[go: up one dir, main page]

WO2014177973A1 - Digital rights management - Google Patents

Digital rights management Download PDF

Info

Publication number
WO2014177973A1
WO2014177973A1 PCT/IB2014/060895 IB2014060895W WO2014177973A1 WO 2014177973 A1 WO2014177973 A1 WO 2014177973A1 IB 2014060895 W IB2014060895 W IB 2014060895W WO 2014177973 A1 WO2014177973 A1 WO 2014177973A1
Authority
WO
WIPO (PCT)
Prior art keywords
content item
volatile storage
address
decrypted
decrypted content
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IB2014/060895
Other languages
French (fr)
Inventor
Jin Qu
Zhifei CAI
Xin Ge
Jie Gu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Koninklijke Philips NV
Original Assignee
Koninklijke Philips NV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips NV filed Critical Koninklijke Philips NV
Publication of WO2014177973A1 publication Critical patent/WO2014177973A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management

Definitions

  • Embodiments of the present invention generally relate to digital rights management, and more particularly, to a method, apparatus, and computer program product for improving security of DRM protected digital contents.
  • DRM Digital rights management
  • reflowable content refers to the content that contains references of the content items instead of the content items per se.
  • a reflowable content may be a combination of different types of content items such as audio, video, text, and the like.
  • the reflowable contents are often organized based on web technology, for example, as HTML (Hypertext Markup Language) based web pages.
  • a content item may be referenced by an associated hyperlink that links to an address where the content item can be retrieved, for example.
  • the digital content reader application will first load all the content items from the referenced addresses and then render them.
  • At least some content items are encrypted and stored in encrypted format.
  • the digital content reader application loads the encrypted content items based on their references, the reader application will retrieve those contents from their respective linked addressees, decrypt the content items, and then render the content items to the end user. At this point, the decrypted content items are exposed to the risk of being accessed or obtained by an unauthorized party.
  • embodiments of the present invention propose a method, apparatus, and computer program product for digital rights management.
  • embodiments of the present invention provide a method for digital rights management.
  • the method comprises steps of: decrypting at least one encrypted content item of a digital content; storing the at least one decrypted content item in a volatile storage; and associating an identification of the at least one decrypted content item with an address of the at least one decrypted content item in the volatile storage.
  • Other embodiments in this aspect include a corresponding computer program product.
  • inventions of the present invention provide an apparatus for digital rights management.
  • the apparatus comprises: a decrypting unit configured to decrypt at least one encrypted content item of a digital content; a storing unit configured to store the at least one decrypted content item in a volatile storage; and an associating unit configured to associate an identification of the at least one decrypted content item with an address of the at least one decrypted content item in the volatile storage.
  • the risk of unauthorized access to the decrypted content item can be significantly reduced compared with the case where the decrypted content items are stored in a non- volatile storage such as a hard drive disk.
  • the space of the volatile storage allocated to the reader application is usually inaccessible to any other user applications. Therefore, an unauthorized party cannot use Trojan or malware to read out the decrypted content items from the volatile storage.
  • the reader application is enabled to locate, retrieve, and display the decrypted content items efficiently and effectively, thereby shortening the response time to the end user.
  • the proposed DRM solution is easy to be carried out since there is no need to embed a file manager into the reader application.
  • the reader application only needs to maintain the associations between the identification and address of decrypted content items. Accordingly, embodiments of the present invention can be implemented in connection with those existing reader applications, which is beneficial in terms of compatibility.
  • Figure 1 is a block diagram illustrating a system in which exemplary embodiments of the present invention can be implemented
  • Figure 2 is a schematic diagram illustrating an example of a DRM protected digital content in accordance with exemplary embodiments of the present invention
  • Figure 3 is a flowchart illustrating a method for digital rights management in accordance with an exemplary embodiment of the present invention.
  • Figure 4 is a block diagram illustrating an apparatus for digital rights management in accordance with an exemplary embodiment of the present invention.
  • embodiments of the present invention provide methods, apparatuses, and computer program product for digital rights management.
  • the at least one encrypted content item may be decrypted and stored in a volatile storage. Then an identification of each decrypted content item may be associated with its storage address in the volatile storage.
  • the reader application may efficiently and effectively locate, retrieve, and display those decrypted content items from the volatile storage while ensuring the data security.
  • the term “voltage storage” refers to the storage that requires power to maintain the data stored therein. In other words, volatile storage may retain the data as long as power supply is on, but when power supply is off or interrupted the stored data is lost. To the contrary, the term “non-volatile storage” refers to the storage that can retain stored data even when not powered.
  • the system 100 comprises a digital content reader application (or "reader application” in short) 101.
  • the digital content reader application 101 is configurable to present any suitable digital content to and possibly interact with the end user.
  • the reader application 101 comprises a browsing unit 102 configurable to render the digital content.
  • the browsing unit 102 may have the ability to display text, audio, video, and/or any other suitable format of data.
  • the browsing unit 102 may contain a browser which is capable of displaying digital contents as web pages.
  • the reader application 101 also comprises a DRM client 103 that is configurable to implement functionalities of digital rights management, which will be detailed below.
  • the reader application 101 may load a DRM protected digital content in which at least on content item is encrypted.
  • the DRM client 103 will first decrypt each encrypted content item of the digital content.
  • the digital content may contain the content items.
  • the content items can be directly read out from the digital content.
  • the digital content may be published in a reflowable format and only contains references (e.g., links) of the content items.
  • Figure 2 shows an example of a reflowable digital content in accordance with such embodiments.
  • the DRM digital content is a digital book which is composed by a group of content items including files or directories. Each content item has a unique identification and is referenced as links.
  • the reader application 101 may retrieve the content items from a repository 104 based on their respective references.
  • the repository 104 may be maintained by the digital content provider or distributor and may be located remotely from the reader application 101.
  • the repository 104 and the DRM client 103 may be connected and communicated with each other by, for example, a computer network such as a local area network ("LAN”), a wide area network (“WAN”) or the Internet, a communication network, a near field communication connection, or any combination thereof.
  • the DRM client 103 After obtaining the encrypted content items, the DRM client 103 operates to decrypts them. For example, the DRM client 103 may verify whether the end user has a DRM license for the digital content in question. To this end, the DRM client 103 may interact with the end user. If it is determined that the user has the right to enjoy the digital content, then the DRM client 103 will decrypt the encrypted content items of the digital content.
  • the information required for decryption, such as a decryption key(s) may be obtained from the digital content provider or the end user in advance or may be generated and obtained in a real-time manner. Details of how to obtain license for content and how to decrypt the encrypted content items are known in the art and therefore will not be detailed herein.
  • the decrypted content items Upon decryption, the decrypted content items will be stored such that the browsing unit displays them to the user.
  • the decrypted content items may be stored into a non- volatile storage like a disk drive.
  • the decrypted content items stored on in a hard disk drive which are in clear format without DRM protection, are likely to be accessed and/or obtained by an unauthorized party. For example, when the hard disk can be physically detached from the host computer, the data stored thereon can be read out. Moreover, even the content items are removed from the hard disk after the digital content is unloaded, such removed content items might be recovered by several recovery techniques.
  • the decrypted content items are stored in a volatile storage 105 as shown in Figure 1.
  • the volatile storage 105 may include, but not limited to, a memory, cache, or buffer associated with the host computer on which the reader application 101 resides.
  • the reader application 101 and the volatile storage 105 may be co-located in a single host computer.
  • any data stored in the volatile storage 105 will be automatically erased or removed when the host computer is powered off and/or the volatile storage 105 is detached from the host computer. As a result, an unauthorized party cannot illegally access the decrypted content items by detaching the volatile storage 105 away.
  • the reader application 101 can be provided with an exclusive access to the decrypted content item stored in the volatile storage 105 so as to further improve the data security.
  • the reader application may request the operating system, virtual machine hypervisor, or any other entity responsible for memory allocation to allocate a storage space 106 within the storage 105 as exclusive storage space. That is, only the reader application 101 may access the decrypted content items stored in the space 106 of the volatile storage 105, and any other applications cannot access data stored in the storage space 106.
  • the reader application 101 may register the operating system a unique identifier of the reader application 101, such that the operating system could determine the identity of the reader application 101 and denies access request to the storage space 106 from any other applications.
  • Technical details of how to request for an exclusive memory space are known in the art and therefore are not discussed herein.
  • the reader application 101 may be configured such that only the DRM client 103 is able to access the storage space 106. That is, event the browsing unit 102 of the reader application 101 cannot access the decrypted content items stored in the volatile storage 105. This may prevent an unauthorized party using virus, Trojan, and/or malware to attack the browsing unit 102 to access the protected content items.
  • the storage 105 may be the memory hosted by the operating system of the host computer.
  • security of the decrypted content items may be further improved because the operating system usually in nature prevents other user applications from accessing the storage space 106 allocated to the reader application 101. That is, the data security is managed not only at the user level but also at the system level.
  • anti-virus programs running on the operating system may provide further protection for the storage space 106.
  • the DRM client 103 every time when a decrypted content item of the digital content is stored in the memory space 106 of the volatile storage 105, the DRM client 103 associates an identification of the decrypted, stored content items with the address of that content item in the volatile storage 105 (more specifically, the memory space 106). For example, considering the example illustrated in Figure 2, after the DRM client 103 decrypts the file "Lalimba.mp3" and stores the decrypted audio file in the volatile storage 106 in the volatile storage 105, the virtual and/or physical address at which the decrypted audio file is stored may be returned to the DRM client 103. Then the DRM client 103 may create an association between the identification and storage address of the audio file.
  • the DRM client 103 may establish and maintain a mapping table.
  • the mapping table may be also stored in the volatile storage 105, for example, in the storage space 107.
  • the storage space 107 may be a secure space whose access right is only provided to the reader application 101 or the DRM client 103.
  • the mapping table may be stored in a volatile or non-volatile storage other than the storage 105.
  • the mapping table may be stored as a database table, an XML (Extensile Markup Language) file, a plain text, and so forth. The scope of the present invention is not limited in this regard.
  • Each entry in the mapping table maps the identification of a decrypted content item to an address in the storage 107 where that decrypted content item is stored.
  • An example of such mapping table is shown below, where the addresses "220" and "230" may indicate the starting virtual address where the corresponding decrypted content items are stored.
  • the association of the identification of a decrypted content item and its storage address in the volatile storage is not limited to the mapping table.
  • the storage where a decrypted content item is stored may be determined by the identification of that decrypted content item.
  • the DRM client 103 may use a mapping function to determine an address to store a decrypted content item, with the identification of that decrypted content item being a parameter. Any appropriate mapping functions can be used in connection with embodiments of the present invention and the scope of the invention is not limited in this regard.
  • the DRM client may set a dirty flag in relation to the address, thereby indicating that the address has been used to store the decrypted content item.
  • the associations may be established and maintained by means of the mapping function.
  • the reader application 101 may easily locate, retrieve, and render any decrypted content item while ensuring the data security. Specifically, it is unnecessary to adapt the reader application 101 to have a special file system to manage the decrypted content items. Instead, the reader application 101 only needs to manage the associations of identifications and storage address in the volatile storage. As a result, embodiments of the present invention may be easily practiced in connection with those existing reader applications, which is advantageous in terms of compatibility.
  • the browsing unit 101 may display the content items efficiently and effectively.
  • the DRM client 103 may determine whether an identification of the requested content item is associated any address in the volatile storage 105. For example, in some embodiments, the DRM client 103 may query the mapping table to check whether there is a mapping entry in relation to the requested content item. In alternative embodiments, the DRM client 103 may determine the address using the mapping function and check whether the dirty flag is set in relation to the determined address.
  • the requested content item can be directly retrieved the volatile storage according to the associated address.
  • the DRM client 103 may forward the address of the requested content item to the browsing unit 102 such that the browsing unit 102 retrieves the content item from the volatile storage 105.
  • the DRM client 103 may retrieve the decrypted content item from the volatile storage 105 and then forward the retrieved content item to the browsing unit 102.
  • the browsing unit 102 or the DRM client 103 may retrieve the requested content item based on its associated reference, for example, from the repository 104 and then display the content item.
  • those DRM protected content items that have been decrypted and stored in the volatile storage may be directly loaded from the volatile storage 105 in a secure and efficient manner, while the non-DRM protected content items of the digital content (if any) may be retrieved from the repository 104.
  • the adaptive retrieving scheme as described above may guarantee that the reader application 101 can easily and efficiently display content items of a DRM protected digital content while preventing any unauthorized use or access.
  • the DRM client 103 may be configured to actively remove the decrypted content items stored in the volatile storage 105.
  • the decrypted content items may be removed from the volatile storage in response to the reader application 101 closing the digital content.
  • associations of the identifications and storage addresses of the decrypted content items may be removed in response to the reader application 101 closing the digital content.
  • the mapping table may be removed when the reader application 101 closes the digital content.
  • FIG. 3 a flowchart of a method for digital rights management in accordance with embodiments of the present invention is shown. It will be appreciated that the instance of method 300 may be carried out by the DRM client 103 as described above with reference to Figure 1.
  • the at least one decrypted content item is stored in a volatile storage at step S302.
  • the volatile storage may be a memory managed by an operating system of the host computer on which the reader application resides.
  • step S303 an identification of the at least one decrypted content item is associated with an address of the at least one decrypted content item in the volatile storage.
  • the association may be generated by creating an entry in a mapping table stored in the volatile storage, where the entry maps the identification of the at least one decrypted content item to the address of the at least one decrypted content item in the volatile storage.
  • the reader application for the digital content may be provided with an exclusive access to the at least one decrypted content item stored in the volatile storage.
  • the method 300 may proceed to step S305 to determine, in response to a request for loading a content item of the digital content, whether an identification of the requested content item is associated an address in the volatile storage. If so, then the requested content item is retrieved from the address in the volatile storage at step S306 and the method proceeds to step S308. Otherwise, if the identification of the requested content item is associated with no address in the volatile storage, then at step S307, the requested content item is retrieved from a repository, for example, maintained by the digital content provider or distributor. The method 300 then proceeds to step S308.
  • step S308 the at least one decrypted content item from the volatile storage is removed in response to the digital content being closed.
  • the association of the identification of the at least one decrypted content item with the address of the at least one decrypted content item in the volatile storage is removed at step S309. The method 300 ends after step S309.
  • FIG 4 is a block diagram illustrating an apparatus for digital rights management in accordance with an exemplary embodiment of the present invention.
  • the apparatus 400 may reside at the DRM client 103 shown in Figure 1 or is otherwise associated with the DRM client 103, and may be configured to perform the method 300 described above with reference to Figure 3.
  • the apparatus 400 comprises a decrypting unit 401 configured to decrypt at least one encrypted content item of a digital content.
  • the apparatus 400 also comprise a storing unit 402 configured to store the at least one decrypted content item in a volatile storage, which may be a memory hosted by an operating system, for example.
  • the apparatus 400 comprises an associating unit 403 configured to associate an identification of the at least one decrypted content item with an address of the at least one decrypted content item in the volatile storage.
  • the associating unit 403 may comprise a mapping unit (not shown) configured to create an entry in a mapping table stored in the volatile storage, the entry mapping the identification of the at least one decrypted content item to the address of the at least one decrypted content item in the volatile storage.
  • a mapping unit (not shown) configured to create an entry in a mapping table stored in the volatile storage, the entry mapping the identification of the at least one decrypted content item to the address of the at least one decrypted content item in the volatile storage.
  • the apparatus 400 may further comprise an access controlling unit 404 configured to provide a digital content reader for loading the digital content with an exclusive access to the at least one decrypted content item stored in the volatile storage.
  • the apparatus 400 may further comprise a determining unit 405 configured to determine, in response to a request for loading a content item of the digital content, whether an identification of the requested content item is associated an address in the volatile storage; and a retrieving unit 406 configured to retrieve, in response to determining that the identification of the requested content item is associated with the address in the volatile storage, the requested content item from the address in the volatile storage.
  • the apparatus 400 may comprise a unit 407 configured to retrieve, in response to determining that the identification of the requested content item is associated with no address in the volatile storage, the requested content item from the address in the volatile storage.
  • the apparatus 400 may further comprise a content removing unit 408 configured to remove, in response to the digital content being closed, the at least one decrypted content item from the volatile storage.
  • the apparatus 400 may further comprise an association removing unit 409 configured to remove, in response to the digital content being closed, the association of the identification of the at least one decrypted content item with the address of the at least one decrypted content item in the volatile storage.
  • the risk of unauthorized access to the decrypted content item can be significantly reduced compared with the case where the decrypted content items are stored in a non-volatile storage such as a hard drive disk.
  • the space of the volatile storage allocated to the reader application is usually inaccessible to any other user applications.
  • an unauthorized party cannot use Trojan or malware to read out the decrypted content items.
  • the reader application is enabled to locate, retrieve, and display the decrypted content items efficiently and effectively, thereby shortening the response time to the end user.
  • the proposed DRM solution is easy to be carried out since there is no need to embed a file manager into the reader application, which is beneficial in terms of the compatibility of the reader application.
  • the various exemplary embodiments may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Some aspects may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device. While various aspects of the exemplary embodiments of the present invention are illustrated and described as block diagrams, flowcharts, or using some other pictorial representation, it will be appreciated that the blocks, apparatus, systems, techniques or methods described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
  • the apparatus 400 described above may be implemented as hardware, software/firmware, or any combination thereof.
  • one or more units in the apparatus 400 may be implemented as software modules.
  • some or all of the units may be implemented using hardware modules like integrated circuits (ICs), application specific integrated circuits (ASICs), system-on-chip (SOCs), field programmable gate arrays (FPGAs), and the like.
  • ICs integrated circuits
  • ASICs application specific integrated circuits
  • SOCs system-on-chip
  • FPGAs field programmable gate arrays
  • various blocks shown in Figure 3 may be viewed as method steps, and/or as operations that result from operation of computer program code, and/or as a plurality of coupled logic circuit elements constructed to carry out the associated function(s).
  • the method 300 may be implemented by computer program codes contained in a computer program tangibly embodied on a machine readable medium.
  • the present invention may be embodied as a computer program product comprising a computer program tangibly embodied on a machine readable medium, the computer program containing program codes configured to carry out the method 300 as detailed above with reference to Figure 3.
  • a machine readable medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
  • the machine readable medium may be a machine readable signal medium or a machine readable storage medium.
  • a machine readable medium may include but not limited to an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing.
  • machine readable storage medium More specific examples of the machine readable storage medium would include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
  • RAM random access memory
  • ROM read-only memory
  • EPROM or Flash memory erasable programmable read-only memory
  • CD-ROM portable compact disc read-only memory
  • magnetic storage device or any suitable combination of the foregoing.
  • Computer program code for carrying out methods of the present invention may be written in any combination of one or more programming languages. These computer program codes may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor of the computer or other programmable data processing apparatus, cause the functions/operations specified in the flowcharts and/or block diagrams to be implemented.
  • the program code may execute entirely on a computer, partly on the computer, as a stand-alone software package, partly on the computer and partly on a remote computer or entirely on the remote computer or server.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

Embodiments of the present invention relate to digital rights management. A method is proposed, comprising the steps of decrypting at least one encrypted content item of a digital content, storing the at least one decrypted content item in a volatile storage, and associating an identification of the at least one decrypted content item with an address of the at least one decrypted content item in the volatile storage. Corresponding apparatus and computer program product are also disclosed. In accordance with embodiments of the present invention, the DRM protected content items can be efficiently and effectively located, retrieved, and displayed while ensuring the data security.

Description

DIGITAL RIGHTS MANAGEMENT
FIELD OF THE INVENTION
[0001] Embodiments of the present invention generally relate to digital rights management, and more particularly, to a method, apparatus, and computer program product for improving security of DRM protected digital contents.
BACKGROUND OF THE INVENTION
[0002] In past decades, there has been an increasing demand for organizing and distributing digital contents like electronic magazines, videos, audios, and so forth. Digital rights management (DRM) technology is widely used to protect such digital contents. As known, DRM refers to the technology that inhibits any uses of digital contents that are not desired or permitted by the content provider or distributor. That is, DRM is used to ensure that only the authorized users can access the protected content based on the predefined rules.
[0003] Traditionally, DRM is used for protecting single purpose digital contents like audios, videos, textual files, and so on. However, to facilitate the creation and transmission of digital contents and to enable the interoperability of digital contents between disparate reading devices and applications, many digital contents are now generated and published in the form of reflowable contents. As used herein, the term "reflowable content" refers to the content that contains references of the content items instead of the content items per se. A reflowable content may be a combination of different types of content items such as audio, video, text, and the like. The reflowable contents are often organized based on web technology, for example, as HTML (Hypertext Markup Language) based web pages. For a web-based digital publication format, a content item may be referenced by an associated hyperlink that links to an address where the content item can be retrieved, for example. In use, the digital content reader application will first load all the content items from the referenced addresses and then render them.
[0004] How to protect such reflowable digital contents is a new challenge for DRM.
l For a DRM protected reflowable content, at least some content items are encrypted and stored in encrypted format. When the digital content reader application loads the encrypted content items based on their references, the reader application will retrieve those contents from their respective linked addressees, decrypt the content items, and then render the content items to the end user. At this point, the decrypted content items are exposed to the risk of being accessed or obtained by an unauthorized party.
[0005] In light of the foregoing, there is a need in the art for a solution for enhancing the security of DRM protected digital contents.
SUMMARY OF THE INVENTION
[0006] In order to address the foregoing and other potential problems, embodiments of the present invention propose a method, apparatus, and computer program product for digital rights management.
[0007] In one aspect, embodiments of the present invention provide a method for digital rights management. The method comprises steps of: decrypting at least one encrypted content item of a digital content; storing the at least one decrypted content item in a volatile storage; and associating an identification of the at least one decrypted content item with an address of the at least one decrypted content item in the volatile storage. Other embodiments in this aspect include a corresponding computer program product.
[0008] In another aspect, embodiments of the present invention provide an apparatus for digital rights management. The apparatus comprises: a decrypting unit configured to decrypt at least one encrypted content item of a digital content; a storing unit configured to store the at least one decrypted content item in a volatile storage; and an associating unit configured to associate an identification of the at least one decrypted content item with an address of the at least one decrypted content item in the volatile storage.
[0009] These embodiments of the present invention can be implemented to realize one or more of the following advantages. In accordance with embodiments of the present invention, the nature of volatile storage is utilized to improve the data security as well as the operation and interaction efficiency. Specifically, it is known that data stored in a volatile storage will be erased or removed when the host computer is powered off or the volatile storage is detached from the host computer. Moreover, it is relatively difficult to recover the data from a volatile storage after the data is removed. As a result, by storing decrypted content items of the DRM protected digital content in a volatile storage such as a memory, the risk of unauthorized access to the decrypted content item can be significantly reduced compared with the case where the decrypted content items are stored in a non- volatile storage such as a hard drive disk. Moreover, the space of the volatile storage allocated to the reader application is usually inaccessible to any other user applications. Therefore, an unauthorized party cannot use Trojan or malware to read out the decrypted content items from the volatile storage.
[0010] Further, by creating and managing the association between the identifications of decrypted content items and the addresses of decrypted content items in the volatile storage, the reader application is enabled to locate, retrieve, and display the decrypted content items efficiently and effectively, thereby shortening the response time to the end user. Additionally, the proposed DRM solution is easy to be carried out since there is no need to embed a file manager into the reader application. The reader application only needs to maintain the associations between the identification and address of decrypted content items. Accordingly, embodiments of the present invention can be implemented in connection with those existing reader applications, which is beneficial in terms of compatibility.
[0011] Other features and advantages of embodiments of the present invention will also be understood from the following description of exemplary embodiments when read in conjunction with the accompanying drawings, which illustrate, by way of example, sprite and principles of the present invention.
BRIEF DESCRIPTION OF THE DRAWINGS
[0012] The details of one or more embodiments of the present invention are set forth in the accompanying drawings and the description below. Other features, aspects, and advantages of the invention will become apparent from the description, the drawings, and the claims, wherein:
[0013] Figure 1 is a block diagram illustrating a system in which exemplary embodiments of the present invention can be implemented;
[0014] Figure 2 is a schematic diagram illustrating an example of a DRM protected digital content in accordance with exemplary embodiments of the present invention;
[0015] Figure 3 is a flowchart illustrating a method for digital rights management in accordance with an exemplary embodiment of the present invention; and
[0016] Figure 4 is a block diagram illustrating an apparatus for digital rights management in accordance with an exemplary embodiment of the present invention.
[0017] Throughout the figures, same or similar reference numbers indicates same or similar elements.
DETAILED DESCRIPTION OF EMBODIMENTS
[0018] In general, embodiments of the present invention provide methods, apparatuses, and computer program product for digital rights management. For a DRM protected digital content in which at least one content item is encrypted, the at least one encrypted content item may be decrypted and stored in a volatile storage. Then an identification of each decrypted content item may be associated with its storage address in the volatile storage. In this way, the reader application may efficiently and effectively locate, retrieve, and display those decrypted content items from the volatile storage while ensuring the data security.
[0019] As used herein, the term "voltage storage" refers to the storage that requires power to maintain the data stored therein. In other words, volatile storage may retain the data as long as power supply is on, but when power supply is off or interrupted the stored data is lost. To the contrary, the term "non-volatile storage" refers to the storage that can retain stored data even when not powered.
[0020] Reference is first made to Figure 1, where a block diagram illustrating a system 100 in which exemplary embodiments of the present invention can be implemented is shown. In accordance with embodiments of the present invention, the system 100 comprises a digital content reader application (or "reader application" in short) 101. The digital content reader application 101 is configurable to present any suitable digital content to and possibly interact with the end user. As shown, the reader application 101 comprises a browsing unit 102 configurable to render the digital content. The browsing unit 102 may have the ability to display text, audio, video, and/or any other suitable format of data. Specifically, in accordance with some embodiments, the browsing unit 102 may contain a browser which is capable of displaying digital contents as web pages. The reader application 101 also comprises a DRM client 103 that is configurable to implement functionalities of digital rights management, which will be detailed below.
[0021] In operation, the reader application 101 may load a DRM protected digital content in which at least on content item is encrypted. In response, the DRM client 103 will first decrypt each encrypted content item of the digital content. In some embodiments, the digital content may contain the content items. In these embodiments, the content items can be directly read out from the digital content. Alternatively, the digital content may be published in a reflowable format and only contains references (e.g., links) of the content items. Figure 2 shows an example of a reflowable digital content in accordance with such embodiments. In this example, the DRM digital content is a digital book which is composed by a group of content items including files or directories. Each content item has a unique identification and is referenced as links. Specifically, operations on a content item like encryption and decryption will not change the identification of that content item. Specifically, as shown in Figure 2, some of content items are encrypted for DRM protection (indicted by locks in the figure). In these embodiments, the reader application 101 may retrieve the content items from a repository 104 based on their respective references. The repository 104 may be maintained by the digital content provider or distributor and may be located remotely from the reader application 101. The repository 104 and the DRM client 103 may be connected and communicated with each other by, for example, a computer network such as a local area network ("LAN"), a wide area network ("WAN") or the Internet, a communication network, a near field communication connection, or any combination thereof.
[0022] After obtaining the encrypted content items, the DRM client 103 operates to decrypts them. For example, the DRM client 103 may verify whether the end user has a DRM license for the digital content in question. To this end, the DRM client 103 may interact with the end user. If it is determined that the user has the right to enjoy the digital content, then the DRM client 103 will decrypt the encrypted content items of the digital content. The information required for decryption, such as a decryption key(s), may be obtained from the digital content provider or the end user in advance or may be generated and obtained in a real-time manner. Details of how to obtain license for content and how to decrypt the encrypted content items are known in the art and therefore will not be detailed herein.
[0023] Upon decryption, the decrypted content items will be stored such that the browsing unit displays them to the user. Optionally, the decrypted content items may be stored into a non- volatile storage like a disk drive. However, those skilled in the art would readily appreciate that the decrypted content items stored on in a hard disk drive, which are in clear format without DRM protection, are likely to be accessed and/or obtained by an unauthorized party. For example, when the hard disk can be physically detached from the host computer, the data stored thereon can be read out. Moreover, even the content items are removed from the hard disk after the digital content is unloaded, such removed content items might be recovered by several recovery techniques.
[0024] Therefore, in accordance with embodiments of the present invention, the decrypted content items are stored in a volatile storage 105 as shown in Figure 1. The volatile storage 105 may include, but not limited to, a memory, cache, or buffer associated with the host computer on which the reader application 101 resides. In addition, the reader application 101 and the volatile storage 105 may be co-located in a single host computer.
[0025] As known, any data stored in the volatile storage 105 will be automatically erased or removed when the host computer is powered off and/or the volatile storage 105 is detached from the host computer. As a result, an unauthorized party cannot illegally access the decrypted content items by detaching the volatile storage 105 away.
[0026] Moreover, in accordance with some embodiments, the reader application 101 can be provided with an exclusive access to the decrypted content item stored in the volatile storage 105 so as to further improve the data security. For example, the reader application may request the operating system, virtual machine hypervisor, or any other entity responsible for memory allocation to allocate a storage space 106 within the storage 105 as exclusive storage space. That is, only the reader application 101 may access the decrypted content items stored in the space 106 of the volatile storage 105, and any other applications cannot access data stored in the storage space 106. In implementation, the reader application 101 may register the operating system a unique identifier of the reader application 101, such that the operating system could determine the identity of the reader application 101 and denies access request to the storage space 106 from any other applications. Technical details of how to request for an exclusive memory space are known in the art and therefore are not discussed herein.
[0027] Furthermore, in accordance with some embodiments, the reader application 101 may be configured such that only the DRM client 103 is able to access the storage space 106. That is, event the browsing unit 102 of the reader application 101 cannot access the decrypted content items stored in the volatile storage 105. This may prevent an unauthorized party using virus, Trojan, and/or malware to attack the browsing unit 102 to access the protected content items.
[0028] Specifically, in accordance with some embodiments of the present invention, the storage 105 may be the memory hosted by the operating system of the host computer. In these embodiments, security of the decrypted content items may be further improved because the operating system usually in nature prevents other user applications from accessing the storage space 106 allocated to the reader application 101. That is, the data security is managed not only at the user level but also at the system level. Besides, anti-virus programs running on the operating system may provide further protection for the storage space 106.
[0029] Continuing reference to Figure 1, every time when a decrypted content item of the digital content is stored in the memory space 106 of the volatile storage 105, the DRM client 103 associates an identification of the decrypted, stored content items with the address of that content item in the volatile storage 105 (more specifically, the memory space 106). For example, considering the example illustrated in Figure 2, after the DRM client 103 decrypts the file "Lalimba.mp3" and stores the decrypted audio file in the volatile storage 106 in the volatile storage 105, the virtual and/or physical address at which the decrypted audio file is stored may be returned to the DRM client 103. Then the DRM client 103 may create an association between the identification and storage address of the audio file.
[0030] In accordance with embodiments of the present invention, such association may be created in various ways. For example, in some embodiments, the DRM client 103 may establish and maintain a mapping table. The mapping table may be also stored in the volatile storage 105, for example, in the storage space 107. In these embodiments, like the storage space 106, the storage space 107 may be a secure space whose access right is only provided to the reader application 101 or the DRM client 103. Alternatively, the mapping table may be stored in a volatile or non-volatile storage other than the storage 105. For example, the mapping table may be stored as a database table, an XML (Extensile Markup Language) file, a plain text, and so forth. The scope of the present invention is not limited in this regard.
[0031] Each entry in the mapping table maps the identification of a decrypted content item to an address in the storage 107 where that decrypted content item is stored. An example of such mapping table is shown below, where the addresses "220" and "230" may indicate the starting virtual address where the corresponding decrypted content items are stored.
Figure imgf000009_0001
[0032] It should be noted that the association of the identification of a decrypted content item and its storage address in the volatile storage is not limited to the mapping table. For example, in some alternative embodiments, the storage where a decrypted content item is stored may be determined by the identification of that decrypted content item. For example, the DRM client 103 may use a mapping function to determine an address to store a decrypted content item, with the identification of that decrypted content item being a parameter. Any appropriate mapping functions can be used in connection with embodiments of the present invention and the scope of the invention is not limited in this regard. After the decrypted content item is stored at the determined address, the DRM client may set a dirty flag in relation to the address, thereby indicating that the address has been used to store the decrypted content item. In this way, the associations may be established and maintained by means of the mapping function.
[0033] By creating the association of identifications of decrypted content items and their respective addresses in the volatile storage 105, the reader application 101 may easily locate, retrieve, and render any decrypted content item while ensuring the data security. Specifically, it is unnecessary to adapt the reader application 101 to have a special file system to manage the decrypted content items. Instead, the reader application 101 only needs to manage the associations of identifications and storage address in the volatile storage. As a result, embodiments of the present invention may be easily practiced in connection with those existing reader applications, which is advantageous in terms of compatibility.
[0034] Moreover, the browsing unit 101 may display the content items efficiently and effectively. In operation, in response to receiving from the browsing unit 102 a request for loading a content item of the digital, the DRM client 103 may determine whether an identification of the requested content item is associated any address in the volatile storage 105. For example, in some embodiments, the DRM client 103 may query the mapping table to check whether there is a mapping entry in relation to the requested content item. In alternative embodiments, the DRM client 103 may determine the address using the mapping function and check whether the dirty flag is set in relation to the determined address.
[0035] In response to determining that the identification of the requested content item is associated with the address in the volatile storage 105, the requested content item can be directly retrieved the volatile storage according to the associated address. In some embodiments, the DRM client 103 may forward the address of the requested content item to the browsing unit 102 such that the browsing unit 102 retrieves the content item from the volatile storage 105. Alternatively, in those embodiments where the browsing unit 102 is prohibited to directly access the storage space 106 in the volatile storage 105, the DRM client 103 may retrieve the decrypted content item from the volatile storage 105 and then forward the retrieved content item to the browsing unit 102.
[0036] Otherwise, if the identification of the requested content item is associated with no address in the volatile storage 105, then it can be determined that the requested content item is not encrypted. Accordingly, the browsing unit 102 or the DRM client 103 may retrieve the requested content item based on its associated reference, for example, from the repository 104 and then display the content item.
[0037] In accordance with embodiments of the present invention, those DRM protected content items that have been decrypted and stored in the volatile storage may be directly loaded from the volatile storage 105 in a secure and efficient manner, while the non-DRM protected content items of the digital content (if any) may be retrieved from the repository 104. The adaptive retrieving scheme as described above may guarantee that the reader application 101 can easily and efficiently display content items of a DRM protected digital content while preventing any unauthorized use or access.
[0038] Further, though the decrypted content items in the volatile storage 105 will be automatically removed when the host computer is powered off or the storage 105 is detached from the host computer, in accordance with some embodiments of the present invention, the DRM client 103 may be configured to actively remove the decrypted content items stored in the volatile storage 105. For example, the decrypted content items may be removed from the volatile storage in response to the reader application 101 closing the digital content. Likewise, associations of the identifications and storage addresses of the decrypted content items may be removed in response to the reader application 101 closing the digital content. For example, in the embodiments where the association is embodied as a mapping table, the mapping table may be removed when the reader application 101 closes the digital content. By actively removing the stored decrypted content items and/or the associations, for example, in response to the closing of the digital content, it is possible to further reduce the risk that the DRM protected content items are accessed by any unauthorized party.
[0039] Now reference is made to Figure 3, where a flowchart of a method for digital rights management in accordance with embodiments of the present invention is shown. It will be appreciated that the instance of method 300 may be carried out by the DRM client 103 as described above with reference to Figure 1.
[0040] As shown, after decrypting the at least one encrypted content item of a digital content at step S301, the at least one decrypted content item is stored in a volatile storage at step S302. In some embodiments, the volatile storage may be a memory managed by an operating system of the host computer on which the reader application resides.
[0041] Next, the method 300 proceeds to step S303 where an identification of the at least one decrypted content item is associated with an address of the at least one decrypted content item in the volatile storage. For example, the association may be generated by creating an entry in a mapping table stored in the volatile storage, where the entry maps the identification of the at least one decrypted content item to the address of the at least one decrypted content item in the volatile storage.
[0042] In accordance with some optional embodiments, at step S304, the reader application for the digital content may be provided with an exclusive access to the at least one decrypted content item stored in the volatile storage.
[0043] In accordance with some optional embodiments, the method 300 may proceed to step S305 to determine, in response to a request for loading a content item of the digital content, whether an identification of the requested content item is associated an address in the volatile storage. If so, then the requested content item is retrieved from the address in the volatile storage at step S306 and the method proceeds to step S308. Otherwise, if the identification of the requested content item is associated with no address in the volatile storage, then at step S307, the requested content item is retrieved from a repository, for example, maintained by the digital content provider or distributor. The method 300 then proceeds to step S308.
[0044] At step S308, the at least one decrypted content item from the volatile storage is removed in response to the digital content being closed. Alternatively or additionally, in response to the digital content being closed, the association of the identification of the at least one decrypted content item with the address of the at least one decrypted content item in the volatile storage is removed at step S309. The method 300 ends after step S309.
[0045] Figure 4 is a block diagram illustrating an apparatus for digital rights management in accordance with an exemplary embodiment of the present invention. In accordance with embodiments of the present invention, the apparatus 400 may reside at the DRM client 103 shown in Figure 1 or is otherwise associated with the DRM client 103, and may be configured to perform the method 300 described above with reference to Figure 3.
[0046] As shown, in accordance with embodiments of the present invention, the apparatus 400 comprises a decrypting unit 401 configured to decrypt at least one encrypted content item of a digital content. The apparatus 400 also comprise a storing unit 402 configured to store the at least one decrypted content item in a volatile storage, which may be a memory hosted by an operating system, for example. Further, the apparatus 400 comprises an associating unit 403 configured to associate an identification of the at least one decrypted content item with an address of the at least one decrypted content item in the volatile storage. In some optional embodiments, the associating unit 403 may comprise a mapping unit (not shown) configured to create an entry in a mapping table stored in the volatile storage, the entry mapping the identification of the at least one decrypted content item to the address of the at least one decrypted content item in the volatile storage.
[0047] In some optional embodiments, the apparatus 400 may further comprise an access controlling unit 404 configured to provide a digital content reader for loading the digital content with an exclusive access to the at least one decrypted content item stored in the volatile storage.
[0048] In some optional embodiments, the apparatus 400 may further comprise a determining unit 405 configured to determine, in response to a request for loading a content item of the digital content, whether an identification of the requested content item is associated an address in the volatile storage; and a retrieving unit 406 configured to retrieve, in response to determining that the identification of the requested content item is associated with the address in the volatile storage, the requested content item from the address in the volatile storage. Optionally, the apparatus 400 may comprise a unit 407 configured to retrieve, in response to determining that the identification of the requested content item is associated with no address in the volatile storage, the requested content item from the address in the volatile storage.
[0049] In some optional embodiments, the apparatus 400 may further comprise a content removing unit 408 configured to remove, in response to the digital content being closed, the at least one decrypted content item from the volatile storage. Alternatively or additionally, in some optional embodiments, the apparatus 400 may further comprise an association removing unit 409 configured to remove, in response to the digital content being closed, the association of the identification of the at least one decrypted content item with the address of the at least one decrypted content item in the volatile storage.
[0050] It will be understood that various units in the apparatus 400 correspond to the steps of method 300 described above with reference to Figure 3, respectively. As a result, some sub-units are not shown in Figure 4 and all the features described with respect to Figures 1 and 3 are also applicable to the apparatus 400, which will not be detailed here. [0051] For the purpose of illustrating spirit and principle of the present invention, some specific embodiments thereof have been described above. In accordance with embodiments of the present invention, the nature of volatile storage is utilized to improve the data security as well as the operation and interaction efficiency. For example, by storing decrypted content items of the DRM protected digital content in a volatile storage such as a memory, the risk of unauthorized access to the decrypted content item can be significantly reduced compared with the case where the decrypted content items are stored in a non-volatile storage such as a hard drive disk. Moreover, the space of the volatile storage allocated to the reader application is usually inaccessible to any other user applications. As a result, an unauthorized party cannot use Trojan or malware to read out the decrypted content items. Further, the reader application is enabled to locate, retrieve, and display the decrypted content items efficiently and effectively, thereby shortening the response time to the end user. Additionally, the proposed DRM solution is easy to be carried out since there is no need to embed a file manager into the reader application, which is beneficial in terms of the compatibility of the reader application.
[0052] In general, the various exemplary embodiments may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Some aspects may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device. While various aspects of the exemplary embodiments of the present invention are illustrated and described as block diagrams, flowcharts, or using some other pictorial representation, it will be appreciated that the blocks, apparatus, systems, techniques or methods described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
[0053] For example, the apparatus 400 described above may be implemented as hardware, software/firmware, or any combination thereof. In some embodiments, one or more units in the apparatus 400 may be implemented as software modules. Alternatively or additionally, some or all of the units may be implemented using hardware modules like integrated circuits (ICs), application specific integrated circuits (ASICs), system-on-chip (SOCs), field programmable gate arrays (FPGAs), and the like. The scope of the present invention is not limited in that regard. [0054] Additionally, various blocks shown in Figure 3 may be viewed as method steps, and/or as operations that result from operation of computer program code, and/or as a plurality of coupled logic circuit elements constructed to carry out the associated function(s). For example, the method 300 may be implemented by computer program codes contained in a computer program tangibly embodied on a machine readable medium.
[0055] Specifically, in this regard, the present invention may be embodied as a computer program product comprising a computer program tangibly embodied on a machine readable medium, the computer program containing program codes configured to carry out the method 300 as detailed above with reference to Figure 3.
[0056] In the context of the present invention, a machine readable medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine readable medium may be a machine readable signal medium or a machine readable storage medium. A machine readable medium may include but not limited to an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of the machine readable storage medium would include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
[0057] Computer program code for carrying out methods of the present invention may be written in any combination of one or more programming languages. These computer program codes may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor of the computer or other programmable data processing apparatus, cause the functions/operations specified in the flowcharts and/or block diagrams to be implemented. The program code may execute entirely on a computer, partly on the computer, as a stand-alone software package, partly on the computer and partly on a remote computer or entirely on the remote computer or server. [0058] Further, while operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are contained in the above discussions, these should not be construed as limitations on the scope of any invention or of what may be claimed, but rather as descriptions of features that may be specific to particular embodiments of particular inventions. Certain features that are described in this specification in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable sub-combination.
[0059] Various modifications, adaptations to the foregoing exemplary embodiments of this invention may become apparent to those skilled in the relevant arts in view of the foregoing description, when read in conjunction with the accompanying drawings. Any and all modifications will still fall within the scope of the non-limiting and exemplary embodiments of this invention. Furthermore, other embodiments of the inventions set forth herein will come to mind to one skilled in the art to which these embodiments of the invention pertain having the benefit of the teachings presented in the foregoing descriptions and the drawings.
[0060] Therefore, it will be appreciated that the embodiments of the invention are not to be limited to the specific embodiments disclosed and that modifications and other embodiments are intended to be included within the scope of the appended claims. Although specific terms are used herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims

WHAT IS CLAIMED IS:
1. A method (300) for digital rights management, comprising steps of:
decrypting (S301) at least one encrypted content item of a digital content;
storing (S302) the at least one decrypted content item in a volatile storage; and associating (S303) an identification of the at least one decrypted content item with an address of the at least one decrypted content item in the volatile storage.
2. The method according to Claim 1, wherein the step of associating (S303) an identification of the at least one decrypted content item with an address of the at least one decrypted content item in the volatile storage comprises a step of:
creating an entry in a mapping table stored in the volatile storage, the entry mapping the identification of the at least one decrypted content item to the address of the at least one decrypted content item in the volatile storage.
3. The method according to Claim 1, further comprising steps of:
determining (S305), in response to a request for loading a content item of the digital content, whether an identification of the requested content item is associated an address in the volatile storage; and
retrieving (S306), in response to determining that the identification of the requested content item is associated with the address in the volatile storage, the requested content item from the address in the volatile storage.
4. The method according to Claim 1, further comprising a step of:
providing (S304) a reader application for the digital content with an exclusive access to the at least one decrypted content item stored in the volatile storage.
5. The method according to Claim 1, further comprising a step of:
removing (S308), in response to the digital content being closed, the at least one decrypted content item from the volatile storage.
6. The method according to Claim 1, further comprising a step of:
removing (S309), in response to the digital content being closed, the association of the identification of the at least one decrypted content item with the address of the at least one decrypted content item in the volatile storage.
7. The method according to any of Claims 1 to 6, wherein the volatile storage is a memory managed by an operating system.
8. An apparatus (400) for digital rights management, comprising:
a decrypting unit (401) configured to decrypt at least one encrypted content item of a digital content;
a storing unit (402) configured to store the at least one decrypted content item in a volatile storage; and
an associating unit (403) configured to associate an identification of the at least one decrypted content item with an address of the at least one decrypted content item in the volatile storage.
9. The apparatus according to Claim 8, wherein the associating unit (403) comprises:
a mapping unit configured to create an entry in a mapping table stored in the volatile storage, the entry mapping the identification of the at least one decrypted content item to the address of the at least one decrypted content item in the volatile storage.
10. The apparatus according to Claim 8, further comprising:
a determining unit (405) configured to determine, in response to a request for loading a content item of the digital content, whether an identification of the requested content item is associated an address in the volatile storage; and
a retrieving unit (406) configured to retrieve, in response to determining that the identification of the requested content item is associated with the address in the volatile storage, the requested content item from the address in the volatile storage.
11. The apparatus according to Claim 8, further comprising:
an access controlling unit (404) configured to provide a digital content reader for loading the digital content with an exclusive access to the at least one decrypted content item stored in the volatile storage.
12. The apparatus according to Claim 8, further comprising:
a content removing unit (408) configured to remove, in response to the digital content being closed, the at least one decrypted content item from the volatile storage.
13. The apparatus according to Claim 8, further comprising:
an association removing unit (409) configured to remove, in response to the digital content being closed, the association of the identification of the at least one decrypted content item with the address of the at least one decrypted content item in the volatile storage.
14. The apparatus according to any of Claims 8 to 13, wherein the volatile storage is a memory managed by an operating system.
15. A computer program product comprising a computer program tangibly embodied on a machine readable medium, the computer program containing program codes configured to carry out the method according to any of Claims 1-7.
PCT/IB2014/060895 2013-05-03 2014-04-22 Digital rights management Ceased WO2014177973A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNPCT/CN2013/075124 2013-05-03
CN2013075124 2013-05-03

Publications (1)

Publication Number Publication Date
WO2014177973A1 true WO2014177973A1 (en) 2014-11-06

Family

ID=50693712

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2014/060895 Ceased WO2014177973A1 (en) 2013-05-03 2014-04-22 Digital rights management

Country Status (1)

Country Link
WO (1) WO2014177973A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210135853A1 (en) * 2019-10-31 2021-05-06 Samsung Sds Co., Ltd. Apparatus and method for data security

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120102317A1 (en) * 2010-10-21 2012-04-26 Rimage Corporation Secure content distribution
US20120226915A1 (en) * 2011-03-04 2012-09-06 James Mitch Zollinger Content Playback APIS Using Encrypted Streams

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120102317A1 (en) * 2010-10-21 2012-04-26 Rimage Corporation Secure content distribution
US20120226915A1 (en) * 2011-03-04 2012-09-06 James Mitch Zollinger Content Playback APIS Using Encrypted Streams

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
ANONYMOUS: "include/drm/drm_framework_common.h - platform/frameworks/av - Git at Google", 1 January 2010 (2010-01-01), XP055126328, Retrieved from the Internet <URL:https://android.googlesource.com/platform/frameworks/av/+/27ed8ad2db653f6ac07dcf8bcc05e2409c8bb024/include/drm/drm_framework_common.h> [retrieved on 20140702] *
OMA DIGITAL RIGHTS MANAGEMENT: "OMA Digital Rights Management, DRM Specification Version 2.0", DRM SPECIFICATION, XX, XX, 16 July 2004 (2004-07-16), pages complete, XP002335532 *
OSHANI SENEVIRATNE ET AL: "Policy-Aware Content Reuse on the Web", 25 October 2009, THE SEMANTIC WEB - ISWC 2009, SPRINGER BERLIN HEIDELBERG, BERLIN, HEIDELBERG, PAGE(S) 553 - 568, ISBN: 978-3-642-04929-3, XP019132827 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210135853A1 (en) * 2019-10-31 2021-05-06 Samsung Sds Co., Ltd. Apparatus and method for data security

Similar Documents

Publication Publication Date Title
US11841956B2 (en) Systems and methods for data lifecycle protection
US10216522B2 (en) Technologies for indirect branch target security
US8954752B2 (en) Building and distributing secure object software
US20230080528A1 (en) Smart data protection
US8200961B2 (en) Securing a flash memory block in a secure device system and method
US8578175B2 (en) Secure object having protected region, integrity tree, and unprotected region
KR102820165B1 (en) Integrity tree for memory integrity checking
US9172532B1 (en) Multi-tiered encryption system for efficiently regulating use of encryption keys
US20120131336A1 (en) Automatic Secure Escrowing of a Password for an Encrypted File or Partition Residing on an Attachable Storage Device that the Device can be Unlocked Without User Intervention
CA3214199A1 (en) Ransomware prevention
CN104834835B (en) A kind of general digital rights protection method under windows platform
CN110447032A (en) Memory page translation monitoring between hypervisor and virtual machine
US10009399B2 (en) Asset streaming and delivery
CN102750233A (en) Encrypting and storing confidential data
EP1536307B1 (en) Encryption of system paging file
US20090031142A1 (en) System, Method and Computer Program Product for Processing a Memory Page
KR20090051107A (en) Computer-implemented methods, information processing systems, and computer-readable recording media for securely storing the context of a program
US20160292085A1 (en) Protecting storage from unauthorized access
US20170364684A1 (en) In-memory attack prevention
CN107430555A (en) Cache and data tissue for memory protection
US20130325805A1 (en) System and method for tagging and securely archiving patient radiological information
US20120144500A1 (en) Method and apparatus for protecting data using a virtual environment
US20160292086A1 (en) Protecting contents of storage
WO2014177973A1 (en) Digital rights management
US9069776B1 (en) Serving encrypted and plain data from a low latency non-volatile memory

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14723484

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14723484

Country of ref document: EP

Kind code of ref document: A1