MXPA06008255A - Method of authorizing access to content - Google Patents

Abstract

A method of and source device (410) for authorizing access to content (425) by a sink device (400) in accordance with usage rights, the content being stored on a storage medium (420) controlled by the source device. The revocation status of the sink device is verified using the most recently issued revocation information that is available if the usage rights need to be modified as part of the authorization of access to the content, and using revocation information associated with the content stored on the storage medium, preferably the revocation information stored on the storage medium, otherwise. The revocation information on the storage medium, or only the part relating to the sink device, is optionally updated to the most recently issued revocation information if the usage rights need to be modified. Preferably this is done only if the result of the verification is that the sink device has been revoked.

Description

METHOD OF AUTHORIZATION OF ACCESS TO CONTENT DESCRIPTION OF THE INVENTION The invention relates to a method of authorizing access to content by means of a destination device in accordance with rights of use, the content being stored in a storage medium controlled by a device. source. The invention also relates to a source device arranged to carry out the method. Digital media has become popular carriers for various types of data information. Computer software and audio information, for example, are widely available on optical compact discs (CDs) and recently DVDs have also gained distribution share. CDs and DVDs use a common standard for digital recording of data, software, images and audio. Additional means, such as recordable discs, solid state memory, and the like, are making considerable gains in the software and data distribution market. The substantially higher quality of the digital format compared to the analog formats makes the previous ones more prone to unauthorized copies and piracy, in addition a digital format is easier and faster to copy. The copying of a stream of digital data, whether compressed, uncompressed, encrypted or unencrypted, Ref .: 172486 typically does not result in any appreciable loss of data quality. Therefore the digital copy is essentially unlimited in terms of copying multiple generations. On the other hand, the analog data with its loss of signal to noise ratio with each sequential copy, are naturally limited in terms of copying multiple generations and mass. The advent of recent popularity in the digital format has also brought a great number of systems and methods of copy protection and digital rights management (DRM, for its acronym in English). These systems and methods use technologies such as encryption, watermarking, and rights descriptions (for example, rules for accessing and copying data). One way to protect content in the form of digital data is to ensure that content will only be transferred between devices if • The receiving device has been authenticated as an accepted device, and • The content user has the right to transfer (move and / or copy) ) that content to another device. If content transfer is allowed, this will typically be done in an encrypted form to ensure that the content can not be illegally captured in a useful format from the transport channel, such as a bus between a CD-ROM drive and a personal computer. (Guest) . The technology for authenticating and transferring encrypted content is available and is called a secure authenticated channel (SAC). In many cases, an SAC is established using an Authentication and Key Exchange (A E) protocol that is based on public key cryptography. Standards such as the International Standard ISO / IEC 11770-3 and ISO / IEC 9796-2 are often used, and public key algorithms such as RSA and dispersion algorithms such as SHA-1. To establish an SAC, each device typically contains a unique encryption key that is used in a request / response protocol with another device to calculate a temporary, mutually shared key. The two devices subsequently use this shared key to protect the exchanged content and the use of rights information. Through the lifetime of the DRM or the content protection system, the unique encryption key of one or more devices may be at risk (eg, becomes public knowledge, or is used incorrectly in another way). In order to repair such damage, the SAC establishment protocol typically contains means to revoke the keys at risk. For this purpose, the system licensor maintains a revocation list of all devices at risk. In the initial stages of the SAC establishment protocol, each device must ensure that the other device is not on the revocation list. The revocation lists can be established in two ways. In the "blacklist" approach, devices that have been revoked are listed, and then a device is revoked if it appears in the blacklist. The "white list" approach is the opposite. In this approach the device is revoked if it does not appear in the whitelist. In this document, "being revoked" or "being on the revocation list" means "appearing on the blacklist" or "not appearing on the whitelist" depending on which approach is used. The ways of efficiently maintaining and distributing revocation lists are described in the international patent application WO 03/107588 (proxy control number PHNL020543) and in the international patent application WO 03/107589 (proxy control number PHNL020544). International patent application WO 01/42886 (proxy control number PHA 23871) describes an efficient way to combine a contact list and a revocation list. In order to maintain an adequate level of security, a device should not communicate with a device at risk. Otherwise, a user could exploit the device at risk to release content from the content protection system. To achieve this level of security, each device must store an instance of the revocation issued most recently in the internal memory, and verify if any device with which communication is desired does not appear in this revocation list. One problem with this approach is that a whole collection of content may become non-reproducible after a device stores a more recently issued instance of the revocation list. To explain this, consider the following scenario in which a player (for example, a DVD-Video player) is connected to an image rendering device (for example, a PC running an appropriate software). Suppose now in this scenario that the image rendering device has been put at risk and therefore has been added to the revocation list. Then, after the player has received a copy of the revocation list that revokes the device for representing images at risk, a user can no longer use the image representation device to reproduce any piece of the content of his collection. Since the distribution of the revocation list occurs beyond the control of the user, this is unkind to the user. To avoid this problem, in an alternative approach the devices always use the instance of the revocation list that is pre-recorded in the storage medium (such as optical discs), instead of an internally stored instance. This means that if a particular combination of media, player and rendering device is authorized to play the protected content once, that combination is always authorized to play the protected content. An example of a system that uses this approach is the Recordable Media Content Protection (CPRM) system. However, a problem with this alternative approach is that a user can exploit "old" media, which contains an expired instance of the revocation list, to release content from the content protection system (for example, using a tool software that contains one or more of the unique encryption keys at risk, which are not revoked in those media). An object of the invention is to provide a method of conformance with the preamble which provides a balance between the security requirements and the user's requirements. From a security perspective, the amount of content at risk (that is, content that has been released from the content protection system) should be reduced or preferably eliminated. From a user's point of view, the system should behave in a predictable manner, that is, no sudden surprise such as having one (or several) own device (s) revoked (s) without doing anything wrong. This object is achieved according to the invention in a method comprising verifying the revocation status of the destination device using the most recently issued revocation information that is available if the usage rights need to be modified as part of the access authorization to the content , and otherwise using revocation information associated with the content stored in the storage medium. By using the most recently issued revocation information that is available, it ensures that the level of security remains as high as possible as long as the usage rights information is up to date. Using the revocation information associated with the content stored on the storage medium provides a user-friendly operation, in the sense that the reproduction is always certain that no unexpected revocation will occur. In one embodiment the revocation information that was applicable when the content was stored in the storage medium is used if the usage rights do not need to be modified. In particular, in this case revocation information stored in the storage medium can be used. In an additional embodiment the method comprises updating the revocation information recorded in the storage medium to the revocation information issued more recently if the usage rights need to be modified. Preferably only the part of the revocation information that relates to the destination device could be updated. Optionally the update is made only if the result of the verification is that the target device has been revoked. As a result, the revocation information recorded on the storage medium is overwritten when the content was recorded on the storage medium. From that moment, the altered device will always be detected as revoked, even if it is later used for accesses for which the rights of use do not need to be modified. In an additional embodiment the method comprises verifying the revocation status of the destination device using revocation information associated with the content stored in the storage medium only if the use rights do not need to be modified and the use rights grant unlimited permission to make copies of the content, and otherwise the most recently issued revocation information. This reduces the adverse effects of providing the content to a revoked device which makes a copy of the content. If unlimited permission is granted to make copies, then copies made by the revoked device are made legally. These and other aspects of the invention will be apparent and will be explained with reference to the illustrative embodiments shown in the figures, in which: Figure 1 shows a system comprising devices interconnected through a network; Figure 2 schematically illustrates a Public Request / Response Key protocol; Figure 3 schematically illustrates a diffusion-based protocol; and Figure 4 schematically shows an exemplary embodiment of the invention in which a source device authenticates a target device. Throughout the figures, the same reference numbers indicate similar or corresponding characteristics. Some of these features indicated in the drawings are typically implemented in software, and as such represent software entities, such as modules or software objects. System Architecture Figure 1 schematically shows a system 100 comprising the devices 101-105 interconnected through a network 110. In this embodiment, the system 100 is a home network. A typical home digital network includes a number of devices, for example a radio receiver, a tuner / decoder, a CD player, a pair of speakers, a television, a VCR, a tape console, and so on. These devices are usually interconnected to allow one device, for example, the television, to control another, for example, the VCR. A device, such as, for example, the tuner / decoder or a decoding receiver (STB), is usually the central device, which provides centralized control over the others. The content, which typically comprises such things as music, songs, movies, TV shows, images, books and the like, but which also includes interactive services, is received through a residential gateway or decoder receiver 101. The content could also enter the home through other sources, such as storage media or discs or using portable devices. The source could be a connection to a broadband cable network, a connection to the Internet, a satellite downlink, and so on. The content can then be transferred through the network 110 to a destination device for representation. A target device may be, for example, the television screen 102, the portable display device 103, the mobile telephone 104 and / or the audio reproduction device 105. The exact form in which a content item is represented It depends on the type of device and the type of content. For example, in a radio receiver, the representation comprises generating audio signals and feeding them to loudspeakers. For a television receiver, the representation generally comprises generating audio and video signals and feeding them to a display screen and speakers. For other types of content, an appropriate similar action must be taken. The representation may also include operations such as decryption or decoding of a received signal, audio and video synchronization signals, and so on. The decoding receiver 101, or any device in the system 100, may comprise a storage medium SI such as a suitably large hard disk, allowing the recording and subsequently playback of the received content. The storage medium SI could be a Personal Digital Recorder (PDR) of some kind, for example a DVD + RW recorder, to which the decoder receiver 101 is connected. The content can also enter the system 100. stored in a carrier 120 such as a compact disc (CD) or a Digital Versatile Disc (DVD). The portable display device 103 and the mobile telephone 104 are connected wirelessly to the network 110 using a base station 111, for example using a Bluetooth or IEEE 802.11b. The other devices are connected using a conventional wired connection. To allow the 101-105 devices to interact, several interoperability standards are available, which allow different devices to exchange messages and information and to control each other. A well-known standard is the Audio / Video Domestic Interoperability standard (HAVi)., for its acronym in English), version 1.0 which was published in January 2000, and which is available on the Internet at http://www.havi.org/. Other well-known standards are the domestic digital bus standard (D2B), a communications protocol described in IEC 1030 and Universal Plug and Play (http://www.upnp.org). It is important to make sure that the 101-105 devices in the home network do not make unauthorized copies of the content. For this, a security structure is needed, typically called the Digital Rights Management System (DRM). In one such structure, the home network is conceptually divided into a conditional access domain (CA) and a copy protection domain (CP). Typically, the destination device is located in the CP domain. This ensures that when the content is provided to the target device, unauthorized copies of the content can not be made due to the copy protection scheme instead of the CP domain. Devices in the CP domain may include a storage medium for making temporary copies, but such copies may not be exported from the CP domain. This structure is described in the European patent application 01204668.6 (control number of the proxy PHNL010880) by the same applicant of the present invention. Regardless of the specific approach chosen, all the devices in the home network that implement the security structure do so in accordance with the implementation requirements. By using this structure, devices can authenticate each other and distribute content securely. Access to content is managed by the security system. This prevents unprotected content from leaking "out of suspicion" to unauthorized devices and from entering the system data that originates from untrusted devices. The technology to perform the authentication of the device and the transfer of encrypted content is available and is called secure authenticated channel (SAC, by its acronym in English). In many cases, an SAC is established using an Authentication and Key Exchange (AKE) protocol that is based on public key cryptography. Standards such as the International Standard ISO / IEC 11770-3 and ISO / IEC 9796-2, and public key algorithms such as RSA and dispersion algorithms such as SHA-1 are frequently used. In general there are three types of such authentication protocols which are not based on a universal secret: 1. Requirement / response authentication, such as protocols based on the establishment of a secure authenticated channel (SAC), which are only supported by the bidirectional communication channels. 2. Zero Knowledge Protocols, such as those of Fiat-Shamir, Guillou-Quisquater (see US patent 5,140,634, proxy control number PHQ 087030), and Schnorr, are also supported on bidirectional channels, and 3. Broadcast encryption , which works in both unidirectional and bidirectional channels.

In a broadcast encryption protocol, authentication is usually closely linked to the transfer of the content decryption key. For this purpose, each participant has a unique set of cryptographic keys. Here, these keys are called secret keys. The individual secret keys can be included in the sets of many participants. The editor creates a message that contains the content decryption key. This message is encrypted using the secret keys in such a way that only a subset of participants can decrypt the content key. Participants who can decipher the content key are implicitly authenticated. Participants who are not in the subset, and who therefore can not decipher the content key, are revoked. For example, for the unidirectional channel from the editor to the player, a broadcast encryption technology based on a hierarchical tree of cryptographic keys can be used. The broadcast message is called EKB. The decryption key contained in the EKB is called the Root Key. For more information, see: • D.M. Wallner, E.J. Harder, and R.C. Agee, "Key Management for Multicast: Issues and Architectures", Request for Comments ("Password Management for Multicasting: Problems and Architecture ", Request for Comments) 2627, June 1999. • C.K. Wong, M. Gouda, and S. Lam," Secure Group Communications Using Key Graphs "(Secure Group Communications Using Key Charts), Memoirs of SIG-COMM 1998, ACM Press, New York, pages 68-79. Notation The following notation will be added to this document: • Px = the public key belonging to X • Sx = > the private key belonging to X • C = E [K, M] = > Encrypted text C is the result of encrypting the message M with the key K • M '= D [K, C] = > simple text M 'is the result of deciphering C with the key K • CertA = Signature [SB, A] = > Certificate CertA is the result of signing the message A with the private key SB Requirement / Response based on the Public Key protocol. In the Public Request / Response Key protocol, a user A (which can be a device) wants to authenticate / authenticate with user B (which can also be a device). For that purpose A has received from a Licensing Authority (LA) the following: • A public-private key pair. { PASS} (Of course LA also provides other information such as a module that defines the finite field in which the calculations are made) For a brief reference to this information is omitted) • A Certificate CertA = Signature [SLA, A || PA], where SA is the private key of LA All users (A and B) receive the public key from the licensing authority PLA The protocol is indicated in figure 2. It works in general in the following way: 1. A identifies itself same with B providing its identifier, in this case the serial number A, its public key PA, and its LA certificate. 2. B verifies the public key and identifies A of the certificate, using the public key of LA, PLA. If required, B verifies that A and PA are not revoked: that is, they appear in a whitelist or do not appear in a blacklist. If true, B proceeds by generating a random number r, and sends it to A. 3. A responds by signing (encrypting) r with his private key SA in a Certr certificate and returns the result to B. 4. Using the public key PA of A, B verifies that the content of the certificate is identical to the number r, and that it sent in stage 2. If it is correct, A has proved that it has the secret key that belongs to the public key PA, it is say is A. Stage 1 can be postponed until stage 3, so that only two passes are needed. To achieve mutual authentication, the protocol can be repeated with the entities performing the steps reversed. The stages can also be exchanged, for example, the first stage 1 with A providing its identifier to B, then stage 1 with B providing its identifier to A, and similarly for the other stages. A variant of this protocol is one where B sends the random number r encrypted with the public key of A. It then demonstrates the knowledge of its secret key, deciphering the received number r and returning it to B. After authentication, a common key needs to be established, which can be done in a variety of ways. For example, A selects a random number s and encrypts it with PB, and sends it to B. B can decrypt it with SB to s, and both parties can use s as a common key. It is clear that at least the protocol requires a private key operation of both parties, and maybe 2 or more depending on the exact protocol of establishing the bus key. Cryptography of the public key requires a substantial computing power. This is usually not a problem for a guest such as a personal computer. However, for a peripheral device such as a CD-ROM drive, a handheld computer or a mobile phone, resources are of great value. A solution to this problem is presented in the European patent application serial number 03101764.3 (control number of the proxy PHNL030753). Protocols based on Diffusion In a protocol based on diffusion, a user A again wishes to authenticate with another user B. For this purpose, the LA provides the user with: • a set of device keys. { KA ?, ..., an} / whose set is unique to A. and to user B: • another set of device keys. { KB ?, ..., KBn} , whose set is unique to B. The LA distributes to both users a so-called key block, known under various names such as "MKB" (CPRM / CPPM), "EKB" (Sapphire), "RKB" (BD-RE CPS) , "KMB" (xCP). From this moment, we will refer to it as EKB. The EKB is, for example, distributed in optical media, or via the Internet. It is built in such a way that devices that have not been revoked can extract a root key from its key block, which will be the same for all these devices. The revoked devices will only get meaningless things when they use their device keys (revoked). For an illustration of the protocol, refer to Figure 3. Work as follows. 1. Both A and B calculate the secret Krai code in the EKB with their respective device keys. If they are not revoked, both will get KraiZ. B generates a random number r, and sends it to A. 2. A encrypts the number received with the secret extracted from the EKB and returns the result s to B. 3. B deciphers s and verifies that the result is r. To achieve mutual authentication, the protocol can be repeated with the entities performing the inverted stages.

The steps may also be interchanged, for example, the first stage 1 with A providing its identifier to B, then stage 1 with B providing its identifier to A, and similarly for the other stages. Note that B does not verify that A is who he claims to be, but only that A knows KraiZ, that is, A has not been revoked by the LA. Authentication based on broadcast encryption is very cheap and fast because it requires only cost-efficient symmetric cryptography. However, in the case where B is the guest software of the PC, the protocol is vulnerable to an insidious attack. Note that, contrary to the previous section, in order to verify the integrity of A, the PC software also needs to know Kráiz. Now the software is frequently altered, and this means that root could be extracted from the software and published on a website, allowing a hacker to configure itself to authenticate successfully. Such software is difficult to revoke, because there are no device keys published in the attack. After a few devices have been tampered with and their device keys have been recovered, hackers can make their own (new) EKBs so that devices once revoked are reverted to non-revoked devices. To counteract this, EKBs are often signed with the private key of the LA, so that the violation can be detected immediately. Administration of the Revocation In order to maintain an adequate level of security, a device must not communicate with a device at risk. In the initial stages of the SAC establishment protocol, each device must ensure that the other device is not on the revocation list. For this purpose, the devices have access to revocation information in the form of this list or a derivative thereof. For example, a device with limited storage capacity can store only part of the list. The revocation information can be obtained in a variety of ways. It can be recorded on a storage medium, in such a way that it can be read by devices in which the medium is inserted. This medium could also store content, or engage in the storage of revocation information. The revocation information can be distributed through a network connection using a distribution mechanism similar to those of viruses. A server can be configured with devices that can send questions that relate to the revocation status of a particular device. The server will determine if the particular device has been revoked and send an appropriate response. The invention will now be explained in the manner of an example embodiment in which a source device authenticates a target device. This embodiment is illustrated in Figure 4. In Figure 4, the source device is a DVD read / write (DVD + RW) 410 installed in the target device which is a personal computer 400. The source device 410 controls access to the content 425 such as a movie recorded on a DVD 420. An application 430 running on the personal computer 400 wants to access this content 425. For this purpose it must communicate with the source device 410, typically via the operating system 440 which establishes an interface between the various components in the personal computer 400. By protecting the content, the source device 410 will only grant the requested access if it can successfully authenticate the target device 400. Granting access may involve supplying the content through a bus on personal computer 400 to application 430 in protected or unprotected form. As part of the authorization to access the 425 content, the usage rights information may need to be updated. For example, a counter that indicates how many times the content can be accessed may need to be decreased. A one-time reproduction right may need to be erased or have its status set to "invalid" or "used"A so-called ticket could also be used. See U.S. Patent 6,601,046 (Proxy Control Number PHA 23636) for more information on ticket-based access. This user rights update can be done by the source device 410 or by the destination device 400. In this authentication process, the source device 410 verifies the revocation status of the target device 400. For this purpose it comprises a verification module of revocation status 415, typically conformed as a software program. Verification of revocation status involves the use of revocation information. There are multiple versions of the revocation information available. A version may be stored in the storage medium 420 together with the content 425. Another version may be available in a different storage medium. Another version may have been transmitted to the source device 410 through a network. These versions probably differ from each other. The source device 410 can determine which one is the most recent by comparing the edition dates of the respective versions. If the usage rights need to be modified, the source device 410 uses the most recently issued revocation information that is available. This ensures that the level of security is kept as high as possible as long as the rights to use information is updated. A malicious hacker can not now use a revoked device to, for example, make a recording of the content with a one-time playback right. Because the source device 410 uses the most recent revocation information, authentication with the altered device will fail because the device is revoked. In this case, optionally the revocation information recorded on the storage medium 420 is updated to the most recently issued revocation information. As a result, the revocation information recorded on the storage medium 420 is overwritten when the content 425 is recorded on the storage medium 420. From then on, the altered device will always be detected as revoked, even when it is later used for accesses for which the rights of use do not need to be modified. This mode may also result in the revocation of other devices than the target device 400. To avoid this, it may be desirable to update only the revocation information that is related to the target device 400. In this form, only the target device 400 is "private" of the content 420 in the storage medium 425. If the usage rights do not need to be modified, the source device 410 uses revocation information associated with the content stored in the storage medium. This provides a user-friendly operation, in the sense that the reproduction is always secure as no unexpected revocation takes place. Preferably, the version of the revocation information stored on the storage medium 420 is used. This revocation information can be dated from the time the content 425 was recorded on the storage medium 420, or it may have been updated as explained above. . Alternatively, the revocation information from another source that was applicable when the content was stored on the storage medium 425 is used. For example, after determining the date on which the data was stored, the source device 410 may select a version. with an edition date that is more similar to that date. The revocation information may also have another identifier that allows the source device 410 to determine whether it was applicable when the content was stored on the storage medium 425. When using "old" revocation information, there is a risk that the content 420 will provide a device at risk - and therefore revoked - which produces copies without restrictions of use. If the usage rights associated with the content 420 only grant permission for reproduction for example, the target device should be prevented from making a copy. In this situation, the rights of use do not need to be modified and therefore the "old" revocation information would be used, that is, a less recent version than the most recent version available. To solve this particular problem, the use of the "old" revocation information should be restricted to only those situations in which the rights of use do not need to be modified and grant unlimited permission to make copies of the content 420. It should be noted that the aforementioned modalities they illustrate rather than limit the invention, and that those skilled in the art will be able to design many alternative embodiments without departing from the scope of the appended claims. For example, the devices. they do not have to be personal computers and DVD read / write drives, or even guest devices and peripheral devices.

Any device that is required to authenticate another device and / or to authenticate itself with that other device can benefit from the present invention. The content can be distributed in any medium or through any transport channel. For example, the content can be distributed in an instant storage medium or via a USB cable. The device that transmits or receives the content through the SAC can perform verifications to see if it is allowed to transmit or receive. For example, the content may have a watermark that indicates that copies can not be made. In such case a transmission or reception must be blocked even if a SAC was successfully established. The devices could be part of a so-called authoritative domain in which more liberal copying rules can apply. In authorized domains, SACs are also commonly used to establish the transfer of secure content between domain members. See, for example, international patent application WO 03/047204 (proxy control number PHNL010880) and international patent application WO 03/098931 (proxy control number PHNML020455). To allow (prospective) users of such devices to determine the revocation status of their equipment, the method of conformance with international patent application WO 03/019438 (proxy control number PHNL010605) can be used. The invention is preferably implemented using software running on the respective devices and arranged to execute the protocol according to the invention. For this purpose the devices comprise a processor and a memory for storing the software. Preferably secure software is used to, for example, store cryptographic keys. A smart card can be provided with such a processor and a memory. The smart card can be inserted in a device to allow the device to use the invention. Of course the invention can also be implemented using special circuits, or a combination of dedicated circuits and software.

In the claims, any reference sign placed between parentheses should not be considered as limiting the claim. The word "comprises" does not exclude the presence of elements or stages different from those listed in the claim. The word "a" or "an" that precedes an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising different elements, and by means of a properly programmed computer. In claiming the system that enumerates several means, several of these means may be represented by one and by the same hardware article. The simple fact that certain measures are mentioned in mutually different dependent claims does not indicate that a combination of these measures can not be used advantageously.

It is noted that in relation to this date, the best method known to the applicant to carry out the aforementioned invention, is that which is clear from the present description of the invention.

Claims (1)

CLAIMS Having described the invention as above, the content of the following claims is claimed as property: 1. A method of authorizing access to content by means of a destination device in accordance with rights of use, the content being stored in a medium of storage controlled by a source device, characterized in that it comprises: verifying the revocation status of the destination device it employs: the most recently issued revocation information that is available if the use rights need to be modified as part of the authorization to access the content, otherwise revocation information associated with the content stored in the storage medium. The method according to claim 1, characterized in that the revocation information that was applicable when the content was stored in the storage medium is used if the usage rights do not need to be modified. The method according to claim 1 or 2, characterized in that the revocation information stored in the storage medium is used if the usage rights do not need to be modified. The method according to claim 3, characterized in that it comprises updating the revocation information recorded in the storage medium to the most recently issued revocation information if the usage rights need to be modified. 5. The method according to claim 4, characterized in that it comprises only updating the part of the revocation information that is related to the destination device. 6. The method according to claim 4 or 5, characterized in that the update is performed only if the result of the verification is that the destination device has been revoked. The method according to claim 1, characterized in that it comprises verifying the revocation status of the destination device using revocation information associated with the content stored in the storage medium only if the use rights do not need to be modified and the rights of the user. Use grants unlimited permission to make copies of the content, and otherwise the most recently issued revocation information. 8. A source device arranged to authorize access to the content by means of a destination device in accordance with rights of use, the content being stored in a storage medium controlled by the source device, characterized in that the source device comprises: means of verification of the revocation status to verify the revocation status of the destination device using: the most recently issued revocation information that is available if the use rights need to be modified as part of the authorization to access the content, otherwise, information of revocation associated with the content stored on the storage medium. The source device according to claim 8, characterized in that the revocation status verification means is arranged to use revocation information that was applicable when the content was stored in the storage medium if the use rights do not need to be modified . The source device according to claim 8, characterized in that the revocation status verification means is arranged to verify the revocation status of the destination device using revocation information associated with the content stored in the storage medium only if the rights of use do not need to be modified and the rights of use grant unlimited permission to make copies of the content, and otherwise the most recently issued revocation information. 11. A computer program product characterized in that it is arranged to cause the processor to execute the method according to claim

1.