[go: up one dir, main page]

WO2007085989A2 - Validation amelioree d’une chaine de certificats - Google Patents

Validation amelioree d’une chaine de certificats Download PDF

Info

Publication number
WO2007085989A2
WO2007085989A2 PCT/IB2007/050185 IB2007050185W WO2007085989A2 WO 2007085989 A2 WO2007085989 A2 WO 2007085989A2 IB 2007050185 W IB2007050185 W IB 2007050185W WO 2007085989 A2 WO2007085989 A2 WO 2007085989A2
Authority
WO
WIPO (PCT)
Prior art keywords
content
ruleset
license
access operation
applicable
Prior art date
Application number
PCT/IB2007/050185
Other languages
English (en)
Other versions
WO2007085989A3 (fr
Inventor
Franciscus L. A. J. Kamperman
Wouter Baks
Petrus J. Lenoir
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Publication of WO2007085989A2 publication Critical patent/WO2007085989A2/fr
Publication of WO2007085989A3 publication Critical patent/WO2007085989A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2807Exchanging configuration information on appliance services in a home automation network
    • H04L12/2812Exchanging configuration information on appliance services in a home automation network describing content present in a home automation network, e.g. audio video content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L2012/2847Home automation networks characterised by the type of home appliance used
    • H04L2012/2849Audio/video appliances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management

Definitions

  • DRM Digital Rights Management
  • Authorized Domains tries to find a solution to both serve the interests of the content owners (that want protection of their intellectual property) and the content consumers (that want unrestricted use of the content).
  • the basic principle is to have a controlled network environment in which content can be used relatively freely as long as it does not cross the border of the authorized domain.
  • authorized domains are centered around the home environment, also referred to as home networks.
  • a user could for example take a portable device for audio and/or video with a limited amount of content with him on a trip, and use it in his hotel room to access or download additional content stored on his personal audio and/or video system at home. Even though the portable device is outside the home network, it is a part of the user's authorized domain.
  • DRM systems typically use so-called Licenses that include the specific permissions and restricting rules to be evaluated at the moment access to the Content is desired.
  • the access to the Content will be in accordance with these permissions and restrictions.
  • These permissions and restrictions are specific for the Content in question; there is a high granularity.
  • a disadvantage of the above is that a change in a restriction or permission is very hard to do. This would require replacing or changing all already-issued Licenses in which the restriction or permission in question is recorded. For example, if a music label decides that all its content should now be freely distributable, it now has to issue replacement licenses for every piece of content to every customer.
  • This object is achieved according to the invention in a method as claimed in claim 1.
  • a separate ruleset it is possible to aggregate multiple restrictions or permissions in a single location that can be applied to various content items.
  • the restrictions or permissions applicable to multiple content items can be changed or updated at once. This applies even when the licenses to those content items have already been issued. No changes to the licenses are necessary; the only entity that needs to be changed is the ruleset.
  • the license may indicate the ruleset.
  • the ruleset applicable to the content may be determined by determining a characteristic of the content and selecting the ruleset based on the determined characteristic.
  • the characteristic preferably is one of: a type of the content, a source of the content, and a classification of the content.
  • Other preferred embodiments are set out in the dependent claims.
  • Fig. 1 schematically shows a system comprising devices interconnected via a network
  • Fig. 2 schematically illustrates a first device-based authorized domain configuration
  • Fig. 3 schematically illustrates a second device-based authorized domain configuration
  • Fig. 4 schematically illustrates a first person-based authorized domain configuration
  • Fig. 5 schematically illustrates a second person-based authorized domain configuration
  • Fig. 6 schematically illustrates an authorized domain configuration according to the invention.
  • same reference numerals indicate similar or corresponding features.
  • Some of the features indicated in the drawings are typically implemented in software, and as such represent software entities, such as software modules or objects.
  • Fig. 1 schematically shows a system 100 comprising devices 101-105 interconnected via a network 110.
  • a typical digital home network includes a number of devices, e.g. a radio receiver, a tuner/decoder, a CD player, a pair of speakers, a television, a VCR, a digital recorder, a mobile phone, a tape deck, a personal computer, a personal digital assistant, a portable display unit, a car entertainment system, and so on.
  • These devices are usually interconnected to allow one device, e.g. the television, to control another, e.g. the VCR.
  • One device such as e.g. the tuner/decoder or a set top box (STB), is usually the central device, providing central control over the others.
  • STB set top box
  • Content which typically comprises things like music, songs, movies, animations, speeches, videoclips for music, TV programs, pictures, games, ringtones, spoken books and the like, but which also may include interactive services, is received through a residential gateway or set top box 101.
  • Content could also enter the home via other sources, such as storage media like discs or using portable devices.
  • the source could be a connection to a broadband cable network, an Internet connection, a satellite downlink and so on.
  • the content can then be transferred over the network 110 to a sink for rendering.
  • a sink can be, for instance, the television display 102, the portable display device 103, the mobile phone 104 and/or the audio playback device 105.
  • rendering comprises generating audio signals and feeding them to loudspeakers.
  • rendering generally comprises generating audio and video signals and feeding those to a display screen and loudspeakers.
  • Rendering may also include operations such as decrypting or descrambling a received signal, synchronizing audio and video signals and so on.
  • the set top box 101 may comprise a storage medium S 1 such as a suitably large hard disk, allowing the recording and later playback of received content.
  • the storage medium Sl could be a Personal Digital Recorder (PDR) of some kind, for example a DVD+RW recorder, to which the set top box 101 is connected.
  • Content can also enter the system 100 stored on a carrier 120 such as a Compact Disc (CD) or Digital Versatile Disc (DVD).
  • CD Compact Disc
  • DVD Digital Versatile Disc
  • the portable display device 103 and the mobile phone 104 are connected wirelessly to the network 110 using a base station 111, for example using Bluetooth or IEEE 802.1 Ib.
  • the other devices are connected using a conventional wired connection.
  • One well- known standard is the Universal Plug and Play standard (http://www.upnp.org).
  • the devices 101-105 in the network 110 may access the content in various ways.
  • the most common form of access is the rendering of the content, but access operations such as copying, moving or exporting the content also frequently occur.
  • Exporting may involve transferring the content to another network or to a storage device such as the record carrier 120.
  • Content may also be edited, compiled, transformed, abridged, translated, combined with other content, and so on.
  • access will be used for all possible operations that may be performed on the content.
  • DRM Digital Rights Management
  • One way of protecting content in the form of digital data is to ensure that content will only be transferred from a source to a sink device if the sink device has been authenticated as being a compliant device, and the user of the content has the right to transfer (move and/or copy) that content to the sink device.
  • Content protection systems normally involve protected communication between members based on some secret, only known to devices that were tested and certified to have secure implementations. Knowledge of the secret is tested using an authentication protocol. Commonly these protocols employ public key cryptography, which use a pair of two different keys. The secret to be tested is then the private key (sometimes called secret key) of the pair, while the public key can be used to verify the results of the test. At manufacturing time compliant devices receive an identity certificate that is used in the authentication protocol to exchange the public keys of the devices.
  • a secure authenticated channel may be set up using an Authentication and Key Agreement (AKA) protocol that is based on public key cryptography.
  • AKA Authentication and Key Agreement
  • Standards such as International Standard ISO/IEC 11770-3 and ISO/IEC 9796-2, and public key algorithms such as RSA and hash algorithms like SHA-I are often used.
  • a SAC may be set up between devices that are, physically or network- wise, far away from each other.
  • various proposals have been made for some form of distance measurement that is to be performed when the SAC is set up. If the source and sink devices are too far away from each other, the SAC should not be set up or content exchange should be refused or limited.
  • Various ways to determine the relative proximity of two devices are available. Examples are international patent applications WO 2003/079638 (attorney docket PHUS020086), WO 2004/030311 (attorney docket PHUS010314) and WO 2004/030312 (attorney docket PHUS020358).
  • the public key may be accompanied by a certificate, which is digitally signed by a Certification Authority (CA), the organization that manages the distribution of public/private key-pairs for all devices. Everybody knows the CA's public key and can use it to verify the CA's signature on the certificate. In a simple implementation the public key of the CA is hard-coded into the implementation of the device.
  • CA Certification Authority
  • the system 100 is realized as an Authorized Domain (AD).
  • Authorized domains need to address issues such as authorized domain identification, device check-in, device check-out, rights check-in, rights check-out, content check-in, content check-out, as well as domain management.
  • the domain is formed by a specific set of hardware devices or software applications (referred to collectively as clients hereafter) and content.
  • a domain manager which can be one or more of the clients, a smart card or another device, controls which clients may join the domain. Only the specific set of clients in the domain (the members) is allowed to make use of the content of that domain, e.g. to open, copy, play or export it.
  • a device based AD is illustrated in Fig. 2.
  • Devices Dl, D2, D3 are bound to a domain AD, as is content Cl, C2, C3.
  • To validate an access operation to content it must be verified whether the content in question and the device on which the operation is to take place are both bound to the domain. Any person may perform the access operation, although credentials (e.g. a password, PIN or smart card) may need to be used to operate the device.
  • FIG. 3 An alternative device based AD is illustrated in Fig. 3.
  • content CI l, C 12 is bound to device Dl
  • content C21 is bound to device D2
  • content C31, C32 is bound to device D3.
  • Devices Dl, D2, D3 are still bound to the AD.
  • To validate an access operation to content it must be verified whether the content in question is bound to a Device that is bound to the AD, and whether the device on which the operation is to take place is bound to the AD. Again, any person may perform the access operation.
  • Fig. 4 is shown an AD configuration in which the content is bound to persons and a number of persons, e.g. all the members of one family, are grouped into an authorized domain.
  • Content Cl 1 C 12 is bound to person Pl
  • content C21 is bound to person P2
  • content C31, C32 is bound to person P3.
  • Persons Pl, P2, P3 are bound to the AD.
  • To validate an access operation to content it must be verified whether the person requesting the access operation is bound to the AD and whether the content in question is bound to a person that is also bound to that AD. Note that this person could be the same person who requested the access operation or a different person.
  • the access operation may be performed on every suitable and compliant device.
  • Fig. 5 It may also be desirable to also bind devices to the AD, as illustrated in Fig. 5.
  • the bindings are the same as in Fig. 4, except that now devices Dl, D2, D3 are bound to the AD as well.
  • To validate an access operation to content it must be verified whether the content in question is bound to a person bound to the AD and whether the person requesting the access operation is bound to the AD,, or whether the device on which the operation is to take place is bound to the AD.
  • a so-called Hybrid Authorized Domain-based DRM system ties content to a group that may contain devices and persons.
  • This group is typically limited to a household, such that: content can be watched on any of the members that belong to the household (e.g. TV in Living, TV in Bedroom, PC) content can be watched by any of the users that belong to the household after they have authenticated themselves on any client (such as a television in a hotel room).
  • client such as a television in a hotel room.
  • Such authentication normally involves a user authentication device such as a smart card.
  • hybrid AD systems can be found in international patent application WO 2005/010879 (attorney docket PHNL030926) and in international patent application WO 2005/093544 (attorney docket PHNL040315), both incorporated herein by reference.
  • an AD comprises a group of Clients and/or License Owners.
  • the License Owners should be entitled to access Content for which they have a License within the Domain with which they are associated and on the Clients involved.
  • To validate an access operation to content it must be verified whether appropriate bindings or links are present between the entities involved. For example, in a device-based AD, it must be verified whether the content in question and the device on which the operation is to take place are both bound to the domain.
  • the access rights regarding a piece of content are expressed in a License, which typically references the license owner (the consumer or other purchaser who obtained the License) as well as content involved.
  • a License also includes the specific permissions and restricting rules expressed in executable control code, stored in a so-called control object in the License, to be evaluated at the moment access to the Content is desired.
  • Permissions and restrictions might also be represented by a formal rights language such as e.g. defined in the ISO/IEC 21000-5:2004 MPEG-REL standard.
  • a permission is an individual right, e.g. "Play” or “Copy”, which can be limited by one or more restrictions, e.g. "only 10 times” or “not before 20:00 pm” or "only on a Saturday”.
  • a restriction used in combination with a permission provides a condition that limits the use of a permission. Every permission can have different restrictions.
  • a Link may contain restricting rules qualifying the validity of the Link, which must be evaluated at the moment the Link is to be used.
  • the association relation between a person and an AD is expressed in a Link from the AD to the person in question.
  • the membership relation between a Client and an AD is expressed in a Link from the Client to the AD in question.
  • Each Client that is a member of an AD may access (a copy of) the Content and the attests comprising the Domain configuration at a certain moment in time, e.g. by downloading such Content and attests as needed, although some or all of this data may also be broadcasted or distributed otherwise.
  • the Client When an access operation on a piece of Content is requested, the Client at which the operation is to take place evaluates the License for that Content, checking permissions and restrictions defined in that License. To this end the Client is provided with a license evaluation module that may be realized as a secure chip and/or software component, for instance on a smart card.
  • the permissions and restrictions in a License are specific for the Content to which the License applies.
  • system-wide restrictions apply to all access operations to all Content.
  • the AD can be extended by introducing a new entity referred to as a ruleset
  • an AD system may be provided with one or more rulesets.
  • Such a ruleset aggregates multiple restrictions and/or permissions in a single location. These restrictions and/or permissions can then be applied to various content items.
  • An access operation to content is valid only if the license and the ruleset both permit the access operation.
  • Fig. 6 schematically shows an extension of the AD of Fig. 5 in which rulesets RNl and RN2 have been introduced.
  • an Authorized Domain system is to be designed with a restriction that a portable audio player should contact the AD every six weeks.
  • a restriction ensures that such players stay in regular contact with the AD manager, so that updates and changes to the AD can be provided to such players. For example, this way the player can be disconnected from the AD with a grace period of at most six weeks.
  • This restriction could be added as a validity period to each individual License, requiring a player to contact the AD for an updated License every six weeks. However this introduces a large amount of redundancy. Furthermore, later the six weeks cannot be changed to three months in all the already-issued Licenses.
  • a ruleset is created for audio Content, which contains the validity period of six weeks.
  • the Client evaluates the License and determines that this ruleset applies. It then applies the rules in the ruleset. In this example, if the player has not contacted the AD in the last six weeks, the access operation will be refused. This requires a refresh of the ruleset after six weeks, providing an opportunity to update the restrictions in the ruleset.
  • the license accompanying the content indicates which ruleset or rulesets is/are applicable.
  • a ruleset may have a unique identifier that can be listed in the license to indicate which ruleset is applicable.
  • Rulesets can be set for any conceivable kind of grouping that may be applied to content. In the example above, the grouping concerned a particular music label.
  • the ruleset applicable to the content is determined by determining a characteristic of the content and selecting the ruleset based on the determined characteristic. For example, one may introduce different rulesets for different types of content: audio, video, text, photos and so on.
  • Another option is source of content: broadcasted content, downloaded from peer-to-peer network, purchased at brick-and-mortar music store, purchased at online music store, and so on.
  • Yet another option is classification of content: adult content, family content, violent content and so on.
  • a License may specify that multiple rulesets apply.
  • a television broadcaster may desire that a ruleset for broadcasted content and one for video content both apply.
  • Rulesets may be declared applicable by content owners, but also by persons that own or operate the AD.
  • the owner of an AD may for example want to set rules about adult content, such as "play only after 23:00 hours” or "password required”.
  • the ruleset may be declared applicable to content having a certain characteristic.
  • content may carry a label identifying it as adult content, and the ruleset may declare itself applicable to all adult content.
  • the above method may be implemented on a system for validating an access operation to content on a device.
  • the implementation takes the form of a computer program comprising code for causing a processing to execute the method.
  • a system comprises a module, which evaluates the license associated with the content.
  • This module is then also configured for further evaluating a ruleset applicable to the content and validating the access operation only if the license and the ruleset both permit the access operation.
  • This license management module ruleset can determine the ruleset applicable to the content from an indication provided in the license. Alternatively a determining module may be provided that determines a characteristic of the content. The license management module is then configured to select the ruleset applicable to the content based on the determined characteristic.
  • the AD is realized by so-called Links that associate persons and/or devices, generally called Nodes, to the AD.
  • a piece of Content can now only be accessed when all the relevant Links are found to be valid and all the conditions in every Link, as well as in the License, are met.
  • the exact choice of which Links need to be evaluated depends on the configuration of the AD. If so, the license evaluation module will enable a content access module to access the Content in the manner requested. Subsequently the Content can e.g. be rendered, copied and/or distributed, in accordance with the permissions and restrictions in the License.
  • the ruleset is realized by creating a separate Node, the Rule Node, and providing a Link to the Rule Node.
  • This Link contains a number of permissions, restrictions and/or rules that must be met if the License for a piece of Content specifies that a valid chain of Links to that Rule Node must exist.
  • the Rule Node for example may identify itself as being applicable to all adult content, or to all video content. A restriction such as "play only after 23:00 hours" may then be added to the Link to that Rule Node. This means that all adult content can only be accessed after 23:00 hours.
  • a Rule Node can also be used to prevent certain Clients from successfully evaluating certain Links. For example, the television in a child's bedroom may be prevented from receiving the Link to the Rule Node for adult content. It is then impossible to watch adult content on that television, since that requires a successful evaluation of the Link to that Rule Node for adult content.
  • the Domain Manager managing the AD from which the Link to a Rule Node is directed creates, issues and renews such Links.
  • the Domain Manager thus can determine which Links are to be sent to which Client.
  • a television in a child's bedroom on which access to certain adult content is requested will in turn request the Domain Manager to provide it with all relevant Links.
  • the Domain Manager will not provide that particular Link to the adult Rule Node because it has been configured not to send Links to "adult content" Rule Nodes to that television.
  • a Client generally speaking is a functional entity that can acquire and parse Licenses and Links for the purpose of getting access to an instance of Content based on the rights expressed in those Licenses and Links.
  • a Client is embodied as one or more software applications and/or hardware components in a device.
  • a Client may be provided as a software application on a device such as a mobile phone or portable music player.
  • a Client usually comprises a processor to perform the necessary operations and is equipped with a memory to store Content and/or instructions to be executed by the processor.
  • a License Owner generally speaking is an entity that is representative of a User in a Domain environment.
  • a User can be granted rights for an instance of Content.
  • Such a license grant can be represented in the system by providing a License that links (a specific instance of) Content to the License Owner.
  • a License Owner can be implemented by providing information in a data structure, record in a database or software object. The relation with the User is not explicitly defined in the system, but can for instance be realized by the User having a Device containing that information.
  • any reference signs placed between parentheses shall not be construed as limiting the claim.
  • the word “comprising” does not exclude the presence of elements or steps other than those listed in a claim.
  • the word “a” or “an” preceding an element does not exclude the presence of a plurality of such elements.
  • the invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

La présente invention concerne un procédé de validation d’une opération d’accès à un contenu sur un dispositif, comprenant l’évaluation d‘une licence associée au contenu, caractérisé par une évaluation complémentaire d’un ensemble de règles applicables au contenu et validant l’opération d'accès seulement si la licence et l'ensemble de règles permettent toutes deux l'opération d'accès. La licence peut indiquer l’ensemble de règles. De façon alternative, l’ensemble de règles applicables au contenu peut être défini par la détermination d'une caractéristique du contenu et la sélection de l’ensemble de règles en fonction de la caractéristique déterminée. La caractéristique est de préférence une de : type du contenu, source du contenu ou classification du contenu. Dans un mode de réalisation, une évaluation d’un ou plusieurs liens associant une personne et/ou le dispositif à un domaine autorisé ainsi que l’évaluation d’un lien associant l’ensemble de règles au domaine autorisé sont réalisées également. La présente invention concerne aussi un système configuré pour exécuter le procédé.
PCT/IB2007/050185 2006-01-26 2007-01-19 Validation amelioree d’une chaine de certificats WO2007085989A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP06100865.2 2006-01-26
EP06100865 2006-01-26

Publications (2)

Publication Number Publication Date
WO2007085989A2 true WO2007085989A2 (fr) 2007-08-02
WO2007085989A3 WO2007085989A3 (fr) 2007-11-01

Family

ID=38181114

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2007/050185 WO2007085989A2 (fr) 2006-01-26 2007-01-19 Validation amelioree d’une chaine de certificats

Country Status (1)

Country Link
WO (1) WO2007085989A2 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103428054A (zh) * 2012-05-24 2013-12-04 华为终端有限公司 媒体信息的访问控制方法、装置和数字家庭多媒体系统
US8924468B2 (en) 2008-05-08 2014-12-30 Bang & Olufsen A/S Method and means for a multilayer access control

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050071663A1 (en) * 2003-09-26 2005-03-31 General Instrument Corporation Separation of copy protection rules for digital rights management
KR101242140B1 (ko) * 2004-03-26 2013-03-12 아드레아 엘엘씨 허가된 도메인을 생성하기 위한 방법 및 시스템

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8924468B2 (en) 2008-05-08 2014-12-30 Bang & Olufsen A/S Method and means for a multilayer access control
CN103428054A (zh) * 2012-05-24 2013-12-04 华为终端有限公司 媒体信息的访问控制方法、装置和数字家庭多媒体系统

Also Published As

Publication number Publication date
WO2007085989A3 (fr) 2007-11-01

Similar Documents

Publication Publication Date Title
JP4734257B2 (ja) 接続リンクされた権利保護
US8561210B2 (en) Access to domain
US8776259B2 (en) DRM system
KR101060482B1 (ko) 하이브리드 디바이스 및 개인 기반 허가된 도메인 아키텍쳐
KR101242140B1 (ko) 허가된 도메인을 생성하기 위한 방법 및 시스템
US20090132811A1 (en) Access to authorized domains
WO2007085989A2 (fr) Validation amelioree d’une chaine de certificats
WO2006051494A1 (fr) Amelioration de revocation dans domaine autorise

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07700638

Country of ref document: EP

Kind code of ref document: A2