[go: up one dir, main page]

US20070288383A1 - Method and apparatus for issuing rights object required to use digital content - Google Patents

Method and apparatus for issuing rights object required to use digital content Download PDF

Info

Publication number
US20070288383A1
US20070288383A1 US11/741,292 US74129207A US2007288383A1 US 20070288383 A1 US20070288383 A1 US 20070288383A1 US 74129207 A US74129207 A US 74129207A US 2007288383 A1 US2007288383 A1 US 2007288383A1
Authority
US
United States
Prior art keywords
rights object
digital content
key
smc
content
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/741,292
Inventor
Yeo-jin KIM
Yun-sang Oh
Sang-gyoo Sim
Kyung-im Jung
Ji-soo Kim
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Priority to US11/741,292 priority Critical patent/US20070288383A1/en
Assigned to SAMSUNG ELECTRONICS CO., LTD. reassignment SAMSUNG ELECTRONICS CO., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: JUNG, KYUNG-IM, KIM, JI-SOO, KIM, YEO-JIN, OH, YUN-SANG, SIM, SANG-GYOO
Publication of US20070288383A1 publication Critical patent/US20070288383A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/109Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by using specially-adapted hardware at the client
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/027Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] involving a payment switch or gateway
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/24Key scheduling, i.e. generating round keys or sub-keys for block encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/603Digital right managament [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication

Definitions

  • the present invention relates to a method and apparatus for issuing a rights object required to use digital content, and more particularly, to a method and apparatus for issuing a rights object and capable of storing digital rights management (DRM) content, which is usually provided online, in a secure multimedia card (SMC) so that the DRM content can also be provided offline.
  • DRM digital rights management
  • DRM is a technical mechanism to protect copyright on digital content and properly charge for the use of the digital content.
  • DRM is designed to protect digital content that can be easily copied and distributed in illegal ways.
  • DRM encrypts digital content so that the digital content can be distributed in an encrypted form.
  • DRM requires a specified license called a “rights object” to use the encrypted digital content.
  • FIG. 1 illustrates a related art DRM concept.
  • a user 110 who desires to use digital content may obtain desired content from a content issuer 120 .
  • the rights object is a software object that includes information such as copyright information of content, information regarding user rights, etc.
  • the user 110 may pay a rights object issuer 130 for a rights object including the right to execute the encrypted content and obtain the rights object from the rights object issuer 130 .
  • Rights included in the rights object may include a content encryption key (CEK) required to decrypt the encrypted content.
  • CEK content encryption key
  • the rights object issuer 130 reports the details of the issuance of the rights object to the content issuer 120 .
  • the rights object issuer 130 and the content issuer 120 may be the same entity.
  • the user 110 who obtained the rights object as described above may consume the rights object and thus use the encrypted content.
  • a rights object includes limit information such as the number of times that content can be used by consuming the rights object, a period of time during which the content can be used by consuming the rights object, or the number of times that the rights object can be copied. Unlike content, the reuse or copying of a rights object is limited. Therefore, content can be effectively protected by DRM.
  • users store rights objects in various hosts, which execute multimedia data, such as a personal computer (PC), an MP3 player, a mobile phone, and a personal digital assistant (PDA). Accordingly, there is a growing need for sharing digital content between different devices.
  • multimedia data such as a personal computer (PC), an MP3 player, a mobile phone, and a personal digital assistant (PDA).
  • DRM content which is sold based on conventional DRM technology, is dependent on a particular device, it cannot be used on other devices.
  • the present invention provides a method and apparatus for issuing a rights object required to use digital content, which are capable of storing digital content and a rights object in hardware, such as a SMC, in the form of media so that the digital content can be used on various multimedia devices.
  • a method of issuing a rights object required to use digital content includes receiving the digital content and the rights object; and encrypting the rights object using a public key of an SMC and storing the encrypted rights object in the SMC.
  • a method of issuing a rights object required to use digital content includes selecting the digital content using a digital content purchase interface and paying for the digital content; encrypting a rights object for the digital content using a binding target key; and storing the encrypted rights object in an SMC.
  • a method of issuing a rights object required to use digital content includes forming a security channel with a digital content storage device after mutual authentication and receiving the rights object from the digital content storage device; and decrypting the rights object using a binding target key and providing information required to play back the digital content.
  • an apparatus for issuing a rights object required to use digital content includes a purchase interface unit which receives information regarding the digital content selected by a user, the purchase interface unit being used by the user to pay for the digital content; an encryption unit which encrypts the rights object for the digital content using a binding target key and stores the encrypted rights object in an SMC; and a communication interface unit which communicates with the SMC.
  • an apparatus for issuing a rights object required to use digital content includes a communication interface unit which forms a security channel with an SMC after mutual authentication and receives the rights object from the SMC; and a content provision unit which decrypts the rights object using a binding target key and provides information required to play back the digital content.
  • FIG. 1 illustrates a related art DRM concept
  • FIG. 2 illustrates a method of issuing a rights object required to use digital content according to an exemplary embodiment of the present invention
  • FIG. 3 illustrates a method of issuing a rights object required to use digital content according to another exemplary embodiment of the present invention
  • FIG. 4 illustrates a method of using a rights object required to use digital content according to an exemplary embodiment of the present invention
  • FIG. 5 is a block diagram of an apparatus for issuing a rights object required to use digital content according to an exemplary embodiment of the present invention.
  • FIG. 6 is a block diagram of an apparatus for using a rights object required to use digital content according to another exemplary embodiment of the present invention.
  • These computer program instructions may also be stored in a computer usable or computer readable recording medium that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer usable or computer readable recording medium produce an article of manufacture including instruction means that implement the function specified in the flowchart block or blocks.
  • the computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions that are executed on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart block or blocks.
  • each block of the flowchart illustrations may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the blocks may occur out of the order. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
  • a rights object stored in a SMC which is used in the exemplary embodiments of the present invention, includes information definitely needed to use DRM content and that the format of the rights object can be easily converted into formats supported by different DRM systems.
  • FIG. 2 illustrates a method of issuing a rights object required to use digital content according to an exemplary embodiment of the present invention.
  • SMC manufacturer 230 receives a digital content 221 from a content issuer 220 who provides digital content and holds copyright on the digital content, and receives a rights object 211 from a copyright issuer 210 who issues a rights object (operation S 201 ).
  • the SMC manufacturer 230 encrypts the received rights object 211 using a key of an SMC 240 , and stores the encrypted rights object 211 in the SMC 240 together with the digital content 221 (operation S 202 ).
  • the key used to encrypt the received rights object 211 may use public-key cryptography or symmetric-key cryptography.
  • Public-key cryptography also known as asymmetric-key cryptography, is a form of cryptography in which different encryption keys are used to encrypt and decrypt data.
  • an encryption key is composed of a pair of a public key and a private key.
  • the public key need not be kept secret and can be easily revealed to other devices, while the private key is revealed only to a particular device.
  • Symmetric-key cryptography also known as secret-key cryptography, is a form of cryptography in which the same encryption key is used to encrypt and decrypt data.
  • the encryption key used in operation S 202 may use any one of the public-key cryptography and the symmetric-key cryptography described above, which is not limited to the present embodiment.
  • binding To encrypt data (including a rights object and/or content in this exemplary embodiment) using a key of a specific target is called “binding,” and bound data can be decrypted by the specific target only.
  • the SMC manufacturer 230 commercializes the SMC 240 , which stores the digital content 221 and the rights object 211 , and releases it onto the market.
  • FIG. 3 illustrates a method of issuing a rights object required to use digital content according to another exemplary embodiment of the present invention.
  • an SMC 340 held by a user is inserted into an online host 330 and that the online host 330 receives one or more pieces of content from a content issuer 320 and one or more corresponding rights objects from a copyright issuer 310 .
  • a host is a device, which plays back DRM content according to rights included in a rights object, and includes an SMC connection unit.
  • An online host is an SMC-support host that can access a network and receive a rights object from a copyright issuer.
  • Examples of the online host 330 include a PC, a mobile phone, a PDA, a portable media player (PMP), and a kiosk. If a kiosk is used as the online host 330 , an SMC can be purchased at the same time when a rights object is issued, which will be described with reference to FIG. 3 .
  • the user selects and pays for desired content 321 using a content purchase interface provided by the online host 330 (operation S 301 ).
  • the content purchase interface provided by the online host 330 may include a display unit (not shown) displaying one or more content lists and/or an input unit (not shown) receiving selection of content in order to facilitate the selection of the user.
  • the content purchase interface may be connected to a settlement system (not shown) by wired and wireless networks so that the user can pay for the content 321 .
  • a rights object 311 for the paid content 321 is encrypted using a key of a binding target designated by the online host 330 (operation S 302 ).
  • the binding target may be designated according to a policy of the copyright issuer 310 .
  • the user may designate the binding target after paying for the content 321 .
  • Binding targets according to this exemplary embodiment include a card, a user, a domain and a host, and a detailed description thereof is as follows.
  • a rights object can be moved and copied when the right to move and copy the rights object is available. If a rights object is moved from a first device to a second device, the rights object is completely removed from the first device. Therefore, the rights object exists only in the second device.
  • operation S 302 if it is the copyright issuer 310 that binds the rights object 311 to a binding target, the rights object 311 is encrypted using a key of a binding target designated by the copyright issuer 310 and transmitted subsequently to the online host 330 .
  • the rights object 311 is encrypted using a key of a binding target designated by the online host 330 after the rights object 311 is issued by the copyright issuer 310 to the online host 330 .
  • the encrypted rights object 311 and the content 321 are transmitted to the online host 330 (operation S 303 ).
  • the rights object 311 may include the right to move the rights object 311 from the online host 330 to the SMC 340 , and the right may limit the rights object 311 to be moved only to a predetermined SMC.
  • the user may retrieve the SMC 340 from the online host 330 and use the content 321 by consuming the rights object 311 according to the binding target.
  • FIG. 4 illustrates a method of using a rights object required to use digital content according to an exemplary embodiment of the present invention.
  • the host 420 and the SMC 410 form a security channel after authenticating each other (operation S 401 ).
  • the SMC 410 and the host 420 can authenticate each other using a binding target.
  • the SMC 410 and the host 420 can authenticate each other using the user key in operation S 401 .
  • the present invention is not limited thereto, and the SMC 410 and the host 420 can also authenticate each other using other methods.
  • the security channel is a transmission channel formed after devices authenticate each other, and guarantees the encryption and integrity of transmission data.
  • the SMC 410 transmits the rights object 411 to the host 420 (operation S 402 ).
  • the rights object 411 transmitted to the host 420 includes the right to use the content 412 , usage limit information of the content 412 , duplication limit information of the rights object 411 , an identification (ID) of the rights object 411 , an ID of the content 412 , etc.
  • the right to use the content 412 includes a content encryption key (CEK) required to decrypt the content 412
  • CEK is a key value used by a device (the host 420 in this exemplary embodiment) to decrypt the content 412 .
  • the host 420 receives the rights object 411 from a storage device (the SMC 410 in this exemplary embodiment) storing the rights object 411 , extracts the CEK from the received rights object 411 , and decrypts the content 412 using the extracted CEK.
  • the protected content 412 can be used.
  • the usage limit information indicates a limit to which the rights object 411 can be consumed in order to execute the content 412 .
  • Types of limits contained in the usage limit information include a usage date limit, a usage frequency limit, a usage period limit, and a usage time limit.
  • the duplication limit information indicates the number of times or a degree to which the rights object 411 can be copied or moved.
  • the duplication limit information may include copy limit information and movement limit information.
  • Copying the rights object 411 denotes transmitting the rights object 411 from the existing host 420 or a first storage device (hereinafter, referred to as a source device) to another host (not shown) or a second storage device (hereinafter, referred to as a destination device) without removing the rights object 411 from the source device.
  • Moving the rights object 411 denotes transmitting the rights object 411 from the source device to the destination device while removing the rights object 411 from the source device.
  • a user can copy or move a rights object stored in a host or a portable storage device to another host or another portable storage device up to a maximum number of times that the rights object can be copied or moved, which is set in the rights object.
  • the ID of the rights object 411 is an identifier used to distinguish the rights object 411 from other rights objects
  • the ID of the content 412 is an identifier used to identify the content 412 which can be executed by consuming the rights object 411 .
  • the rights object 411 which was transmitted from the SMC 410 to the host 420 in operation S 402 , is decrypted by the host 420 using a binding target key, and the decrypted rights object 411 provides information required to play back the content 412 (operation S 403 ).
  • the binding target key used to decrypt the rights object 411 is determined according to a binding target key used to encrypt the rights object 411 .
  • Binding targets according to this exemplary embodiment include a card, a user, a domain and a host, and a detailed description thereof is as follows.
  • SMC binding a rights object is decrypted using a key of an SMC.
  • Domain binding a host, which has joined a domain, decrypts a rights object using a key of the domain.
  • the content 412 is decrypted using the CEK, which was obtained from the decrypted rights object 411 , and used by the user (operation S 404 ).
  • FIG. 5 is a block diagram of an apparatus for issuing a rights object required to use digital content according to an exemplary embodiment of the present invention.
  • a DRM apparatus 500 includes an SMC 501 , a purchase interface unit 502 , an encryption unit 503 , and a communication interface unit 504 .
  • the SMC 501 stores content, a rights object and state information of the rights object, and supports the use of the content according to copyright and copyright restrictions.
  • the purchase interface unit 502 receives information regarding content selected by a user to purchase and is used by the user to pay for the selected content.
  • the encryption unit 503 encrypts a rights object for the paid content using a designated biding target key and stores the encrypted rights object in the SMC 501 .
  • the communication interface unit 504 communicates with the SMC 501 .
  • the SMC 501 stores content, a rights object and state information of the rights object, and supports the use of the content according to copyright and copyright restrictions.
  • Examples of the SMC 501 include a memory card and a smart card.
  • the state information of the rights object indicates the degree to which the rights object has been consumed.
  • the state information may be included in the rights object.
  • a device storing the rights object may manage the state information separately from the rights object.
  • the state information of the rights object may represent the period of time during which the host has consumed the rights object so far, that is, 4 hours, or the period of time during which the host can consume the rights object and use the content, that is, 6 hours.
  • the purchase interface unit 502 receives information regarding content selected by a user to purchase, and is used by the user to pay for the selected content.
  • the purchase interface unit 502 may include an input unit (not shown) and may be connected to a separate settlement system (not shown) so that the user can pay for the content.
  • the encryption unit 503 encrypts a rights object for the content, which was paid for using the purchase interface unit 502 , using a designated binding target key, and stores the encrypted rights object in the SMC 501 via the communication interface unit 504 .
  • the communication interface unit 504 may include a predetermined contact terminal in order to contact the SMC 501 and transmit or receive data to/from the SMC 501 .
  • the communication interface unit 504 may also include a predetermined wireless communication device in order to wirelessly transmit or receive data to/from the SMC 501 without contacting the SMC 501 .
  • a binding target may be designated according to a policy of a copyright issuer.
  • the user may designate a binding target after paying for the content.
  • Binding targets according to this exemplary embodiment include a card, a user, a domain and a host, and a detailed description thereof is as follows.
  • a rights object can be moved or copied, when the right to move or copy the rights object is available. If a rights object is moved from a first device to a second device, the rights object is completely removed from the first device. Therefore, the rights object exists only in the second device.
  • the rights object is encrypted by the encryption unit 503 using a key of a binding target designated by the copyright issuer and transmitted subsequently to an online host.
  • the rights object is encrypted using a key of a binding target designated by the online host after the rights object is issued by the copyright issuer.
  • FIG. 6 is a block diagram of an apparatus for using a rights object required to use digital content according to another exemplary embodiment of the present invention.
  • a DRM apparatus 600 includes an SMC 601 , a communication interface unit 602 , and a content provision unit 603 .
  • the SMC 601 stores content, a rights object and state information of the rights object, and supports the use of the content according to copyright and copyright restrictions.
  • the communication interface unit 602 forms a security channel with the SMC 601 after mutual authentication and receives a rights object from the SMC 601 .
  • the content provision unit 603 decrypts the received rights object using a binding target key and provides information needed to play back content.
  • the SMC 601 included in the DRM apparatus 600 of FIG. 6 is identical to the SMC 501 included in the DRM apparatus 500 of FIG. 5 , and thus a detailed description thereof will not be repeated.
  • the communication interface unit 602 forms a security channel with the SMC 601 after mutual authentication, and receives a rights object from the SMC 601 .
  • the communication interface unit 602 may include a predetermined contact terminal in order to contact the SMC 601 and transmit or receive data to/from the SMC 601 .
  • the communication interface unit 602 may also include a predetermined wireless communication device in order to wirelessly transmit or receive data to/from the SMC 601 without contacting the SMC 601 .
  • the DRM apparatus 600 illustrated in FIG. 6 forms the security channel with the SMC 601 using the communication interface unit 602 , and receives a rights object.
  • the security channel is a transmission channel formed after devices authenticate each other and guarantees the encryption and integrity of transmission data.
  • the content provision unit 603 decrypts the received rights object using a binding target key, and provides information required to play back content.
  • the content provision unit 603 determines a binding target key, which is to be used to decrypt the received rights object, according to a binding target key used to encrypt the rights object.
  • Binding targets according to this exemplary embodiment include a card, a user, a domain and a host, and a detailed description thereof is as follows.
  • SMC binding a rights object is decrypted using a key of an SMC.
  • Domain binding a host, which has joined a domain, decrypts a rights object using a key of the domain.
  • the content provision unit 603 obtains a CEK from the decrypted rights object, and decrypts the content so that the user can use the content.
  • FIGS. 5 and 6 may be implemented as, but is not limited to, a software or hardware component, such as a Field Programmable Gate Array (FPGA) or Application Specific Integrated Circuit (ASIC), which performs certain tasks.
  • FPGA Field Programmable Gate Array
  • ASIC Application Specific Integrated Circuit
  • Each component may advantageously be configured to reside on the addressable storage medium and configured to execute on one or more processors.
  • a component may include, by way of example, components, such as software components, object-oriented software components, class components and task components, processes, functions, attributes, procedures, subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, databases, data structures, tables, arrays, and variables.
  • components such as software components, object-oriented software components, class components and task components, processes, functions, attributes, procedures, subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, databases, data structures, tables, arrays, and variables.
  • the functionality provided for in the components may be combined into fewer components or further separated into additional components.
  • a method and apparatus for issuing a rights object required to use digital content provide at least one of the following advantages.
  • content and a rights object are kept in hardware, such as an SMC, in the form of media, the possession value of digital content media and the convenience of content management are provided.
  • content can be used on various multimedia devices.
  • DRM content Since consumers are able to purchase DRM content, which is usually sold online, offline, the digital content market can expand its consumer base by absorbing consumers who are not familiar with the Internet.
  • a rights object issued to an SMC includes information definitely needed to use DRM content, different DRMs can be supported. Therefore, a playback area of digital content can be easily expanded.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Business, Economics & Management (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)
  • Television Signal Processing For Recording (AREA)

Abstract

Provided are a method and apparatus for issuing a rights object required to use digital content. The method includes receiving the digital content and the rights object; and encrypting the received rights object using a public key of a secure multimedia card (SMC) and storing the encrypted rights object in the SMC.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application claims priority from Korean Patent Application No. 10-2007-24318 filed on Mar. 13, 2007 in the Korean Intellectual Property Office, and U.S. Provisional Patent Application No. 60/799,652 filed on May 12, 2006 in the United States Patent and Trademark Office, the disclosures of which are incorporated herein by reference in their entirety.
    • BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • The present invention relates to a method and apparatus for issuing a rights object required to use digital content, and more particularly, to a method and apparatus for issuing a rights object and capable of storing digital rights management (DRM) content, which is usually provided online, in a secure multimedia card (SMC) so that the DRM content can also be provided offline.
  • 2. Description of the Related Art
  • DRM is a technical mechanism to protect copyright on digital content and properly charge for the use of the digital content. In particular, DRM is designed to protect digital content that can be easily copied and distributed in illegal ways.
  • Conventionally, in order to protect digital content, access to the digital content was allowed to users who had paid for the digital content, but not to users who had not paid for the digital content. However, since the digital content, by its nature, can be easily reused, processed, copied, and distributed, if a user who had accessed the digital content illegally copied or distributed the digital content, the users who had not paid for the digital content could also use the digital content.
  • To tackle this problem, DRM encrypts digital content so that the digital content can be distributed in an encrypted form. In addition, DRM requires a specified license called a “rights object” to use the encrypted digital content.
  • FIG. 1 illustrates a related art DRM concept.
  • Referring to FIG. 1, a user 110 who desires to use digital content (hereinafter, referred to as content) may obtain desired content from a content issuer 120.
  • In this case, the content provided by the content issuer 120 is in an encrypted form. Therefore, a DRM system needs a rights object to use the encrypted content. The rights object is a software object that includes information such as copyright information of content, information regarding user rights, etc.
  • The user 110 may pay a rights object issuer 130 for a rights object including the right to execute the encrypted content and obtain the rights object from the rights object issuer 130. Rights included in the rights object may include a content encryption key (CEK) required to decrypt the encrypted content.
  • The rights object issuer 130 reports the details of the issuance of the rights object to the content issuer 120. In some cases, the rights object issuer 130 and the content issuer 120 may be the same entity.
  • The user 110 who obtained the rights object as described above may consume the rights object and thus use the encrypted content.
  • A rights object includes limit information such as the number of times that content can be used by consuming the rights object, a period of time during which the content can be used by consuming the rights object, or the number of times that the rights object can be copied. Unlike content, the reuse or copying of a rights object is limited. Therefore, content can be effectively protected by DRM.
  • Generally, users store rights objects in various hosts, which execute multimedia data, such as a personal computer (PC), an MP3 player, a mobile phone, and a personal digital assistant (PDA). Accordingly, there is a growing need for sharing digital content between different devices.
  • However, since DRM content, which is sold based on conventional DRM technology, is dependent on a particular device, it cannot be used on other devices.
    • SUMMARY OF THE INVENTION
  • The present invention provides a method and apparatus for issuing a rights object required to use digital content, which are capable of storing digital content and a rights object in hardware, such as a SMC, in the form of media so that the digital content can be used on various multimedia devices.
  • According to an aspect of the present invention, there is provided a method of issuing a rights object required to use digital content. The method includes receiving the digital content and the rights object; and encrypting the rights object using a public key of an SMC and storing the encrypted rights object in the SMC.
  • According to another aspect of the present invention, there is provided a method of issuing a rights object required to use digital content. The method includes selecting the digital content using a digital content purchase interface and paying for the digital content; encrypting a rights object for the digital content using a binding target key; and storing the encrypted rights object in an SMC.
  • According to another aspect of the present invention, there is provided a method of issuing a rights object required to use digital content. The method includes forming a security channel with a digital content storage device after mutual authentication and receiving the rights object from the digital content storage device; and decrypting the rights object using a binding target key and providing information required to play back the digital content.
  • According to another aspect of the present invention, there is provided an apparatus for issuing a rights object required to use digital content. The apparatus includes a purchase interface unit which receives information regarding the digital content selected by a user, the purchase interface unit being used by the user to pay for the digital content; an encryption unit which encrypts the rights object for the digital content using a binding target key and stores the encrypted rights object in an SMC; and a communication interface unit which communicates with the SMC.
  • According to another aspect of the present invention, there is provided an apparatus for issuing a rights object required to use digital content. The apparatus includes a communication interface unit which forms a security channel with an SMC after mutual authentication and receives the rights object from the SMC; and a content provision unit which decrypts the rights object using a binding target key and provides information required to play back the digital content.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The above and other aspects of the present invention will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings in which:
  • FIG. 1 illustrates a related art DRM concept;
  • FIG. 2 illustrates a method of issuing a rights object required to use digital content according to an exemplary embodiment of the present invention;
  • FIG. 3 illustrates a method of issuing a rights object required to use digital content according to another exemplary embodiment of the present invention;
  • FIG. 4 illustrates a method of using a rights object required to use digital content according to an exemplary embodiment of the present invention;
  • FIG. 5 is a block diagram of an apparatus for issuing a rights object required to use digital content according to an exemplary embodiment of the present invention; and
  • FIG. 6 is a block diagram of an apparatus for using a rights object required to use digital content according to another exemplary embodiment of the present invention.
    •  DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS OF THE INVENTION
  • The present invention will now be described more fully with reference to the accompanying drawings, in which exemplary embodiments of the invention are shown. The present invention may, however, be embodied in many different forms and should not be construed as being limited to the exemplary embodiments set forth herein; rather, these exemplary embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the present invention to those skilled in the art. Like reference numerals in the drawings denote like elements, and thus their description will be omitted.
  • Hereinafter, a method and apparatus for issuing a rights object required to use digital content according to exemplary embodiments of the present invention will be described with reference to block diagrams or flowchart illustrations.
  • It will be understood that each block of the flowchart illustrations, and combinations of blocks in the flowchart illustrations, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the instructions, which are executed via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart block or blocks.
  • These computer program instructions may also be stored in a computer usable or computer readable recording medium that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer usable or computer readable recording medium produce an article of manufacture including instruction means that implement the function specified in the flowchart block or blocks.
  • The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions that are executed on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart block or blocks.
  • And each block of the flowchart illustrations may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the blocks may occur out of the order. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
  • Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.
  • It is assumed that a rights object stored in a SMC, which is used in the exemplary embodiments of the present invention, includes information definitely needed to use DRM content and that the format of the rights object can be easily converted into formats supported by different DRM systems.
  • FIG. 2 illustrates a method of issuing a rights object required to use digital content according to an exemplary embodiment of the present invention.
  • Referring to FIG. 2, SMC manufacturer 230 receives a digital content 221 from a content issuer 220 who provides digital content and holds copyright on the digital content, and receives a rights object 211 from a copyright issuer 210 who issues a rights object (operation S201).
  • Then, the SMC manufacturer 230 encrypts the received rights object 211 using a key of an SMC 240, and stores the encrypted rights object 211 in the SMC 240 together with the digital content 221 (operation S202).
  • Here, the key used to encrypt the received rights object 211 may use public-key cryptography or symmetric-key cryptography.
  • Public-key cryptography, also known as asymmetric-key cryptography, is a form of cryptography in which different encryption keys are used to encrypt and decrypt data.
  • In the public-key cryptography, an encryption key is composed of a pair of a public key and a private key.
  • The public key need not be kept secret and can be easily revealed to other devices, while the private key is revealed only to a particular device.
  • Symmetric-key cryptography, also known as secret-key cryptography, is a form of cryptography in which the same encryption key is used to encrypt and decrypt data.
  • The encryption key used in operation S202 may use any one of the public-key cryptography and the symmetric-key cryptography described above, which is not limited to the present embodiment.
  • To encrypt data (including a rights object and/or content in this exemplary embodiment) using a key of a specific target is called “binding,” and bound data can be decrypted by the specific target only.
  • An exemplary embodiment of binding data to a specific target will be described in detail later with reference to FIG. 3.
  • A user cannot arbitrarily move or copy the rights object 211, which is bound to the SMC 240, to another device. If the user is given the right to change a binding target, the user can change the binding target in a predetermined procedure.
  • After operation S202, the SMC manufacturer 230 commercializes the SMC 240, which stores the digital content 221 and the rights object 211, and releases it onto the market.
  • FIG. 3 illustrates a method of issuing a rights object required to use digital content according to another exemplary embodiment of the present invention.
  • In the exemplary embodiment illustrated in FIG. 3, it is assumed that an SMC 340 held by a user is inserted into an online host 330 and that the online host 330 receives one or more pieces of content from a content issuer 320 and one or more corresponding rights objects from a copyright issuer 310.
  • A host is a device, which plays back DRM content according to rights included in a rights object, and includes an SMC connection unit. An online host is an SMC-support host that can access a network and receive a rights object from a copyright issuer.
  • Examples of the online host 330 include a PC, a mobile phone, a PDA, a portable media player (PMP), and a kiosk. If a kiosk is used as the online host 330, an SMC can be purchased at the same time when a rights object is issued, which will be described with reference to FIG. 3.
  • Referring to FIG. 3, the user selects and pays for desired content 321 using a content purchase interface provided by the online host 330 (operation S301).
  • The content purchase interface provided by the online host 330 may include a display unit (not shown) displaying one or more content lists and/or an input unit (not shown) receiving selection of content in order to facilitate the selection of the user. In addition, the content purchase interface may be connected to a settlement system (not shown) by wired and wireless networks so that the user can pay for the content 321.
  • After operation S301, a rights object 311 for the paid content 321 is encrypted using a key of a binding target designated by the online host 330 (operation S302).
  • The binding target may be designated according to a policy of the copyright issuer 310. Alternatively, the user may designate the binding target after paying for the content 321.
  • Binding targets according to this exemplary embodiment include a card, a user, a domain and a host, and a detailed description thereof is as follows.
  • (1) SMC binding: since a rights object is encrypted using a key of an SMC, if it is moved or copied to devices other than the SMC, corresponding content cannot be used. However, anyone who holds the SMC can consume the rights object bound to the SMC.
  • (2) User binding: since a rights object is encrypted using a key of a user, other people cannot use the rights object. However, the user can consume the rights object bound to various devices that the user has.
  • (3) Domain binding: since a rights object is encrypted using a key of a domain, devices that have not joined the domain cannot use the rights object. However, all devices that have joined the domain can consume the rights object bound to the domain.
  • (4) Host binding: since a rights object is encrypted using a key of a host, if the rights object is moved to devices other than the host, it cannot be used. However, anyone who owns the host can consume the rights object bound to the host.
  • A rights object can be moved and copied when the right to move and copy the rights object is available. If a rights object is moved from a first device to a second device, the rights object is completely removed from the first device. Therefore, the rights object exists only in the second device.
  • In operation S302, if it is the copyright issuer 310 that binds the rights object 311 to a binding target, the rights object 311 is encrypted using a key of a binding target designated by the copyright issuer 310 and transmitted subsequently to the online host 330. On the other hand, in operation S302, if it is the online host 330 that binds the rights object 311, the rights object 311 is encrypted using a key of a binding target designated by the online host 330 after the rights object 311 is issued by the copyright issuer 310 to the online host 330.
  • After operation S302, the encrypted rights object 311 and the content 321 are transmitted to the online host 330 (operation S303).
  • After operation S303, the encrypted rights object 311 and the content 321 are moved to and stored in the SMC 340 (operation S304).
  • In this case, the rights object 311 may include the right to move the rights object 311 from the online host 330 to the SMC 340, and the right may limit the rights object 311 to be moved only to a predetermined SMC.
  • After operation S304, the user may retrieve the SMC 340 from the online host 330 and use the content 321 by consuming the rights object 311 according to the binding target.
  • FIG. 4 illustrates a method of using a rights object required to use digital content according to an exemplary embodiment of the present invention.
  • In the exemplary embodiment illustrated in FIG. 4, it is assumed that content 412 and a rights object 411 are stored in an SMC 410 held by a user and that the user inserts the SMC 410 into a host 420 in order to use the content 412 and the rights object 411.
  • If the SMC 410 is inserted into the host 420, the host 420 and the SMC 410 form a security channel after authenticating each other (operation S401).
  • Here, the SMC 410 and the host 420 can authenticate each other using a binding target.
  • For example, if the rights object 411 stored in the SMC 410 is bound to a user key, the SMC 410 and the host 420 can authenticate each other using the user key in operation S401. However, the present invention is not limited thereto, and the SMC 410 and the host 420 can also authenticate each other using other methods.
  • The security channel is a transmission channel formed after devices authenticate each other, and guarantees the encryption and integrity of transmission data.
  • After operation S401, if the host 420 requests the SMC 410 to provide the rights object 411, the SMC 410 transmits the rights object 411 to the host 420 (operation S402).
  • The rights object 411 transmitted to the host 420 includes the right to use the content 412, usage limit information of the content 412, duplication limit information of the rights object 411, an identification (ID) of the rights object 411, an ID of the content 412, etc.
  • Hereinafter, the above information contained in the rights object 411 will be described in more detail.
  • The right to use the content 412 includes a content encryption key (CEK) required to decrypt the content 412, and the CEK is a key value used by a device (the host 420 in this exemplary embodiment) to decrypt the content 412. The host 420 receives the rights object 411 from a storage device (the SMC 410 in this exemplary embodiment) storing the rights object 411, extracts the CEK from the received rights object 411, and decrypts the content 412 using the extracted CEK. Thus, the protected content 412 can be used.
  • The usage limit information indicates a limit to which the rights object 411 can be consumed in order to execute the content 412. Types of limits contained in the usage limit information include a usage date limit, a usage frequency limit, a usage period limit, and a usage time limit.
  • In addition, the duplication limit information indicates the number of times or a degree to which the rights object 411 can be copied or moved. The duplication limit information may include copy limit information and movement limit information.
  • Copying the rights object 411 denotes transmitting the rights object 411 from the existing host 420 or a first storage device (hereinafter, referred to as a source device) to another host (not shown) or a second storage device (hereinafter, referred to as a destination device) without removing the rights object 411 from the source device. Moving the rights object 411 denotes transmitting the rights object 411 from the source device to the destination device while removing the rights object 411 from the source device.
  • Therefore, a user can copy or move a rights object stored in a host or a portable storage device to another host or another portable storage device up to a maximum number of times that the rights object can be copied or moved, which is set in the rights object.
  • The ID of the rights object 411 is an identifier used to distinguish the rights object 411 from other rights objects, and the ID of the content 412 is an identifier used to identify the content 412 which can be executed by consuming the rights object 411.
  • The rights object 411, which was transmitted from the SMC 410 to the host 420 in operation S402, is decrypted by the host 420 using a binding target key, and the decrypted rights object 411 provides information required to play back the content 412 (operation S403).
  • Here, the binding target key used to decrypt the rights object 411 is determined according to a binding target key used to encrypt the rights object 411.
  • Binding targets according to this exemplary embodiment include a card, a user, a domain and a host, and a detailed description thereof is as follows.
  • (1) SMC binding: a rights object is decrypted using a key of an SMC.
  • (2) User binding: a host generates a user's key based on input user information or receives the user's key from a predetermined repository, and decrypts a rights object using the user's key.
  • (3) Domain binding: a host, which has joined a domain, decrypts a rights object using a key of the domain.
  • (4) Host binding: if a host currently connected to an SMC is a host to which a rights object is bound, the rights object is decrypted using a key of the host.
  • After operation S403, the content 412 is decrypted using the CEK, which was obtained from the decrypted rights object 411, and used by the user (operation S404).
  • FIG. 5 is a block diagram of an apparatus for issuing a rights object required to use digital content according to an exemplary embodiment of the present invention.
  • Referring to FIG. 5, a DRM apparatus 500 includes an SMC 501, a purchase interface unit 502, an encryption unit 503, and a communication interface unit 504. The SMC 501 stores content, a rights object and state information of the rights object, and supports the use of the content according to copyright and copyright restrictions. The purchase interface unit 502 receives information regarding content selected by a user to purchase and is used by the user to pay for the selected content. The encryption unit 503 encrypts a rights object for the paid content using a designated biding target key and stores the encrypted rights object in the SMC 501. The communication interface unit 504 communicates with the SMC 501.
  • As described above, the SMC 501 stores content, a rights object and state information of the rights object, and supports the use of the content according to copyright and copyright restrictions. Examples of the SMC 501 include a memory card and a smart card.
  • The state information of the rights object indicates the degree to which the rights object has been consumed. The state information may be included in the rights object. Alternatively, a device storing the rights object may manage the state information separately from the rights object.
  • For example, if a usage time limit is set to 10 hours in a rights object and a host has consumed the rights object for more than 4 hours in order to use corresponding content, the state information of the rights object may represent the period of time during which the host has consumed the rights object so far, that is, 4 hours, or the period of time during which the host can consume the rights object and use the content, that is, 6 hours.
  • The purchase interface unit 502 receives information regarding content selected by a user to purchase, and is used by the user to pay for the selected content.
  • To this end, the purchase interface unit 502 may include an input unit (not shown) and may be connected to a separate settlement system (not shown) so that the user can pay for the content.
  • The encryption unit 503 encrypts a rights object for the content, which was paid for using the purchase interface unit 502, using a designated binding target key, and stores the encrypted rights object in the SMC 501 via the communication interface unit 504.
  • The communication interface unit 504 may include a predetermined contact terminal in order to contact the SMC 501 and transmit or receive data to/from the SMC 501. The communication interface unit 504 may also include a predetermined wireless communication device in order to wirelessly transmit or receive data to/from the SMC 501 without contacting the SMC 501.
  • A binding target may be designated according to a policy of a copyright issuer. Alternatively, the user may designate a binding target after paying for the content.
  • Binding targets according to this exemplary embodiment include a card, a user, a domain and a host, and a detailed description thereof is as follows.
  • (1) SMC binding: since a rights object is encrypted using a key of an SMC, if it is moved or copied to devices other than the SMC, corresponding content cannot be used. However, anyone who holds the SMC can consume the rights object bound to the SMC.
  • (2) User binding: since a rights object is encrypted using a key of a user, other people cannot use the rights object. However, the user can consume the rights object bound to various devices that the user has.
  • (3) Domain binding: since a rights object is encrypted using a key of a domain, devices that have not joined the domain cannot use the rights object. However, all devices that have joined the domain can consume the rights object bound to the domain.
  • (4) Host binding: since a rights object is encrypted using a key of a host, if the rights object is moved to devices other than the host, it cannot be used. However, anyone who has the host can consume the rights object bound to the host.
  • A rights object can be moved or copied, when the right to move or copy the rights object is available. If a rights object is moved from a first device to a second device, the rights object is completely removed from the first device. Therefore, the rights object exists only in the second device.
  • If it is a copyright issuer that binds the rights object to a binding target, the rights object is encrypted by the encryption unit 503 using a key of a binding target designated by the copyright issuer and transmitted subsequently to an online host. On the other hand, if it is the online host that binds the rights object, the rights object is encrypted using a key of a binding target designated by the online host after the rights object is issued by the copyright issuer.
  • FIG. 6 is a block diagram of an apparatus for using a rights object required to use digital content according to another exemplary embodiment of the present invention.
  • Referring to FIG. 6, a DRM apparatus 600 includes an SMC 601, a communication interface unit 602, and a content provision unit 603.
  • The SMC 601 stores content, a rights object and state information of the rights object, and supports the use of the content according to copyright and copyright restrictions. The communication interface unit 602 forms a security channel with the SMC 601 after mutual authentication and receives a rights object from the SMC 601. The content provision unit 603 decrypts the received rights object using a binding target key and provides information needed to play back content.
  • The SMC 601 included in the DRM apparatus 600 of FIG. 6 is identical to the SMC 501 included in the DRM apparatus 500 of FIG. 5, and thus a detailed description thereof will not be repeated.
  • As described above, the communication interface unit 602 forms a security channel with the SMC 601 after mutual authentication, and receives a rights object from the SMC 601.
  • To this end, the communication interface unit 602 may include a predetermined contact terminal in order to contact the SMC 601 and transmit or receive data to/from the SMC 601. The communication interface unit 602 may also include a predetermined wireless communication device in order to wirelessly transmit or receive data to/from the SMC 601 without contacting the SMC 601.
  • The DRM apparatus 600 illustrated in FIG. 6 forms the security channel with the SMC 601 using the communication interface unit 602, and receives a rights object.
  • The security channel is a transmission channel formed after devices authenticate each other and guarantees the encryption and integrity of transmission data.
  • The content provision unit 603 decrypts the received rights object using a binding target key, and provides information required to play back content.
  • Here, the content provision unit 603 determines a binding target key, which is to be used to decrypt the received rights object, according to a binding target key used to encrypt the rights object.
  • Binding targets according to this exemplary embodiment include a card, a user, a domain and a host, and a detailed description thereof is as follows.
  • (1) SMC binding: a rights object is decrypted using a key of an SMC.
  • (2) User binding: a host generates a user's key based on input user information or receives the user's key from a predetermined repository, and decrypts a rights object using the user's key.
  • (3) Domain binding: a host, which has joined a domain, decrypts a rights object using a key of the domain.
  • (4) Host binding: if a host currently connected to an SMC is a host to which a rights object is bound, the rights object is decrypted using a key of the host.
  • The content provision unit 603 obtains a CEK from the decrypted rights object, and decrypts the content so that the user can use the content.
  • Each component illustrated in FIGS. 5 and 6 may be implemented as, but is not limited to, a software or hardware component, such as a Field Programmable Gate Array (FPGA) or Application Specific Integrated Circuit (ASIC), which performs certain tasks.
  • Each component may advantageously be configured to reside on the addressable storage medium and configured to execute on one or more processors. Thus, a component may include, by way of example, components, such as software components, object-oriented software components, class components and task components, processes, functions, attributes, procedures, subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, databases, data structures, tables, arrays, and variables. The functionality provided for in the components may be combined into fewer components or further separated into additional components.
  • As described above, a method and apparatus for issuing a rights object required to use digital content according to exemplary embodiments of the present invention provide at least one of the following advantages.
  • Since content and a rights object are kept in hardware, such as an SMC, in the form of media, the possession value of digital content media and the convenience of content management are provided. In addition, content can be used on various multimedia devices.
  • Since consumers are able to purchase DRM content, which is usually sold online, offline, the digital content market can expand its consumer base by absorbing consumers who are not familiar with the Internet.
  • If a rights object issued to an SMC includes information definitely needed to use DRM content, different DRMs can be supported. Therefore, a playback area of digital content can be easily expanded.
  • Furthermore, no uniform limitation is imposed on the copying and moving of a rights object. Instead, various policies for the use of content can be reflected. Therefore, content usability can be enhanced.
  • Since a copyright issuer and a content provider can directly sell content, the digital content market can be diversified.
  • While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those of ordinary skill in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the present invention as defined by the following claims. The exemplary embodiments should be considered in descriptive sense only and not for purposes of limitation.

Claims (29)

1. A method of issuing a rights object required to use digital content, the method comprising:
receiving the digital content and the rights object; and
encrypting the rights object using a public key of a secure multimedia card (SMC) and storing the encrypted rights object in the SMC.
2. The method of claim 1, wherein the rights object can be moved and/or copied, when the right to move and/or copy the rights object is available.
3. A method of issuing a rights object required to use digital content, the method comprising:
selecting the digital content using a digital content purchase interface and paying for the digital content;
encrypting a rights object for the digital content using a binding target key; and
storing the encrypted rights object in a secure multimedia card (SMC).
4. The method of claim 3, wherein the encrypting the rights object comprises encrypting the rights object using a key of the SMC.
5. The method of claim 3, wherein the encrypting the rights object comprises encrypting the rights object using a key of a user.
6. The method of claim 3, wherein the encrypting the rights object comprises encrypting the rights object using a key of a domain.
7. The method of claim 3, wherein the encrypting the rights object comprises encrypting the rights object using a key of a host.
8. The method of claim 3, wherein the binding target key is designated by one of a copyright issuer and a user.
9. The method of claim 3, wherein the rights object can be moved and/or copied, when the right to move and/or copy the rights object is available.
10. A method of issuing a rights object required to use digital content, the method comprising:
forming a security channel with a digital content storage device after mutual authentication and receiving the rights object from the digital content storage device; and
decrypting the rights object using a binding target key and providing information required to play back the digital content.
11. The method of claim 10, wherein the rights object is decrypted using a key of a secure multimedia card.
12. The method of claim 10, wherein the rights object is decrypted using a key of a user.
13. The method of claim 10, wherein the rights object is decrypted using a key of a domain.
14. The method of claim 10, wherein the rights object is decrypted using a key of a host.
15. An apparatus for issuing a rights object required to use digital content, the apparatus comprising:
a purchase interface unit which receives information regarding the digital content selected by a user, the purchase interface unit being used by the user to pay for the digital content;
an encryption unit which encrypts the rights object for the digital content using a binding target key and stores the encrypted rights object in a secure multimedia card (SMC); and
a communication interface unit which communicates with the SMC.
16. The apparatus of claim 15, wherein the encryption unit encrypts the rights object using a key of the SMC.
17. The apparatus of claim 15, wherein the encryption unit encrypts the rights object using a key of the user.
18. The apparatus of claim 15, wherein the encryption unit encrypts the rights object using a key of a domain.
19. The apparatus of claim 15, wherein the encryption unit encrypts the rights object using a key of a host.
20. The apparatus of claim 15, wherein the binding target key is designated by one of a copyright issuer and the user.
21. The apparatus of claim 15, wherein the rights object can be moved and/or copied, when the right to move and/or copy the rights object is available.
22. An apparatus for issuing a rights object required to use digital content, the apparatus comprising:
a communication interface unit which forms a security channel with a secure multimedia card (SMC) after mutual authentication and receives the rights object from the SMC; and
a content provision unit which decrypts the rights object using a binding target key and provides information required to play back the digital content.
23. The apparatus of claim 22, wherein the rights object is decrypted using a key of the SMC.
24. The apparatus of claim 22, wherein the rights object is decrypted using a key of a user.
25. The apparatus of claim 22, wherein the rights object is decrypted using a key of a domain.
26. The apparatus of claim 22, wherein the rights object is decrypted using a key of a host.
27. A computer readable recording medium storing a computer program for performing a method of issuing a rights object required to use digital content, the method comprising:
receiving the digital content and the rights object; and
encrypting the rights object using a public key of a secure multimedia card (SMC) and storing the encrypted rights object in the SMC.
28. A computer readable recording medium storing a computer program for performing a method of issuing a rights object required to use digital content, the method comprising:
selecting the digital content using a digital content purchase interface and paying for the digital content;
encrypting a rights object for the digital content using a binding target key; and
storing the encrypted rights object in a secure multimedia card.
29. A computer readable recording medium storing a computer program for performing a method of issuing a rights object required to use digital content, the method comprising:
forming a security channel with a digital content storage device after mutual authentication and receiving the rights object from the digital content storage device; and
decrypting the rights object using a binding target key and providing information required to play back the digital content.
US11/741,292 2006-05-12 2007-04-27 Method and apparatus for issuing rights object required to use digital content Abandoned US20070288383A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/741,292 US20070288383A1 (en) 2006-05-12 2007-04-27 Method and apparatus for issuing rights object required to use digital content

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US79965206P 2006-05-12 2006-05-12
KR10-2007-0024318 2007-03-13
KR1020070024318A KR101135145B1 (en) 2006-05-12 2007-03-13 Secure Multimedia Card, Rights object issue method and apparatus for using digital contents
US11/741,292 US20070288383A1 (en) 2006-05-12 2007-04-27 Method and apparatus for issuing rights object required to use digital content

Publications (1)

Publication Number Publication Date
US20070288383A1 true US20070288383A1 (en) 2007-12-13

Family

ID=39064246

Family Applications (8)

Application Number Title Priority Date Filing Date
US11/741,292 Abandoned US20070288383A1 (en) 2006-05-12 2007-04-27 Method and apparatus for issuing rights object required to use digital content
US11/745,816 Abandoned US20070265981A1 (en) 2006-05-12 2007-05-08 Method of transfering rights object and electronic device
US11/745,675 Expired - Fee Related US8340297B2 (en) 2006-05-12 2007-05-08 Method and apparatus for efficiently providing location of contents encryption key
US11/746,410 Abandoned US20070266208A1 (en) 2006-05-12 2007-05-09 Apparatus and method of setting rights object mapping table
US11/747,346 Expired - Fee Related US7854010B2 (en) 2006-05-12 2007-05-11 Method and apparatus for searching rights object and mapping method and mapping apparatus for the same
US11/747,623 Expired - Fee Related US8261073B2 (en) 2006-05-12 2007-05-11 Digital rights management method and apparatus
US11/747,935 Expired - Fee Related US8196208B2 (en) 2006-05-12 2007-05-14 Method and apparatus for creating and applying secure file identifier of rights object by using random numbers
US15/067,662 Active US9853953B2 (en) 2006-05-12 2016-03-11 Method of transferring rights object and electronic device

Family Applications After (7)

Application Number Title Priority Date Filing Date
US11/745,816 Abandoned US20070265981A1 (en) 2006-05-12 2007-05-08 Method of transfering rights object and electronic device
US11/745,675 Expired - Fee Related US8340297B2 (en) 2006-05-12 2007-05-08 Method and apparatus for efficiently providing location of contents encryption key
US11/746,410 Abandoned US20070266208A1 (en) 2006-05-12 2007-05-09 Apparatus and method of setting rights object mapping table
US11/747,346 Expired - Fee Related US7854010B2 (en) 2006-05-12 2007-05-11 Method and apparatus for searching rights object and mapping method and mapping apparatus for the same
US11/747,623 Expired - Fee Related US8261073B2 (en) 2006-05-12 2007-05-11 Digital rights management method and apparatus
US11/747,935 Expired - Fee Related US8196208B2 (en) 2006-05-12 2007-05-14 Method and apparatus for creating and applying secure file identifier of rights object by using random numbers
US15/067,662 Active US9853953B2 (en) 2006-05-12 2016-03-11 Method of transferring rights object and electronic device

Country Status (6)

Country Link
US (8) US20070288383A1 (en)
EP (8) EP2027540A1 (en)
JP (8) JP4907718B2 (en)
KR (8) KR101346734B1 (en)
CN (9) CN103632072A (en)
WO (8) WO2007132987A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100042760A1 (en) * 2006-10-16 2010-02-18 Stephan Spitz Method for executing an application with the aid of a portable data storage medium
US20100191976A1 (en) * 2009-01-29 2010-07-29 Youn-Sung Chu Method for installing rights object for content in memory card
DE102009040615A1 (en) * 2009-09-08 2011-03-10 Siemens Aktiengesellschaft A method of digital rights management in a computer network having a plurality of subscriber computers
US8813238B2 (en) 2010-05-21 2014-08-19 Google Technology Holdings LLC Digital rights management with irregular network access

Families Citing this family (65)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1486850A2 (en) * 2003-06-06 2004-12-15 Sony Ericsson Mobile Communications AB Allowing conversion of one digital rights management scheme to another
KR100493904B1 (en) * 2003-09-18 2005-06-10 삼성전자주식회사 Method for DRM license supporting plural devices
KR100834752B1 (en) * 2006-02-17 2008-06-05 삼성전자주식회사 Apparatus and method for delivering a license of content
KR101346734B1 (en) * 2006-05-12 2014-01-03 삼성전자주식회사 Multi certificate revocation list support method and apparatus for digital rights management
KR100948384B1 (en) * 2006-11-29 2010-03-22 삼성전자주식회사 A device capable of moving a rights object, a portable storage device, and a method of moving a rights object
JP5322065B2 (en) * 2007-07-05 2013-10-23 フラウンホファー・ゲゼルシャフト・ツール・フォルデルング・デル・アンゲバンテン・フォルシュング・アインゲトラーゲネル・フェライン Apparatus and method for digital rights management
KR101486377B1 (en) * 2007-08-31 2015-01-26 엘지전자 주식회사 METHOD AND APPARATUS FOR SUPPORTING POST-BROWSING IN MOBILE USE OF DIGITAL CONTENT
JP4419102B2 (en) * 2007-09-03 2010-02-24 富士ゼロックス株式会社 Information management apparatus, information management system, and information management program
EP2232398B1 (en) * 2007-12-06 2019-06-05 Telefonaktiebolaget LM Ericsson (publ) Controlling a usage of digital data between terminals of a telecommunications network
JP5009832B2 (en) * 2008-02-25 2012-08-22 ソニー株式会社 Content use management system, information processing apparatus, method, and program
US8438388B2 (en) * 2008-03-31 2013-05-07 Motorola Solutions, Inc. Method and apparatus for distributing certificate revocation lists (CRLs) to nodes in an ad hoc network
US8082582B2 (en) * 2008-05-21 2011-12-20 Mediatek Inc. Authorization system of navigation device and associated authorization method
KR101511380B1 (en) * 2008-05-22 2015-04-10 삼성전자주식회사 System and method for interchanging secure information between secure removable media devices
KR101517942B1 (en) * 2008-08-21 2015-05-06 삼성전자주식회사 Apparatus and method for using SLM in digital rights management
US10453003B2 (en) * 2008-09-18 2019-10-22 Microsoft Technology Licensing, Llc Digital rights management license identification
KR20100036575A (en) * 2008-09-30 2010-04-08 삼성전자주식회사 Apparatus and method for display of content list in mobile communication terminal
JP5329184B2 (en) 2008-11-12 2013-10-30 株式会社日立製作所 Public key certificate verification method and verification server
US8347081B2 (en) * 2008-12-10 2013-01-01 Silicon Image, Inc. Method, apparatus and system for employing a content protection system
KR20100108970A (en) * 2009-03-31 2010-10-08 삼성전자주식회사 Method and apparatus for protecting of drm contents
CN101572707B (en) * 2009-05-31 2012-08-08 成都市华为赛门铁克科技有限公司 Method, apparatus and system for validating certificate state
US8925096B2 (en) * 2009-06-02 2014-12-30 Google Technology Holdings LLC System and method for securing the life-cycle of user domain rights objects
KR101649528B1 (en) * 2009-06-17 2016-08-19 엘지전자 주식회사 Method and device for upgrading rights object that was stored in memory card
CN101957901B (en) * 2009-07-15 2014-06-04 精品科技股份有限公司 External storage device, its manufacturing method, and its information security management method
EP2456118A4 (en) * 2009-07-17 2013-05-01 Alcatel Lucent METHOD AND EQUIPMENT FOR MANAGING DIGITAL RIGHTS (DRM) IN SMALL AND MEDIUM-SIZED ENTERPRISES (SMEs) AND METHOD FOR PROVIDING DRM SERVICE
KR101487176B1 (en) * 2009-07-30 2015-02-02 에스케이플래닛 주식회사 System for providing code block for separating execution based contents, method thereof and computer recordable medium storing the method
US9170892B2 (en) * 2010-04-19 2015-10-27 Microsoft Technology Licensing, Llc Server failure recovery
US8996611B2 (en) 2011-01-31 2015-03-31 Microsoft Technology Licensing, Llc Parallel serialization of request processing
US9813529B2 (en) 2011-04-28 2017-11-07 Microsoft Technology Licensing, Llc Effective circuits in packet-switched networks
US9454441B2 (en) * 2010-04-19 2016-09-27 Microsoft Technology Licensing, Llc Data layout for recovery and durability
CN102549595B (en) * 2010-07-23 2016-04-20 松下电器产业株式会社 Information processing device, controller, key issuing station, method for judging validity of revocation list, and key issuing method
WO2012023384A1 (en) 2010-08-19 2012-02-23 日本電気株式会社 Object arrangement apparatus, method therefor, and computer program
US8769270B2 (en) * 2010-09-20 2014-07-01 Security First Corp. Systems and methods for secure data sharing
CN103460218B (en) * 2011-02-25 2016-04-13 生物识别股份公司 For the public method provided of shielded electronic document
WO2012156395A1 (en) * 2011-05-19 2012-11-22 Sagantec Israel Ltd. Method, system and computer program product of checking an integrated circuit layout for instances of a reference pattern
US9246882B2 (en) * 2011-08-30 2016-01-26 Nokia Technologies Oy Method and apparatus for providing a structured and partially regenerable identifier
TWI433558B (en) 2011-12-05 2014-04-01 Ind Tech Res Inst System and method for dynamically adjusting the frequency of updating certificate revocation list
US8972728B2 (en) 2012-10-15 2015-03-03 At&T Intellectual Property I, L.P. Method and apparatus for providing subscriber identity module-based data encryption and remote management of portable storage devices
US11127001B2 (en) 2013-05-09 2021-09-21 Wayne Fueling Systems Llc Systems and methods for secure communication
US10198449B2 (en) * 2013-07-16 2019-02-05 Dropbox, Inc. Creating unique content item identifiers
US11422907B2 (en) 2013-08-19 2022-08-23 Microsoft Technology Licensing, Llc Disconnected operation for systems utilizing cloud storage
US9996601B2 (en) * 2013-11-14 2018-06-12 Empire Technology Development Llc Data synchronization
EP3082057B1 (en) * 2013-12-09 2020-11-18 Panasonic Intellectual Property Corporation of America Authentication method and authentication system
EP3086252B1 (en) * 2013-12-16 2020-03-04 Panasonic Intellectual Property Management Co., Ltd. Authentication system and authentication method
WO2015092953A1 (en) * 2013-12-16 2015-06-25 パナソニックIpマネジメント株式会社 Authentication system, and authentication method
KR101532763B1 (en) * 2013-12-26 2015-07-02 주식회사 엔젠소프트 System and method for preventing illegal copy of application
US9798631B2 (en) 2014-02-04 2017-10-24 Microsoft Technology Licensing, Llc Block storage by decoupling ordering from durability
DE102014204044A1 (en) * 2014-03-05 2015-09-10 Robert Bosch Gmbh Procedure for revoking a group of certificates
JP6269209B2 (en) * 2014-03-18 2018-01-31 富士通株式会社 Information processing apparatus, method, and program
US9946849B2 (en) * 2014-09-29 2018-04-17 Panasonic Intellectual Property Corporation Of America Content reading method for reading out copyright-protected content from non-transitory recording medium, content reading apparatus, and non-transitory recording medium
US10075447B2 (en) * 2015-03-04 2018-09-11 Neone, Inc. Secure distributed device-to-device network
KR101655157B1 (en) * 2015-04-21 2016-09-07 주식회사 씨와줄기 Apparatus and method for work process modeling using data oriented programming model
CN106529751B (en) * 2015-09-14 2023-09-29 同方股份有限公司 Method for realizing offline revocation of digital copyright protection system
US11301422B2 (en) * 2016-02-23 2022-04-12 Samsung Electronics Co., Ltd. System and methods for providing fast cacheable access to a key-value device through a filesystem interface
CN109074457A (en) * 2016-04-04 2018-12-21 三菱电机株式会社 Process searcher and process search program
US10764066B2 (en) * 2016-05-18 2020-09-01 Apple Inc. EUICC secure timing and certificate revocation
KR102525429B1 (en) * 2018-04-27 2023-04-26 에릭슨엘지엔터프라이즈 주식회사 Private branch exchange apparatus and method for generating and storing system identifier
SG10201906806XA (en) * 2019-07-23 2021-02-25 Mastercard International Inc Methods and computing devices for auto-submission of user authentication credential
EP3851923B1 (en) * 2020-01-14 2023-07-12 Siemens Aktiengesellschaft Control system for technical installations with certificate management
US11978544B2 (en) * 2020-02-25 2024-05-07 Stryker Corporation Systems and methods for transferring medical data from medical devices to a remote server
EP3985532B1 (en) * 2020-10-19 2023-02-22 Siemens Aktiengesellschaft Certificate management for technical systems
US11645384B2 (en) 2021-03-03 2023-05-09 Bank Of America Corporation System for electronic data obfuscation and protection using independent destructible data objects
CN113141257B (en) * 2021-03-26 2022-06-07 深圳国实检测技术有限公司 Revocation list updating method and storage medium
US20250307468A1 (en) * 2021-05-18 2025-10-02 Kakao Corp. Service providing method using access card, service filtering method, and device for performing same
US11921876B1 (en) 2023-06-14 2024-03-05 Snowflake Inc. Organization-level global data object on data platform
US11909743B1 (en) 2023-07-13 2024-02-20 Snowflake Inc. Organization-level account on data platform

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5892900A (en) * 1996-08-30 1999-04-06 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US6226618B1 (en) * 1998-08-13 2001-05-01 International Business Machines Corporation Electronic content delivery system
US20040006713A1 (en) * 2002-07-08 2004-01-08 Matsushita Electric Industrial Co., Ltd. Device authentication system
US7155609B2 (en) * 2001-06-14 2006-12-26 Microsoft Corporation Key exchange mechanism for streaming protected media content

Family Cites Families (106)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5390297A (en) * 1987-11-10 1995-02-14 Auto-Trol Technology Corporation System for controlling the number of concurrent copies of a program in a network based on the number of available licenses
JPH02187785A (en) * 1989-01-17 1990-07-23 Toshiba Corp Authenticating system
JPH06261033A (en) 1993-03-08 1994-09-16 Nippon Telegr & Teleph Corp <Ntt> Verification control system
US5991753A (en) 1993-06-16 1999-11-23 Lachman Technology, Inc. Method and system for computer file management, including file migration, special handling, and associating extended attributes with files
US6135646A (en) * 1993-10-22 2000-10-24 Corporation For National Research Initiatives System for uniquely and persistently identifying, managing, and tracking digital objects
ATE419586T1 (en) * 1995-02-13 2009-01-15 Intertrust Tech Corp SYSTEMS AND PROCEDURES FOR SECURE TRANSACTION MANAGEMENT AND ELECTRONIC LEGAL PROTECTION
US7069451B1 (en) * 1995-02-13 2006-06-27 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5793868A (en) * 1996-08-29 1998-08-11 Micali; Silvio Certificate revocation system
US5687235A (en) * 1995-10-26 1997-11-11 Novell, Inc. Certificate revocation performance optimization
US5949877A (en) * 1997-01-30 1999-09-07 Intel Corporation Content protection for transmission systems
JP3050843B2 (en) * 1997-02-28 2000-06-12 松下電器産業株式会社 An information device that selects and uses multiple encryption technology use protocols for copyright protection of digital works
JPH1173398A (en) * 1997-06-03 1999-03-16 Toshiba Corp Distributed network computing system, information exchange device used in the system, information exchange method having security function used in the system, computer readable storage medium storing this method
US6431439B1 (en) * 1997-07-24 2002-08-13 Personal Solutions Corporation System and method for the electronic storage and transmission of financial transactions
FI104666B (en) 1997-11-10 2000-04-14 Nokia Networks Oy Secure handshake protocol
US6378072B1 (en) * 1998-02-03 2002-04-23 Compaq Computer Corporation Cryptographic system
US6611812B2 (en) * 1998-08-13 2003-08-26 International Business Machines Corporation Secure electronic content distribution on CDS and DVDs
US6859535B1 (en) * 1998-10-16 2005-02-22 Matsushita Electric Industrial Co., Ltd. Digital content protection system
EP1045388A1 (en) * 1999-04-16 2000-10-18 Deutsche Thomson-Brandt Gmbh Method and apparatus for preventing illegal usage of multimedia content
US7181629B1 (en) * 1999-08-27 2007-02-20 Fujitsu Limited Data distribution system as well as data supply device terminal device and recording device for the same
EP1237323A4 (en) * 1999-12-07 2005-09-07 Sanyo Electric Co DATA PLAYBACK DEVICE
US6834110B1 (en) * 1999-12-09 2004-12-21 International Business Machines Corporation Multi-tier digital TV programming for content distribution
JP2001186121A (en) * 1999-12-27 2001-07-06 Nec Corp Communication unit, communication unit set, authentication method and inter-terminal wireless connection method
US6772340B1 (en) * 2000-01-14 2004-08-03 Microsoft Corporation Digital rights management system operating on computing device and having black box tied to computing device
JP2001265361A (en) * 2000-03-14 2001-09-28 Sony Corp Information providing apparatus and method, information processing apparatus and method, and program storage medium
JP2001298448A (en) 2000-04-14 2001-10-26 Ntt Communications Kk Public key use device and license device
US7020781B1 (en) 2000-05-03 2006-03-28 Hewlett-Packard Development Company, L.P. Digital content distribution systems
US6535871B1 (en) 2000-07-24 2003-03-18 Pitney Bowes Inc. Method for searching a digital rights management package
JP2002073421A (en) * 2000-08-31 2002-03-12 Matsushita Electric Ind Co Ltd License issuing device, content reproducing device, license issuing method, and content reproducing method
US6857067B2 (en) * 2000-09-01 2005-02-15 Martin S. Edelman System and method for preventing unauthorized access to electronic data
US8055899B2 (en) * 2000-12-18 2011-11-08 Digimarc Corporation Systems and methods using digital watermarking and identifier extraction to provide promotional opportunities
US20080056494A1 (en) * 2001-01-12 2008-03-06 Van Jacobson System and method for establishing a secure connection
US7421411B2 (en) * 2001-07-06 2008-09-02 Nokia Corporation Digital rights management in a mobile communications environment
JP3734461B2 (en) * 2001-08-08 2006-01-11 松下電器産業株式会社 License information converter
JP3984129B2 (en) * 2001-09-10 2007-10-03 富士通株式会社 Structured document processing system
JP2003115840A (en) * 2001-10-02 2003-04-18 Matsushita Electric Ind Co Ltd Certificate revocation list exchange method, system, and server device
KR20030030586A (en) * 2001-10-11 2003-04-18 박연일 System and Method for Providing the Digital Contents
US7487363B2 (en) * 2001-10-18 2009-02-03 Nokia Corporation System and method for controlled copying and moving of content between devices and domains based on conditional encryption of content key depending on usage
JP2003152715A (en) * 2001-11-16 2003-05-23 Nippon Telegr & Teleph Corp <Ntt> Revocation certificate information acquisition method and apparatus, revocation certificate information acquisition program, and storage medium storing revocation certificate information acquisition program
KR101026210B1 (en) * 2001-11-23 2011-03-31 리서치 인 모션 리미티드 System and method for processing extensible markup language documents
KR100463842B1 (en) 2001-12-27 2004-12-29 한국전자통신연구원 Apparatus for managing key in afile security system and method for managing security key
US20030229593A1 (en) * 2002-03-14 2003-12-11 Michael Raley Rights expression profile system and method
US20030174838A1 (en) * 2002-03-14 2003-09-18 Nokia Corporation Method and apparatus for user-friendly peer-to-peer distribution of digital rights management protected content and mechanism for detecting illegal content distributors
SE0202451D0 (en) * 2002-08-15 2002-08-15 Ericsson Telefon Ab L M Flexible Sim-Based DRM agent and architecture
BR0315550A (en) * 2002-10-22 2005-08-23 Koninkl Philips Electronics Nv Method for authorizing an operation requested by a first user on a content item, and device arranged to perform an operation requested by a first user on a content item
US20040088541A1 (en) * 2002-11-01 2004-05-06 Thomas Messerges Digital-rights management system
US7707406B2 (en) * 2002-11-08 2010-04-27 General Instrument Corporation Certificate renewal in a certificate authority infrastructure
JP4434573B2 (en) * 2002-11-29 2010-03-17 株式会社東芝 License transfer device and program
US20040158741A1 (en) * 2003-02-07 2004-08-12 Peter Schneider System and method for remote virus scanning in wireless networks
KR20040072256A (en) 2003-02-10 2004-08-18 삼성전자주식회사 Communication terminal for protecting copyright and restricting using of contents and contents security system using that
US7827156B2 (en) * 2003-02-26 2010-11-02 Microsoft Corporation Issuing a digital rights management (DRM) license for content based on cross-forest directory information
US8132024B2 (en) * 2003-03-11 2012-03-06 Panasonic Corporation Digital work protection system, recording apparatus, reproduction apparatus, and recording medium
JP4446330B2 (en) 2003-03-19 2010-04-07 株式会社リコー Communication device
JP4392190B2 (en) * 2003-05-01 2009-12-24 日本放送協会 Data content transmitting apparatus and data content transmitting program
AP2005003476A0 (en) * 2003-06-05 2005-12-31 Intertrust Tech Corp Interoperable systems and methods for peer-to-peerservice orchestration.
JP4629661B2 (en) * 2003-06-06 2011-02-09 ソニー エリクソン モバイル コミュニケーションズ, エービー How to make it possible to convert one digital rights management scheme into another
EP1486850A2 (en) * 2003-06-06 2004-12-15 Sony Ericsson Mobile Communications AB Allowing conversion of one digital rights management scheme to another
US7949877B2 (en) * 2003-06-30 2011-05-24 Realnetworks, Inc. Rights enforcement and usage reporting on a client device
JP4404190B2 (en) * 2003-07-24 2010-01-27 ソニー株式会社 Electronic device, authentication usage information update method
JP2005063068A (en) * 2003-08-08 2005-03-10 Canon Inc DATA RECORDING CONTROL DEVICE AND METHOD, STORAGE MEDIUM, AND PROGRAM
KR100493904B1 (en) * 2003-09-18 2005-06-10 삼성전자주식회사 Method for DRM license supporting plural devices
WO2005036882A1 (en) * 2003-10-14 2005-04-21 Matsushita Electric Industrial Co., Ltd. Mpeg-21 digital content protection system
KR100519807B1 (en) * 2003-12-23 2005-10-11 한국전자통신연구원 Apparatus and method of generating and using dynamic metadata for contextual information
KR100744531B1 (en) 2003-12-26 2007-08-01 한국전자통신연구원 System and method for managing encryption key for mobile terminal
US20050172127A1 (en) * 2004-01-31 2005-08-04 Frank Hartung System and method for transcoding encrypted multimedia messages transmitted between two devices
JP4664008B2 (en) * 2004-06-07 2011-04-06 エヌ・ティ・ティ・コミュニケーションズ株式会社 ACCESS RIGHT MANAGEMENT SYSTEM, ACCESS RIGHT MANAGEMENT DEVICE, ACCESS RIGHT MANAGEMENT METHOD, TERMINAL PROGRAM, AND ACCESS RIGHT MANAGEMENT PROGRAM
US7069369B2 (en) * 2004-02-12 2006-06-27 Super Talent Electronics, Inc. Extended-Secure-Digital interface using a second protocol for faster transfers
JP2005234837A (en) 2004-02-19 2005-09-02 Fujitsu Ltd Structured document processing method, structured document processing system and program thereof
KR20050094273A (en) 2004-03-22 2005-09-27 삼성전자주식회사 Digital rights management structure, handheld storage deive and contents managing method using handheld storage device
KR101254209B1 (en) * 2004-03-22 2013-04-23 삼성전자주식회사 Apparatus and method for moving and copying right objects between device and portable storage device
CA2560571A1 (en) * 2004-03-22 2005-12-29 Samsung Electronics Co., Ltd. Method and apparatus for digital rights management using certificate revocation list
KR101100385B1 (en) * 2004-03-22 2011-12-30 삼성전자주식회사 Method and device for digital rights management using certificate revocation list
US7617158B2 (en) * 2004-03-22 2009-11-10 Telefonaktiebolaget L M Ericsson (Publ) System and method for digital rights management of electronic content
JP4487607B2 (en) * 2004-03-23 2010-06-23 ソニー株式会社 Information processing system, information processing apparatus and method, recording medium, and program
KR101043336B1 (en) * 2004-03-29 2011-06-22 삼성전자주식회사 Method and apparatus for acquiring and removing informations of digital right objects
KR20050096040A (en) * 2004-03-29 2005-10-05 삼성전자주식회사 Method for playbacking content using portable storage by digital rights management, and portable storage for the same
KR20050099108A (en) * 2004-04-08 2005-10-13 에스케이 텔레콤주식회사 Method of controlling drm service policy
KR101134638B1 (en) * 2004-04-20 2012-04-09 삼성전자주식회사 Method and appartus for digital rights management system in home network system
CN1950806A (en) * 2004-04-30 2007-04-18 松下电器产业株式会社 Digital copyright management using secure device
EP1594250A1 (en) * 2004-05-03 2005-11-09 Thomson Licensing Distributed management of a certificate revocation list
KR100818992B1 (en) * 2004-05-31 2008-04-03 삼성전자주식회사 Apparatus and method for sending and receiving digital right objects in a transfomred format between device and portable storage
KR20050115151A (en) * 2004-06-03 2005-12-07 삼성전자주식회사 Memory card capable of storing security data and operating method of memory card
SE527925C2 (en) 2004-07-09 2006-07-11 Infinisec Holding Ab Procedure for decryption and database of encrypted data information
KR100608585B1 (en) * 2004-07-12 2006-08-03 삼성전자주식회사 Method and apparatus for searching rights objects stored in portable storage device using object location data
CA2573852C (en) 2004-07-12 2013-01-22 Samsung Electronics Co., Ltd. Apparatus and method for processing digital rights object
AU2005263101B2 (en) * 2004-07-12 2008-05-15 Samsung Electronics Co., Ltd. Method and apparatus for searching rights objects stored in portable storage device using object location data
US7427027B2 (en) * 2004-07-28 2008-09-23 Sandisk Corporation Optimized non-volatile storage systems
KR100608605B1 (en) * 2004-09-15 2006-08-03 삼성전자주식회사 Digital rights management method and device
KR100608604B1 (en) * 2004-09-15 2006-08-03 삼성전자주식회사 Method and apparatus for searching right objects stored in portable storage device using object identifier
JP2006085481A (en) * 2004-09-16 2006-03-30 Sony Corp License processing apparatus, program, and license transfer method
JP2006085482A (en) * 2004-09-16 2006-03-30 Sony Corp License processing apparatus, program, and license duplication method
US20060061789A1 (en) * 2004-09-20 2006-03-23 Kabushiki Kaisha Toshiba Image forming apparatus and image forming method
KR100664924B1 (en) 2004-10-04 2007-01-04 삼성전자주식회사 Portable storage devices, host devices and communication methods between them
KR20060030164A (en) * 2004-10-05 2006-04-10 전문석 Shared key pool based DRM system for video data protection
CN100576196C (en) * 2004-10-12 2009-12-30 韩国情报通信大学校产学协力团 Content encryption method, system and method for providing content over network using the encryption method
CA2922172A1 (en) * 2004-10-25 2006-05-04 Security First Corp. Secure data parser method and system
WO2006045344A1 (en) * 2004-10-29 2006-05-04 Telecom Italia S.P.A. Method for establishing a secure logical connection between an integrated circuit card and a memory card through a terminal equipment
JP4774276B2 (en) * 2004-11-19 2011-09-14 パナソニック株式会社 Anonymous information system, conversion division device, information providing device, and information storage device
EP1836851A4 (en) * 2005-01-13 2013-07-10 Samsung Electronics Co Ltd HOST DEVICE, PORTABLE MEMORY DEVICE, AND METHOD FOR UPDATING META-INFORMATION RELATING TO CORRECT OBJECTS MEMORIZED IN THE PORTABLE DEVICE
CA2592872A1 (en) * 2005-01-13 2006-07-20 Samsung Electronics Co., Ltd. Method and device for consuming rights objects having inheritance structure
EP1836587A4 (en) * 2005-01-13 2013-07-03 Samsung Electronics Co Ltd DEVICE AND METHOD FOR MANAGING DIGITAL RIGHTS
JP4161043B2 (en) * 2005-01-31 2008-10-08 三洋電機株式会社 Content usage information storage device
US7558463B2 (en) * 2005-04-18 2009-07-07 Microsoft Corporation Retention of information about digital-media rights in transformed digital media content
KR100755690B1 (en) * 2005-05-10 2007-09-05 삼성전자주식회사 Content management method and device
US7523146B2 (en) * 2005-06-21 2009-04-21 Apple Inc. Apparatus and method for peer-to-peer N-way synchronization in a decentralized environment
US7987160B2 (en) * 2006-01-30 2011-07-26 Microsoft Corporation Status tool to expose metadata read and write queues
KR101346734B1 (en) * 2006-05-12 2014-01-03 삼성전자주식회사 Multi certificate revocation list support method and apparatus for digital rights management

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5892900A (en) * 1996-08-30 1999-04-06 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US6226618B1 (en) * 1998-08-13 2001-05-01 International Business Machines Corporation Electronic content delivery system
US7155609B2 (en) * 2001-06-14 2006-12-26 Microsoft Corporation Key exchange mechanism for streaming protected media content
US20040006713A1 (en) * 2002-07-08 2004-01-08 Matsushita Electric Industrial Co., Ltd. Device authentication system

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100042760A1 (en) * 2006-10-16 2010-02-18 Stephan Spitz Method for executing an application with the aid of a portable data storage medium
US8327035B2 (en) * 2006-10-16 2012-12-04 Giesecke & Devrient Gmbh Method for executing an application with the aid of a portable data storage medium
US20100191976A1 (en) * 2009-01-29 2010-07-29 Youn-Sung Chu Method for installing rights object for content in memory card
EP2214113A2 (en) 2009-01-29 2010-08-04 Lg Electronics Inc. Method for installing rights object for content in memory card
EP2214113A3 (en) * 2009-01-29 2011-03-09 Lg Electronics Inc. Method for installing rights object for content in memory card
US8214644B2 (en) 2009-01-29 2012-07-03 Lg Electronics Inc. Method for installing rights object for content in memory card
US9026793B2 (en) 2009-01-29 2015-05-05 Lg Electronics Inc. Method for installing rights object for content in memory card
DE102009040615A1 (en) * 2009-09-08 2011-03-10 Siemens Aktiengesellschaft A method of digital rights management in a computer network having a plurality of subscriber computers
US8813238B2 (en) 2010-05-21 2014-08-19 Google Technology Holdings LLC Digital rights management with irregular network access
US9336365B2 (en) 2010-05-21 2016-05-10 Google Technology Holdings LLC Digital rights management with irregular network access
US10061904B2 (en) 2010-05-21 2018-08-28 Google Technology Holdings LLC Digital rights management with irregular network access

Also Published As

Publication number Publication date
EP2021946A4 (en) 2015-01-07
US20070265981A1 (en) 2007-11-15
WO2007133007A1 (en) 2007-11-22
CN101443754B (en) 2011-12-28
CN101443756B (en) 2011-06-08
KR101362380B1 (en) 2014-02-13
JP4907718B2 (en) 2012-04-04
EP2024846A4 (en) 2016-09-14
EP2021947A1 (en) 2009-02-11
KR20070109826A (en) 2007-11-15
US8196208B2 (en) 2012-06-05
CN101443744A (en) 2009-05-27
WO2007133024A1 (en) 2007-11-22
EP2024846A1 (en) 2009-02-18
CN101443757A (en) 2009-05-27
US7854010B2 (en) 2010-12-14
WO2007133026A1 (en) 2007-11-22
JP2009537029A (en) 2009-10-22
JP2009537092A (en) 2009-10-22
KR20070109835A (en) 2007-11-15
US20070266243A1 (en) 2007-11-15
CN101443756A (en) 2009-05-27
US20070266208A1 (en) 2007-11-15
KR20070109814A (en) 2007-11-15
KR101352515B1 (en) 2014-01-20
CN101443764A (en) 2009-05-27
KR101346734B1 (en) 2014-01-03
US9853953B2 (en) 2017-12-26
WO2007132987A1 (en) 2007-11-22
JP2009537041A (en) 2009-10-22
CN103632072A (en) 2014-03-12
CN101443758A (en) 2009-05-27
KR101352524B1 (en) 2014-01-17
JP4810608B2 (en) 2011-11-09
WO2007133009A1 (en) 2007-11-22
JP4859978B2 (en) 2012-01-25
US20070263869A1 (en) 2007-11-15
CN101443754A (en) 2009-05-27
KR20070109797A (en) 2007-11-15
EP2024846B1 (en) 2021-06-30
WO2007132988A1 (en) 2007-11-22
WO2007133035A1 (en) 2007-11-22
EP2027540A1 (en) 2009-02-25
EP2027545A4 (en) 2016-08-31
US20070266440A1 (en) 2007-11-15
KR20070109813A (en) 2007-11-15
CN101443758B (en) 2012-07-18
EP2024864A1 (en) 2009-02-18
EP2021945A1 (en) 2009-02-11
EP2027545A1 (en) 2009-02-25
EP2035968A1 (en) 2009-03-18
KR20070109823A (en) 2007-11-15
JP4865854B2 (en) 2012-02-01
KR101135145B1 (en) 2012-04-19
JP2009537090A (en) 2009-10-22
CN101443745A (en) 2009-05-27
JP2009537043A (en) 2009-10-22
KR20070109804A (en) 2007-11-15
KR101352513B1 (en) 2014-01-20
WO2007133028A1 (en) 2007-11-22
CN101443755A (en) 2009-05-27
EP2021946A1 (en) 2009-02-11
US20070266441A1 (en) 2007-11-15
JP4896218B2 (en) 2012-03-14
US8261073B2 (en) 2012-09-04
US20160197891A1 (en) 2016-07-07
JP2009537039A (en) 2009-10-22
JP2009537040A (en) 2009-10-22
KR20070109851A (en) 2007-11-15
JP2009537093A (en) 2009-10-22
US8340297B2 (en) 2012-12-25
EP2021947A4 (en) 2015-07-01

Similar Documents

Publication Publication Date Title
US20070288383A1 (en) Method and apparatus for issuing rights object required to use digital content
JP4855963B2 (en) Digital rights management method
US8768849B2 (en) Digital rights management provision apparatus, system, and method
KR100608605B1 (en) Digital rights management method and device
US8181266B2 (en) Method for moving a rights object between devices and a method and device for using a content object based on the moving method and device
US20070219917A1 (en) Digital License Sharing System and Method
JP2007537534A (en) Method and apparatus for transferring right object information between device and portable storage device
US8369528B2 (en) Method and apparatus for providing encrypted key based on DRM type of host device
KR20050096040A (en) Method for playbacking content using portable storage by digital rights management, and portable storage for the same
JP4389129B2 (en) Information transmission system, information transmission device, information reception device, and information transmission method
US8180709B2 (en) Method and device for consuming rights objects having inheritance structure in environment where the rights objects are distributed over plurality of devices
US20060155651A1 (en) Device and method for digital rights management
CN102859503A (en) Secure data storage and transfer for portable data storage devices
US8438112B2 (en) Host device, portable storage device, and method for updating meta information regarding right objects stored in portable storage device
KR101532927B1 (en) Method and apparatus for providing encrypted key based on DRM type of host device
AU2005226064A1 (en) Digital license sharing system and method

Legal Events

Date Code Title Description
AS Assignment

Owner name: SAMSUNG ELECTRONICS CO., LTD., KOREA, REPUBLIC OF

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KIM, YEO-JIN;OH, YUN-SANG;SIM, SANG-GYOO;AND OTHERS;REEL/FRAME:019222/0896

Effective date: 20070423

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION