CN103023640A - Apparatus and method for moving rights object from one device to another device via server - Google Patents
Apparatus and method for moving rights object from one device to another device via server Download PDFInfo
- Publication number
- CN103023640A CN103023640A CN2012103967347A CN201210396734A CN103023640A CN 103023640 A CN103023640 A CN 103023640A CN 2012103967347 A CN2012103967347 A CN 2012103967347A CN 201210396734 A CN201210396734 A CN 201210396734A CN 103023640 A CN103023640 A CN 103023640A
- Authority
- CN
- China
- Prior art keywords
- equipment
- server
- right objects
- request message
- moves
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
An apparatus and method for transferring a Rights Object (RO) for a content between devices via a server, wherein a sending device converts a first RO taken by itself to encode into a second RO, and sends an RO move request message including the second RO to the server, whereas the server converts the second RO included in the RO move request message into a third RO and transfers the third RO to a receiving device, whereby the receiving device receives the third RO from the server for installation, wherein the sending device deletes or modifies the first RO at an appropriate time point.
Description
The application be the original bill application number be 200780003696.1 application for a patent for invention (applying date: on January 25th, 2007, denomination of invention: via server with the apparatus and method of right objects from an equipment moving to another equipment) divide an application.
Technical field
The present invention relates in digital copyright management (DRM:Digital Rights Management), transmit at equipment room the method and apparatus of (movement) right objects (RO:Rights Object), specifically, relate to the method and apparatus that the RO of digital content is sent to another equipment from an equipment via server.
Background technology
Can obtain digital content by various available approach (for example, by downloading from the website of content publishing center (CI:Content Issuer) or receiving by mail (for example, Email) or arbitrary medium from other equipments).In order to use this digital content, right objects (RO) should be sent by copyright publishing center (RI:Rights Issuer).Relevant technology is called digital copyright management (DRM) therewith.
Usually, the DRM agency is mounted in software or the program in the equipment that uses these contents.Replace CI provider and RO provider, act on behalf of illegal use and the piracy that prevents digital content by DRM, and protect the copyright of these CI providers and RO provider.
Two class RO comprise stateful RO and stateless RO.Stateful RO is subject to the restriction such as access times or use duration.Here, when reappearing (broadcast) corresponding digital content, must verify and record and used how many authorities, the information that records is called state information.Therefore, usually in playing digital content, upgrade this state information.
Summary of the invention
Technical problem
Usually, in order to use specific digital content in the DRM system, the equipment user should directly have the RO by the content of RI issue.Introduced and be used for device access RI with the many methods of the RO that obtains to be sent by this RI.
Yet the equipment that also proposes authentication arrives all or part of transmission of its RO that directly issue by RI (for example, transmit, move etc.) method detailed of another equipment.
Technical scheme
Therefore, the object of the present invention is to provide for via server all or part of of the right objects (RO) of particular device being moved (transmission) to the apparatus and method of another equipment.
In order to realize purpose of the present invention, provide a kind of and between equipment, transmitted the method for RO via server, the method may further comprise the steps: by transmitting apparatus the one RO is changed, to generate the 2nd RO; Send RO from described transmitting apparatus to described server and move request message, transmit (movement) described two RO via described server to receiving equipment with request; Receive the response message that moves request message for described RO from described server; And delete a described RO or the modification state information relevant with a described RO.
In another embodiment of the present invention, provide a kind of and between equipment, transmitted the method for RO via server, the method may further comprise the steps: receive RO from transmitting apparatus and move request message; Send the response message that moves request message for described RO to described transmitting apparatus; Be converted to the 2nd RO with being included in the RO that described RO moves in the request message; And transmit the 2nd RO after the conversion to receiving equipment.
In order to realize this purpose of the present invention, a kind of transmitting apparatus that RO is sent to receiving equipment via server is provided, this transmitting apparatus comprises: digital copyright management (DRM) agency, it is to will encoding via the RO that server moves to receiving equipment, and the RO that will comprise the RO behind the described coding moves request message and sends to described server; And communication module, it communicates with described server at least.
In order to realize this purpose of the present invention, a kind of server that transmits RO between equipment is provided, this server comprises: copyright publishing center (RI), this copyright publishing center from transmitting apparatus receive comprising the RO that will move to the RO of receiving equipment move request message, send the response message that moves request message for described RO to described transmitting apparatus, change being included in the described RO that described RO moves in the request message, and send the RO after the described conversion to described receiving equipment; And communication module, it communicates with described transmitting apparatus and described receiving equipment at least.
In order to realize this purpose of the present invention, provide a kind of and between equipment, transmitted the system of RO via server, this system comprises: transmitting apparatus, its transmission have comprised that the RO of the 2nd RO moves request message, and the 2nd RO converts from a RO; Server, it will be included in the 2nd RO that described RO moves in the request message and be converted to the 3rd RO, and the 3rd RO after will changing sends to receiving equipment; And receiving equipment, it receives described the 3rd RO from described server, and described the 3rd RO is installed.
In order to realize this purpose of the present invention, provide a kind of and between equipment, transmitted the method for right objects via server, the method may further comprise the steps: sent by transmitting apparatus and comprised that the right objects of right objects identifier moves request message; By the described server inspection right objects corresponding with described right objects identifier; Receive right objects by described transmitting apparatus from described server and move response message; And by described transmitting apparatus deletion described right objects or modification with the described right objects relevant state information corresponding with described right objects identifier.
Described further comprising the steps of in the method that transmits right objects between the equipment via server: the right objects after will being checked by described server is converted to the right objects of receiving equipment; And send described receiving equipment to by the right objects of described server after with described conversion.
The step of described conversion right objects is further comprising the steps of: by the PKI of the described server of described server by utilizing or the privacy key shared with described transmitting apparatus before, come the right objects after the described inspection is decoded; The privacy key that utilizes the PKI of described receiving equipment or share with described receiving equipment before comes described decoded right objects is encoded.
Description of drawings
Fig. 1 shows according to the execution mode via server structure of the system of mobile right objects between equipment of the present invention;
Fig. 2 shows according to of the present invention via the execution mode of server from an equipment to the method for another equipment moving right objects;
Fig. 3 shows the example text of describing according to the mobile-initiated grammer of RO of the present invention;
Fig. 4 shows the parameter that RO according to the present invention moves request message;
Fig. 5 shows the example syntax that RO according to the present invention moves request message;
Fig. 6 shows and is included in the summary part that RO according to the present invention moves the redirected identifier spreading parameter in the request message;
Fig. 7 shows the structure that RO according to the present invention moves request message;
Fig. 8 shows and shows that RO according to the present invention moves the example text of the grammer of request message; And
Fig. 9 shows and shows the exemplary XML document that is included in the mobile license among the RO.
Embodiment
The present invention be implemented as so that all or part of transmission of the RO that the first equipment will be obtained by this first equipment via server or movement (hereinafter, " transmission " and " movement " is as identical meanings) to the second equipment.
When sending whole RO of the first equipment to second equipment via server, this first equipment can not re-use this RO, and the second equipment can use the RO to its transmission.On the other hand, when sending the part of the RO of the first equipment to second equipment via server, this first equipment can use all the other RO except the part RO that transmits, and the second equipment can use the part RO to its transmission.
The RO that is sent to the second equipment from the first equipment via server can be a kind of equipment right objects and the user domain right objects.
If stored the relevant information (for example, when server is when sending the RI of RO to the first equipment at first) of RO that obtains with the first equipment before the server, this first equipment and server can be identified RO each other based on the RO identifier.Here, this first equipment sends RO identifier and state information object to server, the server privacy key (secret key) that uses the PKI of the second equipment or share with the second equipment before thus, the RO corresponding with received RO identifier and state information object encoded, to send subsequently the second equipment to.
The first equipment and the second equipment can belong to same user, perhaps belong to the user who differs from one another.
This server can limit the transmission of the RO that is not allowed to.This server is the content supplier that comprises content publishing center (CI) and copyright publishing center (RI).
If the RO that transmits has mobile license, then this second equipment can send the RO that transmits to another equipment.
This first equipment will comprising the RO of the 2nd RO move request message and send to server, the 2nd RO converts from a RO who is obtained by the first equipment itself.Server sends the response message that moves request message for this RO to this first equipment.Server also will be included in the 2nd RO that RO moves in the request message and be converted to the 3rd RO, and the 3rd RO after then will changing sends this second equipment to.
In the present invention, described state information comprises the various values of the current state that respectively indication is corresponding with RO.Here, when RO comprised that any one has state restriction (for example, interval, number of times, accumulation calendar scheduling), this state information represented the value by the DRM proxy management.The state information object encoding is for the example of the state information form of the purpose that state information is sent to another equipment from an equipment.
Referring now to accompanying drawing, embodiments of the present invention are described.
Fig. 1 shows according to the execution mode via server structure of the system of mobile right objects between equipment of the present invention.As shown in Figure 1, system according to the present invention comprises: the first equipment 10, its transmission have comprised that the RO of the 2nd RO moves request message, and the 2nd RO converts from a RO; Server 40, its will be included in this RO move the 2nd RO in the request message be converted to the 3rd RO and will change after the 3rd RO send to the second equipment 20; And second equipment 20, it receives the 3rd RO to install from server 40.
When receiving this RO and move request message, server 40 sends the response message that moves request message for this RO to this first equipment.
The first equipment 10 has DRM agency 11, and the second equipment has the 2nd DRM agency 21.Server 40 can be content supplier or RI.Content supplier comprises content publishing center (CI) and copyright publishing center (RI).
The first equipment 10 also comprises at least the communication module that communicates with this server, and the second equipment 20 also comprises at least the communication module that communicates with this server.This server also comprises at least the communication module that communicates with the first equipment 10 and the second equipment 20.
The one RO represents to be distributed to by server 40 RO of the first equipment 10.
The 2nd RO represents all or part of of when via server 40 RO being moved (transmission) to the second equipment 20 RO.
The 2nd RO represents such RO, namely, this RO privacy key that to be the first equipment 10 share by the private key that utilizes the first equipment 10 or with server 40 is decoded (here, rights encryption key (REK:Rights Encryption Key) and the MAC key of a RO being decoded), with the PKI of server 40 or with the shared privacy key of server 40 a decoded RO is encoded to obtain subsequently a RO.
The 2nd RO comprise at least the PKI that utilizes server 40 or with the encode rights encryption key (REK) of (or encryption) of the privacy key that server 40 is shared.Decoded MAC key among the one RO can be included among the 2nd RO.
The 2nd RO can comprise license, restriction, digital signature value, contents encryption key (CEK:Contentsencryption key) and REK, and all these is identical with a RO's.
When a RO was stateful RO, the first equipment 10 sent to server 40 with the 2nd RO together with this state information object.
The 2nd RO comprises rights encryption key (REK) and MAC key, utilize the PKI of server 40 to come REK and MAC key are encapsulated (wrap) and coding, so that server 40 can be decoded to REK and MAC key (or deciphering), the 2nd RO also comprises the mac value of utilizing decoded MAC key among the RO or newly-generated MAC key and calculating, to allow server 40 checkings the 2nd RO.
The 3rd RO represents such RO, that is, this RO private key that is server 40 by utilizing server 40 or with the privacy key that the first equipment 10 is shared the 2nd RO is decoded, uses subsequently the PKI of the second equipment 20 or with the privacy key that the second equipment 20 is shared decoded the 2nd RO is encoded and obtain.
If the first equipment 10 has transmitted the 2nd RO and state information object, then server 40 is converted to the 3rd RO with the 2nd RO, and the 3rd RO is the state that the state information object after the 2nd RO and the transmission is merged.
After the first equipment 10 is converted to a RO whole the 2nd RO and sends the 2nd RO to server 40 subsequently, when receive when moving the response message of request message for RO the first equipment 10 deletions the one RO from server 40.
After the 2nd RO after the first equipment 10 is converted to the part of a RO the 2nd RO and will changes subsequently sends to server 40, when receiving from server 40 when moving the response message of request message for RO, the first equipment 10 is revised (renewal) state informations relevant with a RO.
In the present invention, the first execution mode and the second execution mode have illustrated respectively via server whole transmission of carrying out of RO (or mobile etc.) and the transmission the part of RO carried out via server (or mobile etc.).
Below, at first according to the first execution mode the method that RO is sent to another equipment from an equipment via server is described schematically.The first execution mode shows the whole transmission of carrying out to RO.
The first user of the first equipment 10 for example utilizes the first equipment 10(, a kind of mobile phone or mobile communication terminal) or such as other devices of PC, browse from server 40(namely, content supplier, specifically, copyright publishing center (RI) 41) particular content (for example, MP3 music file, video file etc.).Here, RI can comprise mobile license for the RO of particular content generation.
If this particular content is mp3 file, first user wishes to give the second user with this mp3 file as present.
When the RO that generates for this mp3 file as RI 41 comprised mobile license, first user was downloaded mp3 file and RO thereof.
Then, be not used or the RO that is used of part whole in order to transmit (movement), this first user access server 40 also sends the RO of this mp3 file to server 40.
The second equipment 20(of the second user for example, portable MP 3 player) be connected to the server 40 of the first equipment 10, to download mp3 file and the RO that is sent to server 40 by first user.
Therefore, this second user can play this mp3 file with the second equipment 20, plays this mp3 file and first user can't recycle the first equipment 10.
Like this, the first equipment 10 can be given the second equipment 20 with whole transmission (movement) of the own RO that obtains via server 40.
Hereinafter, second embodiment of the invention schematically to being described from the method that an equipment is sent to another equipment via the part of server with RO.The second execution mode shows the transmission that the part of RO is carried out.
First user utilizes the first equipment 10 to browse available content (that is, video) from server 40.
First user is selected concrete video, and indicates him to wish to play this concrete video ten times and share this concrete video.
First user utilizes the first equipment 10 to download this video and RO subsequently.
First user utilizes the first equipment 10 to play this video once.
If the second equipment 20 is wished the displaying video specific times, then first user utilizes the first equipment 10 to visit server 40 and transmits the part of the RO of these videos to server 40.
That is, if the second equipment 20 is wished displaying video once, then the first equipment sends the RO that is used for once broadcast from the own RO that obtains whole to server 40.
The second user is via the second equipment 20 access servers 40, downloads subsequently from the first equipment 10 and sends the video of server 40 and RO(to here, and the second user can be same or different user from first user).
Therefore, the second user can come displaying video based on the RO that is used for once playing that obtains via the second equipment 20.
Simultaneously, so the first equipment 10 has the RO of displaying video eight times.
Below, describe the first and second execution modes in detail with reference to Fig. 2.
Fig. 2 show according to first embodiment of the invention via server with the illustrative methods of right objects from an equipment moving to another equipment.Based on the signal stream shown in Fig. 2 the first execution mode is described.Mode with the difference of only paying close attention to the second execution mode and the first execution mode illustrates the second execution mode.
The one DRM agency is arranged in the first equipment 10, and the 2nd DRM agency 21 is arranged in the second equipment 20.RI 41 is arranged in the server 40.The first user of the first equipment 10 can be same user or different user with the second user of the second equipment 20.In addition, RO to be transmitted can be equipment RO or user domain RO.
For the purpose of explanation, the RO that the first equipment 10 obtains is called a RO, be called the 2nd RO from the RO that the first equipment 10 sends server 40 to, and will be called the 3rd RO from the RO that server 40 sends the second equipment 20 to.
Below, describe to the 2nd DRM agency 21 situation all or part of transmission (movement) of a RO to DRM agency 11.
When hope is sent to RO another DRM and acts on behalf of from DRM agency (, when transmitting RO via RI), this RO should have the digital signature that is generated by this RI.Therefore, when request mobile (transmission) was changed the 2nd next RO from a RO, digital signature can provide integrity function and the non-property denied (non-repudiation) function for RI 41, checked oneself whether to have sent this RO to allow RI 41.
At first, DRM agency 11 first user is browsed RI entrance (portal), and selects RO is moved (transmission) to another DRM agency's Information Mobile Service.First user is with backward RI 41 request services, and this service is used for sending an own RO who obtains to the 2nd DRM agency.
If DRM agency 11 has known the identifier of target DRM agency (for example, the 2nd DRM agency 21), execution in step S10 not then.The 2nd DRM agency's identifier represents the ID of the second equipment.
When receiving user's initiation or ROAP triggering, DRM agency 11 generates shielded RO(namely, the 2nd RO), to send RI 41 to.
That is, the privacy key that DRM agency 11 uses the private key of the first equipment or shares with RI 41 before comes RO(that RI 41 is sent namely, DRM agency 11 RO(that obtain namely, a RO)) decode.Here, rights encryption key (REK) and the MAC key of a RO are decoded.
The one DRM agency 11 generates another shielded RO(namely, the 2nd RO).This another shielded RO also can comprise contents encryption key (CEK), license, restriction and digital signature; all these be included in RO(that the first equipment 10 obtains namely, a RO) in contents encryption key (CEK), license, limit identical with digital signature.
When generating shielded RO(namely, the 2nd RO) time, the privacy key that DRM agency 11 utilizes the PKI of RI 41 or shares with RI 41 before comes REK and MAC key are encoded, and reads REK and MAC key to allow RI 41.The one DRM agency 11 also generates the mac value that will be used for the integrity verification of the 2nd RO, to allow the integrality of RI 41 checkings the 2nd RO.
Suppose that a RO is stateful RO, if a RO intactly or is partly transmitted, then DRM agency 11 is according to the state information generation state information object (S12) of managing.
Generating shielded RO(namely; the 2nd RO) afterwards; the one DRM agency 11 generates RO and (for example moves request message; the ROAP-RO request of moving); and this message sent to RI 41(S14), this RO moves request message and has comprised RO, state information object (if RO is stateful RO) and the identifier of the second equipment and the digital signature of this message that generates.The identifier of this second equipment can be not included in this RO and move in the request message.First user can be specified the identifier of the second equipment after a while in the RI porch.This RO moves request message and represents for request RO to be transmitted (movement) to another DRM agency's message, is described in detail after a while.
Using the ROAP that sends from DRM agency 11 (for example to ask; the ROAP-RO request of moving) digital signature in the message has successfully been finished and has been comprised after the authentication of recalling (revocation) status checkout; RI 41 generate with the shielded RO(of the 2nd DRM agent binding namely, the 3rd RO) (S16).
That is, the received RO(of RI 41 checking namely, the 2nd RO), and utilize the private key (or privacy key of sharing before) of RI 41 that received RO is decoded, with generate with the RO(of the second equipment 20 bindings namely, the 3rd RO).
When generating the 3rd RO(namely, RO with the 2nd DRM agent binding) time, if receive the state information object, then RI 41 should make up received state information object and restricted information, and should make amendment to the limits value that is included in from the 2nd RO that the first equipment (transmitting apparatus) 10 receives.
In addition, if be included among the 2nd RO that receives<move〉element has the number of times restriction, then RI 41 should will have this<move〉element<count〉the value minimizing 1 of element.
To be included in the 2nd RO that receives<rights after limits value in the element made amendment, RI 41 generated for<rights the digital signature value of element.
Subsequently, RI 41 moves request message (for example, the ROAP-ro request of moving) in response to RO and RO is moved response message (for example, ROAP-ro-moves response) sends to a DRM and act on behalf of 11(S18).RO moves response message and represents whether RI 41 confirms that the 2nd RO that transmits will successfully be transmitted.To explain after a while RO and move response message.
In the first embodiment (namely, be used for intactly transmitting RO), identify successfully send RO to RI 41 after, receive the corresponding RO(of DRM agency 11 deletions that RO moves response message namely, the one RO) (S20), and in the second execution mode, (that is, be used for partly transmitting RO) and revise with corresponding RO(namely, a RO) relevant state information.
On the other hand, RI 41 execution typical 1 logical (1-pass) or 2 logical (2-pass) RO obtain agreement (S22, S24 and S26).In the situation of 2 logical RO, RI 41 sends ROAP to the 2nd DRM agency 21 and triggers, and downloads 11 RO that transmitted from DRM agency to indicate the 2nd DRM agency 21.
The 2nd DRM agency 21 downloads the RO that is sent to RI 41 by DRM agency 11 first user successfully finishing and obtaining after the protocol procedures that RI 41 carries out.Therefore, the 2nd DRM agency 21 installs the RO(S28 that downloads).
To describe now that the RO that proposes in the present invention moves triggering, RO moves request message and RO moves response message in detail.
Below, illustrate that at first RO moves triggering.
This RO moves and triggers expression sends to transmitting apparatus from RI when transmitting apparatus wishes via RI RO to be transmitted (movement) to receiving equipment ROAP triggering.It can be the expansion that DRM ROAP triggers that RO moves triggering.
Shown in the step S10 among Fig. 2, RO is moved triggering send to DRM agency 11 from RI 41, transmit RO to indicate DRM agency 11 beginnings to RI 41.
Fig. 3 shows explanation according to the example text of the mobile-initiated grammer of RO of the present invention.Underscore among Fig. 3 has partly specifically illustrated the text expansion.
Comprised<roapTrigger when DRM agency 11 receives when the ROAP of element (it has<roMove〉element) triggered, DRM agency 11 should obtain the license of first user and start ROAP-RO and move request protocol.If DRM agency received RO move do not have in the triggering appointment<riID RI context (Context), then DRM agency 11 should use at RO and move in the triggering<roapURL〉unit usually starts ROAP-device call registration protocol (hello registration protocol).
When first user was selected one or more RO to be transmitted, RI 41 can move at RO and specify (a plurality of)<roID in the triggering〉element.
Move by RO trigger receive by RI 41 appointments<roID after the element, the one DRM agency 11 should be with RO to be transmitted or the identifier of roID(RO) comprise that (interpolation) move in the request message (that is, the ROAP-ro request of moving) at ROAP-RO.
Specified target device if wish the first user that its RO is sent to another equipment, then RI 41 should arrange<roap Trigger〉in the element<targetDevice ID〉element.Therefore, being included in RO moves in the triggering<roapTrigger〉element can have<targetDevice ID〉element.<targetDevice ID〉element can comprise the ID value of the equipment (that is, target device) that RO will be sent to.
Below explanation RO moves request message.
RO is moved request message (that is, ROAP-RO moves request message) send to RI 41 from transmitting apparatus, to start mobility protocol by RI.This message represents via RI RO to be sent to target DRM agency.With reference to Fig. 2, at step S14 RO is moved request message and send to RI 41 from DRM agency 11.
Fig. 4 shows the parameter that RO according to the present invention moves request message.In Fig. 4, M represents essential composition, and o is optional member.
Device id represents requesting service (that is, transmitting apparatus).RI ID represents server (that is, RI) ID.
Triggering real data (trigger nonce) and the RO that receives from RI 41, to move the real data value that comprises the triggering identical.When the triggering real data parameter of having specified (definition), the ID(that RI 41 can preserve first user target device of appointment during browsing namely, the ID of the second equipment).In this case, can move appointment (definition) target device ID parameter in the request message at RO.
The selected real data of equipment real data (device nonce) expression transmitting apparatus (that is, the first equipment).
Request time represents the current DRM time that transmitting apparatus identifies.
Have<targetDevice ID if the RO that receives from RI moves to trigger, then should the intended target device id.Target device ID value should move in the triggering with this RO<targetDevice ID〉element is identical.If there is not intended target device id parameter, then first user should be at RI porch intended target equipment.
(a plurality of) ROInfo Parametric Representation will move one or more RO of (transmission).It can comprise one or more ROID and state information object pair, or comprises one or more shielded RO and state information object.
The content of shielded RO should with the content of the RO that receives from RI at first except being included in<protected RO in the element<ro element<encKey element and be included in<protected RO in the element<mac content the element is identical.
<encKey〉element have through the encapsulation rights encryption key (REK) and MAC key.Should be come these two keys are encoded by the PKI of the first equipment utilization RI or the privacy key of sharing with RI before, mutually be shared in the authentication processing before this PKI.
<mac〉element comprises<protected RO〉the mac value of element.Should utilize<encKey MAC key in the element or utilize newly-generated MAC key to calculate this mac value, and it is appended to<mac in the element.
When RO was stateful RO, the parameter of (a plurality of) state information object should be included in RO and move in the request message.The Parametric Representation of described (a plurality of) state information object is acted on behalf of the state information of managing by a DRM of the first equipment.
When intactly transmitting (movement) concrete RO, according to generating the state information object with the whole corresponding state information of concrete RO.On the contrary, when partly transmitting concrete RO, generate the state information object according to the state information corresponding with the part of this concrete RO.
If the RI context does not represent RI and has preserved its desired device certificate information, then moves request message at RO and comprise the certificate chain parameter.
Spreading parameter can comprise that being redirected identifier expands.When having redirected identifier expansion in the spreading parameter field, spreading parameter indicates to receive the ID of the receiving equipment (for example, the second equipment) of shielded RO.ID can be by the telephone number of cellular carrier for each apparatus settings.Do not exist if be redirected the identifier expansion, then this impliedly represents that to RO the first equipment submits untapped RO(to here to the new RO with equal value or less value, and untapped RO is corresponding with shielded RO parameter).Namely; be not redirected the identifier expansion if in RO moves the spreading parameter field of request message, do not exist; then receive RI that RO moves request message identify be included in RO move in the request message RO(namely, the RO corresponding with shielded RO field) to be issued by being converted into another RO.
Signature Parametric Representation RO moves the digital signature of request message.
Fig. 5 shows the example syntax that RO according to the present invention moves request message.In Fig. 5,<roMoveRequest〉element definition ROAP-RO move request message, and have " the roap:ROMove Request " of complex data type." roap:ROMove Request " Extended-type basic " roap:Request type " function.
Fig. 6 shows and is included in the summary part that RO according to the present invention moves the redirected identifier spreading parameter in the request message.
Below explanation RO moves response message.
Move request message (that is, the ROAP-RO request of moving) in response to RO, RO is moved response message (that is, ROAP-RO moves response) send to transmitting apparatus from RI, that is, send to DRM agency's message among the step S18 in Fig. 2 from RI 41.RO moves response message and represents the RI RO that whether confirms successfully to have transmitted (transmission).
Fig. 7 shows the example syntax that RO according to the present invention moves request message.
The RO that state (status) Parametric Representation is undertaken by RI moves the treatment state of request message.If process successfully, then the state parameter value is " success ".Otherwise RI selects a status message that expression is wrong.
The device id Parametric Representation receives the ID that RO moves the equipment of response message.This parameter has and is included in RO and moves the identical value of device id parameter value (that is, the device id parameter value of Fig. 4) in the request message.
RI ID Parametric Representation sends the ID that RO moves the RI of response message.RI real data parameter has the selected real data by this RI.
The ROURI Parametric Representation is used for obtaining the address (for example, HTTP URL) of the RO that binds with target device.Equipment can pass to target device with RO URI, downloads this RO to allow this target device.
Defined spreading parameter for RO moves response message, but here do not used.
Signature Parametric Representation RO moves the digital signature of response message.
Fig. 8 shows and shows that RO according to the present invention moves the example text of the grammer of request message.
<roMoveResponse〉element definition ROAP-RO move response message.
<roMoveResponse〉element has " roap:ROMoveResponse " complex data type.This complex data type has been expanded substantially " roap:Response " type.
Below, the digital signature that is included among the RO that is sent by RI is described.
When hope was sent to RO another DRM and acts on behalf of from DRM agency, no matter RO was transmitted via RI or directly is transmitted, and RI sends the RO with digital signature.When the RO request of moving was processed, this digital signature can provide the non-sexual function of denying for RI, so that RI checks what whether this RO himself sent.
With reference to Fig. 2, when the first equipment 10 receives the RO that is sent by RI 41 and it is installed, if at<rights〉defined in the element " move(moves) " license, then a DRM of the first equipment 10 agency 11 should preserve<signature〉value of element is (here, if RO has comprised mobile license, then by RI generation<signature〉value of element).The one DRM agency 11 should create be included at first the RO that is sent by RI 41 in<rights element is identical<rights element.
In addition, DRM agency 11 should preserve REK and the MAC key that is included in the RO that sends at first.
Fig. 9 shows the exemplary XML document that shows " movement " license that is included among the RO.
Be positioned at<Move element below<type〉element can have (a plurality of) value of " via RI " and/or " directly transmitting ".If<type〉value of element is " via RI ", then DRM agency 11 can come mobile RO via RI 41.If<type〉value of element is " directly transmitting ", then DRM agency 11 can directly move to RO another DRM agency (not considering directly to transmit the detailed description of RO here, among the present invention).
<constraint〉under the element<count〉element representation transmits the number of times of RO.
If<count〉value of element is " 0 ", then DRM agency 11 should not move request message to the RO that RI 41 sends for this RO.
Can being applied in equally DRM agency 11 when the 2nd DRM of the second equipment 20 agency 21 installs received RO, this RO of RO(to be transmitted is installed is the RO that is sent by RI 41 at first) time performed processing operation.
In another embodiment of the present invention, will the method that transmit right objects via server between equipment be described.In another embodiment, transmitting apparatus sends RO identifier rather than RO itself to server, and RO moves with request.That is, this another execution mode and above-mentioned the first and second execution mode differences are that transmitting apparatus sends RO identifier rather than RO to server.
See figures.1.and.2, to via server 40(namely, RI 41) situation that the RO of the first equipment 10 is sent to the second equipment 20 describes.
If RI 41 has preserved the RO of the first equipment 10, then the first equipment 10 and RI 41 can identify this RO based on the RO identifier.
The first equipment 10 will comprise that the RO of the RO identifier that is used for identification RO moves request message and sends to RI41, send its RO to second equipment 20 to ask RI 41.Here, RO moves (a plurality of) shielded RO parameter that request message can not comprise the essential composition of conduct shown in Fig. 4, and comprises that the RO identifier is as essential composition.
When RO is encoded, if decoded RO has mobile number of times restriction, then RI 41 will transmit number of times minimizing 1.The privacy key that RI 41 also utilizes the PKI of the second equipment 20 or shares with the second equipment 20 is before encoded to the REK and the MAC key that are included among the decoded RO.RI 41 generates the mac value by calculating MAC key or newly-generated MAC key.
If RO is stateful RO, then RI 41 can encode to the state information object.
Like this, after generating the RO will be moved to the second equipment 20 or during generation RO, RI 41 moves request message in response to RO, and response message (for example, RO moves response message) is sent to the first equipment 10.If this response message represents to guarantee the successful transmission of RO, then the first equipment 10 is deleted RO for the situation that has transmitted complete RO, and makes amendment for the situation that the has transmitted a part of RO pair state information relevant with this RO.
Ro after RI 41 will encode and state information object (in the situation of stateful RO) send the second equipment 20 to.The second equipment 20 correspondingly receives this RO, to install.
As described in up to the present, the invention provides all or part of transmission (movement) of the RO that particular device is obtained via server to the method for another equipment, can will be sent to another equipment by the RO for certain content that this server sends via server.
According to only describing the present invention as schematic execution mode.Clearly, those skilled in the art can modifications and variations of the present invention are in the situation that does not break away from the spirit or scope of the present invention.Therefore, the present invention is intended to contain these modifications and variations of the present invention that fall in claims and the equivalent scope thereof.
Claims (14)
1. one kind is transmitted by the method for this server to the right objects RO of the first equipment issue to the second equipment via server, and the method may further comprise the steps:
Described server receives right objects from described the first equipment and moves request message, transmits described RO via described server to described the second equipment with request;
Wherein, described right objects moves request message and comprises digital signature,
Verify that described digital signature is to check what whether described RO was issued by described server;
As the response that described right objects is moved request message, described server sends right objects to described the first equipment and moves response message;
Based on the RO of described RO generation with described the second apparatus bound; And
Carry out typical 1 logical or 2 logical RO and obtain agreement to indicate the RO of the second device downloads and described the second apparatus bound.
2. method according to claim 1, wherein, described right objects moves response message and comprises that described right objects moves the treatment state of request message, receives ID, real data and the described right objects that described right objects moves the ID of the equipment of response message, described server and move the digital signature of response message as mandatory parameter.
3. method according to claim 1, wherein, the step that generates with the RO of described the second apparatus bound comprises:
Generating digital signature value;
The privacy key that utilizes the PKI of described the second equipment or share with described the second equipment before comes rights encryption key REK and MAC key are encoded; And
Generate the mac value.
4. method according to claim 1, wherein, after being successfully completed RO and obtaining agreement, the RO from described server to described the second device downloads and described the second apparatus bound, and the RO that downloads is installed at described the second equipment.
5. method according to claim 1, wherein, described RO comprises mobile license.
6. method according to claim 1, wherein, described right objects move that request message comprises be used to the ID that identifies described the first equipment, is used for identifying the ID of described server, the equipment real data selected by described the first equipment, by current DRM time of described the first recognition of devices, move the digital signature of request message as mandatory parameter about the information of described RO with for described right objects.
7. method according to claim 1, wherein, described right objects moves request message and also comprises described RO.
8. one kind is transmitted by the server of server in the equipment of the right objects RO of the first equipment issue to the second equipment, and this server comprises:
Communication module, itself and described the first equipment and described the second devices communicating; And
Copyright publishing center RI, it cooperates to carry out following steps with described communication module:
Described server receives right objects from described the first equipment and moves request message, transmits described RO via described server to described the second equipment with request;
Wherein, described right objects moves request message and comprises digital signature,
Verify that described digital signature is to check what whether described RO was issued by described server;
As the response that described right objects is moved request message, described server sends right objects to described the first equipment and moves response message;
Based on the RO of described RO generation with described the second apparatus bound; And
Carry out typical 1 logical or 2 logical RO and obtain agreement to indicate the RO of the second device downloads and described the second apparatus bound.
9. server according to claim 8, wherein, described right objects moves response message and comprises that described right objects moves the treatment state of request message, receives ID, real data and the described right objects that described right objects moves the ID of the equipment of response message, described server and move the digital signature of response message as mandatory parameter.
10. server according to claim 8, wherein, described RI also is configured to:
Generating digital signature value;
The privacy key that utilizes the PKI of described the second equipment or share with described the second equipment before comes rights encryption key REK and MAC key are encoded; And
Generate the mac value.
11. server according to claim 8, wherein, after being successfully completed RO and obtaining agreement, the RO from described server to described the second device downloads and described the second apparatus bound, and the RO that downloads is installed at described the second equipment.
12. server according to claim 8, wherein, described RO comprises mobile license.
13. server according to claim 8, wherein, described right objects move that request message comprises be used to the ID that identifies described the first equipment, is used for identifying the ID of described server, the equipment real data selected by described the first equipment, by current DRM time of described the first recognition of devices, move the digital signature of request message as mandatory parameter about the information of described RO with for described right objects.
14. server according to claim 8, wherein, described right objects moves request message and also comprises described RO.
Applications Claiming Priority (8)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020060008575A KR20070078340A (en) | 2006-01-26 | 2006-01-26 | System and method for transfering content rights among devices |
KR10-2006-0008575 | 2006-01-26 | ||
US78723206P | 2006-03-30 | 2006-03-30 | |
US60/787,232 | 2006-03-30 | ||
US83349306P | 2006-07-27 | 2006-07-27 | |
US60/833,493 | 2006-07-27 | ||
KR10-2006-0081343 | 2006-08-25 | ||
KR1020060081343A KR100830941B1 (en) | 2006-03-30 | 2006-08-25 | Method for moving rights object in digital rights management and device thereof |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200780003696.1A Division CN101375543B (en) | 2006-01-26 | 2007-01-25 | Via server by right objects the apparatus and method from an equipment moving to another equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103023640A true CN103023640A (en) | 2013-04-03 |
CN103023640B CN103023640B (en) | 2016-06-29 |
Family
ID=43824260
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210396734.7A Expired - Fee Related CN103023640B (en) | 2006-01-26 | 2007-01-25 | Via server, right objects is moved to from an equipment apparatus and method of another equipment |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN103023640B (en) |
BR (1) | BRPI0706751A2 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108781222A (en) * | 2016-01-29 | 2018-11-09 | 飒乐有限公司 | Multiserver automation for secure cloud verification |
CN109379740A (en) * | 2018-10-10 | 2019-02-22 | 北京智芯微电子科技有限公司 | Wireless co-operative communication safety interacting method |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1554063A (en) * | 2001-07-06 | 2004-12-08 | ��˹��ŵ�� | Digital rights management in a mobile communications environment |
US20050008463A1 (en) * | 2003-06-12 | 2005-01-13 | Peter Stehr | Order-picking storage system for picking transport units |
CN1585324A (en) * | 2003-08-21 | 2005-02-23 | 三星电子株式会社 | Method for sharing rights objects between users |
KR20050111534A (en) * | 2005-04-08 | 2005-11-25 | (주)인테고소프트 | The trade intermediation system and method of digital contents right to use and memory media recoding program to operate the method |
CN1728039A (en) * | 2004-07-29 | 2006-02-01 | Lg电子株式会社 | Method for processing rights object in digital rights management system and method and system for processing rights object using the same |
-
2007
- 2007-01-25 CN CN201210396734.7A patent/CN103023640B/en not_active Expired - Fee Related
- 2007-01-25 BR BRPI0706751-8A patent/BRPI0706751A2/en not_active IP Right Cessation
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1554063A (en) * | 2001-07-06 | 2004-12-08 | ��˹��ŵ�� | Digital rights management in a mobile communications environment |
US20050008463A1 (en) * | 2003-06-12 | 2005-01-13 | Peter Stehr | Order-picking storage system for picking transport units |
CN1585324A (en) * | 2003-08-21 | 2005-02-23 | 三星电子株式会社 | Method for sharing rights objects between users |
CN1728039A (en) * | 2004-07-29 | 2006-02-01 | Lg电子株式会社 | Method for processing rights object in digital rights management system and method and system for processing rights object using the same |
KR20050111534A (en) * | 2005-04-08 | 2005-11-25 | (주)인테고소프트 | The trade intermediation system and method of digital contents right to use and memory media recoding program to operate the method |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108781222A (en) * | 2016-01-29 | 2018-11-09 | 飒乐有限公司 | Multiserver automation for secure cloud verification |
CN108781222B (en) * | 2016-01-29 | 2019-07-09 | 飒乐有限公司 | Multiserver automation for secure cloud verification |
CN108781222B9 (en) * | 2016-01-29 | 2019-09-06 | 飒乐有限公司 | Multiserver automation for secure cloud verification |
US11399062B2 (en) | 2016-01-29 | 2022-07-26 | Xero Limited | Multiple server automation for secure cloud reconciliation |
US11936730B2 (en) | 2016-01-29 | 2024-03-19 | Xero Limited | Multiple server automation for secure cloud reconciliation |
US11936729B2 (en) | 2016-01-29 | 2024-03-19 | Xero Limited | Multiple server automation for secure cloud reconciliation |
CN109379740A (en) * | 2018-10-10 | 2019-02-22 | 北京智芯微电子科技有限公司 | Wireless co-operative communication safety interacting method |
CN109379740B (en) * | 2018-10-10 | 2022-03-04 | 北京智芯微电子科技有限公司 | Wireless cooperative communication safety interaction method |
Also Published As
Publication number | Publication date |
---|---|
CN103023640B (en) | 2016-06-29 |
BRPI0706751A2 (en) | 2011-04-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8671452B2 (en) | Apparatus and method for moving rights object from one device to another device via server | |
RU2395166C2 (en) | Method for provision of access to coded content of one of multiple subscriber systems, device for access provision to coded content and method for generation of protected content packets | |
CN101305545B (en) | Method and apparatus for managing digital rights of secure removable media | |
JP4980592B2 (en) | How to provide a rights data object | |
US7617158B2 (en) | System and method for digital rights management of electronic content | |
JP4824309B2 (en) | Method for monitoring digital content provided by a content provider via a network | |
CN101321168B (en) | Right object acquisition method and system | |
US8656156B2 (en) | Method and terminal for authenticating between DRM agents for moving RO | |
CN101573944A (en) | Metadata broker | |
US20030009667A1 (en) | Data terminal device that can easily obtain content data again, a program executed in such terminal device, and recording medium recorded with such program | |
CN101375543B (en) | Via server by right objects the apparatus and method from an equipment moving to another equipment | |
CN104426865A (en) | Method, device and system for controlling presentation of application | |
EP2325774A1 (en) | Method and device for imposing usage constraints of digital content | |
CN103023640B (en) | Via server, right objects is moved to from an equipment apparatus and method of another equipment | |
CN102812470A (en) | Content Binding At First Access | |
KR101190946B1 (en) | Method and System for Managing Digital Content Right by Using "Over The Air" Actication | |
JP2008027113A (en) | Authentication system and authentication method | |
Tacken et al. | Mobile DRM in pervasive networking environments | |
US20160142412A1 (en) | Method and system for preventing information leakage based on telephone | |
MX2008009649A (en) | Apparatus and method for moving rights object from one device to another device via server | |
JP2007525738A (en) | Download multiple objects | |
JP2008123190A (en) | Content distribution system, key used for the same, and content distribution method | |
KR20080078624A (en) | Method and apparatus for managing digital rights of secure removable media |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160629 Termination date: 20210125 |