WikiPatents - Community Patent Review
Create Free Account  |  License or Sell Your Patent  |  WikiPatents Marketplace  |  WikiPatents Blog
Username:  Password:  
    
Advanced Search
Video media security and tracking system    
United States Patent5754649   
Link to this pagehttp://www.wikipatents.com/5754649.html
Inventor(s)Ryan; John O. (Cupertino, CA); Morrison; E. Fraser (Redwood City, CA); Copeland; Gregory C. (San Jose, CA)
AbstractA video disc designed for providing security and tracking data in the rental video media market. Those new formats for video players and media allow for inclusion of security features which both allow tracking of rental of such media and prevent unauthorized rental thereof Each player includes a decision circuit which plays a particular optical disc only if a player identification number recorded on a special separate magnetic track on the optical disk is the same as the player identification stored in the player, and if a movie identification number optically read from the disc matches a movie identification number recorded on the special separate magnetic track. A corresponding apparatus is provided at the video rental store which, at the time of rental, records on a magnetic portion of the media in encrypted form the movie identification number and the number of the particular disc player for which that rental is intended. The authorization encryption uses the private key of a public key system, the public key and the modulus being pre-recorded on the optical portion of the disc.
   














 Title Information Submit all comments and votes
 
Patent Text Patent PDF Print Page Summary File History
Plain text PDF images Print Summary File History
Drawing from US Patent 5754649
Video media security and tracking system - US Patent 5754649 Drawing
Video media security and tracking system
Inventor     Ryan; John O. (Cupertino, CA); Morrison; E. Fraser (Redwood City, CA); Copeland; Gregory C. (San Jose, CA)
Owner/Assignee     Macrovision Corp. (Sunnyvale, CA)
Patent assignment
All assignments
Publication Date     May 19, 1998
Application Number     08/880,203
PAIR File History     Application Data   Transaction History
Image File Wrapper   Patent Term   Fees
Litigation
Filing Date     June 23, 1997
US Classification    
Int'l Classification    
Examiner     Tarcza; Thomas H.
Assistant Examiner     Sayadian; Hrayr A.
Attorney/Law Firm     Brill; Gerow D.
Address
Parent Case     CROSS-REFERENCE TO RELATED APPLICATION This application is a continuation of application Ser. No. 475592, filed Jun. 6, 1995, now abandoned, which is a continuation of commonly invented application Ser. No. 08/440,194, filed May 12, 1995, entitled Video Media Security and Tracking System.
Priority Data    
USPTO Field of Search    
Patent Tags     video media security tracking
   
Enter a comma (,) or semicolon (;) between multiple tag words/phrases.
Describe this patent:
 Amusing   
 Clever   
 Complex   
 Efficient   
 Historic   
 Important   
 Innovative   
 Interesting   
 Practical   
 Simple   
[no votes]
Patent WIKI

Share information and news about this patent, including information and news about the technology, inventors, company, ligation and licensing.
 References Submit all comments and votes
 
*references marked with an asterisk below are user-added references
 U.S. References
 
Add a new US reference:  
ReferenceRelevancyCommentsReferenceRelevancyComments
5596639
Kikinis
705/52
Jan,1997
[0 after 0 votes]		5563947
Kikinis
705/51
Oct,1996
[0 after 0 votes]
5537473
Saward
380/230
Jul,1996
[0 after 0 votes]		5509073
Monnin
380/229
Apr,1996
[0 after 0 votes]
5461675
Diehl
380/229
Oct,1995
[0 after 0 votes]		5457746
Dolphin

Oct,1995
[0 after 0 votes]
5450489
Ostrover
705/51
Sep,1995
[0 after 0 votes]		5426701
Herrmann
380/52
Jun,1995
[0 after 0 votes]
5400403
Fahn
705/51
Mar,1995
[0 after 0 votes]		5400319
Fite
369/275.5
Mar,1995
[0 after 0 votes]
5392351
Hasebe

Feb,1995
[0 after 0 votes]		5379433
Yamagishi
726/30
Jan,1995
[0 after 0 votes]
5267311
Bakhoum
705/56
Nov,1993
[0 after 0 votes]		5111504
Esserman
380/281
May,1992
[0 after 0 votes]
4991208
Walker
380/239
Feb,1991
[0 after 0 votes]		4866769
Karp
705/56
Sep,1989
[0 after 0 votes]
4453074
Weinstein
705/66
Jun,1984
[0 after 0 votes]		5555304
Hasebe
705/51
Dec,1969
[0 after 0 votes]
 Foreign References
 Other References
 Market Review Submit all comments and votes
   
Market Size
Estimate the gross annual revenues of the relevant market sector:
> $10B
$5B - $10B
$2B - $5B
$500M - $2B
$100M - $500M
$10M - $100M
$1M - $10M
$500K - $1M
$100K - $500K
< $100K
[No votes]
$0
 
$0   $2.5B   $5B   $7.5B   $10B
Market Share
Estimate the percentage of the relevant market sector this invention will capture:
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Reasonable Royalty
What percentage of gross sales should the inventor or assignee be paid?
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Public's "Guesstimation" of Royalty Value
Market SizeN/A[No votes]
xMarket ShareN/A[No votes]
xReasonable RoyaltyN/A[No votes]
N/A
License Availablity
If you are NOT the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
License Availablity
If you ARE the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
Competitive Advantage
Does this invention have a significant competitive advantage over similar technologies?
Yes

No



 [No votes]
Most helpful competitive advantage comment
[No comments]
Commercial Alternatives
Are there viable commercial alternatives for this invention?
Yes

No



 [No votes]
Most helpful commercial alternative comment
[No comments]
 Technical Review Submit all comments and votes
 Claims Submit all comments and votes
 


What is claimed:

1. A video disc, comprising:

an optically recorded content portion including prerecorded video material and an initialization region, the initialization region including a data decryption key, a program identification identifying the prerecorded video material, and a play authorization indication; and

a magnetic track, the magnetic track being at a predetermined location on the disc relative to the optically recorded content portion, the magnetic track including a recording of an encryption of both the program identification and a particular player number.

2. A previously authenticated prerecorded video disc, comprising:

an optically recorded content portion including a prerecorded video material region and an initialization region, the initialization region including a data decryption key, a program identification identifying the prerecorded video material, and a play authorization indication; and

a magnetic track region, the magnetic track being at a predetermined location on the disc relative to the optically recorded content portion, the magnetic track including a recording of an encryption of both the program identification and a particular player number.
 Description Submit all comments and votes
 


BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates to security systems for video media and more particularly to a system for allowing an owner of copyrighted video material to control, on a per use basis, viewing of that material provided on a prerecorded medium such as a video disc or video tape cassette.

2. Description of the Prior Art

As is well known, typically video tape cassettes or video discs containing prerecorded material such as movies are commercialized as follows. The owner of the copyrighted material on the video cassette or disc, i.e. the movie studio ("rights owner"), arranges for duplication of the movie onto a large number of video tape cassettes or discs. The video tape cassettes and discs are then sold by the movie studio to owners of video rental stores who then rent each video tape cassette or disc out as many times as they can, depending on demand. However, the owner of the video rental store only pays for each video tape cassette or disc once, because he has purchased it outright from the movie studio. Thus the bulk of the profits due to rental of such material accrue to the video rental store owner rather than to the movie studio. This is because the so-called "first sale doctrine" prevents the seller (the movie studio) of the video tape cassettes or discs from exercising any degree of control over the downstream commercialization (e.g., rental) of its products. This is the case even though the video material is copyrighted.

It has been frustrating to the rights owners (movie studios, etc.) that they are not able to better control and/or profit from the rental market for their movies and other program material. Various methods have been proposed to allow the rights owners to overcome the first sale doctrine and acquire some degree of control over the rental of, for instance, VHS video tape cassettes.

One proposed method uses a "non-rewindable" cassette. Once played by the consumer (renter), the cassette must be returned to the rental store for rewinding. The rewinding machine is such that it automatically records each rewinding transaction and the movie studio (or its agent) can then periodically check the rewinding machine, either on the spot or by telecommunications, for a transaction-by-transaction record. This of course requires some business arrangement between the video store owner and the movie studio to pay for the video cassette on a per use basis. Such arrangements are contractual matters outside of the purview of this patent disclosure.

The non-rewindable cassette has the obvious disadvantage that each renter may watch each movie only once per rental. This is frustrating to the renter who may wish to watch the movie more than once. There is also obviously a temptation on the part of the video store owner to tamper with the rewinding machine and hence end up paying fewer for rentals of the cassette than he is obligated to pay for.

A second proposal now being tested involves installing a special integrated circuit in each individual video tape cassette. This circuit turns itself on a predetermined time after being armed and radiates an interfering radio signal to the VCR electronics, thus effectively prohibiting further playing of that video tape cassette until it is returned to the rental store for reprogramming of the circuit. Again, the reprogramming machine automatically records the reprogramming transaction. So far this proposal has limited support due to the cost of the circuit in the video tape cassette, possible consumer inconvenience if the circuit malfunctions, and the ease with which it could be cheated by the video store operator or so-called "hackers". (The term "hacker" herein refers to anyone attempting to defeat system security by technical means.) The same deficiencies apply to the non-rewindable cassette approach. The circuit inside the video cassette also requires provision of a battery to power such a circuit, with the attendant practical complications.

Other proposals involve mechanical or electronic counters installed in each video tape cassette to count the number of plays. Again, this is problematic if a particular renter might want to play the video tape cassette more than once, and also is easily overcome by tampering.

It is to be understood that the video store owners interests in this regard are to a large extent the same as those of the rights owners. If a reliable system could be found to share rental revenues between the rights owners and the video store owners, then the rights owners would provide many more copies of each movie for rental to each store, hence increasing profits for both parties.

None of the above security systems are feasible for use with, for instance, video discs, which are soon expected to become very popular in new digital formats. Additionally, it is to be understood that the deficiencies of the above systems are a consequence of constraints imposed by the requirement that any such security system must be compatible with the large installed base of VCRs. Thus the proposed solutions to this problem are essentially unsatisfactory and none have been widely implemented.

SUMMARY

The present inventors have recognized that it is advantageous if a security system, instead of being forced to operate with the constraints of the present installed base of VCRs, instead uses a player compatible with new recording media specification(s) and includes a dedicated low cost rental control subsystem. Such a security system is especially suitable in anticipation of the introduction of new formats for video media such as the Digital Video Disc (DVD) and the Digital Video Cassette (DVC).

Implementation of the present security system requires that a significant proportion of the rights owners agree on the desirability of being able to better control commercial use of their copyrighted materials for the new formats, and as a consequence that the manufacturers of the players would be receptive to making compatible players in the expectation of increased support for their formats.

In accordance with the present invention, the present inventors have identified several important security system attributes. One is functionality, that the system track and report each rental transaction both by program (movie) title and length of time (days or hours) rented out. Further, the system should be capable of segregating transactions by, for instance, movie studio, and downloading this information on a periodic basis by e.g. the telephone lines to a transaction service center or to particular copyright owners.

The next attribute is a high level of system security; the present system is believed to be impossible (or prohibitively expensive on a practical basis) for unscrupulous video rental store owners (or hackers in collusion with video rental store owners) to cheat on or to compromise. Thus in accordance with the invention the rights owners can be confident that they are properly recompensed for rental activity. In the event of any security breach, in accordance with the invention it is possible quickly and inexpensively to recover from the breach and minimize resulting losses. Also, in accordance with the invention, there is tracking system security, in that particular rights owners are assured that transaction data relating to their particular video material (movie titles) is not accessible by others.

Another attribute is that the present system is operationally simple, providing minimum operational burden to the employees of the video rental store. Similarly, the users (renters) enjoy operational simplicity so that the system is essentially transparent to the renter of the video material and does not interfere with his enjoyment of the rented material.

As a last attribute, the present system adds minimal cost both to the players and the media. In addition, the cost of the in-store transaction monitoring and reporting equipment is believed to be quickly recoverable.

One embodiment in accordance with the present invention is directed to the digital video disc format medium. However, it is to be appreciated that the present invention is also applicable to systems using analog or digital video cassette tapes or analog video discs or other media using magnetic, optical or magneto-optical or other types of recording. This system is also applicable to other than video material such as audio material. (However, generally audio media are sold outright and not rented.)

Moreover, while one embodiment disclosed herein involves digital video disc media, it is to be understood that the invention is not particular to digital material but is also applicable to analog recordings.

In accordance with the invention there is a "TTRD" (transaction tracking and reporting device) which is an apparatus for use in a video store, and a method of using the TTRD to record, on a separate authorization card, in encrypted form of a program (movie) identification for the material prerecorded on the disc or tape and also in encrypted form the identification of a particular player. The authorization card is a reusable memory card having a capacity of about 100 bytes and being semiconductor, magnetic, or other suitable memory technology.

In addition, in accordance with the invention there is provided a modified player (a DVD player or video cassette tape player) which in addition to the conventional circuitry includes dedicated rental control circuitry and/or software for reading, from the prerecorded material on the medium, rent/sell authorization data, a public decryption key, and the program identification. Also provided in the player is a slot to accept the authorization card for reading the authorization card and connecting via a data decoder and error correction circuitry to a decryptor. The decryptor also receives the public decryption key which was optically recorded on the disc, and thereby decrypts from the data on the authorization card the program identification and the player identification. A special decision circuit in each player compares the player identification from the authorization card to that stored in a read only memory in the player, and also compares the program ID from the decryptor to the program ID provided from the prerecorded material. Only if both the two player identifications are authenticated (match) and the two program identifications are authenticated (match), is the player enabled to play the prerecorded material.

Of course if authorization data indicating that this is a sell-through (non-rental) disc is present on the disc, i.e. there is a authorization indication to play, then even if no program or player identification matches are made, the player is enabled to play the prerecorded program material.

Also therefore in accordance with the invention is a method of operating the player to authorize its operation to play the prerecorded material.

In an alternative embodiment, the authorization card is not used and instead a writable (e.g. magnetic) memory is located on the disc itself, by providing a narrow circular magnetic track near the center of the disc, to be read by a special magnetic head in each DVD player.

The last element is the prerecorded media. In the case of the DVD disc, this is a video disc including (in the alternative embodiment) the magnetic track located at a convenient location, such as near the disc center. The magnetic track on the disc as it comes from the factory and is shipped to the video rental store is typically blank but has space sufficient to record on it the encrypted program identification and encrypted player identification.

It is to be understood that hereinafter when reference is made to the authorization card, in the alternative embodiment this refers to the magnetic track on the disc or an equivalent for a video tape cassette.

In the case of a video tape cassette suitable for use in accordance with the present invention, recorded on the video tape at a convenient location(s) is the data decryption key and the program identification. Recorded at another location only in the alternative embodiment (for convenience of reading by the TTRD without rewinding of the video tape itself) is a second separate magnetic track which is sufficient size to include space for recordation of the encrypted program identification and encrypted player identification. The location of the second magnetic track may be for instance on the outside of the cassette housing. Thus when the video tape cassette is inserted into the TTRD (or the VCR), the insertion and corresponding movement of the cassette into the TTRD (or VCR) passes this track past a fixed magnetic head and hence allows easy reading thereof. In another version of the alternative embodiment, the second magnetic track is located on the end of one of the video tape cassette spindles, and hence the spinning of these spindles moves the magnetic track past a suitably located small magnetic head. In either case, there is no need to search for the encrypted data on the video tape itself.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a transaction tracking and recording device in accordance with the present invention.

FIG. 2 shows a player in accordance with the present invention.

FIG. 3 shows a video disc in accordance with an alternative embodiment of the present invention.

FIG. 4 shows a video cassette tape in accordance with the alternative embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

In a Digital Video Disc (DVD) embodiment, each DVD player, which is otherwise of a conventional type recently announced, for instance, by Toshiba or Sony or any other type, includes embedded in an internal memory a stored identification. This identification (e.g., a number) need not necessarily be the same as the player serial number. This identification is e.g., at least 6 or 8 decimal digits for best security. The player identification may have significantly fewer digits than the player serial number, for instance, having as little as two decimal digits at a penalty of reduced security. Thus the player identification need not be unique to each digital video player, but is a number large enough so it is not likely to be easily duplicated amongst the number of individual DVD players which a hacker may encounter.

Each corresponding digital video disc intended for the rental market includes, in addition to the normal optical prerecorded track in the alternative embodiment only, an additional narrow circular magnetic recording track located for instance near the center of the disc (this location is illustrative and not limiting). This track need hold approximately only 100 bytes of data. The magnetic track is read by a magnetic read head provided in each DVD player in accordance with the present invention. It is to be understood that the industry proposed DVD players do not include the slot to accept the authorization card (or in the alternative embodiment the magnetic head) and associated circuitry, and the addition of these elements is a required modification to DVD players in order to practice the present invention.

Each DVD disc intended for rental also will contain a number of extra bytes of information optically recorded during the conventional mastering of the disc, as part of the disc initializing information. In conventional CDs for instance, and also in the proposed DVD discs, there is a scan region which is read by the player in the initialization cycle of the disc. The initialization information conventionally includes data such as running time, number of tracks, and perhaps location of particular portions of the recorded material. In accordance with the invention, each rental disc will include, in addition to the conventionally provided information in the initialization region, a number corresponding to, for instance, the particular title of the movie recorded in the optical portion of the disc (a movie or program identification) and additionally an instruction telling the player to read the magnetic track of that particular disc to obtain authorization to play the disc. Discs intended for the sell-through market, i.e. to be sold at retail to consumers, will not include such an instruction to seek authorization. To put this another way, discs intended for the sell-through market will include an instruction which does not require the player to read the authorization card for authorization to play the disc, but will authorize the player to play the disc without consulting the authorization card.

The information recorded on the authorization card includes the movie identification(s) and the player identification of a particular player or players authorized to play that disc. This information on the authorization card is encrypted and recorded at the time of the rental transaction by the transaction tracking and reporting device (TTRD), provided to each rental store in accordance with the present invention. "TTRD" is nomenclature used herein for convenience to refer to a device as described in detail below. It is to be understood that such a device need not necessarily be a stand-alone device but may for instance be incorporated into other transaction reporting equipment already present in video rental stores, with appropriate features as described below.

A conventional electronic clock in each TTRD records, for each rental transaction, the time and date of authorization and later records when the particular disc was returned to the rental store after the rental was completed.

Each DVD player, which is otherwise conventional, also includes a decision circuit which allows that particular player to play a particular disc only if its player identification matches the authorized player identification read from the authorization card, and also if the movie identification optically read from the disc matches the movie identification read from the authorization card).

When a rental customer first becomes a customer at a particular rental outlet or rental chain, the customer provides the rental store employee with the player identification of the customer's own DVD player. This identification, along with e.g. the customer's name and/or telephone number, is entered into the TTRD via e.g. a standard keyboard interface or by a bar code reader. Thus for instance a particular customer can become a member, as now, at any number of rental stores and thereafter need only provide conventional information, i.e. name or telephone number or rental identification card, to rent a disc.

When a particular disc is rented, it is inserted by the rental store employee into the TTRD which then optically reads from the disc the movie identification from the disc's initialization region and records it, along with the customer's player identification, on the authorization card. This operation is automatic and takes only a few seconds.

The authorization card is supplied by the rental store at the time of each rental; one card may include information for several rented discs. The cards will cost about $1 each to manufacture, and are reusable. The authorization card approach is less convenient to the rental store and renter than is the magnetic track on the disc, since an extra physical item is involved. The card may be sized to fit inside the disc "jewel case" to minimize risk of loss. However, the authorization card approach is less expensive in terms of cost of manufacturing the players. The security and functionality of the system are independent of the authorization media employed.

After the customer has finished using the disc and returns it to the rental store, the rental store employee briefly inserts the disc in the TTRD which reads both the magnetic and optical data and records in the TTRD memory the data and time of the return. The TTRD then has a complete record of the transaction.

This system provides the above described advantages. In terms of functionality, for transaction tracking information the electronic clock in the TTRD notes each disc's time and date of authorization and when it was returned to the rental store. Combined with the movie title and renter's player identification if desired, this is sufficient information to track rental activity. It is to be noted however that in certain embodiments of the invention the rental tracking features are not necessary and only the below-described security features are included. Thus in certain applications where the rights owner may for instance not require transaction information but merely wants security, the functionality of transaction tracking and the accompanying structures may be dispensed with.

One added advantage of the present system is that it prohibits a particular renter from lending his rented disc (or tape) to a friend or relative, since only the particular renter's DVD player has been authorized to play any particular disc. This feature may advantageously generate extra rental transactions. If a particular customer owns more than one DVD player, the system accommodates this by allowing the recordation of more than one player identification on the authorization card (or on the disc magnetic track). The system prohibiting lending to a friend may then be circumvented by a customer listing his friend's player as his own. (This would of course be found out if the friend then were to rent a disc on his own from the same rental store or rental store chain.)

A major advantage in accordance with the invention is that system security is maintained even though a hacker acquires complete knowledge of the security principles used and is also fully capable of probing the entire operational details of the authorization circuits in a particular DVD player. That is to say, the DVD player itself holds no secrets and yet the system is still secure. The security system has two aspects. The first is preventing illicit transactions. The second is restricting access to the transaction data in accordance with the transaction reporting system. Of these, the first is probably more important.

In order to prevent illicit transactions, that is to prevent a hacker from designing a "black box" device to illicitly record authorization data on an authorization card, this data (the player and movie identification) is concatenated and encrypted and written on the authorization card (or on each disc) by the TTRD, using a public key encryption system. Such systems are well known. The following is a brief review of pertinent encryption methods.

The most common form of data encryption and best known to the layman, is called private key or symmetrical encryption and is the method historically used for encryption. Such methods use the same key to encrypt and to decrypt data. To guard against trial and error attempts at guessing the encryption key, the key is usually a large number, i.e. an 18 decimal digit number. The DES (data encryption system) algorithm is an example of a private key system in which data, arranged in 64 bit blocks, are encrypted using a 56 bit key. (Fifty-six bits are equivalent to approximately 17 decimal digits.)

In private key encryption systems, as is well known, the chosen key must be kept secret from hackers (or any one with an adverse interest) to ensure security. However at the same time the key must be provided to a potentially large group of legitimate users. In a typical (military) context, there is a relatively small number of legitimate users and hence such systems have historically been used somewhat successfully. However, for the present purpose each DVD player must include the decryption key in order to read the authorization medium. Thus hackers, who can easily buy a DVD player, would have at least in some form access to the key, hence substantially reducing system security. That is to say, it is unrealistic to believe that the decryption key used in such a player would be protected against the determined effort by a hacker to read it, given the low cost and ubiquity of the players. Therefore it is believed that a private key encryption system is more likely to be penetrated, but however may be used in accordance with the present invention where the above-described drawbacks may be of less importance.

The other type of data encryption uses a public key and is also referred to as asymmetrical encryption. Thus there are two different keys in such a system. The first is the private key, known only to authorized users as in the above described private key system; the second key is the public key which may be widely known without risk of system penetration, i.e. hacking. One key (either key) is used for data encryption and the other key is used for decryption. An essential feature of all public key systems is that knowledge of the decryption key does not allow the hacker to encrypt a message and vice-versa.

The most secure public key system commercially available is from a company called RSA Data of Redwood City, Calif. The security of this system is predicated on the difficulty of factoring very large numbers, containing upwards of one hundred decimal digits. The fastest known factoring algorithm running on the fastest computers typically takes decades to factor such numbers. The larger the key, the more difficult factoring becomes. In practice, the size of the key is chosen to reduce the cost effectiveness of a factoring effort to unacceptable levels for a would-be hacker, throughout the expected life of the product and with due allowances for anticipated increases in computing power.

In accordance with one embodiment of the present invention, the private key of the public key system is used for encryption. Thus this key is securely stored in each TTRD in such a manner that any attempt to extract the private key from the TTRD causes erasure of the key. This is relatively easy to accomplish since there are limited number of TTRD devices (typically one per rental store) each of which is electronically polled from time to time for ordinary transaction purposes. Hence any breach of security is likely to be easily detected. The technical means for protecting such keys embedded in an integrated circuit in the TTRD are well known. One simple method is that an attempt to open the TTRD housing results in immediately erasure of the private key. Similarly, since the key is likely to be embedded in a volatile memory, any attempt to electrically contact the leads of the memory results in erasure of its contents. Other types of security interlocks are well known, and multiple interlocks may be provided. Additionally of course, any successful attempt to obtain a data from a particular TTRD would point to the custodian of that TTRD as a likely conspirator. The mere existence of such knowledge would, it is believed, reduce penetration attempts.

The corresponding public key needed for decryption of the DVD player is optically recorded on the disc along with the aforementioned movie identification and the authorization (rent/sell) instruction, as part of the ordinary optically recorded content of the disc. When the disc is to be played, this key is read by the DVD player and is used to decrypt the data on the authorization card, in order to enable playing.

The public key is recorded optically on each disc rather than stored in each DVD player in order to permit quicker recovery from a security breach. In the unlikely event that the current private key became known, thereby threatening system security, a new pair of keys could quickly be generated. The new private key would be downloaded (i.e. via telecommunications) to each TTRD and the corresponding new public key would then be used on all new discs to be manufactured from that day on. Thus revenue losses would be restricted to video rental stores which obtained an illicit authorization device from a hacker, which now could be used only to authorize playing of movies released before the date of the key change. Furthermore, any abnormal reduction in rental transaction reporting of particular movies released before the security breach occurred, from a particular rental store, would indicate that store was a possible illicit operator.

In order to allow TTRDs to continue to authorize older movies after a new pair of keys is distributed, each TTRD would store the full history of keys used, organized by serial number, and automatically encrypt the data to be recorded on the authorization card with the appropriate private key. This is accomplished by appending the key serial number to the public key recorded on the disc's optical track. The TTRD reads the serial number first and then selects the appropriate private key to perform the encryption from the set of private keys stored in the TTRD in its memory.

The movie ID is both recorded optically on the disc and encrypted (along with the authorized player ID) on the authorization card for two reasons. The first reason is to permit TTRDs to track which particular movies are being rented. The second reason applies to system security; if data recorded on the authorization card were merely an encrypted instruction that would authorize any disc to be played by a DVD player having a particular identification, then that encrypted data stream could be obtained by a hacker and reused later. This would be done using a hacker's device to record the data stream on the authorization card. This would illicitly authorize playing of other movies by the same DVD player (that is, for the same customer).

A vital feature of a public key encryption system is that it is not possible to deduce what the encrypted data would be for a block of data which differs by as little as one bit from a block of data whose encrypted value is already known. In other words, knowing the encrypted data for an instruction to allow e.g. movie number 566 to play on a player with player ID 1289, would not allow a hacker to deduce what encrypted data would correspond to an instruction to allow movie number 567 to play on the identical player. Thus the most a hacker could do would be to note the code sequence which authorizes playing a particular movie for a particular player and later reuse that same code sequence with the same customer desiring to rent the same movie at a later time. Thus at most such hacking would obtain for the unscrupulous rental store owner one additional rental without having to pay the rights owner for that one particular rental. The effort required to do this seems to vastly outweigh any likely financial gain and hence it would not be done.

In terms of restricting access to transaction data, the system also uses in one embodiment a public key encryption system (not the same one as above in terms of the keys themselves) to report transactions. Thus each rights owner (e.g. movie studio) is assigned a unique private key/public key pair. Each TTRD stores the public key of each studio. Transaction data relating to a particular studio is encrypted within the TTRD prior to storage and transmission of same, using that studio's public key. Only the studio (or its agent) is provided with the corresponding private key needed to decrypt the transaction data.

The rest of the system provides operational simplicity because at the time of rental, the video rental store employee must enter the renter's name or telephone number as is done conventionally using either a keyboard interface or a bar code scanner from an identification card including identification number, and then the employee additionally in accordance with the invention inserts the renter's authorization card and the particular rented disc in the TTRD. In the first embodiment using the authorization card, the TTRD includes a plug in socket for electrically connecting to the authorization card. In the second embodiment using a magnetic track on the disc, the TTRD includes a special recording head to record on the special magnetic track on the disc (or tape cassette).

The TTRD