
`
`
`
`
`
`certificate is at least equal to the version indication in the
`
`
`
`
`
`
`
`
`
`group certificate of the second device.
`
`
`
`
`
`
`[0030]
`It is a further object of the invention to provide a
`
`
`
`
`
`
`
`
`first device being assigned a device identifier, and being
`
`
`
`
`
`
`
`
`arranged to authenticate itself to a second device by pre-
`
`
`
`
`
`
`
`senting to the second device a group certificate identifying
`
`
`
`
`
`
`
`a range of non-revoked device identifiers, said range encom-
`
`
`
`
`
`
`
`
`passing the device identifier of the first device.
`
`
`
`
`
`
`
`BRIEF DESCRIPTION OF THE FIGURES
`
`
`
`
`[0031] The invention is described below in further detail,
`
`
`
`
`
`
`
`by way of example and with reference to the accompanying
`
`
`
`
`
`
`
`
`drawing, wherein:
`
`
`[0032] FIG. 1 schematically shows a system 100 com-
`
`
`
`
`
`
`prising devices 101-105 interconnected via a network;
`
`
`
`
`
`
`
`
`
`
`
`[0033] FIG. 2 is a diagram illustrating a binary tree
`construction for the Complete Subtree Method;
`
`
`
`
`
`
`
`
`
`
`
`[0034] FIG. 3 is a diagram illustrating a binary tree
`construction for the Subset Difference Method;
`
`
`
`
`
`
`[0035] FIG. 4 is a diagram illustrating the Modified
`
`
`
`
`
`Black-Listing Method; and
`
`
`
`[0036] FIG. 5 is a table illustrating optimization schemes
`
`
`
`
`
`for generating certificates.
`
`
`
`DETAILED DESCRIPTION OF THE
`
`
`PREFERRED EMBODIMENTS
`
`
`[0037] Throughout the figures, same reference numerals
`
`
`
`
`
`
`
`indicate similar or corresponding features. Some of the
`
`
`
`
`
`
`
`features indicated in the drawings are typically implemented
`
`
`
`
`
`
`
`in software, and as such represent software entities, such as
`
`
`
`
`
`
`
`
`software modules or objects.
`
`
`
`[0038] System Architecture
`
`
`
`[0039] FIG. 1 schematically shows a system 100 com-
`
`
`
`
`
`
`prising devices 101—105 interconnected via a network 110.
`
`
`
`
`
`
`In this embodiment, the system 100 is an in-home network.
`
`
`
`
`
`
`
`
`
`
`Page 9 of 14
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`A typical digital home network includes a number of
`
`
`
`
`
`
`
`devices, e.g. a radio receiver, a tuner/decoder, a CD player,
`
`
`
`
`
`
`a pair of speakers, a television, a VCR, a tape deck, and so
`
`
`
`
`
`
`
`
`on. These devices are usually interconnected to allow one
`
`
`
`
`
`
`
`
`device, e.g. the television, to control another, e.g. the VCR.
`
`
`
`
`
`
`
`
`
`One device, such as e.g. the tuner/decoder or a set top box
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`(STB), is usually the central device, providing central con-
`trol over the others.
`
`
`
`
`
`
`
`
`
`
`
`[0040] Content, which typically comprises things like
`music, songs, movies, TV programs, pictures and the likes,
`
`
`
`
`
`
`
`
`is received through a residential gateway or set top box 101.
`
`
`
`
`
`
`
`
`
`The source could be a connection to a broadband cable
`
`
`
`
`
`
`network, an Internet connection, a satellite downlink and so
`
`
`
`
`
`
`on. The content can then be transferred over the network 110
`
`
`
`
`
`
`
`
`
`
`to a sink for rendering. A sink can be, for instance, the
`
`
`
`
`
`
`
`
`
`television display 102, the portable display device 103, the
`
`
`
`
`
`
`
`
`
`mobile phone 104 and/or the audio playback device 105.
`
`
`
`
`
`
`
`
`
`[0041] The exact way in which a content item is rendered
`
`
`
`
`
`
`
`
`depends on the type of device and the type of content. For
`
`
`
`
`
`
`
`
`
`instance, in a radio receiver, rendering comprises generating
`
`
`
`
`
`
`audio signals and feeding them to loudspeakers. For a
`
`
`
`
`
`
`
`television receiver, rendering generally comprises generat-
`
`
`
`
`
`
`ing audio and video signals and feeding those to a display
`
`
`
`
`
`
`
`
`
`screen and loudspeakers. For other types of content a similar
`
`
`
`
`
`
`
`
`appropriate action must be taken. Rendering may also
`
`
`
`
`
`
`
`
`include operations such as decrypting or descrambling a
`
`
`
`
`
`received signal, synchronizing audio and video signals and
`
`
`
`
`
`
`
`
`so on.
`
`[0042] The set top box 101, or any other device in the
`
`
`
`
`
`
`
`
`
`
`system 100, may comprise a storage medium 51 such as a
`
`
`
`
`
`
`
`suitably large hard disk, allowing the recording and later
`
`
`
`
`
`
`
`
`
`playback of received content. The storage S1 could be a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Personal Digital Recorder (PDR) of some kind, for example
`a DVD+RW recorder,
`to which the set
`top box 101 is
`
`
`
`
`
`
`
`
`
`
`connected. Content can also be provided to the system 100
`
`
`
`
`
`
`
`
`stored on a carrier 120 such as a Compact Disc (CD) or
`
`
`
`
`
`
`
`
`
`
`
`Digital Versatile Disc (DVD).
`[0043] The portable display device 103 and the mobile
`
`
`
`
`
`
`
`
`
`phone 104 are connected wirelessly to the network 110 using
`
`
`
`
`
`
`
`
`a base station 111, for example using Bluetooth or IEEE
`
`
`
`
`
`
`
`
`
`802.11b. The other devices are connected using a conven-
`
`
`
`
`
`
`
`
`tional wired connection. To allow the devices 101-105 to
`
`
`
`
`
`
`
`interact, several
`interoperability standards are available,
`
`
`
`
`
`
`which allow different devices to exchange messages and
`
`
`
`
`
`
`
`information and to control each other. One well-known
`
`
`
`
`
`
`
`
`
`
`
`
`
`standard is the Home AudioNideo Interoperability (HAVi)
`standard, version 1.0 of which was published in January
`
`
`
`
`
`
`
`
`2000, and which is available on the Internet at the address
`
`
`
`
`
`
`
`
`littp://www.havi.org/. Other well-known standards are the
`
`
`
`
`
`
`domestic digital bus (D2B) standard, a communications
`
`
`
`
`
`
`protocol described in IEC 1030 and Universal Plug and Play
`
`
`
`
`
`
`
`
`
`
`(http://www.upnp.org).
`[0044]
`the devices
`It is often important to ensure that
`
`
`
`
`
`
`
`
`101-105 in the home network do not make unauthorized
`
`
`
`
`
`
`copies of the content. To do this, a security framework,
`
`
`
`
`
`
`
`
`
`
`
`
`typically referred to as a Digital Rights Management (DRM)
`
`
`system is necessary.
`[0045]
`the home network is
`In one such framework,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`divided conceptually in a conditional access (CA) domain
`
`
`
`
`
`
`
`
`and a copy protection (CP) domain. Typically, the sink is
`located in the CP domain. This ensures that when content is
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 9 of 14
`
`

`

`
`
`US 2005/0257260 A1
`
`
`
`Nov. 17, 2005
`
`
`
`provided to the sink, no unauthorized copies of the content
`
`
`
`
`
`
`
`can be made because of the copy protection scheme in place
`
`
`
`
`
`
`
`
`in the CP domain. Devices in the CP domain may comprise
`
`
`
`
`
`
`
`
`a storage medium to make temporary copies, but such copies
`
`
`
`
`
`
`
`
`
`may not be exported from the CP domain. This framework
`
`
`
`
`
`
`
`is described in European patent application 01204668.6
`
`
`
`
`
`
`
`
`
`
`
`
`(attorney docket PHNL010880) by the same applicant as the
`
`
`present application.
`
`
`
`
`
`
`
`
`[0046] Regardless of the specific approach chosen, all
`devices in the in-home network that implement the security
`
`
`
`
`
`
`
`
`framework do so in accordance with the implementation
`
`
`
`
`
`requirements. Using this framework,
`these devices can
`
`
`
`
`
`
`
`authenticate each other and distribute content securely.
`
`
`
`
`
`
`
`Access to the content is managed by the security system.
`
`
`
`
`
`
`
`This prevents the unprotected content from leaking to unau-
`
`
`
`
`
`
`
`
`thorized devices and data originating from untrusted devices
`
`
`
`
`
`
`
`
`from entering the system.
`
`
`
`
`[0047]
`It is important that devices only distribute content
`
`
`
`
`
`
`
`
`
`to other devices which they have successfully authenticated
`
`
`
`
`
`
`
`
`beforehand. This ensures that an adversary cannot make
`
`
`
`
`
`
`
`
`unauthorized copies using a malicious device. A device will
`
`
`
`
`
`
`
`only be able to successfully authenticate itself if it was built
`
`
`
`
`
`
`
`by an authorized manufacturer, for example because only
`
`
`
`
`
`
`
`authorized manufacturers know a particular secret necessary
`
`
`
`
`
`
`for successful authentication or their devices are provided
`
`
`
`
`
`
`
`with a certificate issued by a Trusted Third Party.
`
`
`
`
`
`
`[0048] Device Revocation
`
`
`
`[0049]
`In general, revocation of a device is the reduction
`
`
`
`
`
`
`
`or complete disablement of one or more of its functions if
`
`
`
`
`
`
`
`
`
`
`
`
`
`information (e.g.,
`identifiers or decryption keys)
`secret
`inside the device have been breached, or discovered through
`
`
`
`
`
`
`
`
`hacking. For example, revocation of a CE device may place
`
`
`
`
`
`
`
`limits on the types of digital content that the device is able
`
`
`
`
`
`
`
`
`
`to decrypt and use. Alternatively, revocation may cause a
`
`
`
`
`
`
`
`
`piece of CE equipment to no longer perform certain func-
`
`
`
`
`
`
`
`tions, such as making copies, on any digital content
`it
`
`
`
`
`
`
`
`
`
`receives.
`
`[0050] The usual effect of revocation is that other devices
`
`
`
`
`
`
`
`
`in the network 110 do not want to communicate anymore
`
`
`
`
`
`
`
`
`with the revoked device. Revocation can