JP2006065641A - Server system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a DRM service compliant with OMA DRM which is adapted for capability of a mobile terminal. <P>SOLUTION: When an HTTP request indicating purchase agreement for the content from a mobile terminal (UE) is received, a DRM platform checks the capability of the mobile terminal and returns to its corresponding download descriptor (DD). The UE requires a media object (MO) of that content to a content provider based on this DD, and the MO is distributed to the UE. When receiving "Install Notify" which indicates reception of the MO from the UE, the DRM platform creates a right object according to the capability of the UE and distributes it to the UE by WAP push. When the capability of the UE does not correspond to the right object, the request for acquisition from the UE is refused. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a server device in a mobile communication system that can be connected to the Internet from a mobile terminal such as a mobile phone.

  In recent years, so-called third-generation mobile phone services are being introduced. In this third-generation mobile communication system, standardization is being promoted so that the same mobile terminal can be used in common all over the world. The WAP (Wireless Application Protocol) and MMS (Multimedia Messaging Service) standards are adopted as common specifications (Non-patent Document 1). Hereinafter, a mobile terminal compatible with WAP and MMS is simply referred to as a “WAP compatible terminal”.

  In such a WAP-compatible terminal, copyright management conforming to OMA DRM (OMA Digital Rights Management) version 1.0 is performed. OMA DRM is a digital rights management (DRM) specification established by the Open Mobile Alliance, which is a mobile phone application standardization organization (Non-Patent Document 2).

In OMA DRM ver1.0, there are 3 content delivery methods: (1) Forward Lock, (2) Combined Delivery, and (3) Separate Delivery. There are two specifications.
(1) Forward lock is a method that does not allow transfer of acquired content.
(2) Combined Delivery is a method that delivers content by adding rights (setting of usage rights) to Forward Lock content, and limits the number of usages and expiration date (for example, use only once) Yes, can be used for 5 days). As usage rights, the number of times the content is used (Count: how many times it can be used), the content availability period (Datetime: year / month / day / hour / minute / second, from when to when) and the content availability time (Interval: For example, it is possible to designate three types of rights (5 minutes after starting use).
(3) Separate delivery includes encrypted content (Media Object: media object, MO) and right + key (key for releasing the encryption) part (Rights Object: rights object, RO) are distributed separately. On a mobile terminal, the contents can be used only when the media object and the rights object are arranged.
The content body portion of the media object (MO) is encrypted, and a content ID (CID: Contents ID) assigned for each content is assigned. In addition, the rights object (RO) is a “rights description file” handled by separate delivery, and is used to decrypt usage rights and key information (CEK: Content Encription Key, encrypted media object) for the corresponding content. Key information to be used). A plurality of rights objects can be set for one media object.

  The usage right for the content in the rights object is defined by permission (permission) information that defines the content usage right and constraint (restriction) information that defines the scope of the content usage right. In OMA DRM ver1.0, content playback (Play), content display (Display), content execution (Execute), and content printing (Print) are defined as the permission information, and the constraint information is described above. Similarly, the number of times of use of content (Count), the content availability period (Datetime), and the content availability time (Interval) are defined.

In addition, there are methods for obtaining content such as downloading from the web, obtaining a card storing the content, and distributing via e-mail, etc. Distribution) can be realized.
The WAP Forum Ltd., "WAP 2.0 Technical White Paper", [on line], (2002.01.18), [Search April 28, 2004], Internet <URL: http://www.wapforum.org/ what / WAPWhite_Paper1.pdf> Open Mobile Alliance, "OMA Digital Rights Management version 1.0", [on line], [Search April 28, 2004], Internet <URL: http://www.openmobilealliance.org/tech/release.html>

When the above-described third generation service is started, there will be both a mobile terminal that has been provided in the past and that is compatible with each mobile carrier's own protocol and the above-described WAP-compatible terminal.
Conventionally, each mobile carrier provided a unique service based on its own protocol. From now on, not only mobile terminals that support each mobile carrier's own standard but also WAP support. Also for terminals, it is required to provide services similar to those provided to mobile terminals that have been conventionally compatible with the standards unique to each mobile communication carrier.
In terms of content copyright protection, the same services are provided for WAP compatible terminals that use OMA DRM-compliant copyright protection mechanisms, as used in the conventional copyright management based on mobile carrier's original specifications. It is necessary to do.
For example, in the conventional service, content suitable for the capability of each mobile terminal is downloaded. However, content corresponding to the capability of each WAP-compatible terminal can also be downloaded in the WAP-compatible terminal. It is required to do so.

  Therefore, an object of the present invention is to provide a server device that can perform processing according to the capability of a mobile terminal even for a WAP-compatible terminal.

In order to achieve the above object, a server device connected to a gateway server provided between a mobile communication network and an IP network such as the Internet, wherein a request for acquiring a rights object in a separate delivery is issued from a mobile terminal. And a means for creating a rights object corresponding to the capability of the mobile terminal and a means for delivering the created rights object to the mobile terminal.
Another server device of the present invention is a server device connected to a gateway server provided between a mobile communication network and an IP network such as the Internet, and the rights object in the separate delivery from the mobile terminal. Means for determining whether or not the capability of the mobile terminal is compatible with the rights object when there is an acquisition request, and the acquisition request when the capability of the mobile terminal is not compatible with the rights object. And means for refusal.
Still another server device of the present invention is a server device connected to a gateway server provided between a mobile communication network and an IP network such as the Internet, and there is a content acquisition request from the mobile terminal. And a means for checking the capability of the mobile terminal and a means for creating a download descriptor suitable for the capability of the mobile terminal and transmitting it to the mobile terminal.

According to the server device of the present invention having a means for creating a rights object corresponding to the capability of the mobile terminal when the mobile terminal requests acquisition of the rights object related to the content, the content is distributed by the separate delivery method. Sometimes it is possible to set rights appropriate for the mobile terminal.
In addition, when there is a request for acquisition of a rights object related to content from a mobile terminal, the server device of the present invention having means for rejecting the acquisition request according to the capability of the mobile terminal is requested from the mobile terminal When the right object corresponding to the content includes constraint information that the mobile terminal does not support, the request from the mobile terminal can be rejected to prevent unauthorized use of the content. It becomes possible.
Furthermore, according to the server device of the present invention having means for creating a download descriptor corresponding to the capability of the mobile terminal and transmitting it to the mobile terminal when the content acquisition request is received from the mobile terminal, Even when the download descriptor is upgraded, it is possible to cope with the capability of the mobile terminal.

FIG. 1 is a block diagram showing an example of the overall configuration of a mobile communication system provided with a server device of the present invention. Here, in order to avoid complexity, the illustration of the configuration of the monitoring / maintenance system is omitted.
In this figure, 1 is a mobile terminal (UE: User Equipment) such as a mobile phone, 2 is a mobile communication network (3G mobile network) in which the mobile terminal 1 is accommodated, 3 is the mobile communication network 2 and the Internet, etc. Reference numeral 4 denotes a gateway message (GGSN: Gateway GPRS Support Node), and reference numeral 4 denotes a short message service center (SMSC) for delivering a short message to the mobile terminal 1.

5 is a WAP platform provided for accommodating WAP-compatible terminals, which terminates the WAP 2.0 protocol from the mobile terminal (UE) 1 and transfers it to the origin server using HTTP (HyperText Transfer Protocol). WAP gateway (WAP-GW: WAP-GW), and adjustment of WAP standard functions and extended functions by mobile carriers by converting received requests into appropriate formats and sending them to the subsequent stage Server (WAP-GW / JSP) 6 having a proxy server (JSP: J-Phone Scheme Proxy), RADIUS accounting protocol from GGSN 3 is terminated, RADIUS for session management and session log generation for each user, etc. In addition to providing a server, WAP / MMS service subscribers use services such as web and email Information management server (R2M: RADIUS & Repository Manager) 7 that centrally manages user information necessary for mobile communication and information on mobile terminal capabilities, user setting information (Selfcare-) required for WAP service subscribers to use the web Profile) and profile database server (PDB: ProfileDB) 8 that manages and holds terminal information (UE-Profile), and push proxy gateway (PPG) that executes push services such as WAP push and mail notification delivery Each node such as Push Proxy Gateway) 9 is included.
Reference numeral 10 denotes a directory replica server (DRS) that holds a copy of the stored contents of the directory server that centrally manages all subscriber information.
The R2M7 is connected to the PDB8 and the DRS 10, and in response to a request from the WAP-GW / JSP6, user information (User-Profile), mobile terminal information (UE-Profile), and user agent profile information (UA-Profile) etc. are provided.

  Reference numeral 11 denotes a Web Gateway (WGW) provided between the WAP-GW / JSP 6 and the Internet 26, which also has a function of managing the registration status of services and processing related to charging for information charges. Yes. As shown in the figure, the WGW 11 includes a proxy server (H-MAWG: H-Mobile Active Web Gateway) 12 that performs processing accompanied by a special value-added service such as charge collection for paid content access, customer information management and billing. A CDR (Charging Data Record) collection server (CDRC: CDR Collector) 13 connected to a system that performs checkout processing, a server (AS: Authentication Server) 14 that performs user authentication processing, and a general web caching proxy function A proxy server (L-MAWG) 15 to be provided is included.

  Reference numeral 16 denotes a DRM platform for providing a DRM usage service, which includes a TMS (Transaction Management Server) server 17 and a DRM server 20 node group. As shown in the figure, a TMS (Transaction Management Server) server 17 that manages DRM content transactions manages a content distribution control server (TMS-C: Transaction Management Server-Control) 18 that controls requests from the mobile terminal 1. And a state transition management server (TMS-S: Transaction Management Server-Status) 19 that performs state management in communication with the mobile terminal 1, and the DRM server 20 includes a rights object based on the registered rights information. A license server (LS) 21 that generates and manages (RO), and a packaging server (PS) that controls registration of content information and registration of accompanying rights information in cooperation with a packaging tool described later. Access from Packaging Server) 22 and Content Provider (CP) 27 Information received from a server (CPAS: CP Authentication Server) 23 that mediates communication with the DRM platform 16 side, and content provider (CP) 27 such as content information and rights information, and mobile communication providers A database server (DB: Database Server) 24 that holds service definition information and the like to be created is included. The packaging server (PS) 22 is connected to a database synchronizer (DBS: DB-Synchronizer) 25 for synchronizing generations in the web service, and manages the distribution of provider information and service information in the DBS 25. A node (SPM: Service and Provider Manager) can be used.

A proxy server (L-MAWG) 15 in the WGW 11 is connected to the Internet 26, and a content provider (CP: Content Provider) 27 that provides content in response to a request from a user is connected to the Internet 26. Yes.
The content provider 27 is provided with an origin server 28 in which a resource designated by the mobile terminal 1 or the like exists or is generated, and a series of contents to be converted into a DRM compatible format. A packaging tool 29 for performing the above process (packaging) is distributed from a mobile communication carrier or the like.
The packaging tool 29 is connected to the CPAS 23 in the DRM server 20 via the Internet 26 and a firewall (F / W) 30, and the DRM server 20 installed by a mobile communication carrier. The content can be packaged in cooperation with the server group.

That is, the packaging tool 29 receives the raw contents (Raw Contents), the URI (Rights Issuer URI) of the download destination of the rights information, and the rights information as inputs, and the license server LS21 and the packaging server PS22 in the DRM platform 16. In cooperation with the above, a DCF (DRM Contents Format) file, which is a DRM content format including encrypted contents, and a license ID (LID) thereof are created. At this time, information such as key information, content contents, and MIME type is stored in the database server DB 24 in the DRM server 20.
Here, the license ID (LID) is an ID for designating a rights object (RO) linked to the media object (MO). By designating this ID, it is possible to distribute the corresponding rights object (RO).

The media object (MO) is downloaded by a download method (OMA download) defined by OMA. In this method, it is possible to notify what content is to be acquired in advance by acquiring a download descriptor (DD) before downloading the content. In addition, after the download is completed, a download completion notification (Install Notify) can be transmitted to an arbitrary URL. Here, the download descriptor includes metadata (content name, size, type, version, etc.) regarding the content (MO), a URL (ObjectURI) indicating the location of the content, and a URL of a notification destination of a download completion notification. (InstallNotifyURI) is a file that describes.
On the other hand, the rights object (RO) is distributed to the mobile terminal 1 by the WAP push via the PPG 9.
In other words, the rights object cannot be acquired from the license server installed by the mobile communication carrier unless it is based on the WAP push.

  The operation of the system configured as described above will be described by taking as an example a case where the user of the mobile terminal 1 downloads paid content from the origin server 28 of the content provider 27. In the following description, it is assumed that the mobile terminal 1 is a WAP compatible terminal.

FIG. 2 is a diagram showing a sequence when the user of the mobile terminal 1 downloads paid content from the origin server 28.
Assume that the mobile terminal 1 which is a WAP compatible terminal is connected to the Internet according to the WAP sequence, and the user decides to purchase paid content provided by the content provider 27 and performs an operation to instruct the purchase of the content. . As a result, an HTTP request indicating purchase consent is transmitted from the mobile terminal 1, and the HTTP request is relayed by the server (WAP-GW / JSP) 6 and WGW 11 (H-MAWG 12) to the TMS-C 18 of the DRM platform 16. Transferred. The HTTP request indicating the purchase consent includes a request for obtaining a download descriptor (DD) of the content.

  The WAP-GW / JSP 6 that has received the HTTP request indicating the purchase consent from the mobile terminal 1 uses the MSISDN (Mobile Station ISDN number) or IMSI (International Mobile Subscriber Identity) included in the HTTP request as a key. From R2M7, the mobile terminal information (UE-Profile) including the model information and performance information of the mobile terminal and the profile information (UA-Profile) of a user agent such as a web browser are acquired. At this time, the WAP-GW / JSP 6 also includes the type of secure clock (time information stored in the mobile terminal 1) as extension information for DRM, and the association information of the MIME type and permission to be changed. get. Then, the WAP-GW / JSP 6 adds the acquired mobile terminal information (UE-Profile), user agent profile information (UA-Profile), and the DRM extension information to the HTTP header of the HTTP request, and adds the WGW 11 ( To the TMS server 17 of the DRM platform 16 via the H-MAWG 12).

The TMS server 17 that has received this HTTP request creates a download descriptor for downloading the requested content, and transmits it as an HTTP response to the mobile terminal 1. At this time, the TMS server 17 checks the capability of the mobile terminal 1 and creates a download descriptor corresponding to the capability.
That is, the TMS server 17 of the DRM platform 16 checks the capability of the mobile terminal 1 that has sent the HTTP request based on the DRM extension information included in the HTTP header, and moves the mobile terminal 1 based on the HTTP request. A download descriptor suitable for the terminal is created, and an HTTP response including the download descriptor is returned to the WGW 11.
For example, when a mobile terminal of a new model is released and the version of the download descriptor description method is increased, the TMS server 17 creates a download descriptor described in a description method corresponding to the model. As a result, the DRM platform 16 can support a new version of the mobile terminal.

The WGW 11 that has received the HTTP response including the download descriptor created as described above by the TMS server 17 sets the status code of the HTTP response to “402” and transfers it to the WAP-GW / JSP6. The WAP-GW / JSP 6 sets the status code of the received HTTP response to “200” and transfers it to the mobile terminal 1.
As a result, it is possible to perform billing processing using a status code “402”, which has been conventionally performed according to a mobile carrier's own standard, even for a WAP compatible terminal.

The mobile terminal 1 that has received the HTTP response including the download descriptor from the WAP-GW / JSP 6 obtains the content (media object) acquisition request for the URL (ObjectURI) included in the download descriptor ( Get Media Object). This request is transferred via the DRM platform 16 and the WGW 11 to the content provider 27 that stores the content.
The content provider 27 that has received the content request relays the requested content (media object) to the mobile terminal 1 through the WGW 11, the DRM platform 16, and the WAP-GW / JSP 6.
When the mobile terminal 1 receives all the contents, the download completion notification “Install Notify” is specified by the DRM platform 16 (URL (InstallNotifyURI) in the download descriptor) via the WAP-GW / JSP6. ).

Upon receipt of the “Install Notify”, the DRM platform 16 creates a rights object corresponding to the capability of the mobile terminal 1 and delivers it to the mobile terminal 1 via the PPG 9 by WAP push (Rights Object Push Delivery). ).
For example, the DRM platform 16 performs the following processes (1) and (2) according to the capability of the mobile terminal 1 that has transmitted the HTTP request.

(1) Rewrite the permission information of the rights object according to the capability of the mobile terminal 1.
That is, since OMA DRM ver1.0 does not define the association between the MIME type and the permission information, the association may differ depending on the mobile terminal. Therefore, the service compatibility between the mobile terminals is maintained by rewriting the permission information according to the mobile terminal. For example, if “Execute” is usually associated with a certain content but “Play” is associated with a certain mobile terminal A, “Execute” is normally associated with the mobile terminal A. The rights object is distributed, and the mobile terminal A cannot use the content. However, since this function is provided, a rights object whose permission information is rewritten to “Play” is distributed to the mobile terminal A so that the mobile terminal A can use the content. Become.

(2) A rights object (RO) including specific constraint information is not distributed according to the capability of the mobile terminal.
Some mobile terminals allow a user to easily change time information (secure clock) held inside. Distributing time-based rights objects (right objects including content availability time (Interval) and content availability time (Datetime)) to mobile terminals that can perform unauthorized time operations in this way is problematic. There is. Therefore, the DRM platform 16 has a function of distributing the time-based rights object only to mobile terminals that hold valid time information.
That is, the DRM platform 16 includes the type of secure clock (the secure clock method name of the mobile terminal 1) in the extended information for DRM added to the HTTP header of the HTTP request from the WAP-GW / JSP 6, and the TMS server. 17 is compared with the valid secure clock method name held in 17 to determine whether the mobile terminal that transmitted the request is a mobile terminal holding valid time information. As a result, when the secure clock method name in the DRM extension information added to the HTTP header is compatible with a valid secure clock method, the time-based rights object described above is distributed to the mobile terminal, HTTP from a mobile terminal in which an invalid secure clock method name is set in the DRM extension information added to the HTTP header, or from a mobile terminal in which nothing is set in the DRM extension information added to the HTTP header In response to the request, an error message is sent so that the time-based rights object is not distributed.

The rights object created in this way is distributed by push to the mobile terminal 1 via the PPG 9.
When the mobile terminal 1 receives the rights object, the mobile terminal 1 transmits “Delivery Receipt” notifying the delivery status to the PPG 9. When the PPG 9 receives the “Delivery Receipt”, the PPG 9 creates a delivery result notification message “Delivery Report” according to the content and transmits it to the DRM platform 16.
Upon receipt of the delivery result notification message “Delivery Report”, the DRM platform 16 determines whether or not the rights object has been successfully delivered, and includes a charging parameter for the corresponding WGW 11 only if the delivery is successful. Send billing notification “Charging Notify”. The WGW 11 that has received the billing notification performs billing processing based on the billing parameter included in the notification.
That is, the billing process is not performed before the distribution of the rights object is completed.

As described above, according to the DRM platform 16 of the present invention, the rights object corresponding to the capability of the mobile terminal 1 can be created and distributed, so that the content corresponding to the capability can also be distributed to the WAP terminal. Is possible.
Also, depending on the capabilities of the mobile terminal, the content acquisition request is rejected, or the corresponding download descriptor is created and transmitted, so processing corresponding to the mobile terminal can be performed. It becomes.

In the above description, the case where the pay-per-use charge is performed has been described. However, the present invention can be similarly applied to a case where free content is downloaded or a period charge is performed.
In the above description, the case where the media object and the rights object are continuously transmitted has been described. However, the present invention can be similarly applied to the case where only the rights object is distributed.

It is a block diagram which shows the whole structure of the system by which the server apparatus of this invention is provided. It is a figure which shows the sequence when purchasing paid content from a mobile terminal.

Explanation of symbols

  1: mobile terminal, 2: mobile communication network, 3: GGSN, 4: SMSC, 5: WAP platform, 6: WAP gateway and proxy server (WAP-GW / JSP), 7: information management server (R2M), 8 : Profile database server (PDB), 9: Push proxy gateway (PPG), 10: Directory replica server (DRS), 11: Web gateway (WGW), 12: Proxy server (H-MAWG) , 13: CDR collection server, 14: server (AS), 15: proxy server (L-MAWG), 16: DRM platform, 17: TMS server, 18: content distribution control server (TMS-C), 19: state transition Management server (TMS-S), 20: DRM server, 21: License server (LS), 22: Packaging server (PS), 23: Server (CPAS), 24: Database server (DB), 25: Database synchronizer (DBS), 26: Internet, 27: Content provider, 28: Origin Server, 29: Packaging tool, 30: Firewall

Claims (3)

A server device connected to a gateway server provided between a mobile communication network and an IP network such as the Internet,
Means for creating a rights object corresponding to the capability of the mobile terminal when a request for acquisition of the rights object in the separate delivery is received from the mobile terminal;
Means for distributing the created rights object to the mobile terminal. A server device connected to a gateway server provided between a mobile communication network and an IP network such as the Internet,
Means for determining whether or not the capability of the mobile terminal conforms to the rights object when there is a request for acquisition of the rights object in the separate delivery from the mobile terminal;
And a means for rejecting the acquisition request when the capability of the mobile terminal does not conform to the rights object. A server device connected to a gateway server provided between a mobile communication network and an IP network such as the Internet,
Means for inspecting the capability of the mobile terminal when a content acquisition request is received from the mobile terminal;
Means for creating a download descriptor suitable for the capability of the mobile terminal and transmitting it to the mobile terminal.

Images