CN103023640A - Apparatus and method for moving rights object from one device to another device via server - Google Patents

Apparatus and method for moving rights object from one device to another device via server Download PDF

Info

Publication number
CN103023640A
CN103023640A CN2012103967347A CN201210396734A CN103023640A CN 103023640 A CN103023640 A CN 103023640A CN 2012103967347 A CN2012103967347 A CN 2012103967347A CN 201210396734 A CN201210396734 A CN 201210396734A CN 103023640 A CN103023640 A CN 103023640A
Authority
CN
China
Prior art keywords
equipment
server
right objects
request message
moves
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012103967347A
Other languages
Chinese (zh)
Other versions
CN103023640B (en
Inventor
李承帝
金兑炫
秋渊成
孙圣武
希兰·库玛·凯沙瓦穆斯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
LG Electronics Inc
Original Assignee
LG Electronics Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020060008575A external-priority patent/KR20070078340A/en
Priority claimed from KR1020060081343A external-priority patent/KR100830941B1/en
Application filed by LG Electronics Inc filed Critical LG Electronics Inc
Publication of CN103023640A publication Critical patent/CN103023640A/en
Application granted granted Critical
Publication of CN103023640B publication Critical patent/CN103023640B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

An apparatus and method for transferring a Rights Object (RO) for a content between devices via a server, wherein a sending device converts a first RO taken by itself to encode into a second RO, and sends an RO move request message including the second RO to the server, whereas the server converts the second RO included in the RO move request message into a third RO and transfers the third RO to a receiving device, whereby the receiving device receives the third RO from the server for installation, wherein the sending device deletes or modifies the first RO at an appropriate time point.

Description

Via server with the apparatus and method of right objects from an equipment moving to another equipment
The application be the original bill application number be 200780003696.1 application for a patent for invention (applying date: on January 25th, 2007, denomination of invention: via server with the apparatus and method of right objects from an equipment moving to another equipment) divide an application.
Technical field
The present invention relates in digital copyright management (DRM:Digital Rights Management), transmit at equipment room the method and apparatus of (movement) right objects (RO:Rights Object), specifically, relate to the method and apparatus that the RO of digital content is sent to another equipment from an equipment via server.
Background technology
Can obtain digital content by various available approach (for example, by downloading from the website of content publishing center (CI:Content Issuer) or receiving by mail (for example, Email) or arbitrary medium from other equipments).In order to use this digital content, right objects (RO) should be sent by copyright publishing center (RI:Rights Issuer).Relevant technology is called digital copyright management (DRM) therewith.
Usually, the DRM agency is mounted in software or the program in the equipment that uses these contents.Replace CI provider and RO provider, act on behalf of illegal use and the piracy that prevents digital content by DRM, and protect the copyright of these CI providers and RO provider.
Two class RO comprise stateful RO and stateless RO.Stateful RO is subject to the restriction such as access times or use duration.Here, when reappearing (broadcast) corresponding digital content, must verify and record and used how many authorities, the information that records is called state information.Therefore, usually in playing digital content, upgrade this state information.
Summary of the invention
Technical problem
Usually, in order to use specific digital content in the DRM system, the equipment user should directly have the RO by the content of RI issue.Introduced and be used for device access RI with the many methods of the RO that obtains to be sent by this RI.
Yet the equipment that also proposes authentication arrives all or part of transmission of its RO that directly issue by RI (for example, transmit, move etc.) method detailed of another equipment.
Technical scheme
Therefore, the object of the present invention is to provide for via server all or part of of the right objects (RO) of particular device being moved (transmission) to the apparatus and method of another equipment.
In order to realize purpose of the present invention, provide a kind of and between equipment, transmitted the method for RO via server, the method may further comprise the steps: by transmitting apparatus the one RO is changed, to generate the 2nd RO; Send RO from described transmitting apparatus to described server and move request message, transmit (movement) described two RO via described server to receiving equipment with request; Receive the response message that moves request message for described RO from described server; And delete a described RO or the modification state information relevant with a described RO.
In another embodiment of the present invention, provide a kind of and between equipment, transmitted the method for RO via server, the method may further comprise the steps: receive RO from transmitting apparatus and move request message; Send the response message that moves request message for described RO to described transmitting apparatus; Be converted to the 2nd RO with being included in the RO that described RO moves in the request message; And transmit the 2nd RO after the conversion to receiving equipment.
In order to realize this purpose of the present invention, a kind of transmitting apparatus that RO is sent to receiving equipment via server is provided, this transmitting apparatus comprises: digital copyright management (DRM) agency, it is to will encoding via the RO that server moves to receiving equipment, and the RO that will comprise the RO behind the described coding moves request message and sends to described server; And communication module, it communicates with described server at least.
In order to realize this purpose of the present invention, a kind of server that transmits RO between equipment is provided, this server comprises: copyright publishing center (RI), this copyright publishing center from transmitting apparatus receive comprising the RO that will move to the RO of receiving equipment move request message, send the response message that moves request message for described RO to described transmitting apparatus, change being included in the described RO that described RO moves in the request message, and send the RO after the described conversion to described receiving equipment; And communication module, it communicates with described transmitting apparatus and described receiving equipment at least.
In order to realize this purpose of the present invention, provide a kind of and between equipment, transmitted the system of RO via server, this system comprises: transmitting apparatus, its transmission have comprised that the RO of the 2nd RO moves request message, and the 2nd RO converts from a RO; Server, it will be included in the 2nd RO that described RO moves in the request message and be converted to the 3rd RO, and the 3rd RO after will changing sends to receiving equipment; And receiving equipment, it receives described the 3rd RO from described server, and described the 3rd RO is installed.
In order to realize this purpose of the present invention, provide a kind of and between equipment, transmitted the method for right objects via server, the method may further comprise the steps: sent by transmitting apparatus and comprised that the right objects of right objects identifier moves request message; By the described server inspection right objects corresponding with described right objects identifier; Receive right objects by described transmitting apparatus from described server and move response message; And by described transmitting apparatus deletion described right objects or modification with the described right objects relevant state information corresponding with described right objects identifier.
Described further comprising the steps of in the method that transmits right objects between the equipment via server: the right objects after will being checked by described server is converted to the right objects of receiving equipment; And send described receiving equipment to by the right objects of described server after with described conversion.
The step of described conversion right objects is further comprising the steps of: by the PKI of the described server of described server by utilizing or the privacy key shared with described transmitting apparatus before, come the right objects after the described inspection is decoded; The privacy key that utilizes the PKI of described receiving equipment or share with described receiving equipment before comes described decoded right objects is encoded.
Description of drawings
Fig. 1 shows according to the execution mode via server structure of the system of mobile right objects between equipment of the present invention;
Fig. 2 shows according to of the present invention via the execution mode of server from an equipment to the method for another equipment moving right objects;
Fig. 3 shows the example text of describing according to the mobile-initiated grammer of RO of the present invention;
Fig. 4 shows the parameter that RO according to the present invention moves request message;
Fig. 5 shows the example syntax that RO according to the present invention moves request message;
Fig. 6 shows and is included in the summary part that RO according to the present invention moves the redirected identifier spreading parameter in the request message;
Fig. 7 shows the structure that RO according to the present invention moves request message;
Fig. 8 shows and shows that RO according to the present invention moves the example text of the grammer of request message; And
Fig. 9 shows and shows the exemplary XML document that is included in the mobile license among the RO.
Embodiment
The present invention be implemented as so that all or part of transmission of the RO that the first equipment will be obtained by this first equipment via server or movement (hereinafter, " transmission " and " movement " is as identical meanings) to the second equipment.
When sending whole RO of the first equipment to second equipment via server, this first equipment can not re-use this RO, and the second equipment can use the RO to its transmission.On the other hand, when sending the part of the RO of the first equipment to second equipment via server, this first equipment can use all the other RO except the part RO that transmits, and the second equipment can use the part RO to its transmission.
The RO that is sent to the second equipment from the first equipment via server can be a kind of equipment right objects and the user domain right objects.
If stored the relevant information (for example, when server is when sending the RI of RO to the first equipment at first) of RO that obtains with the first equipment before the server, this first equipment and server can be identified RO each other based on the RO identifier.Here, this first equipment sends RO identifier and state information object to server, the server privacy key (secret key) that uses the PKI of the second equipment or share with the second equipment before thus, the RO corresponding with received RO identifier and state information object encoded, to send subsequently the second equipment to.
The first equipment and the second equipment can belong to same user, perhaps belong to the user who differs from one another.
This server can limit the transmission of the RO that is not allowed to.This server is the content supplier that comprises content publishing center (CI) and copyright publishing center (RI).
If the RO that transmits has mobile license, then this second equipment can send the RO that transmits to another equipment.
This first equipment will comprising the RO of the 2nd RO move request message and send to server, the 2nd RO converts from a RO who is obtained by the first equipment itself.Server sends the response message that moves request message for this RO to this first equipment.Server also will be included in the 2nd RO that RO moves in the request message and be converted to the 3rd RO, and the 3rd RO after then will changing sends this second equipment to.
In the present invention, described state information comprises the various values of the current state that respectively indication is corresponding with RO.Here, when RO comprised that any one has state restriction (for example, interval, number of times, accumulation calendar scheduling), this state information represented the value by the DRM proxy management.The state information object encoding is for the example of the state information form of the purpose that state information is sent to another equipment from an equipment.
Referring now to accompanying drawing, embodiments of the present invention are described.
Fig. 1 shows according to the execution mode via server structure of the system of mobile right objects between equipment of the present invention.As shown in Figure 1, system according to the present invention comprises: the first equipment 10, its transmission have comprised that the RO of the 2nd RO moves request message, and the 2nd RO converts from a RO; Server 40, its will be included in this RO move the 2nd RO in the request message be converted to the 3rd RO and will change after the 3rd RO send to the second equipment 20; And second equipment 20, it receives the 3rd RO to install from server 40.
When receiving this RO and move request message, server 40 sends the response message that moves request message for this RO to this first equipment.
The first equipment 10 has DRM agency 11, and the second equipment has the 2nd DRM agency 21.Server 40 can be content supplier or RI.Content supplier comprises content publishing center (CI) and copyright publishing center (RI).
The first equipment 10 also comprises at least the communication module that communicates with this server, and the second equipment 20 also comprises at least the communication module that communicates with this server.This server also comprises at least the communication module that communicates with the first equipment 10 and the second equipment 20.
The one RO represents to be distributed to by server 40 RO of the first equipment 10.
The 2nd RO represents all or part of of when via server 40 RO being moved (transmission) to the second equipment 20 RO.
The 2nd RO represents such RO, namely, this RO privacy key that to be the first equipment 10 share by the private key that utilizes the first equipment 10 or with server 40 is decoded (here, rights encryption key (REK:Rights Encryption Key) and the MAC key of a RO being decoded), with the PKI of server 40 or with the shared privacy key of server 40 a decoded RO is encoded to obtain subsequently a RO.
The 2nd RO comprise at least the PKI that utilizes server 40 or with the encode rights encryption key (REK) of (or encryption) of the privacy key that server 40 is shared.Decoded MAC key among the one RO can be included among the 2nd RO.
The 2nd RO can comprise license, restriction, digital signature value, contents encryption key (CEK:Contentsencryption key) and REK, and all these is identical with a RO's.
When a RO was stateful RO, the first equipment 10 sent to server 40 with the 2nd RO together with this state information object.
The 2nd RO comprises rights encryption key (REK) and MAC key, utilize the PKI of server 40 to come REK and MAC key are encapsulated (wrap) and coding, so that server 40 can be decoded to REK and MAC key (or deciphering), the 2nd RO also comprises the mac value of utilizing decoded MAC key among the RO or newly-generated MAC key and calculating, to allow server 40 checkings the 2nd RO.
The 3rd RO represents such RO, that is, this RO private key that is server 40 by utilizing server 40 or with the privacy key that the first equipment 10 is shared the 2nd RO is decoded, uses subsequently the PKI of the second equipment 20 or with the privacy key that the second equipment 20 is shared decoded the 2nd RO is encoded and obtain.
Server 40 utilizes the PKI of server 40 or comes REK and the MAC key of the 2nd RO are decoded with privacy key that the first equipment 10 is shared.
Server 40 utilizes the PKI of the second equipment 20 or the privacy key of sharing with the second equipment 20, comes the REK of the 2nd RO of serviced device 40 decodings is encoded.Subsequently, server 40 is revised movement (or transmission) the number of times limits value in the restriction that is included among the 2nd RO, and utilizes among the 2nd RO decoded MAC key or newly-generated MAC key to generate the mac value, with objectification (object) the 3rd RO.
If the first equipment 10 has transmitted the 2nd RO and state information object, then server 40 is converted to the 3rd RO with the 2nd RO, and the 3rd RO is the state that the state information object after the 2nd RO and the transmission is merged.
After the first equipment 10 is converted to a RO whole the 2nd RO and sends the 2nd RO to server 40 subsequently, when receive when moving the response message of request message for RO the first equipment 10 deletions the one RO from server 40.
After the 2nd RO after the first equipment 10 is converted to the part of a RO the 2nd RO and will changes subsequently sends to server 40, when receiving from server 40 when moving the response message of request message for RO, the first equipment 10 is revised (renewal) state informations relevant with a RO.
In the present invention, the first execution mode and the second execution mode have illustrated respectively via server whole transmission of carrying out of RO (or mobile etc.) and the transmission the part of RO carried out via server (or mobile etc.).
Below, at first according to the first execution mode the method that RO is sent to another equipment from an equipment via server is described schematically.The first execution mode shows the whole transmission of carrying out to RO.
The first user of the first equipment 10 for example utilizes the first equipment 10(, a kind of mobile phone or mobile communication terminal) or such as other devices of PC, browse from server 40(namely, content supplier, specifically, copyright publishing center (RI) 41) particular content (for example, MP3 music file, video file etc.).Here, RI can comprise mobile license for the RO of particular content generation.
If this particular content is mp3 file, first user wishes to give the second user with this mp3 file as present.
When the RO that generates for this mp3 file as RI 41 comprised mobile license, first user was downloaded mp3 file and RO thereof.
Then, be not used or the RO that is used of part whole in order to transmit (movement), this first user access server 40 also sends the RO of this mp3 file to server 40.
The second equipment 20(of the second user for example, portable MP 3 player) be connected to the server 40 of the first equipment 10, to download mp3 file and the RO that is sent to server 40 by first user.
Therefore, this second user can play this mp3 file with the second equipment 20, plays this mp3 file and first user can't recycle the first equipment 10.
Like this, the first equipment 10 can be given the second equipment 20 with whole transmission (movement) of the own RO that obtains via server 40.
Hereinafter, second embodiment of the invention schematically to being described from the method that an equipment is sent to another equipment via the part of server with RO.The second execution mode shows the transmission that the part of RO is carried out.
First user utilizes the first equipment 10 to browse available content (that is, video) from server 40.
First user is selected concrete video, and indicates him to wish to play this concrete video ten times and share this concrete video.
Server 40 generates the RO of selected video, and this RO has restriction and the mobile license of playing restriction for ten times.
First user utilizes the first equipment 10 to download this video and RO subsequently.
First user utilizes the first equipment 10 to play this video once.
If the second equipment 20 is wished the displaying video specific times, then first user utilizes the first equipment 10 to visit server 40 and transmits the part of the RO of these videos to server 40.
That is, if the second equipment 20 is wished displaying video once, then the first equipment sends the RO that is used for once broadcast from the own RO that obtains whole to server 40.
The second user is via the second equipment 20 access servers 40, downloads subsequently from the first equipment 10 and sends the video of server 40 and RO(to here, and the second user can be same or different user from first user).
Therefore, the second user can come displaying video based on the RO that is used for once playing that obtains via the second equipment 20.
Simultaneously, so the first equipment 10 has the RO of displaying video eight times.
Below, describe the first and second execution modes in detail with reference to Fig. 2.
Fig. 2 show according to first embodiment of the invention via server with the illustrative methods of right objects from an equipment moving to another equipment.Based on the signal stream shown in Fig. 2 the first execution mode is described.Mode with the difference of only paying close attention to the second execution mode and the first execution mode illustrates the second execution mode.
The one DRM agency is arranged in the first equipment 10, and the 2nd DRM agency 21 is arranged in the second equipment 20.RI 41 is arranged in the server 40.The first user of the first equipment 10 can be same user or different user with the second user of the second equipment 20.In addition, RO to be transmitted can be equipment RO or user domain RO.
For the purpose of explanation, the RO that the first equipment 10 obtains is called a RO, be called the 2nd RO from the RO that the first equipment 10 sends server 40 to, and will be called the 3rd RO from the RO that server 40 sends the second equipment 20 to.
RI 41 has been distributed to a RO the one DRM agency 11.The one RO can be untapped RO or by the residue RO after partly using.
Below, describe to the 2nd DRM agency 21 situation all or part of transmission (movement) of a RO to DRM agency 11.
When hope is sent to RO another DRM and acts on behalf of from DRM agency (, when transmitting RO via RI), this RO should have the digital signature that is generated by this RI.Therefore, when request mobile (transmission) was changed the 2nd next RO from a RO, digital signature can provide integrity function and the non-property denied (non-repudiation) function for RI 41, checked oneself whether to have sent this RO to allow RI 41.
At first, DRM agency 11 first user is browsed RI entrance (portal), and selects RO is moved (transmission) to another DRM agency's Information Mobile Service.First user is with backward RI 41 request services, and this service is used for sending an own RO who obtains to the 2nd DRM agency.
RI 41 sends rights object acquisition protocol (ROAP:rights object accessprotocol) to DRM agency and triggers (RO moves triggering), transmits RO(S10 with the indication beginning to RI 41).
If DRM agency 11 has known the identifier of target DRM agency (for example, the 2nd DRM agency 21), execution in step S10 not then.The 2nd DRM agency's identifier represents the ID of the second equipment.
When receiving user's initiation or ROAP triggering, DRM agency 11 generates shielded RO(namely, the 2nd RO), to send RI 41 to.
That is, the privacy key that DRM agency 11 uses the private key of the first equipment or shares with RI 41 before comes RO(that RI 41 is sent namely, DRM agency 11 RO(that obtain namely, a RO)) decode.Here, rights encryption key (REK) and the MAC key of a RO are decoded.
The one DRM agency 11 generates another shielded RO(namely, the 2nd RO).This another shielded RO also can comprise contents encryption key (CEK), license, restriction and digital signature; all these be included in RO(that the first equipment 10 obtains namely, a RO) in contents encryption key (CEK), license, limit identical with digital signature.
When generating shielded RO(namely, the 2nd RO) time, the privacy key that DRM agency 11 utilizes the PKI of RI 41 or shares with RI 41 before comes REK and MAC key are encoded, and reads REK and MAC key to allow RI 41.The one DRM agency 11 also generates the mac value that will be used for the integrity verification of the 2nd RO, to allow the integrality of RI 41 checkings the 2nd RO.
Suppose that a RO is stateful RO, if a RO intactly or is partly transmitted, then DRM agency 11 is according to the state information generation state information object (S12) of managing.
Generating shielded RO(namely; the 2nd RO) afterwards; the one DRM agency 11 generates RO and (for example moves request message; the ROAP-RO request of moving); and this message sent to RI 41(S14), this RO moves request message and has comprised RO, state information object (if RO is stateful RO) and the identifier of the second equipment and the digital signature of this message that generates.The identifier of this second equipment can be not included in this RO and move in the request message.First user can be specified the identifier of the second equipment after a while in the RI porch.This RO moves request message and represents for request RO to be transmitted (movement) to another DRM agency's message, is described in detail after a while.
Using the ROAP that sends from DRM agency 11 (for example to ask; the ROAP-RO request of moving) digital signature in the message has successfully been finished and has been comprised after the authentication of recalling (revocation) status checkout; RI 41 generate with the shielded RO(of the 2nd DRM agent binding namely, the 3rd RO) (S16).
That is, the received RO(of RI 41 checking namely, the 2nd RO), and utilize the private key (or privacy key of sharing before) of RI 41 that received RO is decoded, with generate with the RO(of the second equipment 20 bindings namely, the 3rd RO).
When generating the 3rd RO(namely, RO with the 2nd DRM agent binding) time, if receive the state information object, then RI 41 should make up received state information object and restricted information, and should make amendment to the limits value that is included in from the 2nd RO that the first equipment (transmitting apparatus) 10 receives.
In addition, if be included among the 2nd RO that receives<move〉element has the number of times restriction, then RI 41 should will have this<move〉element<count〉the value minimizing 1 of element.
To be included in the 2nd RO that receives<rights after limits value in the element made amendment, RI 41 generated for<rights the digital signature value of element.
RI 41 uses target device (namely, the second equipment 20) PKI or the privacy key of sharing with the second equipment 20 are before encoded to rights encryption key (REK) and MAC key, append to the REK that encapsulates and MAC key after will encode subsequently to be arranged in<ro〉under the element<encKey〉element.
RI 41 generation<ro〉the mac value and the mac value that generates appended to of element is positioned at<protected RO〉under the element<mac〉element.In this way, the RO(that RI 41 generates the 2nd DRM agency 21 namely, the 3rd RO or with the RO of the 2nd DRM agency 21 bindings).
Subsequently, RI 41 moves request message (for example, the ROAP-ro request of moving) in response to RO and RO is moved response message (for example, ROAP-ro-moves response) sends to a DRM and act on behalf of 11(S18).RO moves response message and represents whether RI 41 confirms that the 2nd RO that transmits will successfully be transmitted.To explain after a while RO and move response message.
In the first embodiment (namely, be used for intactly transmitting RO), identify successfully send RO to RI 41 after, receive the corresponding RO(of DRM agency 11 deletions that RO moves response message namely, the one RO) (S20), and in the second execution mode, (that is, be used for partly transmitting RO) and revise with corresponding RO(namely, a RO) relevant state information.
On the other hand, RI 41 execution typical 1 logical (1-pass) or 2 logical (2-pass) RO obtain agreement (S22, S24 and S26).In the situation of 2 logical RO, RI 41 sends ROAP to the 2nd DRM agency 21 and triggers, and downloads 11 RO that transmitted from DRM agency to indicate the 2nd DRM agency 21.
The 2nd DRM agency 21 downloads the RO that is sent to RI 41 by DRM agency 11 first user successfully finishing and obtaining after the protocol procedures that RI 41 carries out.Therefore, the 2nd DRM agency 21 installs the RO(S28 that downloads).
To describe now that the RO that proposes in the present invention moves triggering, RO moves request message and RO moves response message in detail.
Below, illustrate that at first RO moves triggering.
This RO moves and triggers expression sends to transmitting apparatus from RI when transmitting apparatus wishes via RI RO to be transmitted (movement) to receiving equipment ROAP triggering.It can be the expansion that DRM ROAP triggers that RO moves triggering.
Shown in the step S10 among Fig. 2, RO is moved triggering send to DRM agency 11 from RI 41, transmit RO to indicate DRM agency 11 beginnings to RI 41.
Fig. 3 shows explanation according to the example text of the mobile-initiated grammer of RO of the present invention.Underscore among Fig. 3 has partly specifically illustrated the text expansion.
Comprised<roapTrigger when DRM agency 11 receives when the ROAP of element (it has<roMove〉element) triggered, DRM agency 11 should obtain the license of first user and start ROAP-RO and move request protocol.If DRM agency received RO move do not have in the triggering appointment<riID RI context (Context), then DRM agency 11 should use at RO and move in the triggering<roapURL〉unit usually starts ROAP-device call registration protocol (hello registration protocol).
When first user was selected one or more RO to be transmitted, RI 41 can move at RO and specify (a plurality of)<roID in the triggering〉element.
Move by RO trigger receive by RI 41 appointments<roID after the element, the one DRM agency 11 should be with RO to be transmitted or the identifier of roID(RO) comprise that (interpolation) move in the request message (that is, the ROAP-ro request of moving) at ROAP-RO.
Specified target device if wish the first user that its RO is sent to another equipment, then RI 41 should arrange<roap Trigger〉in the element<targetDevice ID〉element.Therefore, being included in RO moves in the triggering<roapTrigger〉element can have<targetDevice ID〉element.<targetDevice ID〉element can comprise the ID value of the equipment (that is, target device) that RO will be sent to.
Below explanation RO moves request message.
RO is moved request message (that is, ROAP-RO moves request message) send to RI 41 from transmitting apparatus, to start mobility protocol by RI.This message represents via RI RO to be sent to target DRM agency.With reference to Fig. 2, at step S14 RO is moved request message and send to RI 41 from DRM agency 11.
Fig. 4 shows the parameter that RO according to the present invention moves request message.In Fig. 4, M represents essential composition, and o is optional member.
Device id represents requesting service (that is, transmitting apparatus).RI ID represents server (that is, RI) ID.
Triggering real data (trigger nonce) and the RO that receives from RI 41, to move the real data value that comprises the triggering identical.When the triggering real data parameter of having specified (definition), the ID(that RI 41 can preserve first user target device of appointment during browsing namely, the ID of the second equipment).In this case, can move appointment (definition) target device ID parameter in the request message at RO.
The selected real data of equipment real data (device nonce) expression transmitting apparatus (that is, the first equipment).
Request time represents the current DRM time that transmitting apparatus identifies.
Have<targetDevice ID if the RO that receives from RI moves to trigger, then should the intended target device id.Target device ID value should move in the triggering with this RO<targetDevice ID〉element is identical.If there is not intended target device id parameter, then first user should be at RI porch intended target equipment.
(a plurality of) ROInfo Parametric Representation will move one or more RO of (transmission).It can comprise one or more ROID and state information object pair, or comprises one or more shielded RO and state information object.
The content of shielded RO should with the content of the RO that receives from RI at first except being included in<protected RO in the element<ro element<encKey element and be included in<protected RO in the element<mac content the element is identical.
<encKey〉element have through the encapsulation rights encryption key (REK) and MAC key.Should be come these two keys are encoded by the PKI of the first equipment utilization RI or the privacy key of sharing with RI before, mutually be shared in the authentication processing before this PKI.
<mac〉element comprises<protected RO〉the mac value of element.Should utilize<encKey MAC key in the element or utilize newly-generated MAC key to calculate this mac value, and it is appended to<mac in the element.
When RO was stateful RO, the parameter of (a plurality of) state information object should be included in RO and move in the request message.The Parametric Representation of described (a plurality of) state information object is acted on behalf of the state information of managing by a DRM of the first equipment.
When intactly transmitting (movement) concrete RO, according to generating the state information object with the whole corresponding state information of concrete RO.On the contrary, when partly transmitting concrete RO, generate the state information object according to the state information corresponding with the part of this concrete RO.
If the RI context does not represent RI and has preserved its desired device certificate information, then moves request message at RO and comprise the certificate chain parameter.
Spreading parameter can comprise that being redirected identifier expands.When having redirected identifier expansion in the spreading parameter field, spreading parameter indicates to receive the ID of the receiving equipment (for example, the second equipment) of shielded RO.ID can be by the telephone number of cellular carrier for each apparatus settings.Do not exist if be redirected the identifier expansion, then this impliedly represents that to RO the first equipment submits untapped RO(to here to the new RO with equal value or less value, and untapped RO is corresponding with shielded RO parameter).Namely; be not redirected the identifier expansion if in RO moves the spreading parameter field of request message, do not exist; then receive RI that RO moves request message identify be included in RO move in the request message RO(namely, the RO corresponding with shielded RO field) to be issued by being converted into another RO.
Signature Parametric Representation RO moves the digital signature of request message.
Fig. 5 shows the example syntax that RO according to the present invention moves request message.In Fig. 5,<roMoveRequest〉element definition ROAP-RO move request message, and have " the roap:ROMove Request " of complex data type." roap:ROMove Request " Extended-type basic " roap:Request type " function.
Fig. 6 shows and is included in the summary part that RO according to the present invention moves the redirected identifier spreading parameter in the request message.
Below explanation RO moves response message.
Move request message (that is, the ROAP-RO request of moving) in response to RO, RO is moved response message (that is, ROAP-RO moves response) send to transmitting apparatus from RI, that is, send to DRM agency's message among the step S18 in Fig. 2 from RI 41.RO moves response message and represents the RI RO that whether confirms successfully to have transmitted (transmission).
Fig. 7 shows the example syntax that RO according to the present invention moves request message.
The RO that state (status) Parametric Representation is undertaken by RI moves the treatment state of request message.If process successfully, then the state parameter value is " success ".Otherwise RI selects a status message that expression is wrong.
The device id Parametric Representation receives the ID that RO moves the equipment of response message.This parameter has and is included in RO and moves the identical value of device id parameter value (that is, the device id parameter value of Fig. 4) in the request message.
RI ID Parametric Representation sends the ID that RO moves the RI of response message.RI real data parameter has the selected real data by this RI.
The ROURI Parametric Representation is used for obtaining the address (for example, HTTP URL) of the RO that binds with target device.Equipment can pass to target device with RO URI, downloads this RO to allow this target device.
Defined spreading parameter for RO moves response message, but here do not used.
Signature Parametric Representation RO moves the digital signature of response message.
Fig. 8 shows and shows that RO according to the present invention moves the example text of the grammer of request message.
<roMoveResponse〉element definition ROAP-RO move response message.
<roMoveResponse〉element has " roap:ROMoveResponse " complex data type.This complex data type has been expanded substantially " roap:Response " type.
Below, the digital signature that is included among the RO that is sent by RI is described.
When hope was sent to RO another DRM and acts on behalf of from DRM agency, no matter RO was transmitted via RI or directly is transmitted, and RI sends the RO with digital signature.When the RO request of moving was processed, this digital signature can provide the non-sexual function of denying for RI, so that RI checks what whether this RO himself sent.
With reference to Fig. 2, when the first equipment 10 receives the RO that is sent by RI 41 and it is installed, if at<rights〉defined in the element " move(moves) " license, then a DRM of the first equipment 10 agency 11 should preserve<signature〉value of element is (here, if RO has comprised mobile license, then by RI generation<signature〉value of element).The one DRM agency 11 should create be included at first the RO that is sent by RI 41 in<rights element is identical<rights element.
In addition, DRM agency 11 should preserve REK and the MAC key that is included in the RO that sends at first.
Fig. 9 shows the exemplary XML document that shows " movement " license that is included among the RO.
Be positioned at<Move element below<type〉element can have (a plurality of) value of " via RI " and/or " directly transmitting ".If<type〉value of element is " via RI ", then DRM agency 11 can come mobile RO via RI 41.If<type〉value of element is " directly transmitting ", then DRM agency 11 can directly move to RO another DRM agency (not considering directly to transmit the detailed description of RO here, among the present invention).
<constraint〉under the element<count〉element representation transmits the number of times of RO.
If<count〉value of element is " 0 ", then DRM agency 11 should not move request message to the RO that RI 41 sends for this RO.
Can being applied in equally DRM agency 11 when the 2nd DRM of the second equipment 20 agency 21 installs received RO, this RO of RO(to be transmitted is installed is the RO that is sent by RI 41 at first) time performed processing operation.
In another embodiment of the present invention, will the method that transmit right objects via server between equipment be described.In another embodiment, transmitting apparatus sends RO identifier rather than RO itself to server, and RO moves with request.That is, this another execution mode and above-mentioned the first and second execution mode differences are that transmitting apparatus sends RO identifier rather than RO to server.
See figures.1.and.2, to via server 40(namely, RI 41) situation that the RO of the first equipment 10 is sent to the second equipment 20 describes.
If RI 41 has preserved the RO of the first equipment 10, then the first equipment 10 and RI 41 can identify this RO based on the RO identifier.
The first equipment 10 will comprise that the RO of the RO identifier that is used for identification RO moves request message and sends to RI41, send its RO to second equipment 20 to ask RI 41.Here, RO moves (a plurality of) shielded RO parameter that request message can not comprise the essential composition of conduct shown in Fig. 4, and comprises that the RO identifier is as essential composition.
RI 41 checks subsequently and is included in received RO and moves the corresponding RO of RO identifier in the request message.The privacy key that RI 41 utilizes its private key or shares with the first equipment 10 before comes the RO after checking is decoded.Then, the privacy key that RI 41 utilizes the PKI of the second equipment 20 or shares with the second equipment 20 before comes decoded RO is encoded.
When RO is encoded, if decoded RO has mobile number of times restriction, then RI 41 will transmit number of times minimizing 1.The privacy key that RI 41 also utilizes the PKI of the second equipment 20 or shares with the second equipment 20 is before encoded to the REK and the MAC key that are included among the decoded RO.RI 41 generates the mac value by calculating MAC key or newly-generated MAC key.
If RO is stateful RO, then RI 41 can encode to the state information object.
Like this, after generating the RO will be moved to the second equipment 20 or during generation RO, RI 41 moves request message in response to RO, and response message (for example, RO moves response message) is sent to the first equipment 10.If this response message represents to guarantee the successful transmission of RO, then the first equipment 10 is deleted RO for the situation that has transmitted complete RO, and makes amendment for the situation that the has transmitted a part of RO pair state information relevant with this RO.
Ro after RI 41 will encode and state information object (in the situation of stateful RO) send the second equipment 20 to.The second equipment 20 correspondingly receives this RO, to install.
As described in up to the present, the invention provides all or part of transmission (movement) of the RO that particular device is obtained via server to the method for another equipment, can will be sent to another equipment by the RO for certain content that this server sends via server.
According to only describing the present invention as schematic execution mode.Clearly, those skilled in the art can modifications and variations of the present invention are in the situation that does not break away from the spirit or scope of the present invention.Therefore, the present invention is intended to contain these modifications and variations of the present invention that fall in claims and the equivalent scope thereof.

Claims (14)

1. one kind is transmitted by the method for this server to the right objects RO of the first equipment issue to the second equipment via server, and the method may further comprise the steps:
Described server receives right objects from described the first equipment and moves request message, transmits described RO via described server to described the second equipment with request;
Wherein, described right objects moves request message and comprises digital signature,
Verify that described digital signature is to check what whether described RO was issued by described server;
As the response that described right objects is moved request message, described server sends right objects to described the first equipment and moves response message;
Based on the RO of described RO generation with described the second apparatus bound; And
Carry out typical 1 logical or 2 logical RO and obtain agreement to indicate the RO of the second device downloads and described the second apparatus bound.
2. method according to claim 1, wherein, described right objects moves response message and comprises that described right objects moves the treatment state of request message, receives ID, real data and the described right objects that described right objects moves the ID of the equipment of response message, described server and move the digital signature of response message as mandatory parameter.
3. method according to claim 1, wherein, the step that generates with the RO of described the second apparatus bound comprises:
Generating digital signature value;
The privacy key that utilizes the PKI of described the second equipment or share with described the second equipment before comes rights encryption key REK and MAC key are encoded; And
Generate the mac value.
4. method according to claim 1, wherein, after being successfully completed RO and obtaining agreement, the RO from described server to described the second device downloads and described the second apparatus bound, and the RO that downloads is installed at described the second equipment.
5. method according to claim 1, wherein, described RO comprises mobile license.
6. method according to claim 1, wherein, described right objects move that request message comprises be used to the ID that identifies described the first equipment, is used for identifying the ID of described server, the equipment real data selected by described the first equipment, by current DRM time of described the first recognition of devices, move the digital signature of request message as mandatory parameter about the information of described RO with for described right objects.
7. method according to claim 1, wherein, described right objects moves request message and also comprises described RO.
8. one kind is transmitted by the server of server in the equipment of the right objects RO of the first equipment issue to the second equipment, and this server comprises:
Communication module, itself and described the first equipment and described the second devices communicating; And
Copyright publishing center RI, it cooperates to carry out following steps with described communication module:
Described server receives right objects from described the first equipment and moves request message, transmits described RO via described server to described the second equipment with request;
Wherein, described right objects moves request message and comprises digital signature,
Verify that described digital signature is to check what whether described RO was issued by described server;
As the response that described right objects is moved request message, described server sends right objects to described the first equipment and moves response message;
Based on the RO of described RO generation with described the second apparatus bound; And
Carry out typical 1 logical or 2 logical RO and obtain agreement to indicate the RO of the second device downloads and described the second apparatus bound.
9. server according to claim 8, wherein, described right objects moves response message and comprises that described right objects moves the treatment state of request message, receives ID, real data and the described right objects that described right objects moves the ID of the equipment of response message, described server and move the digital signature of response message as mandatory parameter.
10. server according to claim 8, wherein, described RI also is configured to:
Generating digital signature value;
The privacy key that utilizes the PKI of described the second equipment or share with described the second equipment before comes rights encryption key REK and MAC key are encoded; And
Generate the mac value.
11. server according to claim 8, wherein, after being successfully completed RO and obtaining agreement, the RO from described server to described the second device downloads and described the second apparatus bound, and the RO that downloads is installed at described the second equipment.
12. server according to claim 8, wherein, described RO comprises mobile license.
13. server according to claim 8, wherein, described right objects move that request message comprises be used to the ID that identifies described the first equipment, is used for identifying the ID of described server, the equipment real data selected by described the first equipment, by current DRM time of described the first recognition of devices, move the digital signature of request message as mandatory parameter about the information of described RO with for described right objects.
14. server according to claim 8, wherein, described right objects moves request message and also comprises described RO.
CN201210396734.7A 2006-01-26 2007-01-25 Via server, right objects is moved to from an equipment apparatus and method of another equipment Expired - Fee Related CN103023640B (en)

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
KR1020060008575A KR20070078340A (en) 2006-01-26 2006-01-26 System and method for transfering content rights among devices
KR10-2006-0008575 2006-01-26
US78723206P 2006-03-30 2006-03-30
US60/787,232 2006-03-30
US83349306P 2006-07-27 2006-07-27
US60/833,493 2006-07-27
KR10-2006-0081343 2006-08-25
KR1020060081343A KR100830941B1 (en) 2006-03-30 2006-08-25 Method for moving rights object in digital rights management and device thereof

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN200780003696.1A Division CN101375543B (en) 2006-01-26 2007-01-25 Via server by right objects the apparatus and method from an equipment moving to another equipment

Publications (2)

Publication Number Publication Date
CN103023640A true CN103023640A (en) 2013-04-03
CN103023640B CN103023640B (en) 2016-06-29

Family

ID=43824260

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210396734.7A Expired - Fee Related CN103023640B (en) 2006-01-26 2007-01-25 Via server, right objects is moved to from an equipment apparatus and method of another equipment

Country Status (2)

Country Link
CN (1) CN103023640B (en)
BR (1) BRPI0706751A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108781222A (en) * 2016-01-29 2018-11-09 飒乐有限公司 Multiserver automation for secure cloud verification
CN109379740A (en) * 2018-10-10 2019-02-22 北京智芯微电子科技有限公司 Wireless co-operative communication safety interacting method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1554063A (en) * 2001-07-06 2004-12-08 ��˹��ŵ�� Digital rights management in a mobile communications environment
US20050008463A1 (en) * 2003-06-12 2005-01-13 Peter Stehr Order-picking storage system for picking transport units
CN1585324A (en) * 2003-08-21 2005-02-23 三星电子株式会社 Method for sharing rights objects between users
KR20050111534A (en) * 2005-04-08 2005-11-25 (주)인테고소프트 The trade intermediation system and method of digital contents right to use and memory media recoding program to operate the method
CN1728039A (en) * 2004-07-29 2006-02-01 Lg电子株式会社 Method for processing rights object in digital rights management system and method and system for processing rights object using the same

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1554063A (en) * 2001-07-06 2004-12-08 ��˹��ŵ�� Digital rights management in a mobile communications environment
US20050008463A1 (en) * 2003-06-12 2005-01-13 Peter Stehr Order-picking storage system for picking transport units
CN1585324A (en) * 2003-08-21 2005-02-23 三星电子株式会社 Method for sharing rights objects between users
CN1728039A (en) * 2004-07-29 2006-02-01 Lg电子株式会社 Method for processing rights object in digital rights management system and method and system for processing rights object using the same
KR20050111534A (en) * 2005-04-08 2005-11-25 (주)인테고소프트 The trade intermediation system and method of digital contents right to use and memory media recoding program to operate the method

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108781222A (en) * 2016-01-29 2018-11-09 飒乐有限公司 Multiserver automation for secure cloud verification
CN108781222B (en) * 2016-01-29 2019-07-09 飒乐有限公司 Multiserver automation for secure cloud verification
CN108781222B9 (en) * 2016-01-29 2019-09-06 飒乐有限公司 Multiserver automation for secure cloud verification
US11399062B2 (en) 2016-01-29 2022-07-26 Xero Limited Multiple server automation for secure cloud reconciliation
US11936730B2 (en) 2016-01-29 2024-03-19 Xero Limited Multiple server automation for secure cloud reconciliation
US11936729B2 (en) 2016-01-29 2024-03-19 Xero Limited Multiple server automation for secure cloud reconciliation
CN109379740A (en) * 2018-10-10 2019-02-22 北京智芯微电子科技有限公司 Wireless co-operative communication safety interacting method
CN109379740B (en) * 2018-10-10 2022-03-04 北京智芯微电子科技有限公司 Wireless cooperative communication safety interaction method

Also Published As

Publication number Publication date
CN103023640B (en) 2016-06-29
BRPI0706751A2 (en) 2011-04-05

Similar Documents

Publication Publication Date Title
US8671452B2 (en) Apparatus and method for moving rights object from one device to another device via server
RU2395166C2 (en) Method for provision of access to coded content of one of multiple subscriber systems, device for access provision to coded content and method for generation of protected content packets
CN101305545B (en) Method and apparatus for managing digital rights of secure removable media
JP4980592B2 (en) How to provide a rights data object
US7617158B2 (en) System and method for digital rights management of electronic content
JP4824309B2 (en) Method for monitoring digital content provided by a content provider via a network
CN101321168B (en) Right object acquisition method and system
US8656156B2 (en) Method and terminal for authenticating between DRM agents for moving RO
CN101573944A (en) Metadata broker
US20030009667A1 (en) Data terminal device that can easily obtain content data again, a program executed in such terminal device, and recording medium recorded with such program
CN101375543B (en) Via server by right objects the apparatus and method from an equipment moving to another equipment
CN104426865A (en) Method, device and system for controlling presentation of application
EP2325774A1 (en) Method and device for imposing usage constraints of digital content
CN103023640B (en) Via server, right objects is moved to from an equipment apparatus and method of another equipment
CN102812470A (en) Content Binding At First Access
KR101190946B1 (en) Method and System for Managing Digital Content Right by Using "Over The Air" Actication
JP2008027113A (en) Authentication system and authentication method
Tacken et al. Mobile DRM in pervasive networking environments
US20160142412A1 (en) Method and system for preventing information leakage based on telephone
MX2008009649A (en) Apparatus and method for moving rights object from one device to another device via server
JP2007525738A (en) Download multiple objects
JP2008123190A (en) Content distribution system, key used for the same, and content distribution method
KR20080078624A (en) Method and apparatus for managing digital rights of secure removable media

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20160629

Termination date: 20210125