Secure management of content owned by multiple-persons

The present invention relates to a system and method for controlling access to a content owned by multiple persons, i.e. co-owners, and wherein the system comprises a co- ownership message related to said content and wherein the co-ownership message comprises fields, and one or more of the fields comprises public keys of each of the multiple co-owners. The invention also regards a method for managing and sharing a content owned by multiple persons, especially by use of such a co-ownership message.

Sharing of content, especially digital content such as media files is increasing in popularity in the connected society of today. Sharing of content is enabled in any system where users of the system can access a content, such as in a telecommunications network, a home entertainment system or over the Internet. The content can be provided by a user who wants to share it with other users. However, sometimes it is desirable to protect the content in question. Limiting access to a content is generally carried out by means of encryption. For instance, a content encrypted by one user may be decrypted by other users, provided they have a key for decryption.

When sharing a content with others, a number of questions arise relating to the administration of ownership and access rights of the content. For instance, an owner of a content may want to share the ownership with someone else, or one of a plurality of persons owning a content wants to share usage access to the content with a third person. Furthermore, questions may rise as to whether the person in the last-mentioned scenario sharing a multiple- owned content can preserve his or her privacy. In addition, a convenient way for an owner to give up or discard his ownership of a content is needed.

It is an object of the present invention to provide an improved management and sharing system for content owned by multiple persons.

The object is achieved by a method for controlling access to a content in a system, where the content is owned by multiple co-owners. The method comprises handling a

co-ownership message related to the content. The co-ownership message comprises fields, and one or more of the fields comprises public keys of each of the multiple co-owners. Each of the public keys is paired with a private key. Thus, the co-ownership message is able to hold information on co-ownership and authenticity of co-ownership of the content. For instance, one advantage by using the co-ownership message determining who the owners of a content are can be done locally, without access to a server.

The method may further comprise a step where each of the co-owners obtain an access message, which access message indicates that the content is owned by multiple co- owners and which access message also is linked to the co-ownership message. An access message securely stores information that is needed for a user to access a specific content item (or items), such as the encryption key needed to decrypt the content that is often protected by authentication and/or encryption and/or rights that have been assigned to the user. The access message is preferably encrypted with the public key of the owner, such that only the owner, who is the user of the access message in this case, can use the access message to access the content item.

Providing the system with an access message with a link to the co-ownership message, improves the control and maintenance of sharing relations of a content. Using the system and messages in combination eases the otherwise needed synchronization, e.g. among different copies of co-ownership messages stored by co-owners of a content. For instance, by having the co-ownership message comprising identifiers for each of the co-owners of a content, the system will instantly know if a content is owned by multiple persons. Furthermore, as an co-owner has to present an access message to the system, which message is linked to a co-ownership message, the system will immediately know who the other co- owners of the content are. Hence, no on-line synchronization between co-owners is needed. Advantageously the access message comprises an identifier that indicates whether the content is owned by a single owner (single ownership) or by multiple owners (multiple ownership).

Preferably, the co-ownership message may also comprise sharing policy information defining rights to the content. This policy defines what rules the co-owners are enforced to follow if they want to grant access of the content to other persons. For example, it could be defined in the policy that one co-owner is allowed to complete the granting without explicit approval of other co-owners, or it could be defined in the policy that granting access of the content to other persons needs approval from all or from a number of co-owners. Hereby, the sharing policy of a content is conveniently accompanied with the co-ownership

message and, hence, maintenance of this information by the system or by the users or co- owners of a content is kept at a minimum.

Persons using the system are referred to as users. Certain rights with respect to sharing of the content are granted to the co-owners in the group of users. These rights are specified in a designated sharing policy. Examples of sharing rights in descending degree of influence are sharing of co-ownership, sharing of usage access, for instance viewing rights, and no rights at all.

Advantageously, the method further comprises holding the private key in a security device comprising a message processor and which security device is arranged to keep the private key secret. The security device may comprise, for instance, a physical key, such as a portable secure storage medium preventing unauthorized usage. Furthermore, using a security device in connection with the co-ownership and access messages has advantages with regards to providing back-up solutions. With, for instance, the security device holding a copy of the co-ownership message, it can be recovered in the case it is lost. Furthermore, the security device may also be used to recover a lost access message with the aid of its corresponding co-ownership message.

The method may further comprise steps of introducing a new co-owner, namely the steps of: creating a co-ownership message comprising a public key of the new co- owner; and signing the co-ownership message using private keys of the co-owners. Preferably, the new co-owner accepts the co-ownership by signing the co- ownership message using a private key. The method may preferably also comprise the steps where the new co-owner: - creates an access message; and signs the access message using a private key.

Advantageously, signing is carried out by using group signatures. The signatures of the co-owners are then grouped, such that co-owners cannot be identified individually. Hereby, a co-owner can share a multiple owned content with or without permissions from the other co-owners depending on the specification of the sharing policy. A co-owner can also share a content anonymously since it is not possible for common signature verifiers to discover which member of the group has actually granted the introduction of a new co-owner by giving his or her signature. In a group signature scheme,

there is a revocation manager who can revoke the anonymity of signatures in case of disputation.

The method may further comprise the discarding of co-ownership for a resigning co-owner, comprising the steps of: - notifying the co-owners of the content; creating a new co-ownership message excluding all fields related to the resigning co-owner; and each remaining co-owner signing the new co-ownership message; and revoking the old co-ownership message. The method may further also comprise the discarding of co-ownership for a resigning co-owner, comprising the steps of: modifying the co-ownership message by excluding all fields related to the resigning co-owner; and producing signatures of remaining co-owners from their signatures of the co- ownership message for signing the modified co-ownership message.

Furthermore, in the case where the co-ownership message has been signed using so called redactable signatures comprising a homomorphic signature scheme it is possible for the system to discard a co-ownership without requiring the co-owners sign the new co-ownership message. Hereby, private keys of the co-owners are not needed for the signing operation of the new co-ownership message, and the operation of discarding a co- ownership is simplified.

Preferably, the method may further comprise the steps of: creating a new co-ownership message comprising a new sharing policy; all of the co-owners signing the new co-ownership message; and - revoking the old co-ownership message.

Preferably, the method may further comprise the steps of: revoking the existing access messages linked to the old co-ownership message; and creating new access messages, wherein the new access messages are linked to the new co-ownership message comprising the new sharing policy.

Replacing the co-ownership and access messages in connection eases synchronization and, hence, maintenance of this information by the system or by the users or co-owners of a content is kept at a minimum.

Preferably, the method may further comprise giving usage access of the content to a person not being a co-owner comprising the steps of: one of the co-owners generating an access message comprising user access rights for the person; - a predetermined number of the co-owners signing the access message; and providing the access message to the person.

Advantageously, the predetermined number and the user access rights are defined in the sharing policy.

Preferably, the method further comprises the steps of: - the system verifying signatures and the user access rights of the access message with the co-ownership message; and the person accessing the content.

Advantageously, the user access rights comprises sharing permission, viewing permission, or editing permission, or any combination thereof. Preferably, the method further comprises a step of using group signatures for signing the access message comprising user access rights for the person.

Furthermore, it may also be preferable to have a method for controlling access to a content in a system, where the content is owned by multiple co-owners. The method may comprise creating a co-ownership message related to the content. The co-ownership message comprises fields, and one or more of the field comprises public keys of each of the multiple co-owners. Each of the public keys is paired with a private key.

The method may further comprise a step of each of the co-owners creating an access message, which access message indicates that the content is owned by multiple co- owners and which access message also is linked to the co-ownership message and wherein a step of each of the co-owners signs the access message.

Preferably, the co-ownership message may also comprise sharing policy information defining rights to the content.

Advantageously, the private key is held in a security device comprising a message processor and which security device is arranged to keep the private key secret. The message processor is a processor capable of executing cryptographic algorithms and is therefore able to handle the different types of messages and content.

Preferably, the step of creating comprises signing with each of the private keys such that verifying comprises verifying with each of the public keys.

Furthermore, the co-ownership is arranged to comprise group signatures, wherein the step of signing comprises signing with one or more private keys and the step of verifying comprises verifying with a common group public key.

The object is also achieved by a system for controlling access to a content, where the content is owned by multiple co-owners. The system may comprise means for handling a co-ownership message related to the content. The co-ownership message comprises fields, and one or more of the fields comprises public keys of each of the multiple co-owners. Each of the public keys is paired with a private key.

The system may further comprise means for providing each of the co-owners with an access message. The access message indicates that the content is owned by multiple co-owners and the access message is linked to the co-ownership message.

The co-ownership message may further comprise sharing policy information defining rights to the content.

The system may further comprise means, such as a security device, for holding the private key. The means may comprise a message processor and be arranged to keep the private key secret.

The system may further comprise means adapted for introducing the new co- owner accepting a co-ownership. The means may be adapted for signing the co-ownership message using a private key of the new co-owner. Preferably, the system further comprises means for creating an access message, and means for signing the access message using a private key of the new co-owner.

Preferably, the system further comprises means for introducing a new co- owner, wherein the means comprises: means for creating a co-ownership message comprising a public key of the new co-owner; and means for signing the co-ownership message using private keys of the co- owners.

Advantageously, the co-ownership message is arranged to comprise group messages. Preferably, the means for handling the co-ownership message are arranged to handle discarding of a co-ownership for a resigning co-owner, the system further comprising: means for notifying co-owners of the content; means for creating a new co-ownership message excluding all field related to the resigning co-owner;

means for signing the new co-ownership message by each remaining co- owner; and means for revoking the old co-ownership message.

Preferably, the means for handling the co-ownership message comprises means for providing usage access of the content to a person who is not a co-owner, the system further comprising: means for generating an access message comprising user access rights for the person by one of the co-owners; means for signing the access message by a predetermined number of co- owners; and means for providing the access message to the person.

The object is also achieved by a system for controlling access to a content, where the content is owned by multiple co-owners. The system may comprise means for creating a co-ownership message related to the content. The co-ownership message comprises fields, and one or more of the fields comprises public keys of each of the multiple co-owners. Each of the public keys is paired with a private key.

The system may further comprise means for providing each of the co-owners with an access message. The access message indicates that the content is owned by multiple co-owners and the access message is linked to the co-ownership message. The co-ownership message may further comprise sharing policy information defining rights to the content.

The system may further comprise means, such as a security device, for holding the private key. The means may comprise a message processor and be arranged to keep the private key secret. Preferably, the means for creating the co-ownership message further comprises means for signing with each of the private keys such that verification comprises verifying with each of the public keys.

Preferably, the co-ownership message is arranged to comprise group signatures and the means for signing are arranged to sign with one or more private keys, wherein verification comprises verifying with a common group public key.

Another object of the invention is to provide a computer program product to implement any of the mentioned methods according to the invention.

Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein. All

references to "a/an/the [element, device, component, means, step, etc]" are to be interpreted openly as referring to at least one instance of said element, device, component, means, step, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated. Other objectives, features and advantages of the present invention will appear from the following detailed disclosure, from the attached dependent claims as well as from the drawings.

The above, as well as additional objects, features and advantages of the present invention, will be better understood through the following illustrative and non- limiting detailed description of preferred embodiments of the present invention, with reference to the appended drawings, where the same reference numerals will be used for similar elements, wherein:

Fig. 1 schematically shows a Digital Rights Management system in which the present invention is implemented;

Fig. 2 shows detailed views of the a) co-ownership message, b) and c) access messages, according to the present invention;

Fig. 3 schematically shows a block diagram of a method of introducing a new co-owner according to one embodiment of the present invention; Fig. 4 schematically shows a block diagram of a method of discarding a co- ownership according to one embodiment, shown in section a), and another embodiment, shown in section b), of the present invention;

Fig. 5 schematically shows a block diagram of a method of changing a sharing policy according to one embodiment of the present invention; Fig. 6 schematically shows a block diagram of a method of giving usage access of a content to a person according to one embodiment of the invention; and

Fig. 7 schematically shows a block diagram of a method of creating a co- ownership message according to one embodiment of the invention.

Fig. 1 schematically illustrates a Digital Rights Management (DRM) system 101 in which the present invention is implemented. The system 101 is adapted for managing and sharing content 102 owned by multiple persons (not shown) hereinafter referred to as co- owners. The system comprises a server 103, a co-ownership message 104, an access message

105, a secure subsystem 106 preferably integrated in the server 103 and a cryptographic processor 107 in the subsystem 106. The co-ownership message 104 and access message 105 are handled by the server 103. Additionally, the system may also comprise means 110 for interaction with the secure subsystem and which means 110 may be adapted to perform identification and/or authentication of a person and/or generating and editing co-ownership messages and access messages. The means 110 may further comprise a security device 109 comprising a message processor 108 for generating and editing co-ownership messages and access messages, and the means 110 may further be integrated into the system 101. The physical security device 109 may be a part of the system, but is preferably a portable and personal security device, that can be attached to different systems, and it can be for example connected to a personal key ring.

The invention is further implemented by a computer program product 120 to implement any of the methods according to the invention.

Fig. 2 schematically illustrates in section a) a co-ownership message 210 and in sections b) and c) an access message 211 according to the invention.

More specifically, section a) in fig. 2 illustrates schematically a co-ownership message 210 accompanying each content item (not shown) according to the invention. The co-ownership message 210 comprises fields 201 comprising public keys 202 of each of the co-owners (not shown) and signatures 203 of one or more or preferably all of said co-owners. The co-ownership message 210 further comprises a sharing policy 204.

The sharing policy 204 specifies the rights of the owners of a content with respect to sharing and/or managing of the content. For instance, the sharing policy can declare rights for any owner to further share the content with any other person without the other owners' confirmations. In another embodiment the sharing policy may enforce that physical security devices of other owners and their explicit confirmation is needed for one of the owners to be allowed to create an access message for a third person. Furthermore, the rights may also state that confirmation from n out of m owners is needed for sharing, in which case n owners explicitly must confirm sharing.

Sections b) and c) in Fig. 2 schematically illustrate an access message 211 accompanying each person (not shown) having access to the content 102 illustrated in fig. 1. The access message 211 comprises a link 212 to the co-ownership message 210 and an identifier indicating single 213 or multiple 214 ownership of the content 102.

More specifically, the sharing policy 204 can be used to declare the rights for any of the owners of a content to further share the content with anyone they want, i.e. by

creating access messages, without the other owners' confirmation. Alternatively, the sharing policy 204 may also be used in a way to enforce that physical security devices of the other owners and their explicit confirmation are needed if one of the owners want to create an access message for a third person. The sharing policy 204 may also state that confirmation from n of m owners is needed for sharing.

The access messages may be used separately e.g. to view the content, without the co-ownership messages. However, using access messages and co-ownership messages in combination eases the otherwise needed synchronization among different copies of the co- ownership message. Furthermore, as the present invention enables the co-owners to sequentially, one by one, sign a co-ownership message, flexibility is provided for the parties involved by not requiring simultaneous meetings or actions to be taken.

As described, it may be advantageous to have the access message to comprise an identifier to indicate single or multiple ownership of the content. Furthermore, it may also be advantageous to provide the co-ownership message with an identifier, identifying it being a co-ownership message. These identifiers provide a simple solution to distinguish different types of system and access messages according to the present invention.

With respect to revocation of an ownership of a content according to the present invention an owner may simply revoke his access message, an action which may oblige the system to revoke that message, notify the other owners, and request these other owners to sign new co-ownership messages which excludes all fields related to the excluded owner. Alternatively, a more expedient way would be using a homomorphic signature scheme, or redactable signatures. It is then possible for the system to resolve giving-away of an ownership by one owner without requiring the remaining co-owners to sign the new co- ownership message. The system will create a new co-ownership message, excluding the fields of the retired co-owner, and producing signatures of the remaining co-owners for the new co-ownership message based on their signatures from the old co-ownership message. Hence, without the need for the remaining owners to present their keys and, consequently, avoiding time-consuming administrative tasks for the co-owners. However, with this alternative there may also be a need for stronger integrity protection, for instance preventing a situation where one co-owner illegally deletes ownerships of other owners of a content and confiscates the content. In order to prevent this situation, it is suggested that the co-ownership message is stored in a secure storage area or in addition to user signatures, the system signs the message with its key using a normal signature scheme.

Also, in the case where both co-ownership messages and access messages are used in co-operation, the redundancy of information, i.e. the identical information regarding owners in the messages respectively, can provide a back-up solution. Namely, if one owner loses an access message, it can be recovered, for instance by the physical security device of that owner, based on the information stored in the corresponding co-ownership message. Furthermore, an extra safe-guard measurement may be that an owner stores a copy of the co- ownership message on his physical security device as a back-up in case of a system failure. According to one embodiment of the invention where a content is shared with a third party, the proposed solution can be extended to provide privacy-preserving sharing. For instance, if the sharing policy 204 in the co-ownership message allow a user to create an access message and share the content with a new user without having a confirmation from the other owners, the user can then include in the sharing access message all public keys of the co-owners and sign the message using group signatures. In that case, the sharing user, who receives the sharing right, can verify that it is a valid signature on the access message, which came from one co-owner who belongs to the group of owners. However, the sharing user cannot determine which member of the group who signed the message. In that way, the co-owner who has shared the content preserves his anonymity, being anonymous within the group of co-owners and towards the sharing user. Consequently, the anonymity becomes stronger as the group of owners grows. Fig. 3 schematically illustrates a block diagram according to one embodiment of the invention disclosing a method for controlling access to a content owned by multiple persons.

Fig. 3 illustrates the steps of introducing 300 a new co-owner by creating a co- ownership message comprising a public key of the new co-owner 301 and signing the co- ownership message using private keys of the co-owners 302 and, optionally according to specific implementations of the invention, the new co-owner accepting the co-ownership by signing the co-ownership message 303, creating an access message 304 and signing the access message using his or her private key 305. For instance, a person being a co-owner of a content, possibly the only owner, offer co-ownership to another person not being a co-owner of the content. Firstly, all of the owners must agree, or have agreed, on a sharing policy, which will be used to control sharing the content with other potential users. Having agreed on that, the old and the new owner(s) have to create and sign the co-ownership message. The new co-owner has also to create and sign his access message. If the sharing owner was the only owner his old access message, indicating single ownership, is revoked and a new access

message is created indicating multiple ownership and being equipped with a link to the newly generated co-ownership message.

Section a) of Fig. 4 illustrates the steps of discarding 400 a co-ownership for a resigning co-owner by notifying 401 co-owners of the content, creating 402 a new co- ownership message excluding all fields related to the resigning co-owner, each remaining co- owner signing 403 the new co-ownership message, and revoking 404 old co-ownership message. For instance, if an owner of a content owned by multiple persons wants to give away his ownership, he simply deletes his access message, which obliges the system to revoke that message, notify other owners, and ask them to sign a new co-ownership message in which all fields related to the public key of the ex-co-owner (including his signature) are excluded.

Alternatively, a homomorphic signature scheme may be used. Section b) of Fig. 4 illustrates the steps of discarding 410 a co-ownership for a resigning co-owner using a homomorphic signature scheme by creating 411 a new co-ownership message excluding all fields related to the resigning co-owner, and producing 412 signatures of remaining co- owners from their signatures of a preceding co-ownership message for signing the new co- ownership message. For instance, if the co-owners have signed a co-ownership message using this scheme, it is possible for the system to resolve giving-away of the ownership by one user without asking the remaining co-owners to sign the new co-ownership message. The system will create a new co-ownership message in which the public key of the ex-co-owner is excluded. Furthermore, the system can produce signatures of the remaining co-owners for the new co-ownership message based on their signatures of the old co-ownership message and, hence, without having to request the private keys of the co-owners.

Furthermore, in the case where all the co-owners have discarded their co- ownership of a content, the content can be deleted from the system.

Fig. 5 illustrates the steps of changing 500 a sharing policy by, creating 501 a new co-ownership message comprising a new sharing policy, all of the co-owners signing 502 the new co-ownership message, revoking 503 the old co-ownership message and, optionally according to specific implementations of the invention, revoking 504 existing access messages linked to the existing co-ownership message, and creating 505 new access messages which are linked to the new co-ownership message comprising the new sharing policy. For instance, a co-owner wanting to change the policy for sharing can propose a new sharing policy. The system will then inform other co-owners about the proposed new co- ownership message and ask them for confirmation. Only when all owners confirm the

proposal by signing the new co-ownership message, the system will revoke the old co- ownership and access messages, and create new access messages with links to the new co- ownership message. After that, the new sharing policy will be applied.

Fig. 6 illustrates the steps of giving 600 usage access of a content to a person who is not a co-owner by one of the co-owners generating 601 an access message comprising user access rights for said person, a predetermined number of co-owners signing 602 the access message, providing 603 the access message to said person and, optionally according to specific implementations of the invention, the system verifying 604 signatures of the access message and said person accessing 605 the content. For instance, if one of the co-owners wants to share a content with a third party, he makes a request with the system and generates a draft access message for the third party. Depending on the sharing rights defined in the sharing policy specified in the co-ownership message, a physical key can make the draft access message final (if the sharing policy allows any of the co-owners to share the content independently of other co-owners) or wait until other co-owners confirm sharing by signing the access message (in case their confirmations are required by the sharing policy).

On the other hand, if three co-owners from the previous example have to confirm sharing according to the sharing policy, then the access message must contain three signatures. The owner block can store the key of the co-owner who initiated sharing, but also the public keys of all owners. However, it is necessary that all three co-owners sign the access message. The first co-owner, whose physical key creates and signs the access message, initiates the process. Then the access message is passed to the other co-owners who sign it. After finalization it is sent to the user. When the user wants to access the content, the system verifies the access message with the agreement in the sharing policy of the co-owner message using the usage access rights and the signatures of the access message, and if the access message is made and signed according to the sharing policy it allows the user to access the content.

Alternatively, for the case when confirmation from all owners is needed, the user can collect three different access messages from each of the co-owners and present all of them when accessing the content.

Fig. 7 illustrates the steps of creating 700 a co-ownership message related to said content, wherein each of said co-owners creating 701 an access message comprising the step of said each co-owner signing 702 said access message, and wherein creating comprises signing with each of said private keys such that verifying comprises verifying 703 with each of said public keys.

According to a specific embodiment according to the present invention the system referred to provides a user with the ability of protecting and sharing personal content in the context of a multipersonalized entertainment server. A proposed basic system comprises a private physical security device and a secure subsystem in addition to an audio/video (AV) content server.

The secure subsystem may comprise a cryptographic processor for content encryption and decryption, a secure interface to the personal physical security device, e.g. used for obtaining a content encryption key, and interfaces to the AV content server, for instance one using content streaming. A private content is, using the content encryption key, encrypted for storing and decrypted for playback, by the secure subsystem with a personal physical security device plugged in. It should be noted that the content encryption key should not be exposed outside the secure subsystem.

Furthermore, the physical security device has a message processor for creating and using access messages such as a user or co-ownership message. An access message comprises a unique private-public key pair. The public key of a user is of course public.

Other users use the public key of the user to share data with him through the access message which comprises the content encryption key and rights data encrypted with the public key. The private key is never exposed outside the physical security device. In the physical security device, the private key is used to sign messages and decrypt those blocks encrypted with the public key. The access message comprises the content encryption key of the encrypted content and the access rights for an authorized user. Among other things, the access rights determine whether the secure subsystem should decrypt the content for playback. The content owner also uses his physical security device to generate access messages to other users to whom he wants to share the content. The owner can also revoke sharing policy and transfer the ownership using the physical security device.

Furthermore, the physical security device has a certificate, signed by a trusted central authority, that confirms the validity of a user's public key and its correspondence with the private key stored in the compliant personal physical security device.

The secure subsystem may be integrated in the server, or in other digital rendering devises or be a portable plug-in device for legacy devices. It may comprise a high bandwidth cryptographic processor and interface for AV content.

A co-ownership message or access message can comprise a message identifier, a user ID block, an owner ID block, two blocks referring to content and a signature block. Each block may comprise 256 bytes, being large enough for 2048 bits encryption. The user

ID block and the owner ID block may further comprise the user's public key and the owner's public key.

The term content is directed towards digital media content.

Although the invention above has been described in connection with preferred embodiments of the invention, it will be evident for a person skilled in the art that several modifications are conceivable without departing from the invention as defined by the following claims.