[001] DESCRIPTION OF THE INVENTION

[002] The following specification particularly describes the invention and the manner in which it is to be performed:

[003] FIELD OF THE INVENTION

[004] The present invention relates to a system and method for securely storing the content provider's sensitive information in a user device in view of digital rights management.

[005] BACK GROUND OF INVENTION

[006] More and more viewers are fully utilizing the endless options of content access across all display devices such as TV, personal computer (PC), and mobile phone/tablet etc. Time spent on watching video on these devices is on the rise across all platforms which come with their own unique challenges with regard to protection of content and preventing unauthorized use of valuable content.

[007] Although, numerous technologies have evolved to deal with content protection in the past, it wasn't until the advent of Digital Rights Management (DRM) technology that related issues could effectively be addressed. DRM is a class of access control technologies that are used by copyright holders and content suppliers with the intent to limit the use (access control) of digital content. DRM technologies attempt to give control to the seller of digital content or devices after it has been given to a consumer. Denying the user the ability to copy the content, restricting playback of content for a limited number of times, restricting from converting it to other formats are simple access controls offered by DRM.

[008] According to the DRM technology, content provision server stores the content and key information required to decrypt the encrypted the content. In order to protect the digital content, the DRM technology encrypts the digital content and thus prevents the illegal distribution or use of the digital content in all stages such as creation, distribution, use and disposal of its life cycle. In DRM technology, only the authorized user with an encryption key to decrypt can use the encrypted content. In this case the protection tends to be lost if the authorized user shares the encryption key willfully or unintentionally with someone. However, DRM technologies alone cannot mitigate all associated potential risks. There is no reliable means for content suppliers to check hardware and software running on user device to make sure they do not interfere with the access control mechanism imposed by DRM. Users with legal content also can become potential attackers to a protected content. They may make use of illegal software for forwarding the decrypted content. This is not a common type of challenge faced by a typical security solution where user would be the owner of (responsible for) the sensitive information. Therefore, a secret given by user or user's biometric data cannot be used to lock the information or to cryptographically wrap the information.

[009] Depending on device type and platform, various technologies or approaches may be taken for protecting key information. While hardware based solutions guarantee reasonable level of security, software based solutions are tricky and highly depend on secret implementation. Since secret is shared among multiple persons .or entities, such solutions cannot meet confidentiality requirements as defined in the context of information security.

[010] In the case of playing back the content on devices supplied by service providers such as set top boxes, it is possible to use hardware based solutions, but becomes difficult if the solution is provided as a downloadable application. In case of set top boxes, service provider supplies user devices; has full control over platform and other applications. Service provider can store a secret code for locking / unlocking "Key box" with access protection through hardware mechanisms. Hence set top boxes are complaint to principles of information security.

[11] But in case of devices such as personal computers, smart phones and tablets, user purchases the device for running not only content providers application but also other applications. Content provider does not have control on applications running on the user devices. Content provider may use a secret code for locking or unlocking "Key box" with no access protection but may depend on secret logic. In such a scenario, confidentiality is compromised and is not complaint to principles of information security.

[012] Thus there is a need to provide a security solution meeting all principles of information security where the solution must address challenges in protecting cryptographic keys and other sensitive information of the content provider stored in a user device thereby ensuring the rights of service provider.

[013] SUMMARY OF THE INVENTION

[014] The present invention discloses a system and method for managing sensitive information in a user device. The system includes a content build module configured to process application content with content provider logic for creating a content package. The system also includes a content provider module configured to provide the content package comprising the application content and content provider logic to the user device. The system further includes a logic creation module for creating a provisioning logic in runtime when configuring the application content in the user device and for generating an access key for securing the sensitive information associated with the application content based on the provisioning logic and the content provider logic, wherein the sensitive information is for accessing the application content in the user device.

[015] According to an embodiment of the invention a computer implemented method is disclosed for storing sensitive information in a user device. The method includes the steps of building a content package with application content and content provider logic, providing the content package including the application and the content provider logic to the user device. The method further includes the steps of creating a provisioning logic when configuring the application content in the user device, generating an access key for securing the sensitive information associated with the application content based on the provisioning logic and the content provider logic, wherein the sensitive information is for accessing the application content in the user device.

[016] As the generated access key is not stored in the system it gives better security for the content provider's sensitive information in the user device. Thus the protection of the contents provided by the content provider is achieved. The present approach and process for managing the sensitive information meets all principle components of information security such as confidentiality, authenticity, integrity and non-repudiation.

[017] BRIEF DESCRIPTION OF THE DRAWINGS

[018] The foregoing and other features of embodiments will become more apparent from the following detailed description of embodiments when read in conjunction with the accompanying drawings. In the drawings, like reference numerals refer to like elements.

[019] FIGURE 1 illustrates an exemplary environment wherein a system for managing the sensitive information of the content provider in a user device operates in accordance with an embodiment of the present invention.

[020] FIGURE 2 illustrates a system for managing the sensitive information of the content provider in a user device in accordance with an embodiment of the present invention.

[021] FIGURE 3 illustrates a customized secure build system for embedding content provider's logic in user application, distribution of application, diversification devices and distribution of diversified provisioning logic according to an embodiment of the present invention.

[022] FIGURE 4 illustrates a functional block representation of secure build system embedding content provider's logic into user application based on access key given by the content provider according to an embodiment of the present invention.

[023] FIGURE 5 illustrates the execution of provisioning logic according to an embodiment.

[024] FIGURE 6 illustrates execution of content provider's logic and provisioning logic for producing access key according to an embodiment of the present invention.

[025] FIGURE 7 illustrates the computer implemented method for managing sensitive information in a user device according to an embodiment of the present invention.

[026] DETAILED DESCRIPTION

[027] Reference will now be made in detail to the description of the present subject matter, one or more examples of which are shown in figures. Each example is provided to explain the subject matter and not a limitation. Various changes and modifications obvious to one skilled in the art to which the invention pertains are deemed to be within the spirit, scope and contemplation of the invention.

[028] Before describing in detail embodiments that are in accordance with the present invention, it should be observed that the embodiments reside primarily in combinations of system components related to digital rights management (DRM). The present invention provides a method and system for securely storing sensitive information in distrusted devices.

[029] FIGURE 1 is an exemplary environment (100) wherein systems and methods consistent with the principles of the invention may be implemented in accordance with various embodiment of the invention. The environment (100) includes several user devices (101, 102, 103) where the contents, provided by the various content provider servers reside. These user devices (101, 102, 103) interact with the server (105, 106). In one scenario the server (105) may be a content provider server responsible for providing the content to the user device over the network and the server (106) may be initialization server responsible for provisioning of the user devices and generating provisioning logic. According to an embodiment the user device communicates to the server over a network (104). The network (104) may include a local area network (LAN), a wide area network (WAN), a telephone network, such as the Public Switched Telephone Network (PSTN), an intranet, the Internet, a memory device, or a combination of networks. The network (104) may be wired, wireless, optical, or any other information transmission mechanisms.

[030] In practice, there may be more number of servers and user devices. In some situations, a server may perform the functions of all the two server types mentioned in the figure. It is also assumed that server may be one or many. It is also possible that in case of standalone application mode, server may not exist and all the logic may be implemented in the client.

[031] The user device (101) may include any device such as a PC, Laptop, Mobile device, Tablet, TV, Gaming device or any other types of device that can support two way interactions with the user either using graphical user interface or through other interface mechanisms like voice or gesture or video. In some cases, user device may be a software object or a program or a process or a thread of execution running on one or more of these devices.

[032] In some cases all or part of the server configurations may be running on the user device (101). In some cases, user device (101) may connect to multiple servers during the search process. In some cases, user device may perform the functions of server or server may perform user device.

[033] The focus of this invention is to securely store the content provider's sensitive information in the user devices. Here the content provider server implements the logic to protect its sensitive information in the user device in order to protect the content provider's rights according to DRM.

[034] The above mentioned functions may be part of one server or several servers and each server may implement the functionalities of others. It may be possible that any of the server may be implemented using a cluster of servers involving two or more separate devices with all the other associated devices like load balancer, firewall, routers etc.

[035] FIGURE 2 illustrates a block diagram of a system (200) for managing sensitive information in a user device according to one embodiment of the present invention. The system (200) includes a content build module (202), a content provider module (204) and a logic creation module (206). The content build module (202) is responsible for preparing application content to be used in user device. Here the user device may be a smart phone, a personal computer, a tablet or any other user device capable of displaying the contents provided by the content provider. The content build module (202) creates the content package having application content and content providers logic. The content build module is otherwise known as secure build system.

[036] The application content or content may include, but is not limited to, video data, audio data, documents, text, images, web pages, or other content or the like or any combination thereof. Examples include generic content including, but not limited to, text, PDF, HTML, spreadsheets, audio and video, and images. The content may also include subscription-based content, which can be updated or added to over time. The content may be maintained or expressed in multiple formats. In one example, certain content may include a set of files (which may be in different formats) that may be logically grouped together.

[037] The content provider module (204) passes the content package created by the content build module (204) to the user device. The logic creation module (206) includes provisioning module (208) and a key generation module (210).

[038] The provisioning module (208) is responsible for provisioning of the user device while installing the application content or during the first attempt for accessing the content by the user from the user device. While performing the provisioning of the user device by the content provider, a provisioning logic is created and is stored for the content provided by the content provider in the user device. The stored provisioning logic along with the content provider logic provided along with the content package is used for generation of an access key in the user device. The content provider's sensitive information such as licensing data or other encryption data is protected in the user device by an access key. The content provider logic and the provisioning logic together generate the access key for unlocking the sensitive information of the content provider stored in the user device. In an embodiment the content provider may be capable of computing the access key by knowing all implementation details. The access key used for unlocking is not stored anywhere in the user device. In an embodiment, the access key is generated based on the content providers logic, provisioning logic and a device key associated with the user device. Device keys are secret embedded cryptographic keys present in devices that operate with copyrighted content and sensitive data. The user device includes but not limited to smart phones, tablets, game consoles, embedded devices, set-top boxes etc. These device keys are specific to each device or device model, and hence are used in security features to control the licensing of the user device, ensure bootstrapping of the operating system, and prevent installing unauthorized applications after the user device has been released to the market. Experienced adversaries can discover the device keys by reverse engineering the device firmware or analyzing its memory. Once a key is found, subsequently fatal exploits can be easily created. But by the present invention the content provider's information is secured not solely by the device key but by the combination of other logics defined by the content provider and the device key.

[039] FIGURE 3 illustrates a customized build system (300) that is a secure build system (304) for embedding content provider's logic in user application (i.e. content provided by the content provider), distribution of application, diversification devices and distribution of diversified provisioning logic according to an embodiment.

[040] The preparation of the user application is performed by the secure build system (304). Preparation of the user application includes generation of executable files for user application (306) at content provider's or service provider's premise. Secure build system (304) generates the executable files for user side application. Service provider or the content provider may input secret information or a password (302) which in turn controls application generation for user side. While installing the application in a user device, the user devices get provisioning logic from an individualization server (308), a special server designed for provisioning of each device. The user device may download the application from the application store server (310). According to an embodiment of the present invention the individualization server (308) and the application store server (310) may reside in the same server.

[041] As illustrated in FIGURE 3, 320, 322, 324, and 326 represent diversified provisioning logics received by various user devices (312, 314, 316, 318) for access key generation for unlocking the sensitive information stored in the user device by the content provider in order to access the contents provided by the content provider. In an embodiment the content provided by the content provider may be downloaded from application store or copied from some other source. The content provided may be a software application.

[042] FIGURE 4 illustrates a functional block representation of a secure build system embedding content provider's logic into user application based on access key given by content provider according to an embodiment. A secure build system (400) inserts content provider logic within the user side application and after insertion it then applies obfuscation techniques to resist or prevent reverse engineer before building the executable. Obfuscation in general is practice used to intentionally making the code or content more difficult to understand. Obfuscation is done to conceal the purpose of the code or its logic in order to prevent tampering, deter reverse engineering for the purpose of privacy or data security. A collection of pseudo random generation logics (402) may be combined for preparing content provider logic. Service provider's or content provider's password (404) may be used to generate random data for selection of pseudo random generation logics, parameters and order for preparing content provider logic. The secure build system (400) permits insertion or deletion of pseudo random generation logics. Logics may be defined in native language and possess following common characteristics: should generate random bit-string of desired length based on given seed and should share a common prototype. Prototypes may be (unsigned char* pseed, int iSeedSizelnBytes, int iRndsizelnBits). The implementation of the prototypes may use any logic but should consistently produce same result for same input. Each function should have a unique name. While implementing the system of the present invention, the system is provided with a content provider logic function library manager which should ensure the uniqueness of function name.

[043] The content provider logic is executed in the user device to generate a large random bit field. The random bit field into sliced into chunks of different size and filled with different pseudo random logic. The number of chunks, selection of pseudo random logic, seed for random logic and chunk size are determined from the service provider's password.

[044] According to an embodiment the secure build system (400) generates content provider logic in the form of computer program instructions. For example, "rLock_LogicA_GenarateBitStream" is a top level function which represents the content provider logic. For content provider logic generation, a content provider may input secret information (password). The password may be any alpha-numeric string. Content provider logic writer (406) in secure build system (400) may take the password as seed for generating a random binary string. The generated binary string may be 'n' number of bytes. Numerical value of each byte may be 0-255. Top level function of content provider logic may call multiple random generation functions available in the build system which is written by programmers, not by machine. In this example, TEL_rLock_GenarateLogicA4, TEL_rLock_GenarateLogicAl are random generation functions called by top level function of content provider logic. A few bits of random byte string are used for selection of random generation function. Next few bits determine parameters for random generation function (TEL_rLock_GenarateLogicA4, TEL_rLock_GenarateLogicAl etc). Following function call in rLock_LogicA_GenarateBitStream is iStatus = TEL_rLock_GenarateLogicA4 ("o@7b", 4, (pch_BitField + iBitField_Position), 49).

[045] The function TEL_rLock_GenarateLogicA4 takes four parameters. First, second and fourth parameters are determined by a few fixed number bits in random binary string in order. Order of calling random generation function calls is also determined by the random byte string. In short, code for content provider logic is generated based on the password given by content provider. Thus the code can be published along with implementation details for generating the content provider logic without the fear of losing secrecy of content provider logic.

[046] According to an embodiment of the invention obfuscation (410) involves various data mangling and code mangling techniques defined within the secure build system by the implementer. However, selection of techniques and related parameters are determined by the password given by the service provider. Hence, knowing the techniques alone is not enough to break the confidentiality.

[047] According to one embodiment the provisioning logic is a byte code representation of a group of scrambler functions. The scrambler functions are functions like XOR, MAC, checksum etc. For provisioning the device, the individualization server generates provisioning logic, a random string of bytes using specialized hardware or pseudo random generators and time as seed. Parts of this random string are used to define scramblers, order of execution and required parameters for execution. The number of scrambler function executions is not fixed but determined by the random string. The execution of provisioning logic generates a string of bytes called an application secret.

[048] FIGURE 5 illustrates a flow diagram showing the execution of provisioning logic according to an embodiment. Each of the scramble functions take a bit-string as input and output another bit-string. Lengths of input and output strings and offset of input data are the parameters for scrambler functions. Executions of scramble functions in sequence generate the application secret. In the figure 5, required application secret is generated by execution of 32 scrambler functions in order.

[049] FIGURE 6 illustrates a flow diagram of execution of content provider logic (602) and provisioning logic (606) for producing access key for accessing the sensitive information (key box) (614) of content provider according to an embodiment. In the flow diagram, whenever sensitive information (614) otherwise represented as key box is to be accessed or protected within the user device, access key is generated using a content provider logic (602) and a provisioning logic (606). The content provider logic (602) is part of an application written in native code. The provisioning logic (606) is stored as a byte code in a secondary storage of the user device. A device secret (618) is a secret stored in the user device or device unique information. This is not mandatory for the solution but, preferred for better quality access key.

[050] In an embodiment execution of the content provider logic (602) will produce a random bit field (604) which is used as an input for executing a provisioning logic (606) by a byte code interpreter (608) to produce an application secret (610). Then an access key (612) for locking or unlocking sensitive information (614) of the content provider is generated using a pseudo random generator (616) by taking the application secret (610) and a device secret key (618) as seed.

[051] FIGURE 7 illustrates a process flow for the method (700) for managing sensitive information in a user device comprising according to an embodiment. The method initiates at step (702) where a content package is built with application content and content provider logic. At step (702), the content package comprising the application content and the content provider logic is provided by the content provider to the user device. At step (703), the provisioning logic is created by the individualization server and stored in the user device while configuring the application content in the user device. At step (704), an access key is generated for securing the sensitive information associated with the application content based on the provisioning logic and the content provider logic. The sensitive information is used for accessing the application content.

[052] According to an embodiment of the present invention the step of building the content package (indicated at step 701) further includes combining a collection of pseudo random generation logics depending on the random data generated using content provider's secret information for the generation of content provider logic.

[053] According to another embodiment of the present invention building the content package (indicated at step 701) also includes obfuscating the content provider logic for preventing reverse engineering.

[054] In an embodiment of the present invention creating the provisioning logic (indicated at step 703) includes using specialized hardware or pseudo random generator and time as input for creating the provisioning logic represented by a group of scrambler function.

[055] In another embodiment of the present invention generating the access key (indicated at step 704) includes executing the content provider logic to generate at least one random bit field. The process of generating the access key (indicated at step 704) also includes processing the provisioning logic using the at least one random bit field to generate the access key. In another scenario the computer implemented method also has the step of generating the access key (indicated at step 704) may include the step of receiving a device key associated with the user device and processing the provisioning logic using the at least one random bit field and the device key to generate the access key.

[056] The method as described above include a series of steps and their order of execution in the embodiments of the invention illustrated and described herein is not essential, unless otherwise specified. That is, the steps may be performed in any order, unless otherwise specified, and embodiments of the invention may include additional or fewer steps than those disclosed herein. It may be envisioned that executing or performing a particular step before, contemporaneously with, or after another step is within the scope of the invention.

INDUSTRIAL APPLICATIONS

[057] The technology is designed to meet confidentiality requirement while storing sensitive information in a user device by someone other than the device owner or user. The invention brings independence from implantation secrecy and confidentiality relies on secret usage of access key used by the owner of the sensitive information.

[058] The present invention provides a standard information security solution which protects sensitive information in a user device from someone other than its authorized owner. The design of the invention is to meet all the principles of information security while protecting content provider's sensitive data (Key box) in user device and binding the root of the security to a secret managed by the content provider.

Claims:
What is claimed is:

1. A system for managing sensitive information in a user device, the system comprising:

a) a content build module configured to create a content package by processing an application content with a content provider logic;

b) a content provider module configured to provide to the user device, the content package comprising the application content and the content provider logic; and

c) a logic creation module configured to:

i. create a provisioning logic in runtime when configuring the application content in the user device;

ii. generate an access key for securing the sensitive information associated with the application content based on the provisioning logic and the content provider logic, wherein the sensitive information is used for accessing the application content in the user device.

2. The system as claimed in claim 1, wherein the content provider logic is generated by combining a collection of pseudo random generation logics depending on the random data generated using content provider's secret information.

3. The system as claimed in claim 1, where in the content provider logic is obfuscated to prevent reverse engineering.

4. The system as claimed in claim 1, wherein the logic creation module comprises a provisioning module configured to:

a) use pseudo random generator and time as input; and

b) process the inputs to create the provisioning logic which represents a group of scrambler functions.

5. The system as claimed in claim 5, wherein the logic creation module further comprises a key generation module configured to execute the content provider logic to generate at least one random bit field.

6. The system as claimed in claim 5, wherein the key generation module is further configured to process the provisioning logic using the at least one random bit field to generate the access key.

7. The system as claimed in claim 5, wherein the key generation module is further configured to:

a) receive a device key associated with the user device; and

b) process the provisioning logic using the at least one random bit field and the device key to generate the access key.

8. The system as claimed in claim 5, where in the access key generated is not stored in the user device.

9. The system as claimed in claim 1, wherein the application content includes video data, audio data, documents, text, images, web pages or subscription based content.

10. A computer implemented method for managing sensitive information in a user device comprising steps of:

a) building a content package with application content and a content provider logic;

b) providing the content package comprising the application content and the content provider logic to the user device;

c) creating a provisioning logic when configuring the application content in the user device; and

d) generating an access key for securing the sensitive information associated with the application content based on the provisioning logic and the content provider logic, wherein the sensitive information is for accessing the application content in the user device.

11. The computer implemented method as claimed in claim 10, where in the step of building the content package further comprises step of combining a collection of pseudo random generation logics depending on the random data generated using content provider's secret information for the generation of content provider logic.

12. The computer implemented method as claimed in claim 10, where in the step of building the content package further comprises step of obfuscating the content provider logic for preventing reverse engineering.

13. The computer implemented method as claimed in claim 10, where in the step of creating the provisioning logic further comprises step of using specialized hardware or pseudo random generator and time as input for creating the provisioning logic represented by a group of scrambler function.

14. The computer implemented method as claimed in claim 10, where in the step of generating the access key further comprises step of executing the content provider logic to generate at least one random bit field.

15. The computer implemented method as claimed in claim 14, where in the step of generating the access key further comprises step of processing the provisioning logic using the at least one random bit field to generate the access key.

16. The computer implemented method as claimed in claim 14 where in the step of generating the access key further comprises step of receiving a device key associated with the user device and processing the provisioning logic using the at least one random bit field and the device key to generate the access key.