摘要 |
<p>In CD systems utilizing digital rights management (DRM), a system and method for transferring rights data and pre-encrypted content from a source disc (200) to a destination disc (300) using one playback device (400) and while protecting the integrity of the rights data from replay attacks. The system and method are also applicable in other applications involving transfers of information using storage media and data transfer devices. A transaction identifier is assigned from a list of transaction identifiers stored in the playback device. The assigned transaction identifier and the rights data read from the destination disc are encrypted using a public/private key or a symmetrical key unique to the playback device (400). The encrypted transaction identifier is transferred along with the encrypted rights data to a intermediate secure storage area (500), which may be a hard disk drive, a separate security module, or a memory area within the playback device (400) itself. The transfer of content and rights data to the destination disc (300) is authorized only if after decryption the encrypted transaction identifier can be found in the list of transaction identifiers stored in the playback device (400). If the transfer is authorized, the rights data are transferred to the destination disc (300) in an encrypted format along with the content, and the transaction identifier is deleted from list in the playback device (400) to prevent future replay attacks.</p> |