This invention relates to an off-line digital media player for making digital content data, such as digitally recorded audio visual items such as movies or cinematograph films, educational programmes, documentary and information programs available to users off-line under controlled circumstances. The invention also relates to an off-line digital media player system and a method of enabling playing out, off-line, digital content data.

Set-top boxes comprising demodulators for demodulating satellite transmissions and/or digital terrestrial transmissions or cable transmissions are known in the art. These set-top boxes may hence be used to receive and play-out satellite and other transmissions. However, for some applications and users these known set-top boxes are unnecessarily complex and/or sophisticated and hence too expensive. In parts of the world, there is currently not sufficient internet connectivity available to enable users to download selectable digital content data for viewing at a user station, such as at home. Furthermore, in some developing and least developed parts of the world there is no internet connectivity at all, and this may remain the position for an indefinite period. The applicant has identified the need to make user selectable digital content data available to end users in a controlled yet affordable manner, without the need for any connectivity. OBJECT OF THE INVENTION

Accordingly, it is an object of the present invention to provide an off-line digital media player, an off-line digital media player system and a method of enabling playing out, off-line, digital content data with which the applicant believes the aforementioned disadvantages or shortcomings may at least be alleviated or which may provide a useful alternative for the known players, systems and methods.

SUMMARY OF THE INVENTION

According to the invention there is provided an off-line digital media player comprising:

- a near field data communication interface for receiving at least one digital media item comprising (i) content data which is encrypted with a digital rights management ("DRM") key of a DRM regime ("DRM encrypted data"); and (ii) secure data comprising data relating to a first time window of a first predetermined length and the DRM key;

- a first processor for processing the secure data to extract therefrom the data relating to the first time window and the DRM key;

- a real time clock ("RTC") cooperating with the first processor to enable off-line decryption during the first time window only of the DRM encrypted data utilizing the extracted DRM key; and - an output stage for making the decrypted data available to an output device.

The near field data communication interface may be configured to cooperate with a physical transportable data storage device, such as a USB flash drive or memory stick, Secure Digital (SD) card etc, carrying the at least one digital media item to download the at least one digital media item off-line into the digital media player.

The first time window may be a rental time period of the DRM encrypted data.

The first processor may be configured in cooperation with the RTC to enable decryption of the DRM encrypted data only during part or parts of the first time window overlapping in time with a second time window which has a length longer than the first predetermined length.

The digital media player may comprise a second processor for decrypting the DRM encrypted data utilizing the DRM key.

Also included within the scope of the invention is an off-line digital media player system comprising:

- a terminal for dispensing digital content data items; and - at least one off-line digital media player, the off-line digital media player comprising:

- a near field data communication interface for receiving at least one digital media item comprising (i) a digital content data item which is encrypted with a digital rights management ("DRM") key of a DRM regime ("DRM encrypted data"); and (ii) secure data comprising data relating to a first time window having a predetermined first length and the DRM key;

- a first processor for processing the secure data to extract therefrom the data relating to the first time window and the DRM key;

a real time clock ("RTC") cooperating with the first processor to enable off-line decryption during the first time window only of the DRM encrypted data utilizing the extracted DRM key; and

an output stage for making the decrypted data available to an output device.

The system may comprise at least one physical transportable data storage device configured to cooperate with the terminal for downloading onto the storage device at least one digital media item comprising a user selectable content data item and to interface with the near field data communication interface of the digital media player to make the at least one digital media item available to the digital media player, off-line.

The secure data may further comprise data relating to the time on which the at least one digital media item was downloaded onto the storage device. The secure data may still further comprise data relating to a second time period commencing on or after the time on which the at least one digital media item was downloaded onto the storage device and which second time window has a length longer than the first predetermined length.

The first processor may be is configured in cooperation with the RTC to enable decryption of the DRM encrypted data only during part or parts of the first time window overlapping in time with the second time window.

Yet further included within the scope of the invention is a method of enabling playing out, off-line, digital content data that is protected by a digital rights management "DRM") regime, the method comprising the steps of:

at a terminal for dispensing user selectable digital content data items, causing to be dispensed a digital media item comprising (i) a digital content data item which is encrypted with a DRM key ("DRM encrypted data") and (ii) secure data comprising data relating to a first time window of a first predetermined length and the DRM key;

at a user station

causing the digital media item to be received off-line; processing the secure data and extracting therefrom the data relating to the first time winding and the DRM key;

enabling off-line decryption during the first time window only of the DRM encrypted data utilizing the extracted DRM key; and

providing the decrypted data to an output device.

The digital media item may be dispensed by downloading the item onto a physical transportable data storage device and the digital media item may be received off-line at the user station by placing the physical transportable data storage device into data communication with a near field data communication interface of an off-line digital media player.

The method may also comprise the step of, at the terminal, including in the secure data, data relating to the time on which the digital data item is dispensed. ?

The method may include the step of, during the processing step, utilizing as a security mechanism, the data in the secure data relating to the time on which the digital item is dispensed. The first time window may be a rental time period of the DRM encrypted data.

The method may comprise the step of enabling a user at the user station selectively to break up the first time window in a plurality of time spaced viewing time slots collectively having the first predetermined length and wherein decryption of the DRM encrypted data is enabled only during time slots of the first time window overlapping with a second time window which has a length longer than the first predetermined length. The second time window may be a continuous time window commencing on or after the time on which the digital data item is dispensed.

The secure data may comprise data relating to the second time window.

The secure data may be contained in a certificate that is encrypted and verified by a digital signature. BRIEF DESCRIPTION OF THE ACCOMPANYING DIAGRAMS

The invention will now further be described, by way of example only, with reference to the accompanying diagrams wherein:

figure 1 is a high level block diagram of a system for making digital content data available to a plurality of user stations;

figure 2 is a basic block diagram of an off-line digital media player, a portable data storage device and a monitor;

figure 3 is a basic block diagram of one example embodiment of the off-line digital media player, the portable data storage device and the monitor;

figure 4 is a basic block diagram of another example embodiment of the off-line digital media player with an output data converter; figure 5 is a basic block diagram of another example embodiment of the off-line digital media player, a remote control unit associated therewith, the portable data storage device and the monitor;

figure 6 is a block diagram of one example embodiment of the off-line digital media player; and

figures (7a) and (b) are time line diagrams associated with a method of playing out, off-line, digital content data. DESCRIPTION OF A PREFERRED EMBODIMENT OF THE INVENTION A system for making digital content data available to one of a plurality of end user stations, is generally designated by the reference numeral 10 in figure 1.

The system 10 comprises, at a top level, a source 12 comprising a processor 14 for receiving the digital content data and for generating source encrypted data 1 1 comprising the content data encrypted with a content encryption key (CEK) 15. The digital content data may comprise, but is not limited to, digitally recorded audio visual items such as movies or cinematograph films, educational programmes, documentary and information programs etc.

The system comprises a plurality of distributed intermediate stations 18.1 to 18. n (also referred to herein as terminals) and a plurality of user stations 26.1 to 26. m.

The system and method of making the content data available to the user stations in a controlled manner may be based on that described in the applicant ^' s international application which was published under number WO 2009/147646. The contents of the specification of that application are incorporated herein by this reference. A data transmission path 20 extends between the source 12 and the intermediate stations 18.1 to 18. n for forwarding the source encrypted data 1 1 to any targeted intermediate station. Hence, the intermediate stations or terminals 18.1 to 18. n are preferably on-line with the source 12.

It will be appreciated that at the source 12, a plurality p of data items, each comprising different content data, such as a different movie, are encrypted with a respective unique CEK 15. However, before a content data item is so encrypted, it may already have been MPEG or the like encoded and/or typically was made subject to rules of a digital rights management (DRM) regime, by being encrypted with a DRM key. The CEK encryption at the source 12 does not affect the aforementioned MPEG encoding or DRM regime. Hence, imposed DRM rules remain intact. Any subset of source encrypted data 1 1 .1 to 1 1 . p relating to each of p movie titles may be transmitted to any combination of intermediate stations 18.1 to 18. n. It will be appreciated that each item of source encrypted data 1 1 comprises at least movie data encrypted with the unique CEK associated with the movie, and data relating to the CEK. The source encrypted data items 1 1 .1 to 1 1 .n may be stored in a database at, or, accessible by each intermediate station 18.1 to 18. n. Users are provided with a respective portable data storage devices (PSD) 24.1 to 24. m. A user or subscriber wanting to view one or more of the movies obtainable from the intermediate station, visits the station carrying her portable data storage device 24.1 with her and downloads onto the PSD at least one digital media item comprising selected content data which is DRM and CEK encrypted as aforesaid and secure data associated therewith, as will be described in more detail below. The selected content data may be played out at the user station utilizing the DMP 34.1 . The PSD 24.1 is configured to be brought into data communication with processing and decryption means housed in a respective digital media player (DMP) 34.1 to 34. m at the user stations 26.1 to 26. m. Hence, each user station 26.1 to 26. m comprises a respective off-line DMP 34.1 to 34. m providing a near field communication interface, to enable a user to bring the PSD into data communication with the DMP.

In figure 2 there is shown a basic block diagram of the DMP 34.1 . The DMP comprises the near field communication interface 50 for receiving offline from the PSD 24.1 at least one digital media item. The DMP comprises a processing means 52 for reconstructing the CEK and for decrypting the CEK encrypted data and thereafter the DRM encrypted data, as will be described in more detail below. The DMP also comprises a formatting processor 54 for translating the decrypted data into an output format suitable for delivery to or rendition on the monitor 38.1. A proviso is that the DMP does not include a demodulator for demodulating any one of satellite transmissions, digital terrestrial transmissions and cable transmissions, thereby making the DMP a small, simple and cheap device for enabling the user to play out the data, but in a controlled manner, including subject to any DRM rules that have been imposed on the content, as will be explained hereinafter.

In the embodiment in figure 3, the PSD 24.1 is a conventional USB memory device comprising a USB connector 56 which is receivable in a

USB socket 58 on the DMP. The processor 54 is configured to format the decrypted data in a form suitable for a High-Definition Multimedia Interface (HDMI) using High-bandwidth Digital Content Protection (HDCP). In the embodiment shown in figure 4, the DMP 134 is associated with a convertor 60 for converting the HDMI format to a form suitable for an AV output or an IP interface.

In the embodiment shown in figure 5, the DMP 234 comprises a real time clock 62 and a sensor or part 64 cooperating with a wireless remote control unit ("RCU") 66. The RCU 66 comprises data entry means 68 for enabling a user at a user station to input to the DMP, by means of a display on the monitor, data relating to any one or more of: a selected one of a plurality of digital media stems to be played out; a selected output data format; and secret share data required to reconstruct the CEK, for example.

Referring to figure 6, the DMP 400 comprises a central processing unit (CPU) 402, memory 404, a near field communication interface 406, an infra red (IR) or RF4CE receiving interface 408 associated with a RCU 410 and an output stage 412. The output stage 412 comprises a TV sink device, such as a HDMI 414 using HDCP, which is connectable to a monitor or TV 416.

A secure and tamper proof first local processor 418 and RTC 420 (with back-up battery 422) and associated control hardware and software manage all aspects of a local rental time management universe (RTMU), similar to what would happen in an on-line system that is connected to the internet and able to offer keys and controls through this connection. The main difference is that DMP 400 is an off-line device that issues keys and time stamps based on an initial seed in the form of a secure certificate which is obtained from an on-line kiosk or terminal 18.1 to 18. n which is connected to the internet as described above. This certificate together with the DRM and CEK encrypted content data form part of the digital media item, which is carried manually to the DMP 400 using the PSD 422 as described above. The DMP with RTMU offer a rental service provider a secure off-line device that manages aspects of a rental service (including a rental time period (RTP), also referred to herein as a first time window of a first predetermined length) without interfering with the DRM regime. It allows the secure delivery of keys and controls during the rental time period. Hence, the DMP manages the fulfillment during the rental time period of any and all DRM rules that were imposed on content data by the aforementioned DRM encryption thereof. The DMP is able to play content using any standard DRM such as (Merlin or MS Playready) and in addition offers the ability to manage the rental time period off-line without the need for connectivity to an on-line server controlling the DRM keys.

To achieve this, the RTC 420 maintains two time universes namely an accurate real time Coordinated Universal Time (UTC) clock that may be adjusted to local time and a local off-line universal time device (OUTD). Effectively, the OUTD offers an off-line heartbeat that controls or times out the rental time period. These universes are managed by both the hardware and software on the DMP in a secure and tamper proof manner. More particularly, the UTC clock and the OUTD are both controlled locally on the DMP 400 and use the battery backed tamper proof or resistant RTC 420 to control time, even if the DMP is removed from normal operational mode and power. Data relating to the rental time period ( also referred to herein as the first time window) forms part of the secure data stored in the aforementioned certificate format (see certificate 13 in figure 1 ), for example X509 certificate format, which adheres to cryptographic principals using open standard encryption, authentication and verification techniques such as PKI. The secure data may further comprise data relating to the time on which the digital media item was downloaded onto the PSD at the kiosk, data relating to a second time window P ₂ , which is a continuous time window having a length longer that the rental time period and commences on or after the aforementioned time of downloading, the DRM key and metadata regarding content.

Once the DMP 400 is presented with the digital media item, the first processor 418 processes and decodes the secure data using suitable cryptographic algorithms, including to reconstruct the CEK and to utilize the reconstructed CEK 15' to decrypt the CEK encrypted content data, in order to activate and start the management of the OUTD. Activation of the OUTD indicates valid secure data was received. The user is then prompted to respond to questions displayed on the monitor and to select a content data item to be viewed using the RCU 410, which may be an IR remote, RF4CE or even a mobile phone application. The first processor 418 also compares the UTC on the DMP 400 with data in the aforementioned secure data relating to the aforementioned time on which 1

16 the digital media item is download onto the PSD. Depending on the variance between the former and the latter, the OUTD either sets and initiates the necessary management of the rental time period, or raises a flag.

If the aforementioned comparison is in order, the first processor 418 checks that the second time period (which may be a content "shelf life" or a "special offer" or other "promotional" time window) has not yet expired. The length of this period is typically one calendar month for content reporting purposes, but it may also be a business decision.

If all conditions are met, the DMP initiates the rental time period and the DMP off-line heartbeat is started. From this point the DMP hardware and software manage the pre-paid for and specified rental time period and ensures that the necessary DRM key is delivered during this period only to a second local processor 426 for decrypting the DRM encrypted data. The decrypted data is then fed to the output stage 412 and to an output device in the form of an HDMI component.

Hence, the RTC 420 cooperate with the first processor 418 of the DMP to enable off-lime decryption by the second processor 426 during the rental time period (RTP shown in figure 7(a)) only of the DRM encrypted data utilizing the DRM key. As shown in figure 7(b), the user may selectively break up or divide the rental time period into a plurality of time spaced viewing time slots (RTPi and RTP ₂ ) collectively having the predetermined first length. Furthermore, decryption of the DRM encrypted data is enabled only during the time slots overlapping in time with the second time window