CN101084503A - Method, system, and device for verifying authorized issuance of a rights expression - Google Patents

Method, system, and device for verifying authorized issuance of a rights expression Download PDF

Info

Publication number
CN101084503A
CN101084503A CNA2004800446426A CN200480044642A CN101084503A CN 101084503 A CN101084503 A CN 101084503A CN A2004800446426 A CNA2004800446426 A CN A2004800446426A CN 200480044642 A CN200480044642 A CN 200480044642A CN 101084503 A CN101084503 A CN 101084503A
Authority
CN
China
Prior art keywords
statement
issue
sign
expression
trusted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2004800446426A
Other languages
Chinese (zh)
Inventor
T·德玛蒂尼
C·吉里安
E·陈
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Contentguard Holdings Inc
Original Assignee
Contentguard Holdings Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Contentguard Holdings Inc filed Critical Contentguard Holdings Inc
Publication of CN101084503A publication Critical patent/CN101084503A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4627Rights management associated to the content

Abstract

A method, system, and device for verifying authorized issuance of a statement or expression (303), including determining if a statement or expression is associated with a statement of trusted issuance (309); determining if the statement of trusted issuance applies (319); determining if issuance of the statement of trusted issuance is authorized; and verifying that the issuance of the statement or expression was authorized, if the statement of trusted issuance applies, and the issuance of the statement of trusted issuance is authorized (321).

Description

The method, system and the equipment that are used for the authorized issuance of verifying authorization expression
Technical field
The field that the present invention relates generally to handle statement and comprise the expression of rights expression relates in particular to and is used to be relevant to root of trust define the competence method, system and the equipment of the mandate expressed.
Background technology
Digital Age has increased entitlement, access and the control of relevant copyright information, restricted service and valuable resource greatly, via the electronic communication of the Email that passes through the Internet or other means, and such as the electronics of commodity and service or the concern and the ability of the electronic transaction of purchase and sale automatically.Had for computing machine and such as other electronic equipment of cellular phone, pager, PDA, pocket PC, music player and electronic book readers and to develop fast and use widely, and these equipment interconnect by the communication link that comprises the Internet, Intranet and other network.These interconnect equipments are particularly useful for electronically published content, service is provided and utilizes resource.
One of difficulty that copyright (for example document of computer-reader form or other content) is faced via widely disseminating of electronic installation (particularly the Internet) is the enforceability of the proprietary intellecture property authority of content during distribution and use copyright.Comprise that one of the distribution of commodity and service and commercial difficulty of being faced of numeral of use are the abilities of handling ecommerce safely and effectively, particularly the ability of doing like this according to the requirement of the each side that participates in business.
Solve these difficult effort and be called as " intellecture property rights management " (" IPRM "), " digital property right rights management " (" DPRM "), " intellectual property right management " (" IPM "), " rights management " (" RM ") and " electronic copyright management " (" ECM "), be referred to as " Digital Right Management (DRM) " in this article.When implementing the DRM system, there are many problems to consider, carry out and document protection such as authentication, mandate, clearing, payment and financial liquidation, authority standard, Authority Verification, authority.United States Patent (USP) 5,530,235,5,634,012,5,715,403,5,638,443 and 5,629,980 solve these problems, and its disclosure is incorporated herein by reference.
In the simple DRM of distribution that is used for the administering digital works and use system, a main body is signed and issued rights expression to another main body, and this another main body processing authority expresses, be identified as first main body authorized and based on this rights expression action.In this naive model, second main body is intrinsic or hard coded to the identification of first main body.When the DRM system development, increasing main body wants to sign and issue rights expression, and the DRM system is used for its assets.Adding after these new rights expressions sign and issue main body, be different from scheme to the intrinsic or hard coded identification of the main body of signing and issuing rights expression and become and cater to the need.
A kind of such method is to use certificate to prove to sign and issue the main body of rights expression.These certificates are used for discerning the main body that obtains proving by other main body then.Use this method, one main body that obtains proving is signed and issued rights expression to another main body, this another main body processing authority is then expressed, the certificate that checking is associated with first (obtaining proving) main body, first (obtaining proving) main body is considered as being authorized to, and if it identify certificate chain root of trust then based on the action of this rights expression.Such as X.509 only in each certificate, allowing relative simple condition, mainly be interval effective time with the certificate language of SPKI.Therefore, the general certificate chain verification algorithm (for example RFC 2459 of internet engineering task group (IETF) and RFC 2693) of these language can be carried out simply relatively.
When the sustainable development of DRM system and increasing main body obtain proof when signing and issuing rights expression, finally can produce relevant one and obtain that the proof main body is had a mind to or unexpectedly on another obtains the assets of proof main body, sign and issue rights expression, thereby cause the problem of the infringement of these assets.A kind of method that can be used to address this problem is to be convenient to describe in detail in OMADRM 2.0 standards of industry alliance-promulgation that global user adopts mobile data service in Open Mobile Alliance (Open Mobile Alliance)-its task.This OMA standard comprises that requirement respectively obtains the proof main body and knows that it signs and issues the contents encryption key of each assets of rights expression to it.
Another kind method is to decide the action scope of (for example restriction) each main body certificate, with the rights expression of the assets of issuing only be applicable to it all or control.Determine that the correct action scope of each certificate will do a few thing, but feasible.It is 10/162 that the expression of deciding action scope like this can be used people's such as Xin for example the sequence number that is entitled as " Method and ApparatusManaging the Transfer of Rights " (method and apparatus that administration authority shifts), people's such as 701 U.S. Patent application and Atkinson the sequence number that is entitled as " Digital Licenses that includeUniversally Quantified Variables " (comprising that universe quantizes the digital certificate of variable) is 10/298, technology described in 872 the U.S. Patent application, and such as ODRL, XrML or realize as the rights expression language that is called ISO MPEG REL of international standard (ISO-IEC21000-5) by motion picture expert group (MPEG).A kind of like this method also can comprise the more complicated chain type verification algorithm of action scope in each certificate of checking, be 10/856 for example at sequence number as being entitled as of people such as Lao " Networked Services Licensing System andMethod " (networked services award a certificate system and method), described in 865 the U.S. Patent application, though the execution of this algorithm is still simple relatively, as long as the condition in each certificate keeps relatively simply.
In this stage of DRM development, this technology comprises the method through authorized issuance (being different from intrinsic or hard coded) that is used for the verifying authorization expression, such as 1) certificate of uncertain action scope, wherein signing and issuing of rights expression need be known contents encryption key, and 2) decided the certificate of action scope.
When the DRM commerce model continued development, it is interested in the individual transaction of authority (being independent of the transaction of underlying assets) that the user should become.Where people should can be in office conclude the business with regard to any authority of any copyright or service in territory or the field.For example, people should conclude the business to the authority of a cover web service, or check once specific publisher one particular topic at all domestic current and following publications of the U.S..In such circumstances, need know that the suitable contents encryption key of each transaction just becomes restricted, because not clear mapping from rights expression to the single assets of being concluded the business.In this respect, it is favourable having decided action scope certificate method because it does not limit may extreme (overboard) the signing and issuing of rights expression, and on the contrary as the part of chain type verification algorithm, the effectiveness of its restriction certificate.
For example, decided the action scope certificate and can represent that main body publisher 1 (Publisher 1) can sign and issue the rights expression of relevant paperbound 1 (Book 1).In fact rights expression can be signed and issued to main body consumer 1 (Consumer 1) by publisher 1, thereby allows consumer 1 to check any paperbound.When these two kinds of rights expressions are placed at together and carry out the chain type verification algorithm, consumer 1 can only check paperbound 1.Yet, decided the action scope certificate if added another afterwards, this certificate table shows that publisher 1 also can sign and issue the rights expression of relevant paperbound 2 (Book 2), then all rights expressions are seated in together, consumer 1 can check paperbound 1 and paperbound 2 (because publisher 1 says that consumer 1 can check any paperbound, and because the publication ability of publisher 1 is limited to paperbound 1 and paperbound 2).
When the business transaction of authority continued expansion, publisher may want retailer and other increment supplier to participate in the rights expression chain between publisher and the consumer.In addition, publisher's authority that limits each retailer or other intermediary of may wanting in all sorts of ways is signed and issued ability, such as being limited to some region or paying particular charge or the mandate of signing and issuing rights expression is applied other condition by requiring.The type of condition can become very creative and complicated in the rights expression of formation certificate chain, and the execution of the chain type verification algorithm of this chain becomes so not simple.Therefore, need make the execution of this process more simple, need not to sacrifice dirigibility, technical characteristic or the security of commerce model.
One of possibility difficulty of verifying the certificate chain that comprises creative condition is that the required information of this checking of execution is unavailable usually.For example, consider to comprise three main bodys: author, reader and friend's situation.A rights expression that allows the author to sign and issue the rights expression of relevant its books is arranged.Another rights expression of issuing the reader from the author is arranged, promptly allow this book of readers ' reading, and sign and issue everyone one of two friend of maximum two rights expression-Ta.There is his friend of permission who issues his friend from the reader to check the 3rd rights expression of this book.When this friend wanted to check this book, he comprised the certificate chain of each rights expression with checking, and carved at a time and will have to determine whether the reader has satisfied the condition of only signing and issuing two rights expressions at most.If, will have problems for this information of arbitrary reason unavailable (for example, the reader may not preserve all information that need, and perhaps may end to provide the information of accessible format).Yet if the reader has followed the tracks of this information really, he also may can not contact with friend.The reader also can contact this information stores somewhere, but should can have secrecy policy or technical limitation in the place, and this forbids or has prevented that it and friend from sharing this information.
A kind of possibility is in the information of the rights expression quantity signed and issued up to now of the relevant reader rights expression that has been stored in friend and received.Suppose that this friend has visited this information by some way, this friend still must use this information to confirm " two rights expressions at the most " condition.Yet, this means that this friend has to understand this condition what is represented.In some cases, this friend can use out-of-date software or hardware, and may not support author and employed all latest conditions of reader.This means author and reader their the employed condition of can not upgrading, unless this friend has also upgraded its intelligible condition.A kind of solution to this is can handle the mode of this information (for example by title that has satisfied condition more and the title that need satisfy condition) with this friend and store the relevant information that satisfies condition under the situation of not knowing condition in detail.
Yet, also have a problem to be, this friend has visited relevant reader can sign and issue the condition of rights expression and the information of title thereof, is undesirable because share this information in some cases, in the situation that is regarded as maintaining secrecy in this information.For example, give expense that he friend be associated with rights expression as present with the reader if exist, then the reader may not want his friend to know the price of this present.In order to address this problem, conditional information can encryptedly make this friend can not see it, and its software or hardware can be handled it.Yet this extra encryption also makes system design complicated to a certain extent.In knowing that the condition details is than the more responsive situation of actual assets itself, the cost of required encryption can be disproportionate with assets value on the condition.
Summary of the invention
Therefore, need a kind of method and system that solves above and other problem, to enable the more advanced DRM characteristic that the user wants, keep security simultaneously, and in rights expression chain type verification algorithm, do not cause out-of-proportion cost or load.Above and other need the solution by each exemplary embodiment of the present invention, they provide a kind of method, system and the equipment that use and distribute use in conjunction with copyright, limited service and valuable resource.
Therefore, in each illustrative aspects of the present invention, provide to be used to verify a kind of method, system and equipment statement or expression or authorized issuance, having comprised: determined statement or whether express and trusted the statement of signing and issuing and be associated; Whether determine to be trusted the statement of signing and issuing is suitable for; Determine to be trusted and sign and issue signing and issuing of statement and whether obtained mandate; And if trusted the statement signed and issued and be suitable for and trusted and sign and issue signing and issuing of statement and obtained mandate, verify that then signing and issuing of this statement or expression obtained mandate.
By a plurality of exemplary embodiments and realization are described simply, comprise that expectation is used to realize optimal mode of the present invention, others of the present invention, characteristic and advantage are apparent from following detailed description easily.The present invention can also have other and different embodiment, and its some details can be in all fields in change, can not deviate from the spirit and scope of the present invention all.Therefore, accompanying drawing and description are regarded as coming down to illustrative, and nonrestrictive.
Description of drawings
Each embodiment of the present invention illustrates without limitation as example in the chart of accompanying drawing, the similar in the accompanying drawings similar element of reference number indication, and wherein:
Fig. 1 illustrate have a root of trust, six derived right are expressed and two trusted the authority of signing and issuing statement and derived from situation;
Fig. 2 illustrate have a root of trust, two derived right are expressed, one derive from statement or expression and one and trusted the authority of signing and issuing statement and derive from situation;
Fig. 3 illustrates and is used for the process that is authorized and signs and issues that verifying authorization is expressed with trusting the statement of signing and issuing;
But Fig. 4 illustrates according to rights expression shown in Figure 1 and is trusted an arrangement of signing and issuing statement;
Fig. 5 illustrates the optional content of being signed and issued statement according to shown in Figure 1 trusting;
Fig. 6 illustrates an exemplary chain validation signal of signing and issuing; And
Fig. 7 illustrates and is used for the example system that is authorized and signs and issues that verifying authorization is expressed.
Embodiment
Each exemplary embodiment comprises that all one is subjected to trust to sign and issue statement, and it is to comprise according to certain root of trust or rights expression signing and issuing the statement of the statement of obtaining the authorization.Trusted sign and issue statement can be by verifying statement or comprise that the main body of the expression of rights expression signs and issues, and comprise a statement or express chain (or part of chain), and can be relied on by other main body that may not or not too can carry out this checking.
Fig. 1 illustrates root of trust 101 and six rights expressions 103,105,107,109,111 and 113.Rights expression 103 derives from from root of trust 101, and is signed and issued to main body B by main body A.In rights expression 103, be not subjected to trust and sign and issue statement.Rights expression 105 derives from from rights expression 103, and is signed and issued to main body C by main body B.In rights expression 105, be not subjected to trust and sign and issue statement.Rights expression 107 derives from from rights expression 105, and is signed and issued to main body D by main body C.Rights expression 107 comprises with the main body A being being subjected to trust and signing and issuing statement 115 of root.When rights of using expressed 107, being subjected to trust to sign and issue statement 115 can use in conjunction with rights expression 117, with when main body Z is regarded as being trusted, does not follow the tracks of verifying authorization expression 107 to be relevant to root of trust 101 by rights expression 105 and 103 and correctly signs and issues.The exemplary embodiment of Fig. 1 and other exemplary embodiment also are applicable to statement or the expression except that authority is expressed.
Further describe herein and trusted an example XML who signs and issues statement 115 and represent.Being trusted the main body A of signing and issuing in the statement 115 uses the RSA public key information to represent in exemplary XML represents.Trusted the person's of signing and issuing field of signing and issuing in the statement 115 and from exemplary XML represents, omitted, because it will be from comprising that being trusted the rights expression of signing and issuing statement inherits.
Each exemplary embodiment comprises the statement or the expression of follow-up derivation, comprises rights expression.For example, rights expression 109 derives from from rights expression 107, and is signed and issued to main body E by main body D.Because being subjected to trust, rights expression 109 do not sign and issue statement, so when rights of using expressed 109, rights expression 109 must be verified once more to set up being authorized of rights expression 109 from the derivation condition of rights expression 107 and sign and issue.Rights expression 107 is unwanted from the further checking of the derivation condition of rights expression 105 because rights expression 107 comprise as previously mentioned when main body Z is regarded as being subjected to main body E to trust available be subjected to trust sign and issue statement 115.
If another rights expression 111 derives from from rights expression 109, and main body E be authorized with make as in the rights expression 121 represented being subjected to trust and sign and issue statement, then main body E can comprise in the rights expression 111 for example with the main body A being that the trust that is subjected to of root is signed and issued statement 119.Express 111 when for example playing a media file or deriving from another rights expression 113 when main body F rights of using, trusted and sign and issue statement 119 and can use in conjunction with rights expression 121 and be relevant to root of trust 101 with checking rights expression 111 under and correctly sign and issue not by rights expression 109,107,105 and 103 situations of following the tracks of.
Fig. 2 illustrates and is similar to authority shown in Figure 1 and derives from situation, and its difference is that rights expression 107 usefulness need not to be the statement of rights expression or express 207 alternative.Statement or to express 207 can be any statement or expression.For example, statement or express 207 and can express main body C statement pig yesterday and flown, pig will fly tomorrow, and contractual obligation is finished, and an entity obtains to authenticate has certain qualification (such as brand article retailer or Microsoft certification slip-stick artist), or has carried out single purchase.Signed and issued statement 115 and second rights expression 117 and be used for determining the same way as that main body C obtain the authorization to signing and issuing of rights expression 107 to trust, trusted and sign and issue statement 215 and second rights expression 217 and can be used to determine that based on root of trust 201 main body C are to statement or express 207 sign and issue and obtained mandate based on root of trust 101.
Fig. 3 illustrates and is used to verify such as the statement of rights expression or an example process that is authorized and signs and issues of expression.This process is from step 301, and attempts seeking statement or the expression that comprises some expectation statement in step 303, for example when attempts seeking such as the rights expression to the rights of using of media file.If can not find suitable statement or expression (for example this document is not permitted any authority, or does not meet some conditions of making the authority of permitting, such as expired, pay, check too early), then process in step 305 with failure terminating.Yet, if found suitable statement or expression, in step 307 inspection.In step 309, if not comprising being subjected to trust, this statement or expression do not sign and issue statement, then process continues in step 311, be subprocess in greater detail subsequently, and in step 313 successfully stopping, or in step 305 with failure terminating, perhaps handle and turn back to step 307.Particularly, if mate root of trust the person of signing and issuing of step 311 statement or expression, then process in step 313 successfully to stop.Otherwise if can find therefrom derivation to be subjected to the rights expression of inspect statement or expression (and having satisfied all conditions when deriving from) in step 315, then process turns back to the step 307 of using this new rights expression.Otherwise, process in step 305 with failure terminating.
Find in step 309 that statement or expression comprise and trusted in the situation of signing and issuing statement that step 3 19 is determined to be subjected to trust and signed and issued statement and whether mate root of trust.If then step 321 is determined to be subjected to trust and is signed and issued statement and whether obtained mandate.Should determine and to make by various means, for example adopt process shown in Figure 3 by intrinsic knowledge or by recurrence.If step 321 is determined to be subjected to trust and is signed and issued statement and obtained mandate, then process advantageously in step 313 successfully stopping, in many situations this than because of step 311 faster in step 313 successfully to stop, perhaps than more closing needs with failure terminating in step 305.If it is fixed that arbitrary in step 319 or 321 determines whether, then this process continues in step 311.
But Fig. 4 illustrates the item 407,415 and 417 of the arrangement of the item 107,115 and 117 of presentation graphs 1 respectively.For example, be applicable to being subjected to trust and signing and issuing statement 415 and in rights expression 407, do not manifest of rights expression 407.On the contrary, use some other means to link the two.Although rights expression 107 is with to be trusted the person of signing and issuing who signs and issues statement 115 identical, the person of signing and issuing of rights expression 407 is with to be trusted the person of signing and issuing who signs and issues statement 415 different.Although authorize and to be trusted the rights expression 117 of signing and issuing statement 115 and sign and issue, authorize and trusted the rights expression 417 of signing and issuing statement 415 and trusted by mandate and sign and issue statement and should trust the same main body of signing and issuing by its statement and sign and issue by the third party.These exemplary embodiments comprise the form of other configuration and variant, and example process wherein shown in Figure 3 still is suitable for it.
Although each exemplary embodiment is being subjected to trust to sign and issue all to comprise root of trust in the statement, other exemplary embodiment is being subjected to trust to sign and issue to comprise optional content in the statement.For example, as shown in Figure 5, trusted and sign and issue statement 515 and comprise being authorized and sign and issue the indication that has been verified by rights expression 503.Suppose that main body Z is trusted, but then main body D rights of using express 507 and included being subjected to trust and sign and issue statement 515, and second rights expression 517 is determined can trace back to rights expression 503 to the mandate of signing and issuing rights expression 507.Main body D just continues the chain type proof procedure independently then, and whether signing and issuing of expression 503 is authorized to define the competence based on root of trust 501.
By adopting each exemplary embodiment, might realize the many desired characters in the Digital Right Management (DRM), reduce cost simultaneously.For example, consider to comprise the situation of four main bodys representing the A of publisher, dealer B, retailer C and consumer D.The A of publisher can send rights expression 103 to dealer B, with all paperbounds in the U.S. and Canada this publisher of distribution.Dealer B can send rights expression 105 to retailer C then, and publisher's price that Yi $2 is every is at the U.S. and the Canadian retail paperbound from this publisher.As consumer D during to retailer C payment $5, retailer C can provide rights expression 107 to read paperbound 1 to consumer D then.When the C that works as a retailer sends rights expression 107, retailer C checks that the rights expression chain has satisfied all conditions of all each side with checking, comprise dealer B distribution paperbound, dealer B distributes them within the border in the U.S. and Canada, and the consumer pays the De $2 payment A of publisher among the De $5.Because retailer C has verified that as root of trust being authorized of rights expression 107 sign and issue based on the A of publisher, so retailer C will be subjected to trust when signing and issuing and sign and issue statement 115 and insert rights expressions 107.Only by checking several rights expressions, comprise that the expression A of publisher is that rights expression, the expression retailer C of the root of trust of paperbound 1 says that consumer D can play paperbound 1 and comprise with the A of publisher is that being trusted of root signed and issued the rights expression 107 of statement and expression retailer C can to sign and issue with the A of publisher be the rights expression 117 that being trusted of root signed and issued statement, consumer D just can determine his whether licensed broadcast paperbound 1.
Even consumer D may know distribution and carry out with the paperbound form in the U.S., consumer D does not need to visit relevant any information of where carrying out this distribution, paying publisher etc. with which kind of form, his how many quilts of money yet.In addition, consumer D needn't know the physical possibility of distribution and condition what is (for example, this book also can be distributed within the border in Canada, but hardback still can not distribute, and must to the publisher $2 of publisher).
Because consumer D needn't know these details, do not influence consumer D so the A of publisher, dealer B and retailer C also might change the creative condition that its software or hardware support add and maybe needn't worry influence consumer D.Because consumer D needn't access rights is expressed 103 or 105, so also be not to cause to encrypt or otherwise protect these rights expressions or guarantee that consumer D has the fail-safe software that deciphering and access rights express or the spending of hardware.Advantageously, be subjected to trust to sign and issue statement by use, signing and issuing of the task that is authorized that is relevant to the expression of root of trust verifying authorization becomes much simple for consumer D.
Yet problem is that some can be mistakenly or insert undeservedly and trusted the possibility of signing and issuing statement.For example, the authorized issuance that the retailer C that signs and issues statement is considered to verify as root of trust based on the A of publisher rights expression 107 is trusted in insertion, but it may be failed, and perhaps for example it has believed that the distribution of dealer B is domestic in the U.S. and Canada, but in fact is not such situation.In this case, sign and issue the vicious dependence of statement to being subjected to trust.For this reason, restriction is trusted that to sign and issue signing and issuing of statement be desirable.
In an exemplary embodiment, for example the root of trust of the A of publisher can limit to some main body or meet the main body that comprises certain standard of for example trusting standard and sign and issue and trusted the right of signing and issuing statement.In a further exemplary embodiment, main body can be refused to rely on the trust of being signed and issued by another main body that is subjected to and sign and issue statement.Whether judgement depends on a statement can be based on certain standard, and perhaps the general decidable of main body does not rely on these statements.In another exemplary embodiment, main body can be under an embargo to depend on by what some other main body was signed and issued and be subjected to trust and sign and issue statement.In a further exemplary embodiment, main body can be selected to depend on to be subjected to trust and sign and issue statement or can " walk around " this statement, and verifying authorization is expressed chain all or part of.In another exemplary embodiment, main body may need to depend on to be subjected to trust signs and issues statement, wherein will not allow the main body verifying authorization to express all or part of of chain, or otherwise visit or check the rights expression chain.
Except rights expression, each exemplary embodiment also can be used for the mandate of other statement or expression and determines.For example, consider that A is that a brand article producer, B are that one of exclusiveness dealer, C are retailers in one of the national inner region dealer of B and the region that D is C in the country.Must submit proof of purchase's certificate so that the commodity that provide A to make.D can sign and issue proof of purchase.Yet its mandate need be traced back to B from C and be traced back to A again.Advantageously, if proof of purchase's certificate of signing and issuing as D as described in reference to each exemplary embodiment comprises that with producer A be being subjected to trust and signing and issuing statement of root, then the checking to the mandate of this proof of purchase's certificate can be simplified and quicken.
Each exemplary embodiment can comprise and be used to be trusted the language (be also referred to as and sign and issue chain validation signal language) of signing and issuing statement, this language can with ISO MPEG REL compatibility.Thereby, term (such as speech, definition, symbol, abb., the name space and agreement) can with ISO MPEG REL in use the same.In addition, incorporated herein by reference from clause 3 (speech, definition, symbol and abb.) and the clause 4 (name space and agreement) of ISO MPEGREL.
The grammer of signing and issuing chain validation signal language provides by following exemplary patterns:
<?xml?version=″1.0″encoding=″UTF-8″?>
<xsd:schematarget?Namespace=″urn:mpeg:mpeg21:2003:01-REL-SX-NS″
xmlns:sx=″urn:mpeg:mpeg21:2003:01-REL-SX-NS″
xmlns:r=″urn:mpeg:mpeg21:2003:01-REL-R-NS″
xmlns:xsd= http://www.w3.org/2001/XMLSchema
element?FormDefault=″qualified″attributeForiuDefault=″unqualified″>
<xsd:import?namespace=″urn:mpeg:mpeg21:2003:01-REL-R-NS″
schemaLocation=″rel-r.xsd″/>
<xsd:element?name=″issuanceChainVerificationThrough″
block=″#all″final=″#all″>
<xsd:complexType>
<xsd:sequence>
<xsd:element?name=″h″minOccurs=″0″
maxOccur?s=″unbounded″>
<xsd:complexType>
<xsd:sequence>
<xsd:element?ref=″r:trustRoot″minOccurs=″0″
maxOccurs=″unbounded″/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<-/xsd:schema>
Provide by following as the further exemplary chain validation signal of signing and issuing shown in Figure 6:
<sx:issuanceChainVerificationThrough>
<sx:h>
<r:trustedRootIssuers>
<r:keyHolder>
<r:info>
<dsig:KeyValue>
<dsig:RSAKeyValue>
<dsig:Modulus>AliM4ccyzA==</dsig:Modulus>
<dsig:Exponent>AQABAA==</dsig:Exponent>
</dsig:RSAKeyValue>
</dsig:KeyValue>
</r:info>
</r:keyHolder>
</r:trust?edRoot?Issuer?s>
</sx:h>
</sx:issuanceChainVerificationThrough>
The exemplary semanteme of signing and issuing chain validation signal language provides by following:
If l is r:License.If i is the sx:issuanceChainVerificationThrough that is applied to l.Then the quantity of i/sx:h of i should equal the quantity of l/r:grant and l/r:grantGroup of l, and the semanteme of i is for each k from the quantity of 1 to i i/sx:h, comprises among the l that k l/r:grant or l/r:grantGroup have been relevant to each root of trust that r:trustRoot by k i/sx:h of i identified and have obtained checking.
The one exemplary chain checking signaling ISO MPEG REL profile of signing and issuing is provided by following:
For sx:issuanceChain VerificationThrough i is applied to r:License l,
1.i should be revealed as l/r:otherlnfo, and
2. for each l/r:issuer of submission l/r:issuer/dsig:Signature, this dsig:Signature should not get rid of i outside the scope of signature (annotate: default ground i will be included in the arbitrary signature that uses on the certificate that encapsulates signature conversion or certificate conversion).
Be used to prove that an Exemplary attributes of signing and issuing chain checking signaling arrangement is provided by following:
URI urn:standards-organization:2004:icvs (using with sx:property ü ri) has defined and has been used to prove the attribute signing and issuing the chain validation signal that will trust the clientage.
One exemplary signaling arrangement transaction module is provided by following:
If p is r:Principal.If l is the r:License that comprises l/r:otherlnfo/sx:issuanceChainVerificationThrough i.Then, before the clientage by the p sign signs l, clientage by p sign should verify: for each k from the quantity of 1 to i i/sx:h, for from 1 each j to i/sx:h/r:trustRoot of k i/sx:h, existence is to authorization requests (p, r:issue, h, v, S, L, authorized certificate R), wherein h is k l/r:grant or l/r:grantGroup among the l, R is j i/sx:h/r:trustRoot of k i/sx:h of i, and v, S and L are correctly selected.
One exemplary signal interpreter transaction module is provided by following:
Whether the licensed conventional authority interpreter of some r:Grant or r:GrantGroup h that comprises in the certificate that he signed and issued may be had some difficulties to attempt verifying some clientages that identified by r:Principal p: (for example allow this certificate that comprises, the certificate that comprises a r:issue unit) maybe this account of the history that comprises (for example, the number of times of expense of being paid or consumption) may be unavailable to the authority interpreter.Yet when grant a certificate, these information can be used the authority interpreter.Add in the certificate if this authority interpreter is signed and issued the chain validation signal with one, then having the authority interpreter of signing and issuing chain validation signal interpreter can sign and issue the chain validation signal reading this afterwards, signs and issues chain to replace checking for the second time.
For example, do not verify that certain r:Grant or r:GrantGroup h authorize comprising with respect to certain root of trust R in certificate, sign and issue chain validation signal interpreter on the contrary can:
1. checking is certain subclass by the r:Grant unit of R indication by the r:Grant unit collection corresponding to one of at least (according to signing and issuing the chain validation signal) indication of the root of trust of h, and
2. the licensed attribute that has by the urn:standards-organization:2004:icvs definition of clientage of this certificate is signed and issued in checking.
Each exemplary embodiment that Fig. 7 illustrates according to Fig. 1-6 is used for the example system 700 that is authorized and signs and issues that verifying authorization is expressed.In Fig. 7, example system 700 can comprise one or more equipment 702-708, content server 710 and the content data base 712 that is coupled via a communication network 714.
The said equipment of each exemplary embodiment of Fig. 1-7 and subsystem for example can comprise can execution graph for example any suitable server, workstation, PC, laptop computer, PDA, internet appliance, portable equipment, cellular phone, wireless device, miscellaneous equipment etc. of process of each exemplary embodiment of 1-7.The equipment of the exemplary embodiment of Fig. 1-7 can intercom mutually with any suitable agreement with subsystem and also can use one or more computer systems by programming or equipment to realize.
One or more interface mechanisms can use with the exemplary embodiment of Fig. 1-7, comprise telecommunication (for example voice, modulator-demodular unit etc.), wireless communication medium of for example access to the Internet, any appropriate format etc.For example, communication network 714 can comprise one or more cordless communication networks, honeycomb communicating network, G3 communication network, Public Switched Telephone Network (PSTN), packet data network (PDN), the Internet, Intranet, its combination etc.
The equipment and the subsystem that are appreciated that each exemplary embodiment of Fig. 1-7 are used for illustrative purpose, because understand as various equivalent modifications, are used for realizing that many variants of the particular hardware of each exemplary embodiment are possible.For example, the function of one or more equipment of each exemplary embodiment of Fig. 1-7 and subsystem can realize through computer system or equipment by one or more.
In order to realize these variants and other variant, can be to the single computer systems programming with the one or more equipment of each exemplary embodiment of execution graph 1-7 and the special function of subsystem.On the other hand, the arbitrary equipment and the subsystem of two or more each exemplary embodiment through computer system or equipment alternative Fig. 1-7.Therefore, also can realize as required such as redundant, duplicate the principle and advantage that distributed is handled, with the equipment of each exemplary embodiment of improving Fig. 1-7 and the robustness and the performance of subsystem.
The equipment of each exemplary embodiment of Fig. 1-7 can be stored and the relevant information of each process as herein described with subsystem.This information can be stored in one or more storeies of the equipment of each exemplary embodiment of Fig. 1-7 and subsystem, such as hard disk, CD, magneto-optical disk, RAM etc.One or more databases of the equipment of each exemplary embodiment of Fig. 1-7 and subsystem can be stored the information that is used for realizing each exemplary embodiment of the present invention.
These databases can use data structure included in these listed one or more storeies or memory device (for example record, form, array, field, figure, tree, tabulation etc.) tissue.Each process of describing with reference to each exemplary embodiment of Fig. 1-7 can comprise suitable data structure, and the data storage that is used for the process of the equipment of each exemplary embodiment by Fig. 1-7 and subsystem is gathered and/or generated is at its one or more databases.
Understand as computing machine and software field technician, all or part of of the equipment of each exemplary embodiment of Fig. 1-7 and subsystem can use one or more general-purpose computing systems, microprocessor, digital signal processor, the microcontroller of the teach programming of each exemplary embodiment according to the present invention to wait easily and realize.The technician understands as software field, and appropriate software can easily be prepared based on the teaching of each exemplary embodiment by common programming personnel.In addition, the equipment of each exemplary embodiment of Fig. 1-7 and subsystem can be realized on WWW.In addition, the technician understands as electronic applications, and the equipment of each exemplary embodiment of Fig. 1-7 and subsystem can be by preparing special IC or realizing by the suitable network of the conventional built-up circuit that interconnects.Thereby each exemplary embodiment is not limited to any concrete combination of hardware circuit and/or software.
Each exemplary embodiment of the present invention that is stored in arbitrary computer-readable medium or its combination can comprise: be used for the software of the software of the equipment of each exemplary embodiment of control chart 1-7 and subsystem, the equipment of each exemplary embodiment that is used to drive Fig. 1-7 and subsystem, the equipment of each exemplary embodiment that is used to make Fig. 1-7 and the software of subsystem and user interactions etc.This software can include but not limited to device driver, firmware, operating system, developing instrument, application software etc.Such computer-readable medium also can comprise the computer program of the one embodiment of the invention that is used to carry out all or part of (if this processing is distributed) of realizing the processing carried out when of the present invention.The computer code equipment of each exemplary embodiment of the present invention can comprise any suitable compiling or executable code mechanism, but includes but not limited to script program compiler, dynamic link library (DLL), java class and applet, complete executable program, Common Object Request Broker Architecture (CORBA) object etc.In addition, the each several part of the processing of each exemplary embodiment of the present invention can be distributed, to obtain better performance, reliability, cost etc.
As mentioned above, the equipment of each exemplary embodiment of Fig. 1-7 and subsystem can comprise the instruction that is used to preserve the teach programming according to the present invention and be used to preserve data structure described herein, form, record and/or other data computing machine computer-readable recording medium or storer.Computer-readable medium can comprise that participation provides instruction so that any suitable medium of carrying out to processor.The desirable many forms of such medium include but not limited to non-volatile media, Volatile media, transmission medium etc.Non-volatile media can comprise for example CD or disk, magneto-optical disk etc.Volatile media can comprise dynamic storage etc.Transmission medium can comprise concentric cable, copper cash, optical fiber etc.Transmission medium also can be taked the form of sound wave, light wave, electromagnetic wave etc., such as those ripples that produce during radio frequency (RF) communication, infrared ray (IR) data communication etc.The common form of computer-readable medium can comprise for example floppy disk, flexible plastic disc, hard disk, tape, any other suitable magnetic medium, CD-ROM, CDRW, DVD, any other suitable optical medium, card punch, paper tape, the optical markings plate, any other suitable physical medium or other optics recognizable mark with hole pattern, RAM, PROM, EPROM, FLASH-EPROM, any other suitable memory chip or card, carrier wave, or computer-readable any other suitable medium.
In the environment of each exemplary embodiment, main body can comprise may be able to represent another entity and/or according to an entity of one group of rule action (main body be exemplified as hardware device, integrated circuit, firmware module, software module, software systems, people, tissue, service, smart card and seeing-eye dog).Assets can comprise entity, quality, incident, state, notion, material or any other thing (assets be exemplified as books, e-book, video, service, web service, company, safe class, domain name, e-mail address, football match, message and authority) that refers to and may have value with noun.Certificate can comprise " rights expression ".Condition can comprise the restriction of doing statement in expression or statement (be exemplified as effective time, be suitable for the region, state dependable number of times and state effective situation).Sign and issue and to be included in the action of making statement in expression or the statement and supporting those statements.Unit's authority (Metarights) can comprise the authority that is relevant to other authority.Authority can comprise that (example of action is to advance and stop for the licensed action that may take with respect to assets or other authority of main body or attribute; The example that is relevant to the action of assets is such as the consumption action of playing and printing, such as the change action of mark and interpolation, such as the dispensing action of duplicating and moving and such as the service action of requestService and sendMessage; The example that is relevant to the action of other authority is to sign and issue and cancel; The example of attribute is that the example that name, address, color, securityLevel, employee, relative, friend, territory, graduation and certifiedRepairFacility are relevant to the attribute of assets is author and dealer; The example that is relevant to the attribute of other authority is issuanceChainVerifier, certificateAuthority and trustedIssuer).Authority derives from can comprise a statement or the expression of signing and issuing such as rights expression, it is signed and issued and obtain permission (statement of being signed and issued or rights expression are called the derivation statement or derived right is expressed, and it is assumed to be from permitting rights expression or root of trust that it is signed and issued to derive from) in another rights expression or root of trust.Rights expression can comprise that (example of rights expression language comprises ISO MPEG REL for the expression of the statement that comprises permissions; extensible rights markup language; from the contract representation language (referring to http://www.crforum.org) of content with reference to forum; open digital rights language from IPRSystems; OMA DRM 2.0 standard rights expression language; security assertion markup language from structured message standard evolution tissue (OASIS); extensible access control markup language from OASIS; X.509; SPKI; rights management and protection information from the instant forum of TV; and copy control information position).Signature can comprise and produces the thing be sure of that expression that a side signs and issues or statement are signed and issued by this side really.Trusted and sign and issue statement and can comprise and comprise the statement of signing and issuing the statement that is authorized according to certain root of trust or rights expression.Root of trust can comprise the encapsulation of the authority that supposition is authorized.
Although each exemplary embodiment is according to the distribution of the use of rights expression and copyright and make and be used for describing, each exemplary embodiment is not limited to rights expression and copyright.Therefore, with needn't the deal with data chain in other advantage of the advantages that are associated of all numbers and each exemplary embodiment can be applicable to the computing application of other type.For example, except rights expression, each exemplary embodiment can or be expressed and use in conjunction with other statement, this can benefit from and determine to authorize, such as the effective ways of transaction voucher, proof of purchase, certificate voucher, identity documents, approval voucher, affirmation, commercial intention, business contract, rule, strategy etc.
Although the present invention is described in conjunction with a plurality of exemplary embodiments and realization, the present invention is also unrestricted, but contains various changes or equivalent in the scope that falls within claims on the contrary.

Claims (69)

1. one kind is used to the computer implemented method of verifying that being authorized of statement or expression signed and issued, and described method comprises:
Determine statement or whether express with being subjected to trust and sign and issue statement and be associated;
Determine described be subjected to trust sign and issue statement and whether be suitable for;
Determine described trusted sign and issue signing and issuing of statement and whether obtain the authorization; And
If described trusted sign and issue that statement is suitable for and described trusted sign and issue signing and issuing of statement and obtain the authorization, verify that then signing and issuing of described statement or expression obtain the authorization.
2. the method for claim 1, it is characterized in that, described be subjected to trust sign and issue statement and specify entity associated therewith, and determine described trusted sign and issue step that whether statement be suitable for comprise determine and described trusted sign and issue whether the entity that statement is associated is a trusted entities.
3. the method for claim 1, it is characterized in that, described be subjected to trust sign and issue statement and specify permission associated therewith, and determine described trusted sign and issue step that whether statement be suitable for and comprise and determine to be trusted with described whether sign and issue permission that statement is associated be one to be subjected to trust and to permit.
4. the method for claim 1, it is characterized in that, described be subjected to trust sign and issue statement and specify chain associated therewith source rights expression, and determine described trusted sign and issue step that whether statement be suitable for comprise determine and described trusted sign and issue the signing and issuing of chain source rights expression that statement is associated and whether obtain the authorization.
5. the method for claim 1 is characterized in that, with described trusted sign and issue described statement or the expression that statement is associated and comprise a rights expression.
6. the method for claim 1 is characterized in that, described trusted sign and issue statement be with described trusted sign and issue the described statement that statement is associated or the part of expression.
7. the method for claim 1 is characterized in that, described trusted sign and issue statement by signed and issued with described trusted sign and issue described statement that statement is associated or the same entity of expression is signed and issued.
8. method as claimed in claim 7 is characterized in that, described trusted sign and issue statement and with described trusted sign and issue the described statement that statement is associated or express by same entity and use a signature signature.
9. the method for claim 1, it is characterized in that, determine describedly to be trusted the step of whether obtaining the authorization of signing and issuing of signing and issuing statement and comprise check authorizing and trusted the rights expression of signing and issuing of signing and issuing statement, and whether signing and issuing of determining that described authorization privilege expresses obtains the authorization.
10. the method for claim 1 is characterized in that, determine described trusted sign and issue step that whether statement obtain the authorization be used to verify with described trusted sign and issue the same root of trust that described statement that statement is associated or expression are obtained the authorization.
11. the method for claim 1 is characterized in that, if statement or express not with being subjected to trust and sign and issue statement and be associated, then described verification step comprise and use the described statement of Information Authentication or the signing and issuing of expression that are associated with described statement or expression to obtain the authorization.
12. method as claimed in claim 11 is characterized in that, the information that is associated with described statement or expression comprises the one or more rights expressions that are associated with described statement or expression.
13. method as claimed in claim 9, it is characterized in that, if can not verify described trusted sign and issue being authorized of statement and sign and issue, then described verification step comprises and uses the described statement of Information Authentication or the signing and issuing of expression that are associated with described statement or expression to obtain the authorization.
14. method as claimed in claim 13 is characterized in that, the information that is associated with described statement or expression comprises the one or more rights expressions that are associated with described statement or expression.
15. the method for claim 1 is characterized in that, described trusted sign and issue statement and describedly trusted the entity of signing and issuing statement and sign by signing and issuing.
16. the method for claim 1 is characterized in that, also comprises limiting signing and issuing the described right of signing and issuing statement of being trusted.
17. the method for claim 1 is characterized in that, entity can be refused to depend on the trust of being signed and issued by another entity that is subjected to and sign and issue statement.
18. the method for claim 1 is characterized in that, a plurality of entities are under an embargo to depend on by what an entity was signed and issued and are subjected to trust and sign and issue statement.
19. the method for claim 1 is characterized in that, by the rights expression chain that is associated with described statement or expression of checking all or part of, a plurality of entities can be dependent on to be subjected to trust to sign and issue statement or do not rely on and are subjected to trust to sign and issue statement.
20. the method for claim 1 is characterized in that, a plurality of entities are required to depend on to be subjected to trust signs and issues statement.
21. the method for claim 1 is characterized in that, entity is not allowed to all or part of of verifying authorization expression chain, or otherwise visits or check the rights expression chain.
22. the method for claim 1, it is characterized in that, with the statement of the statement of the document of title of described document of title of being trusted the document of title signing and issuing described statement that statement is associated or expression and comprise copyright, service, resource, proof of purchase, transaction voucher, proof of purchase, certificate voucher, identity documents, approval voucher, affirmation, commercial affairs intention or expression, business contract or expression or rule or tactful statement or expression one of at least.
23. one or more computer-readable instructions are stored on the computer-readable medium and are configured to make one or more computer processors to carry out step as claimed in claim 1.
24. one kind is used to the system that verifies that being authorized of statement or expression signed and issued, described system comprises:
Determine statement or whether express with being trusted and sign and issue the device that statement is associated;
Determine described trusted sign and issue the device whether statement is suitable for;
Determine the described device of whether obtaining the authorization of signing and issuing of signing and issuing statement of being trusted; And
If described trusted sign and issue that statement is suitable for and described trusted sign and issue signing and issuing of statement and obtain the authorization, then verify the device that signing and issuing of described statement or expression obtained the authorization.
25. system as claimed in claim 24, it is characterized in that, described be subjected to trust sign and issue statement and specify entity associated therewith, and determine described trusted sign and issue device that whether statement be suitable for comprise determine and described trusted sign and issue whether the entity that statement is associated is the device of a trusted entities.
26. system as claimed in claim 24, it is characterized in that, described be subjected to trust sign and issue statement and specify permission associated therewith, and determine described trusted sign and issue device that whether statement be suitable for comprise determine and described trusted sign and issue permission that statement is associated and one trusted the device of permission.
27. system as claimed in claim 24, it is characterized in that, described be subjected to trust sign and issue statement and specify chain associated therewith source rights expression, and determine described trusted sign and issue device that whether statement be suitable for and comprise and determine and describedly trusted the device of whether obtaining the authorization of signing and issuing of signing and issuing chain source rights expression that statement is associated.
28. system as claimed in claim 24 is characterized in that, with described trusted sign and issue described statement or the expression that statement is associated and comprise a rights expression.
29. system as claimed in claim 24 is characterized in that, described trusted sign and issue statement be with described trusted sign and issue the described statement that statement is associated or the part of expression.
30. system as claimed in claim 24 is characterized in that, described trusted sign and issue statement by signed and issued with described trusted sign and issue described statement that statement is associated or the same entity of expression is signed and issued.
31. system as claimed in claim 30 is characterized in that, described trusted sign and issue statement and with described trusted sign and issue the described statement that statement is associated or express by same entity and use a signature signature.
32. system as claimed in claim 24, it is characterized in that, determine describedly to be trusted the device of whether obtaining the authorization of signing and issuing of signing and issuing statement and comprise and check to authorize the device of being trusted the rights expression of signing and issuing of signing and issuing statement, and determine the device of whether obtaining the authorization of signing and issuing that described authorization privilege expresses.
33. system as claimed in claim 24 is characterized in that, determine described trusted sign and issue device that whether statement obtain the authorization be used to verify with described trusted sign and issue the same root of trust that described statement that statement is associated or expression are obtained the authorization.
34. system as claimed in claim 24, it is characterized in that, if statement or express not with being subjected to trust and sign and issue statement and be associated, then described demo plant comprise the device of obtaining the authorization of signing and issuing that uses the described statement of Information Authentication that is associated with described statement or expression or expression.
35. system as claimed in claim 34 is characterized in that, the information that is associated with described statement or expression comprises the one or more rights expressions that are associated with described statement or expression.
36. system as claimed in claim 32, it is characterized in that, if can not verify described trusted sign and issue being authorized of statement and sign and issue, then described demo plant comprises the device of obtaining the authorization of signing and issuing that uses the described statement of Information Authentication that is associated with described statement or expression or expression.
37. system as claimed in claim 36 is characterized in that, the information that is associated with described statement or expression comprises the one or more rights expressions that are associated with described statement or expression.
38. system as claimed in claim 24 is characterized in that, described trusted sign and issue statement and describedly trusted the entity of signing and issuing statement and sign by signing and issuing.
39. system as claimed in claim 24 is characterized in that, also comprises limiting signing and issuing described device of being trusted the right of signing and issuing statement.
40. system as claimed in claim 24 is characterized in that, entity can be refused to depend on the trust of being signed and issued by another entity that is subjected to and sign and issue statement.
41. system as claimed in claim 24 is characterized in that, a plurality of entities are under an embargo to depend on by what an entity was signed and issued and are subjected to trust and sign and issue statement.
42. system as claimed in claim 24 is characterized in that, by the rights expression chain that is associated with described statement or expression of checking all or part of, a plurality of entities can be dependent on to be subjected to trust to sign and issue statement or do not rely on and are subjected to trust to sign and issue statement.
43. system as claimed in claim 24 is characterized in that, a plurality of entities are required to depend on to be subjected to trust signs and issues statement.
44. system as claimed in claim 24 is characterized in that, entity is not allowed to all or part of of verifying authorization expression chain, or otherwise visits or check the rights expression chain.
45. system as claimed in claim 24, it is characterized in that, with the statement of the statement of the document of title of described document of title of being trusted the document of title signing and issuing described statement that statement is associated or expression and comprise copyright, service, resource, proof of purchase, transaction voucher, proof of purchase, certificate voucher, identity documents, approval voucher, affirmation, commercial affairs intention or expression, business contract or expression or rule or tactful statement or expression one of at least.
46. system as claimed in claim 24, it is characterized in that, described definite statement or whether express with trusted the device signing and issuing statement and be associated, described determine described trusted the device signing and issuing statement and whether be suitable for, described determine described trusted sign and issue device and the described checking whether signing and issuing of statement obtain the authorization and comprise the one or more computer-readable instructions that are stored on the computer-readable medium with device.
47. system as claimed in claim 24, it is characterized in that, described definite statement or whether express with trusted the device signing and issuing statement and be associated, described determine described trusted the device signing and issuing statement and whether be suitable for, described determine described trusted sign and issue device that whether signing and issuing of statement obtain the authorization and described checking comprise a computer system with device one or more computer equipments.
48. one kind is used to the equipment of verifying that being authorized of statement or expression signed and issued, described equipment comprises:
Determine statement or whether express with being trusted and sign and issue the device that statement is associated;
Determine described trusted sign and issue the device whether statement is suitable for;
Determine the described device of whether obtaining the authorization of signing and issuing of signing and issuing statement of being trusted; And
If described trusted sign and issue that statement is suitable for and described trusted sign and issue signing and issuing of statement and obtain the authorization, then verify the device that signing and issuing of described statement or expression obtained the authorization.
49. equipment as claimed in claim 48, it is characterized in that, described be subjected to trust sign and issue statement and specify entity associated therewith, and determine described trusted sign and issue device that whether statement be suitable for comprise determine and described trusted sign and issue whether the entity that statement is associated is the device of a trusted entities.
50. equipment as claimed in claim 48, it is characterized in that, described be subjected to trust sign and issue statement and specify permission associated therewith, and determine described trusted sign and issue device that whether statement be suitable for comprise determine and described trusted sign and issue permission that statement is associated and one trusted the device of permission.
51. equipment as claimed in claim 48, it is characterized in that, described be subjected to trust sign and issue statement and specify chain associated therewith source rights expression, and determine described trusted sign and issue device that whether statement be suitable for and comprise and determine and describedly trusted the device of whether obtaining the authorization of signing and issuing of signing and issuing chain source rights expression that statement is associated.
52. equipment as claimed in claim 48 is characterized in that, with described trusted sign and issue described statement or the expression that statement is associated and comprise a rights expression.
53. equipment as claimed in claim 48 is characterized in that, described trusted sign and issue statement be with described trusted sign and issue the described statement that statement is associated or the part of expression.
54. equipment as claimed in claim 48 is characterized in that, described trusted sign and issue statement by signed and issued with described trusted sign and issue described statement that statement is associated or the same entity of expression is signed and issued.
55. equipment as claimed in claim 54 is characterized in that, described trusted sign and issue statement and with described trusted sign and issue the described statement that statement is associated or express by same entity and use a signature signature.
56. equipment as claimed in claim 48, it is characterized in that, determine describedly to be trusted the device of whether obtaining the authorization of signing and issuing of signing and issuing statement and comprise and check to authorize the device of being trusted the rights expression of signing and issuing of signing and issuing statement, and determine the device of whether obtaining the authorization of signing and issuing that described authorization privilege expresses.
57. equipment as claimed in claim 48 is characterized in that, determine described trusted sign and issue device that whether statement obtain the authorization be used to verify with described trusted sign and issue the same root of trust that described statement that statement is associated or expression are obtained the authorization.
58. equipment as claimed in claim 48, it is characterized in that, if statement or express not with being subjected to trust and sign and issue statement and be associated, then described demo plant comprise the device of obtaining the authorization of signing and issuing that uses the described statement of Information Authentication that is associated with described statement or expression or expression.
59. equipment as claimed in claim 58 is characterized in that, the information that is associated with described statement or expression comprises the one or more rights expressions that are associated with described statement or expression.
60. equipment as claimed in claim 56, it is characterized in that, if can not verify described trusted sign and issue being authorized of statement and sign and issue, then described demo plant comprises the device of obtaining the authorization of signing and issuing that uses the described statement of Information Authentication that is associated with described statement or expression or expression.
61. equipment as claimed in claim 60 is characterized in that, the information that is associated with described statement or expression comprises the one or more rights expressions that are associated with described statement or expression.
62. equipment as claimed in claim 48 is characterized in that, described trusted sign and issue statement and describedly trusted the entity of signing and issuing statement and sign by signing and issuing.
63. equipment as claimed in claim 48 is characterized in that, also comprises limiting signing and issuing described device of being trusted the right of signing and issuing statement.
64. equipment as claimed in claim 48 is characterized in that, entity can be refused to depend on the trust of being signed and issued by another entity that is subjected to and sign and issue statement.
65. equipment as claimed in claim 48 is characterized in that, a plurality of entities are under an embargo to depend on by what an entity was signed and issued and are subjected to trust and sign and issue statement.
66. equipment as claimed in claim 48 is characterized in that, by the rights expression chain that is associated with described statement or expression of checking all or part of, a plurality of entities can be dependent on to be subjected to trust to sign and issue statement or do not rely on and are subjected to trust to sign and issue statement.
67. equipment as claimed in claim 48 is characterized in that, a plurality of entities are required to depend on to be subjected to trust signs and issues statement.
68. equipment as claimed in claim 48 is characterized in that, entity is not allowed to all or part of of verifying authorization expression chain, or otherwise visits or check the rights expression chain.
69. equipment as claimed in claim 48, it is characterized in that, with the statement of the statement of the document of title of described document of title of being trusted the document of title signing and issuing described statement that statement is associated or expression and comprise copyright, service, resource, proof of purchase, transaction voucher, proof of purchase, certificate voucher, identity documents, approval voucher, affirmation, commercial affairs intention or expression, business contract or expression or rule or tactful statement or expression one of at least.
CNA2004800446426A 2004-11-12 2004-11-12 Method, system, and device for verifying authorized issuance of a rights expression Pending CN101084503A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2004/037734 WO2006054963A1 (en) 2004-11-12 2004-11-12 Method, system, and device for verifying authorized issuance of a rights expression

Publications (1)

Publication Number Publication Date
CN101084503A true CN101084503A (en) 2007-12-05

Family

ID=36407422

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2004800446426A Pending CN101084503A (en) 2004-11-12 2004-11-12 Method, system, and device for verifying authorized issuance of a rights expression

Country Status (5)

Country Link
EP (1) EP1817727A1 (en)
JP (1) JP4951518B2 (en)
KR (1) KR101197665B1 (en)
CN (1) CN101084503A (en)
WO (1) WO2006054963A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA3097092C (en) * 2018-04-20 2024-02-13 Vishal Gupta Decentralized document and entity verification engine

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5737494A (en) * 1994-12-08 1998-04-07 Tech-Metrics International, Inc. Assessment methods and apparatus for an organizational process or system
US6801900B1 (en) * 1999-12-22 2004-10-05 Samuel H. Lloyd System and method for online dispute resolution
US6895503B2 (en) * 2001-05-31 2005-05-17 Contentguard Holdings, Inc. Method and apparatus for hierarchical assignment of rights to documents and documents having such rights
AU2002312351B2 (en) * 2001-06-07 2006-11-30 Contentguard Holdings, Inc. Method and apparatus managing the transfer of rights
JP2003107994A (en) * 2001-10-02 2003-04-11 Nippon Telegr & Teleph Corp <Ntt> Device and method for verifying route of public key certificate
JP2003187101A (en) 2001-12-19 2003-07-04 Sony Corp Information processor, information processing method, storage medium, information processing system and program
US7308573B2 (en) * 2003-02-25 2007-12-11 Microsoft Corporation Enrolling / sub-enrolling a digital rights management (DRM) server into a DRM architecture

Also Published As

Publication number Publication date
JP4951518B2 (en) 2012-06-13
EP1817727A1 (en) 2007-08-15
KR101197665B1 (en) 2012-11-07
WO2006054963A1 (en) 2006-05-26
KR20120025015A (en) 2012-03-14
JP2008520036A (en) 2008-06-12

Similar Documents

Publication Publication Date Title
KR101143228B1 (en) Enrolling/sub-enrolling a digital rights management drm server into a dram architecture
KR101332147B1 (en) Method and system to support dynamic rights and resources sharing
JP4714791B2 (en) Expandable rights expression processing system and method
US8904545B2 (en) Method, system, and device for verifying authorized issuance of a rights expression
US7549051B2 (en) Long-life digital certification for publishing long-life digital content or the like in content rights management system or the like
KR101026607B1 (en) Issuing a publisher use license off-line in a digital rights managementdrm system
MXPA04010541A (en) Rights management system using legality expression language.
JP2004265358A (en) Method and system for secure transaction management
Michiels et al. Towards a software architecture for DRM
Hwang et al. Modeling and implementation of digital rights
Coyle Rights expression languages
US20230086191A1 (en) Systems and Methods for Token Content Unlocking, Biometric Authentication using Privacy-Protecting Tokens, Ownership-Based Limitations of Content Access, Policy-Based Time Capsule Technology, and Content Lock Mechanisms
Wang MPEG-21 rights expression language: Enabling interoperable digital rights management
CN101084503A (en) Method, system, and device for verifying authorized issuance of a rights expression
JP5296120B2 (en) Method and apparatus for determining rights expression chain
Wang Design principles and issues of rights expression languages for digital rights management
KR20070086059A (en) Method, system, and device for verifying authorized issuance of a rights expression
Rodríguez Luna Standardisation of the protection and governance of multimedia content
Valverde et al. Digital Rights Management
WIRTSCHAFTSWISSENSCHAFTLICHEN et al. Control of Information Distribution and Access

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Open date: 20071205