DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0041] The present invention is of a system and a method for flexible, yet secure distribution of digital content items, optionally with an automatic payment mechanism for purchasing such content. The present invention supports the distribution of content to end user devices from one or more central distribution points, as in client-server models and variations thereof, and/or peer-to-peer distribution, for example between end user devices. In addition, the present invention also supports distribution models within either of these mechanisms for unitary distribution, to a specified end user device, or broadcast/multicast distribution, to a plurality of end user devices. In any case, in order for the distributed content to be operative, for example to be “played back” or otherwise displayed, the recipient end user device must have been in communication with a network control center at least once before the content can be so displayed. It should be noted that optionally such contact may be performed at the time of manufacture of the end user device.

[0042] The network control center then enables the recipient end user device to play back or otherwise display the received content, for example by sending a code or other permission message to the recipient end user device. Optionally, the network control center may require payment to be received before enabling the content for the recipient end user device. Thus, the present invention supports flexible distribution of content according to a number of different distribution models, while still preventing unauthorized play back or other display throughout the lifecycle of the digital content item, and optionally enabling assured payments.

[0043] According to preferred embodiments of the present invention, there is provided a combination of secure hardware and software to prevent and/or at least retard unauthorized access or “hacking”. In order for access to the distributed content to be controlled, the content itself must be protected, for example by encryption or scrambling. Hereinafter, the term “scrambling” is considered to encompass both encryption, which involves the mathematically determined alteration of content to a form which cannot be read without the proper key, and a simpler form of scrambling, which involves the rearrangement of portions of the content, such that the content is only readable when properly rearranged. By protecting the content itself, the present invention enables the content to be completely portable, and to be distributed freely, while still ensuring that control of access to the content is maintained by a central authority.

[0044] The security of the content is more preferably provided through several basic rules. First, preferably all digital content is encrypted or otherwise scrambled throughout the system, except when being received by the network control center for distribution to the end user device, and at the last physical point immediately prior to actual physical use (play back or other display of the content) at the end user device. For example, with regard to audio data, that point would be the creation of the analog voltage signal for transmission to the analog amplifiers. The physical construction of the integrated circuits handling the digital content at the end user device is more preferably performed such that decryption or unscrambling of the content is only available at that point and such that “clear” or unscrambled content cannot be transmitted outside of the end user device.

[0045] According to preferred embodiments of the present invention, the digital content is scrambled before being transmitted to the end user device by a broadcast unit at the network control center. The scrambled digital content can then preferably only be unscrambled by the end user device with the correct key. The key is preferably distributed through an ECM (control message), which more preferably enables the end user device to create the correct key and as such may be considered to be an example of a permission message. Optionally, the ECM is broadcast to all end user devices, but the particular end user device is more preferably only able to generate the key if this end user device also receives an EMM, or entitlement message, from the network control center. Thus, the key, or information required to generate the key, may optionally be broadcast, while the ability to use such a key is preferably still controlled by the network control center, through the distribution of some type of permission message for example.

[0046] Optionally and most preferably, a more permanent key, or at least the ability to generate such a more permanent key, is also distributed by the control center to a particular, individual end user device. Most preferably, this capability is distributed through a PECM (personal ECM), which is received by the end user device from the control center and provides the permanent capability to access the digital content. Optionally and most preferably, the PECM then replaces the ECM, such that only the PECM is then required for access and display of the digital content. The PECM can be considered to be another example of the permission message.

[0047] The preferred combination of hardware and software components enables the present invention to most effectively protect access to the content, while still enabling the user to easily and transparently play back, or otherwise display, the content. More preferably, the end user device which is used for the present invention includes a security module, for unscrambling the scrambled content according to a received code. The security module optionally and more preferably features a renewable security submodule, such as a smart card for example. The renewable security submodule is itself preferably secured, such that information contained within this submodule is protected from unauthorized access. The security module receives the necessary code from the network control center, and is then able to unscramble the received content for play back or other display. Most preferably, the operation of the security module is transparent or substantially transparent to the end user.

[0048] The end user device is preferably in communication with the network control center through a network, which could be the Internet for example, but which could also be a cable network and/or satellite communication, for example. Alternatively, the end user device is in communication with the network control center indirectly, for example through the use of a portable storage medium such as a CD-ROM for example, which could optionally be sent to the end user for distribution of content and/or codes, for example.

[0049] The present invention also preferably encompasses several different business models, for distribution of content and more preferably also for payment for the distributed content. The business rules and data are preferably embodied in the security module. With regard to renewable or removable security modules, optionally such security modules may be “paired” to end user devices, such that the pairing relationship is established either in manufacture of the end user device and renewable security submodule, and/or through a connection to the network control center, or control center for distribution of the digital content. The pairing relationship may optionally be used to prevent the renewable and/or removable security module from being used with other end user devices.

[0050] In addition, business rules rights, credits and so forth are preferably maintained at the network control center. Optionally and more preferably, a requirement for periodic connections to the network control center by the end user device allows for synchronization and detection of pirate activity. One of the rules may optionally force the user to establish a connection from the end user device to the control network center on a periodic basis.

[0051] The combination of the local security module for the end user device, and the network control center at the central distribution point, enable the end user to more easily purchase or otherwise obtain content items, while still protecting the digital content against unauthorized access. Interpretation of business rules and conditions embodied in these various EMMs, ECMs and PECMs is preferably performed in the security module. The security module more preferably comprises a renewable security submodule, which most preferably is a smartcard, to enable its service in related or unrelated business applications, such as loyalty cards, purchase of non-digital content items, or any other use. For the removable and/or renewable security submodule, there is an option to exchange data between business applications, thus enabling transfer of credit, loyalty points and so forth from one business application to another. Preferably, the system would further feature a smartcard reader for reading the smartcard, which would be separate from the end user device. The data produced by the smartcard is readable by the smartcard reader, including data resulting from the slots, which is more preferably readable as a coded reply. For reasons of security, preferably direct outside readout of data stored on the smartcard is not permitted. Rather, a query received through the reader results in a coded reply.

[0052] The principles and operation of the present invention may be better understood with reference to the drawings and the accompanying description.

[0053] Referring now to the drawings, FIG. 3 is a schematic block diagram of a system according to the present invention for secure and yet flexible delivery of digital content. Although the system is described with regard to audio content, it is understood that this is for the purposes of illustration only and is without any intention of being limiting in any way.

[0054] As shown, a system 200 features an end user device 210 with an associated security module 220 . End user device 210 also features a media player 230 for playing back or otherwise displaying at least one type of media content, such as audio content for example. End user device 210 is preferably in communication with a network control center 240 through a network 250 . Network 250 could be substantially any type of suitable network, including but not limited to, the Internet, a cable network or a satellite distribution mechanism.

[0055] Network control center 240 preferably controls access to the distributed content by end user device 210 , but more preferably does not solely control distribution of the content. Instead, network control center 240 is preferably capable of distributing content, whether through a broadcast mechanism to a plurality of end user devices 210 , or alternatively through a unicast mechanism to a specific end user device 210 . In addition, optionally and preferably, end user devices 210 are also capable of direct peer-to-peer distribution of the content. More preferably, network control center 240 does not control such peer-to-peer distribution of content between end user devices 210 , but does control access to the distributed content. Such control is preferably provided by requiring an end user device 210 which receives such content to contact network control center 240 before access to the content is possible. Optionally, however, access to a portion of the content may be permitted as “preview” or other introduction before contact is established with network control center 240 . For audio content, such a “preview” could optionally include a short length of played back audio data, while for a movie or other lengthier content, such a “preview” could optionally include a longer length of played back content.

[0056] More preferably, the distributed content is scrambled before distribution, and can only be accessed by an end user device 210 which possesses the proper code or codes. Most preferably, security module 220 must receive the proper code or codes, and is then able to transparently unscramble the received content for play back or other display of the content. These code(s) can most preferably only be received from network control center 240 , thereby enabling network control center 240 to maintain control over access to the distributed content.

[0057] Optionally and preferably, different portions of the distributed content are scrambled according to different types of scrambling mechanisms. For example, optionally and preferably, the digital content is encrypted in several parts, each one having a different encryption mode, such that different grades or classes of content are optionally contained within a single unit of content. One example of such a mode could optionally be “clear” or non-scrambled content. Another example is “free viewing”, in which the content may optionally and preferably be scrambled, and is transmitted with an ECM that allows free access to all end user devices 210 , and more specifically, to security module 220 of each such end user device 210 . Such differential scrambling can optionally and preferably be used to enable a “free preview” function for particular (or all) audiences through their respective end user devices 210 , such that the end user could view a portion of the received content in order to determine whether to purchase such content, for example.

[0058] According to other preferred embodiments of the present invention, a plurality of different business models for purchasing and managing digital content is supported. Optionally and preferably, there are a plurality of basic distribution models: subscription, rental and “per item” purchase.

[0059] For the subscription model, preferably only members of “subscribed” groups are entitled to unscramble, and hence play back or otherwise display, of any digital content earmarked for end user devices 210 of these groups. Again, the subscription enables security module 220 to unscramble the digital content for each such end user device 210 . Obtaining a subscription preferably depends on payment of a subscription fee, which may optionally be a single, “one-time” fee, also optionally divided into term payments, or alternatively may only cover a time-limited subscription period. For any type of time-limited subscription, preferably each end user device 210 is only able to access or otherwise use the content for the period of time covered by the subscription, after which end user device 210 would preferably no longer be able to access the content. Such a limit to access by end user device 210 is optionally and more preferably implemented by providing a permission message and/or a code or key which is itself time-limited (as described in greater detail with regard to the implementation of a rental mechanism according to the present invention, for example). The subscription fee may optionally depend on any combination of group and individual subscriber properties, such as group affiliation or membership in other subscription groups for example.

[0060] Two special cases of this model are the “All” group case, and “zero subscription fee” case. A combination of these two cases amounts to “free content for all end user devices 210 ”.

[0061] For the second model, rental of digital content items, the access by the end user device may optionally be controlled according to time, number of times that the content item is displayed, or other rental parameters, for example. End user device 210 may optionally and more preferably store such information in a subfield of a purchase slot. This use of the purchase slots limits the number of rented pieces of content an end user device may store at any one time. For example, end user device 210 may optionally first receive a temporary key for accessing the scrambled digital content, which is sent from network control center 240 . The temporary key would preferably only be valid for a limited period of time, after which end user device 210 could no longer access the scrambled digital content, unless end user device 210 receives a permanent key. For example, the temporary key could optionally be an ECM, while the permanent key could optionally be a PECM.

[0062] For the third model, purchase of individual digital content items, an individual user may optionally and preferably purchase individual items or groups of items, with a variety of purchase mechanisms and methods. For example, the user may optionally be entitled to outright ownership of the digital content item, rental for a given period of time or a given number of renderings for play back or other display, and so forth. The purchase price may optionally be a function of any parameter within the system, including (but not limited to) group membership, other purchases, and time of purchase and/or download.

[0063] Both the subscription and “per item” purchase models, optionally with variations, may optionally and preferably co-exist within a single system, with parameters under control of network control center 240 and, to a certain extent, under the control of the user through end user device 210 . As previously noted, these parameters are more preferably stored in, and operated by, security module 220 of end user device 210 , or more preferably in removable security submodule, such as a smartcard for example (not shown).

[0064] It should be noted that both distribution models support superdistribution, in which content is delivered between end user devices 210 , rather than being sent from network control center 240 , with appropriate payment still being correctly distributed under the control of network control center 240 . Superdistribution, copy protection and media transfer, such as recording content in one end user device 210 and attempting to play this content in another end user device 210 , are all preferably subject to business rules which are set by network control center 240 for particular content, groups of users at end user devices 210 , or individual users at particular end user devices 210 .

[0065] Another form of superdistribution is for gifts, where the purchaser has paid for the rights and the content is delivered to end user device 210 of another user. One method would be to make the purchase from network control center 240 on behalf of the other end user device 210 . Network control center 240 would then send the content and appropriate code for accessing the content to the specific end user device 210 of the other user, and more preferably to security module 220 for that specific end user device 210 or more preferably in the removable security submodule as previously described.

[0066] Preferably the following specific distribution modes are implemented for the digital content: free, in which the digital content is optionally not scrambled or encrypted; permitted for decryption or other unscrambling to all valid end user devices 210 ; permitted for decryption or other unscrambling to end user devices 210 of subscribers, optionally according to their subscription level, for example for a group of subscribers; permitted for decryption or other unscrambling to a group of a plurality of end user devices 210 , such as for members of a family for example; and permitted for decryption or other unscrambling to a particular, individual end user device 210 . One significant advantage of the present invention is that all of these different distribution modes may optionally be maintained concurrently. Again, most preferably, these different distribution modes involve sending a code and/or other instructions to security module 220 for each end user device 210 .

[0067] FIG. 4 shows preferred embodiments of the system of FIG. 3 according to the present invention. As shown, a system 300 according to the present invention features an end user device 310 , for which a more detailed preferred embodiment is illustrated in FIG. 5 below. Briefly, end user device 310 is able to receive scrambled digital content and to unscramble the received digital content, if end user device 310 is authorized to do so. End user device 310 also preferably features security module 220 , as for FIG. 3 above. End user device 310 may also optionally be implemented with a combination of media device 100 , IRD 110 , and removable security element 120 for security module 220 , such as a smart card for example, as shown in background art FIG. 1 above. In this implementation, removable security element 120 is one example of a renewable security submodule, such as a smartcard for example.

[0068] Each end user device 310 receives the scrambled digital content from network control center 240 , which in this implementation includes all components behind a firewall 390 . Control over the distribution of content from network control center 240 is preferably located at a subscriber management system 370 , which determines the type of content which can be accessed by each end user device 310 and/or groups of end user devices 310 .

[0069] Preferably, the content is transmitted by a broadcast unit 320 , which is optionally implemented as a cable head end, for example, or alternatively as a Web server for serving Web pages, as another example. The Web server could also optionally serve other types of content as well, such as streaming video content for example, and is particularly preferred example for unicast distribution of content to a single end user device 310 . However, preferably, all end user devices 310 receive the same or substantially the same scrambled digital content from broadcast unit 320 , regardless of the implementation of broadcast unit 320 , such that the digital content can be stated to be broadcast or multicast. Another example for broadcast or multicast distribution is the transmission of digital television data over the appropriate channels. Superdistribution, or content transfer between end user devices 310 for peer-to-peer distribution, may be considered to be a sub-case of unidirectional distribution.

[0070] The broadcast digital content is scrambled in order to prevent access by unauthorized users through end user device 310 . Preferably, a content management unit 330 scrambles the digital content with an key to form scrambled content. More preferably, the scrambled digital content also features an ECM (entitlement control message), containing coded information for generating a control word in order to unscramble the digital content by end user device 310 , for example as described with regard to background art FIGS. 1 and 2 above. Each ECM is preferably generated by an ECM generator 340 , which is in communication with content management unit 330 as shown. More preferably, each ECM is also signed, and optionally and most preferably, is also encrypted.

[0071] Producing a key from the ECM, with which to scramble the distributed content, is more preferably performed through some type of one-way function, which most preferably receives at least a portion of the required input from the ECM. This one-way function is also most preferably shared by ECM generator 340 and security module 220 , yet is also preferably only known ECM generator 340 and security module 220 as a shared secret. Examples of suitable one-way functions are well known in the art (see for example the previously incorporated “Applied Cryptography” by Bruce Schneier, John Wiley 2nd ed. 1996).

[0072] According to preferred embodiments of the present invention, content management unit 330 encrypts and/or scrambles, optionally “off-line” rather than on-demand or in “real time”, all digital content files with a control word provided by ECM Generator 340 . Control management unit 330 may optionally then embed the actual ECM within the content. The control word is preferably derivable from the ECM using a method such as encryption or a one-way function as determined by security server 360 . In addition, security server 360 optionally contains a security mechanism with a replaceable algorithm synchronized with security module 220 in end user device 310 , as described in greater detail below with regard to FIG. 6 . Again, a preferred embodiment of security module 220 , or at least a preferred feature thereof, is a renewable security submodule, such as a smartcard for example (not shown). The renewable security submodule is itself preferably secured, such that information contained within this submodule is protected from unauthorized access.

[0073] Preferably, system 300 is implemented using two-tier encryption. The digital content to be delivered is optionally first encrypted by a “strong” algorithm A (for example, 3 DES), while the key (or control word) for that particular algorithm is preferably encrypted by using one of several more time-consuming algorithms, according to the intended purpose of the particular piece.

[0074] The scrambling and/or encryption key or keys, preferably together with the metadata describing the content and its intended uses through the previously described ECM, are more preferably delivered in encrypted and signed packet(s), optionally together with the content, to end user device 310 . The whole message (content, keys and metadata) is more preferably signed, optionally using message digest or other special methods for efficiency of processing, to prevent message changing.

[0075] According to preferred embodiments of the present invention, each ECM is also broadcast with the broadcast scrambled digital content by network control center 240 . However, each end user device 310 , and more preferably security module 220 , is only able to use the ECM to generate the control word, or otherwise to unscramble the scrambled digital content, according to some type of authorization. Again, as previously described, more preferably the renewable security submodule component of security module 220 performs the generation of the control word, or otherwise unscrambles the digital content according to the authorization.

[0076] Preferably, the authorization is determined automatically by security module 220 of end user device 310 according to one or more EMMs (entitlement management messages), which optionally and more preferably are directed specifically to a particular end user device 310 , or at least to a class or group of such end user devices 310 . Each EMM determines the entitlement or “rights” of any particular end user device 310 , and/or of security module 220 for any such end user device 310 , to unscramble the scrambled digital content, more preferably by determining access to the coded information in the ECM. Each EMM is preferably created and transmitted by an EMM generator 350 , and may optionally be delivered separately or together with the scrambled digital content. More preferably, each EMM is signed by a security server 360 , for example at the time of creation of the particular EMM. Security server 360 also preferably creates keys with a high degree of randomization, and also signs control messages (such as ECMs and EMMs).

[0077] Optionally and most preferably, security module 220 of end user device 310 , and particularly most preferably the renewable security submodule thereof (not shown), compares at least one requirement in the received ECM to at least one entitlement in one or more of the received EMMs, to determine if there is a sufficient match. If so, security module 220 of end user device 310 then preferably automatically proceeds to derive the required coded information in the received ECM for unscrambling the scrambled digital content. If there is not a sufficient match, then end user device 310 preferably cannot immediately unscramble the digital content, but optionally may apply to a subscriber management system 370 for receiving the EMM, as described in greater detail below.

[0078] Each EMM is delivered in packets which may optionally be delivered either separately or together with a given content package (scrambled digital content). EMMs are more preferably encrypted and/or signed for use by an individual end user device 310 and/or by a group of such end user devices 310 .

[0079] According to preferred embodiments of the present invention, system 300 also features a PECM generator 380 for generating a PECM (Personal ECM). Each PECM that is associated with a given file or portion of digital content preferably generates the same control word for that given digital content. However, preferably only a particular end user device 310 , and more preferably security module 220 of such a particular end user device 310 , is able to generate the control word from the associated PECM, such that passing the PECM to a different end user device 310 preferably does not enable such a different end user device 310 , and/or security module 220 of such a different end user device 310 , to generate the clear, unscrambled digital content for play back or other types of display. Each PECM is also optionally and preferably signed by security server 360 .

[0080] The preferred feature of the PECM optionally and preferably enables a user to purchase, use and optionally and more preferably record, a plurality of different files or portions of digital content. Indeed, the PECM enables end user device 310 to support an almost unlimited number of such files or portions of digital content. Each PECM is preferably sent to a particular end user device 310 , and is then persistently stored at that end user device 310 , more preferably in association with the digital content that is unscrambled, decrypted or otherwise unlocked with that PECM. Furthermore, this particular implementation of the PECM according to the present invention is not taught by the background art, as it combines the provision of permanent storage at end user device 310 with personalized unscrambling through communication with a central authority, in this case network control center 240 . Background methods for permanent storage through end user device 310 , such as those taught by European Patent Application No. EP 0858184 for example, do not include such a requirement for communication with a central authority.

[0081] End user device 310 preferably replaces one or more ECMs, which are preferably transient and locked into a particular configuration on end user device 310 , with one or more PECMs which are also as secure but which act autonomously. More preferably, such a replacement process occurs when end user device 310 connects to subscriber management system 370 , or alternatively to PECM generator 380 . In any case, if the replacement process occurs through subscriber management system 370 , subscriber management system 370 should have a database (not shown) of end user devices 310 for which PECMs have been requested and generated, but not yet delivered. Hence, this connection may optionally effectively restore the number of content items that the user may purchase and store on end user device 310 , thereby enabling the user to order more such items.

[0082] According to preferred embodiments of the present invention, a number of different components of network control center 240 may optionally operate in conjunction in order for permanent storage of the content to be effected through the PECM. For example, the content, the ECM, the EMM and even the PECM could all optionally be distributed by broadcast unit 320 . However, optionally and preferably only the content is distributed by broadcast unit 320 . Optionally, ECM generator 340 distributes the ECM, PECM generator 380 distributes the PECM and EMM generator 350 distributes the EMM. More preferably, each type of message is sent from the respective generator to subscriber management system 370 , which then distributes the message to the correct end user device 310 . Most preferably, the ECM is distributed with the content by broadcast unit 320 , while the EMM and the PECM are distributed by subscriber management system 370 .

[0083] The use of PECM's overcomes a number of problems with background art content distribution mechanisms, as they enable permanent storage at an end user device 310 to be performed while still giving control to a central authority such as network control center 240 , for example. The requirement for permanent storage results from a typical limitation of end user devices 310 , and more specifically of security modules 220 . Briefly, security module 220 preferably features a secure storage memory for storing such information as records of purchases of content, more preferably featured in the renewable security submodule (not shown), such as a smartcard for example. For greater rapidity of access, more preferably the secure storage memory is implemented as a plurality of purchase slots, each of which holds the record for a particular purchase (for example, by being associated with a particular ECM). Such purchase slots are known in the art for various types of content purchases through a network, such as for “pay television” for example. However, they have the clear disadvantage of being limited on end user device 310 , or indeed for any other type of device, and therefore may become filled. Thus, clearing these purchase slots enables more purchases to be performed and recorded on the purchase slots.

[0084] In order for the purchase slots to be cleared, preferably end user device 310 must receive the PECM, such that end user device 310 more preferably should connect repeatedly to network control center 240 for such PECM's. As soon as the PECM is received by end user device 310 , preferably the relevant purchase slot is cleared of the corresponding ECM and/or the associated information, such that the PECM preferably replaces the ECM at end user device 310 . More preferably, only the PECM is required by end user device 310 for access to, and display of, the digital content.

[0085] Two possible frameworks for ensuring repeated connection from end user device 310 to PECM generator 380 . In the unicast domain, for example if broadcast unit 320 is implemented as a Web server, end user device 310 may optionally be forced to connect periodically to fetch EMMs and PECMs. In the broadcast domain, end user device 310 may optionally display a purchase meter (similar to the battery meter on laptop computers), which denotes the number of purchases remaining. When only a few purchase slots are remaining, the user may choose to reconnect end user device 310 to PECM generator 380 to reset the purchase meter to the maximum number of available purchase slots by replacing each corresponding ECM at a purchase slot by the relevant PECM, such that each cleared purchase slot can then potentially hold a file or a record of a purchase of digital content (see FIG. 5 below for an explanation of such purchase slots).

[0086] According to preferred embodiments of this implementation of system 300 , as previously described, the original ECM optionally and preferably remains attached to the encrypted or otherwise scrambled digital content even after receipt of the PECM. This preferred embodiment is very important if the purchased digital content, together with attached ECMs and PECMs, are copied to another end user device 310 . The second end user device 310 would not be able to use the attached PECM, since this PECM is specific for the first end user device 310 . The second end user device 310 would then recognize the PECM as such, attempt to verify the PECM for unscrambling the digital content, and would then determine that the PECM is invalid for that end user device 310 . Next, the second end user device 310 would attempt to retrieve the embedded ECM and would then optionally perform various actions as indicated, for example by attempting to purchase the digital content from broadcast unit 320 , as described in greater detail below. In effect, this process results in superdistribution, wherein end user devices 310 themselves distribute the content, with subscriber management system 370 simply collecting the payment and reconciling accounts. However, it should be noted that the preferred requirement for maintaining the attachment of the ECM to the digital content is more preferably only intended to support superdistribution, such that the first end user device 310 , for which the PECM is relevant, preferably does not need to retain the ECM in order to access the digital content once the PECM has been received.

[0087] According to preferred embodiments of the present invention, in order to support “peer-to-peer” distribution or superdistribution between end user devices 310 , more preferably an end user device 310 which receives such content through this form of distribution also receives information about which network control center 240 should be contacted in order to obtain the requisite code or other permission message. Assuming that more than one such network control center 240 exists, more preferably the recipient end user device 310 either contacts such a network control center 240 which is the “regular” or “home” network control center 240 for that end user device 310 , or receives an address for the correct network control center 240 to be contacted for receiving the permission message. Such an address is optionally embedded in the ECM which is sent with the content itself.

[0088] According to other preferred embodiments of the present invention, the use of such entitlement messages supports a plurality of different business models for purchasing and managing digital content.

[0089] With regard to specific implementations with the entitlement message mechanism of the present invention, preferably the following specific distribution modes are implemented for the digital content: free, in which the digital content is optionally not scrambled or encrypted; permitted for decryption or other unscrambling to all valid end user devices 310 ; permitted for decryption or other unscrambling to end user devices 310 of subscribers, optionally according to their subscription level, for example for a group of subscribers; and permitted for decryption or other unscrambling to a particular, individual end user device 310 . Again, most preferably, these different modes are actually supported by, and performed at, security module 220 of end user device 310 .

[0090] Each EMM supports these different distribution models by optionally authorizing each end user to receive free and/or subscription digital content, or to purchase paid “per item” digital content. This support is preferably accomplished by sending a CA Service ID that identifies the rights to a particular content item to each end user device 310 . End user device 310 then compares the CA service ID to such an ID of the digital content item as the digital content item is received.

[0091] For example, for free content, an EMM containing a common CA service ID is preferably distributed to all valid end user devices 310 . For subscription content, an EMM containing a specific CA Service ID is preferably delivered to end user devices 310 of all users who have subscribed to a particular service. The CA Service ID corresponds to the particular service which has been ordered through a subscription to subscriber management system 370 . Preferably, each unit of content delivered through the service has a specific CA Service ID for identifying that unit of content, which could optionally include for example, an identifier for identifying the particular subscription service generally and another identifier for identifying the specific unit in particular.

[0092] For paid “per item” digital content, a EMM containing a particular CA Service ID is preferably sent to end user devices 310 of all users who are authorized to purchase this item.

[0093] For the superdistribution model and/or automated purchase of “per item” content, preferably the ECM is embedded in the digital content, and includes information related to the fact that this digital content is purchasable. In addition, the ECM also more preferably contains both the unique ID (identifier) for that paid content and a CA service identifier for the group which is allowed to receive this paid content. The embedded ECM also preferably includes all of the information necessary to determine the price and business model(s) which applies to that purchase: for instance, rental duration and associated pricing, number of renderings and associated pricing and/or price for outright ownership.

[0094] For superdistribution and/or per item purchase, preferably a preview portion may be freely played back or otherwise displayed, according to the same mechanism as for rendering the paid content. However, upon reaching the ECM in the digital content which requires payment, the end user is more preferably required to purchase this content through some user friendly interface, such as a purchase button or other GUI gadget of end user device 310 for example. If authorized, upon purchase, end user device 310 securely marks this purchase, for example by marking a purchase slot containing the unique ID of the content concatenated with a unique ID of end user device 310 and/or of security module 220 , and/or of renewable security submodule within security module 220 (see FIG. 5 below for an explanation). Upon play back or other display of this content after purchase, end user device 310 compares the unique content ID contained in the ECM of the digital content and the unique ID of end user device 310 , with the contents of the slots stored. If there is a match, the digital content is decrypted and rendered at the analog output.

[0095] This business model and technology is further supported through the optional but preferred provision of a sharing capability between members of a “family”, whether actual or created for the purposes of sharing content between a plurality of specific end user devices 310 . In order for such sharing to be enabled, preferably a plurality of secure tokens, such as smartcards for example, arc provided for deciphering PECMs encrypted to a common public key. Therefore, members of this group of end user devices 310 are all able to read the PECMs for the group. These tokens are designated “family members”, and are associated with a particular group of end user devices 310 . With regard to the business model, more preferably end user devices 310 which belong to a family are therefore able to share digital content.

[0096] New end user devices 310 may optionally be added into a family, by creation of a secure channel between a current family member end user device 310 and a new family member end user device 310 through a secure device, or optionally through an on-line facility such as by communication with network control center 240 . For direct “peer-to-peer” communication through the secure channel, preferably such a channel is implemented through encryption with a handshake procedure. In this handshake procedure, more preferably a part of a secret key is exchanged by each end user device 310 involved in the handshake procedure.

[0097] On the other hand, in order to prevent unlimited proliferation of family members and/or of shared content between such members, such members and/or such shared content are preferably limited according to one or more “reasonableness rules”. Many implementations of such rules are possible within the scope of the present invention. For example, there can optionally be a limit on the number of family members to which a token may belong. Also, generation marking within the tokens is optionally possible. There may also optionally be duplication limits for time, number of times content is played, and for cumulative play time for the content items. For example, a family member might only be able to make a certain number of copies of content, and/or might be restricted according to a period of time and/or end user device 310 activity between different instances of sharing of copies. More preferably, stricter limitations are placed on “second generation” family members which receive tokens and/or content from another family member. Family tokens may also optionally be registered in database, each having a unique ID. There may also optionally be an override of duplication limits, for example through communication with network control center 240 generally or subscription management system 370 specifically. Again, all of these different security functions at end user device 310 are preferably performed by security module 220 , and more preferably are performed by the renewable security submodule, as explained in greater detail below. These rules and security functions are intended to prevent commercially viable, illicit copying and distribution of content.

[0098] As shown with regard to FIG. 5 below, the management of entitlements, for example through one or more of addition, removal, invalidation, and status polling thereof, is preferably performed on a separate, secure “renewable” means of storage and computation, such as a smartcard, which comprises a component of security module 220 . Thus the entitlements may be delivered via several paths, including those mechanisms that do not involve the play back or display functions of end user device 310 directly, for example when performed by separate payments.

[0099] As shown, a portion of end user device 310 features various security components, in addition to a content external storage device 400 and a program external storage device 410 . Content external storage device 400 stores the digital content which has been received by end user device 310 . Program external storage device 410 stores instructions for operating end user device 310 . Both content external storage device 400 and program external storage device 410 preferably operate such that unencrypted content is not present outside of end user device 310 . More preferably, in the implementation in which the components of FIG. 5 are constructed in a single chip, the unencrypted or unscrambled content should not be present outside of such a single chip. Thus, external content memory in content external storage device 400 is encrypted (or scrambled), unencrypted data busses do not extend off-chip, and digital-to-analog conversion (D/A) is preferably performed on-chip.

[0100] The remaining components of end user device 310 which are shown in FIG. 5 are intended for security, and together form a security module 420 . Preferably, security module 420 features a renewable and/or removable security submodule 430 , which could be a smart card for example. Security module 420 may optionally and preferably prevent end user device 310 from operating if renewable security submodule 430 is not present, for example through communication according to software program instructions between renewable security submodule 430 and end user device 310 . In addition, renewable security submodule 430 may also optionally and more preferably be constrained from operating with any other end user device 310 .

[0101] Since the content decoding algorithms (as well as the decryption algorithms) may change over time, at least a part of the program instructions are preferably downloadable to program external storage device 410 . Any program that can access any of the security-related software or data must not be amenable to a change by non-authorized users. Such program instructions must therefore preferably be loaded only through a secure loader, requiring knowledge of secret passwords and procedures. More preferably, such a process of loading the program instructions is performed through a Zero Knowledge Test—type authentication, such as Fiat-Shamir, as described for example with regard to U.S. Pat. Nos. 4,748,668 and 4,933,970, which are hereby incorporated by reference as if fully set forth herein.

[0102] External program memory in program external storage device 410 , and a bus 440 connecting program external storage device 410 to security module 420 , are preferably encrypted to deter unauthorized users from reading the program instructions. Also preferably, external content memory in content external storage device 400 , and a bus 450 connecting content external storage device 400 to security module 420 , are encrypted to deter unauthorized users from accessing the content. Since the encryption scheme and/or keyword for the content memory are more amenable to analysis than that of the more-critical program memory, the two schemes (or at least their keywords) more preferably differ.

[0103] In addition, more preferably each individual end user device 310 has an individual set of keywords, so that bus readout on two different end user devices 310 from busses 440 and/or 450 , would yield different results. This result may optionally be achieved by generating random keywords for each end user device 310 by final test machinery during producti