CN103023640B - Via server, right objects is moved to from an equipment apparatus and method of another equipment - Google Patents
Via server, right objects is moved to from an equipment apparatus and method of another equipment Download PDFInfo
- Publication number
- CN103023640B CN103023640B CN201210396734.7A CN201210396734A CN103023640B CN 103023640 B CN103023640 B CN 103023640B CN 201210396734 A CN201210396734 A CN 201210396734A CN 103023640 B CN103023640 B CN 103023640B
- Authority
- CN
- China
- Prior art keywords
- equipment
- server
- right objects
- request message
- moves
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
Abstract
A kind of apparatus and method forwarding right objects (RO) via server between devices, wherein, the RO that oneself is obtained by transmission equipment is encoded, to be converted to the 2nd RO, and the RO which includes the 2nd RO moved request message be sent to server, thus, server is included within RO the 2nd RO moved in request message and is converted to the 3rd RO, and the 3rd RO changed is transmitted to reception equipment, the equipment that thus receives receives the 3rd RO from server, to install, wherein, the equipment that sends was deleted or amendment the oneth RO in the suitable moment.
Description
The application is original bill application number be 200780003696.1 the divisional application of application for a patent for invention (applying date: on January 25th, 2007, denomination of invention: via server, right objects is moved to from an equipment apparatus and method of another equipment).
Technical field
The present invention relates to the method and apparatus in equipment room transmission (movement) right objects (RO:RightsObject) in digital copyright management (DRM:DigitalRightsManagement), specifically, relate to the RO of the digital content method and apparatus being sent to another equipment from an equipment via server.
Background technology
Digital content can be obtained by various available approach (such as, by downloading from the website of content publishing center (CI:ContentIssuer) or being received by mail (such as, Email) or arbitrary medium from other equipments).In order to use this digital content, right objects (RO) should be sent by copyright publishing center (RI:RightsIssuer).Technology related to this is called digital copyright management (DRM).
Generally, DRM agent is mounted in the software in the equipment using these contents or program.Replace CI provider and RO provider, DRM agent prevent from the illegal of digital content is used and pirate, and protect the copyright of these CI providers and RO provider.
Two class RO include the RO and stateless RO of state.The RO having state is limited to the restriction of such as access times or use duration.Here, when reappearing (broadcasting) digital content accordingly, it is necessary to verifying and also record to be used for how many authorities, the information recorded is called status information.Therefore, while playing digital content, this status information is generally updated.
Summary of the invention
Technical problem
Generally, in order to use specific digital content in the drm system, equipment user should directly have the RO of the content issued by RI.Have been introduced into accessing RI to obtain many methods of the RO sent by this RI for equipment.
But, but without the equipment method detailed by all or part of transmission (such as, transmit, move) of its RO directly issued by RI to another equipment proposing certification.
Technical scheme
Therefore, it is an object of the invention to provide for all or part of of the right objects (RO) of particular device being moved (transmission) apparatus and method to another equipment via server.
In order to realize the purpose of the present invention, it is provided that a kind of method transmitting RO via server between devices, the method comprises the following steps: by transmission equipment, the oneth RO is changed, to generate the 2nd RO;Send RO from described transmission equipment to described server and move request message, with request via described server to receiving equipment transmission (movement) described 2nd RO;The response message moving request message for described RO is received from described server;And delete a described RO or amendment and described relevant for a RO status information.
In another embodiment of the present invention, it is provided that a kind of method transmitting RO via server between devices, the method comprises the following steps: receives RO from transmission equipment and moves request message;The response message moving request message for described RO is sent to described transmission equipment;It is included within the described RO RO moved in request message and is converted to the 2nd RO;And the 2nd RO after transmitting conversion to the equipment of reception.
In order to realize this purpose of the present invention, provide a kind of transmission equipment that via server, RO is sent to reception equipment, this transmission equipment includes: digital copyright management (DRM) is acted on behalf of, it is encoded moving to the RO of reception equipment via server, and the RO of the RO after including described coding is moved request message is sent to described server;And communication module, it at least communicates with described server.
In order to realize this purpose of the present invention, provide a kind of server transmitting RO between devices, this server includes: copyright publishing center (RI), this copyright publishing center which includes, from the reception of transmission equipment, the RO moving the RO to the equipment of reception and moves request message, the response message moving request message for described RO is sent to described transmission equipment, to including changing at the described RO described RO moved in request message, and send the RO after described conversion to described reception equipment;And communication module, it at least communicates with described transmission equipment and described reception equipment.
In order to realize this purpose of the present invention, it is provided that a kind of system transmitting RO via server between devices, this system includes: send equipment, and it sends the RO including the 2nd RO and moves request message, and the 2nd RO converts from a RO;Server, it is included within described RO the 2nd RO moved in request message and is converted to the 3rd RO, and the 3rd RO after conversion is sent to reception equipment;And reception equipment, it receives described 3rd RO from described server, and installs described 3rd RO.
In order to realize this purpose of the present invention, it is provided that a kind of method transmitting right objects via server between devices, the method comprises the following steps: is sent, by transmission equipment, the right objects including right objects identifier and moves request message;The right objects corresponding with described right objects identifier by described server inspection;Received right objects by described transmission equipment from described server and move response message;And deleted the described right objects corresponding to described right objects identifier by described transmission equipment or revise and the relevant status information of described right objects.
Described to transmit the method for right objects between devices via server further comprising the steps of: the right objects after checking is converted to the right objects of reception equipment by described server;And by described server to the right objects after described conversion sent described reception equipment.
The step of described conversion right objects is further comprising the steps of: described in described server by utilizing server PKI or before with the privacy key of described transmission collaborative share, the right objects after described inspection is decoded;Utilize described reception equipment PKI or before with the privacy key of described reception collaborative share, described decoded right objects is encoded.
Accompanying drawing explanation
Fig. 1 illustrates the embodiment of the structure of the system moving right objects via server between devices according to the present invention;
Fig. 2 illustrates the embodiment of the method moving right objects via server from an equipment to another equipment according to the present invention;
Fig. 3 illustrates the example text describing the mobile-initiated grammer of RO according to the present invention;
Fig. 4 illustrates that the RO according to the present invention moves the parameter of request message;
Fig. 5 illustrates that the RO according to the present invention moves the example syntax of request message;
Fig. 6 illustrates the general section redirecting identifier spreading parameter included in move request message according to the RO of the present invention;
Fig. 7 illustrates that the RO according to the present invention moves the structure of request message;
Fig. 8 illustrates that the RO shown according to the present invention moves the example text of the grammer of request message;And
Fig. 9 illustrates the exemplary XML document showing to include the mobile license in RO.
Detailed description of the invention
The present invention is implemented as and is transmitted all or part of of the RO that obtained by this first equipment via server so that the first equipment or mobile (hereinafter, " transmission " and " movement " is as identical meanings) is to the second equipment.
When sending whole RO of the first equipment to second equipment via server, this first equipment can not re-use this RO, and the second equipment can use the RO to its transmission.On the other hand, when sending a part of the RO of the first equipment to second equipment via server, this first equipment can use all the other RO except the part RO transmitted, and the second equipment can use the part RO to its transmission.
The RO being sent to the second equipment from the first equipment via server can be the one equipment right objects and user domain right objects.
If storing the information (such as, when server be the initial RI that to first equipment send RO) relevant to the RO that the first equipment obtains before server, this first equipment and server can identify RO each other based on RO identifier.Here, this first equipment sends RO identifier and state information object to server, thus server use the second equipment PKI or before with the privacy key (secretkey) of the second collaborative share, the RO corresponding with received RO identifier and state information object is encoded, to be then passed on the second equipment.
First equipment and the second equipment may belong to same user, or belong to user different from each other.
The transmission of the RO being not allowed to can be limited by this server.This server is the content supplier including content publishing center (CI) and copyright publishing center (RI).
If the RO transmitted has mobile license, then this second equipment can send the RO transmitted to another equipment.
The RO which includes the 2nd RO is moved request message and is sent to server by this first equipment, and the 2nd RO converts from the RO obtained by the first equipment itself.Server sends the response message moving request message for this RO to this first equipment.Server is also included within RO the 2nd RO moved in request message and is converted to the 3rd RO, then sends the 3rd RO after conversion to this second equipment.
In the present invention, described status information includes the various values that indicate respectively the current state corresponding with RO.Here, when RO include any one have state limit (such as, interval, number of times, accumulation calendar scheduling) time, this status information represents the value managed by DRM agent.State information object represents the example of the status information form of the purpose for status information is sent to another equipment from an equipment.
Referring now to accompanying drawing, embodiments of the present invention are described.
Fig. 1 illustrates the embodiment of the structure of the system moving right objects via server between devices according to the present invention.As it is shown in figure 1, the system according to the present invention includes: the first equipment 10, it sends the RO including the 2nd RO and moves request message, and the 2nd RO converts from a RO;Server 40, its be included within this RO move request message in the 2nd RO be converted to the 3rd RO and by conversion after the 3rd RO be sent to the second equipment 20;And second equipment 20, it receives the 3rd RO to install from server 40.
When receiving this RO and moving request message, server 40 sends the response message moving request message for this RO to this first equipment.
First equipment 10 has the first DRM agent 11, and the second equipment has the second DRM agent 21.Server 40 can be content supplier or RI.Content supplier includes content publishing center (CI) and copyright publishing center (RI).
First equipment 10 also includes the communication module at least communicated with this server, and the second equipment 20 also includes the communication module that at least communicates with this server.This server also includes the communication module at least communicated with the first equipment 10 and the second equipment 20.
Oneth RO represents the RO being distributed to the first equipment 10 by server 40.
2nd RO represents all or part of of when a RO being moved (transmission) to the second equipment 20 via server 40 RO.
2nd RO represents such RO, namely, this RO is that a RO is decoded (here, rights encryption key (REK:RightsEncryptionKey) and MAC key to a RO are decoded) by the private key or the privacy key shared with server 40 utilizing the first equipment 10, uses the PKI of server 40 or the privacy key shared with server 40 to be encoded obtaining to a decoded RO subsequently by the first equipment 10.
PKI that 2nd RO at least includes utilizing server 40 or the privacy key shared with server 40 are encoded the rights encryption key (REK) of (or encryption).MAC key decoded in oneth RO can be included in the 2nd RO.
2nd RO can include license, restriction, digital signature value, contents encryption key (CEK:Contentsencryptionkey) and REK, and all these is identical with a RO's.
When a RO is the RO having state, the 2nd RO is sent jointly to server 40 together with this state information object by the first equipment 10.
2nd RO includes rights encryption key (REK) and MAC key, REK and MAC key is packaged (wrap) and coding by the PKI utilizing server 40, make server 40 that REK and MAC key can be decoded (or deciphering), 2nd RO also includes utilizing decoded MAC key in a RO or newly-generated MAC key and the mac value that calculates, to allow server 40 to verify the 2nd RO.
3rd RO represents such RO, that is, decoded 2nd RO is encoded and obtains by this RO PKI that to be server 40 be decoded, used subsequently the second equipment 20 by the private key utilizing server 40 or the privacy key shared with the first equipment 10 to the 2nd RO or the privacy key shared with the second equipment 20.
Server 40 utilizes the PKI of server 40 or the privacy key shared with the first equipment 10 that REK and the MAC key of the 2nd RO is decoded.
Server 40 utilizes the PKI of the second equipment 20 or the privacy key shared with the second equipment 20, and the REK of the 2nd RO decoded by server 40 is encoded.Subsequently, movement (or transmission) count constraint value in the restriction that server 40 amendment includes in the 2nd RO, and utilize in the 2nd RO that decoded MAC key or newly-generated MAC key are to generate mac value, with objectification (object) the 3rd RO.
If the first equipment 10 transfers the 2nd RO and state information object, then the 2nd RO is converted to the 3rd RO by server 40, and the 3rd RO is the state that the state information object after the 2nd RO and transmission is merged.
After a RO whole are converted to the 2nd RO and send the 2nd RO to server 40 subsequently by the first equipment 10, when receiving, from server 40, the response message moving request message for RO, the first equipment 10 deletes a RO.
After a part of a RO is converted to the 2nd RO and subsequently the 2nd RO after conversion is sent to server 40 by the first equipment 10, when receiving, from server 40, the response message moving request message for RO, the first equipment 10 revises the status information that (renewal) is relevant for RO with the oneth.
In the present invention, the first embodiment and the second embodiment respectively illustrate the transmission (or mobile etc.) RO whole carried out via server and the transmission (or mobile an etc.) part of RO carried out via server.
Hereinafter, first schematically illustrate the RO method being sent to another equipment from an equipment via server according to the first embodiment.First embodiment illustrates the whole transmission carried out to RO.
The first user of the first equipment 10 utilizes the first equipment 10(such as, a kind of mobile phone or mobile communication terminal) or other devices of such as PC, browse from server 40(namely, content supplier, specifically, copyright publishing center (RI) 41) particular content (such as, MP3 music file, video file etc.).Here, RI can include mobile license for the RO that particular content generates.
If this particular content is mp3 file, first user wishes to give the second user using this mp3 file as present.
When RI41 comprises mobile license for the RO that this mp3 file generates, first user downloads mp3 file and RO thereof.
Then, in order to transmit RO whole that (movement) is not used or part is used, this first user accesses server 40 and also sends the RO of this mp3 file to server 40.
The second equipment 20(of the second user such as, portable MP 3 player) be connected to the server 40 of the first equipment 10, to download mp3 file and the RO being sent to server 40 by first user.
Therefore, this second user can use the second equipment 20 to play this mp3 file, and first user cannot recycle the first equipment 10 to play this mp3 file.
So, the first equipment 10 can transmit (movement) to the second equipment 20 via the whole of the RO that oneself is obtained by server 40.
Hereinafter, schematically to via server, the method that a part of RO is sent to another equipment from an equipment is described second embodiment of the invention.Second embodiment illustrates the transmission that the part to RO carries out.
First user utilizes the first equipment 10 to browse the available content (that is, video) from server 40.
First user selects concrete video, and indicates him to wish play this concrete video ten times and share this concrete video.
Server 40 generates the RO of selected video, and this RO has the restriction playing restriction and mobile license ten times.
First user downloads this video and RO followed by the first equipment 10.
First user utilizes the first equipment 10 to play this video once.
If the second equipment 20 wishes to play video specific times, then first user utilizes the first equipment 10 to access server 40 and to transmit a part of RO for this video to server 40.
That is, if the second equipment 20 wishes to play video once, then the first equipment sends all of RO for once playing of the RO obtained from oneself to server 40.
Second user accesses server 40 via the second equipment 20, downloads subsequently and sends the video of server 40 and RO(to here from the first equipment 10, and the second user can be same or different user from first user).
Therefore, the second user can play video based on what obtain via the second equipment 20 for the RO once play.
Meanwhile, the first equipment 10 then has the RO playing video eight times.
Hereinafter, the first and second embodiments are described in detail with reference to Fig. 2.
Fig. 2 illustrates the illustrative methods that right objects moves to another equipment via server according to first embodiment of the invention from an equipment.Based on the signal stream shown in Fig. 2, the first embodiment is described.Difference to only focus on the second embodiment and the first embodiment illustrates the second embodiment otherwise.
First DRM agent is arranged in the first equipment 10, and the second DRM agent 21 is arranged in the second equipment 20.RI41 is arranged in server 40.The first user of the first equipment 10 can be same user or different user with the second user of the second equipment 20.Additionally, RO to be sent can be equipment RO or user domain RO.
For the purpose of illustrating, the RO that the first equipment 10 obtains is called a RO, will send the RO of server 40 to from the first equipment 10 and be called the 2nd RO, and to send the RO of the second equipment 20 to from server 40 and to be called the 3rd RO.
Oneth RO is distributed to the first DRM agent 11 by RI41.Oneth RO can be untapped RO or by the residue RO after partly using.
Hereinafter, all or part of transmission (movement) of a RO is illustrated by the first DRM agent 11 to the situation of the second DRM agent 21.
When RO is sent to another DRM agent from a DRM agent by hope (that is, when transmitting RO via RI), this RO should have the digital signature generated by this RI.Therefore, as two RO that request mobile (transmission) comes from a RO conversion, digital signature can provide integrity function and non repudiation protocol (non-repudiation) function for RI41, to allow RI41 to check whether oneself have issued this RO.
First, the first user of the first DRM agent 11 browses RI entrance (portal), and selects RO is moved (transmission) to the Information Mobile Service of another DRM agent.First user is with backward RI41 request service, and this service sends the second DRM agent to for the RO oneself obtained.
RI41 sends rights object acquisition protocol (ROAP:rightsobjectaccessprotocol) to the first DRM agent and triggers (RO moves triggering), to indicate beginning to transmit RO(S10 to RI41).
If the first DRM agent 11 has been known for the identifier of target DRM Agent (such as, the second DRM agent 21), then can not perform step S10.The identifier of the second DRM agent represents the ID of the second equipment.
When receiving user's initiation or ROAP triggers, namely the first DRM agent 11 generates shielded RO(, the 2nd RO), to send RI41 to.
That is, the first DRM agent 11 use the first equipment private key or before with RI41 share privacy key, the RO(that RI41 is sent namely, the RO(that the first DRM agent 11 obtains namely, a RO)) be decoded.Here, rights encryption key (REK) and MAC key to a RO are decoded.
Namely first DRM agent 11 generates another shielded RO(, the 2nd RO).This another shielded RO can also include contents encryption key (CEK), license, restriction and digital signature; all these with include the RO(that obtains at the first equipment 10 namely, a RO) in contents encryption key (CEK), license, restriction identical with digital signature.
When generating shielded RO(namely, the 2nd RO) time, the first DRM agent 11 utilizes the PKI of RI41 or privacy key shared with RI41 before, and REK and MAC key is encoded, to allow RI41 to read REK and MAC key.First DRM agent 11 also generates the mac value of the integrity verification being used for the 2nd RO, to allow RI41 to verify the integrity of the 2nd RO.
Assuming that a RO is the RO having state, if a RO is completely or partially transmitted, then the first DRM agent 11 generates state information object (S12) according to the status information managed.
Generating shielded RO(namely; 2nd RO) after; first DRM agent 11 generates RO and moves request message (such as; ROAP-RO moves request); and transmit the message to RI41(S14), this RO moves request message and includes the identifier of the RO, state information object (if RO is the RO having state) and the second equipment that generate and the digital signature of this message.The identifier of this second equipment can move not included in request message not included in this RO.First user can specify the identifier of the second equipment after a while in RI porch.This RO moves request message and represents for asking RO is transmitted (movement) to the message of another DRM agent, is described in detail after a while.
Ask (such as from the ROAP of the first DRM agent 11 using to send; ROAP-RO moves request) after digital signature in message have successfully completed the certification including recalling (revocation) status checkout; namely RI41 generates the shielded RO(with the second DRM agent binding, the 3rd RO) (S16).
That is, the RO(received by RI41 checking is namely, the 2nd RO), and utilize the private key (or the privacy key shared before) of RI41 that received RO is decoded, with the RO(of generation and the binding of the second equipment 20 namely, the 3rd RO).
When generating the 3rd RO(namely, RO with the second DRM agent binding) time, if receiving state information object, then received state information object and restricted information should be combined by RI41, and also should the limits value that include in the 2nd RO received from the first equipment (transmission equipment) 10 be modified.
If additionally,<move>element included in the 2nd RO received has number of times restriction, then the value with<count>element of this<move>element should be reduced 1 by RI41.
After the limits value included in<rights>element of the 2nd RO received is modified, RI41 generates the digital signature value for<rights>element.
(namely RI41 uses target device, second equipment 20) PKI or the privacy key shared with the second equipment 20 before rights encryption key (REK) and MAC key are encoded, subsequently will after coding and REK and the MAC key encapsulated be attached to<encKey>element being arranged under<ro>element.
RI41 generates<ro>the mac value of element the mac value generated being attached to is positioned at<protectedRO>under element<mac>element.In this way, namely RI41 generates the RO(of the second DRM agent 21, the 3rd RO or the RO with the second DRM agent 21 binding).
Subsequently, RI41 moves request message (such as, ROAP-ro moves request) in response to RO and RO is moved response message (such as, ROAP-ro-moves response) is sent to the first DRM agent 11(S18).RO moves response message and represents whether RI41 confirms that the 2nd RO transmitted will be successfully transmitted.Will be described in detail RO after a while and move response message.
In the first embodiment (namely, for intactly transmitting RO), after identifying and successfully sending RO to RI41, receive RO to move the first DRM agent 11 of response message and delete corresponding RO(namely, oneth RO) (S20), and in this second embodiment (that is, for partly transmit RO) amendment with corresponding RO(namely, a RO) relevant status information.
On the other hand, RI41 performs typical 1 logical (1-pass) or 2 logical (2-pass) RO and obtains agreement (S22, S24 and S26).When 2 logical RO, RI41 sends ROAP to the second DRM agent 21 and triggers, the RO transmitted from the first DRM agent 11 to indicate the second DRM agent 21 to download.
Second DRM agent 21, after successfully completing the acquisition protocol procedures carried out with RI41, downloads the RO being sent to RI41 by the first user of the first DRM agent 11.Therefore, the second DRM agent 21 installs downloaded RO(S28).
Will be explained in now RO proposed in the present invention move triggering, RO move request message and RO move response message.
Hereinafter, first illustrate that RO moves triggering.
This RO moves to trigger and represents the ROAP triggering being sent to transmission equipment when transmission equipment wishes, via RI, RO is transmitted (movement) to reception equipment from RI.RO moves and triggers can be the DRMROAP extension triggered.
Shown in step S10 in Fig. 2, RO is moved triggering and is sent to the first DRM agent 11 from RI41, transmit RO to indicate the first DRM agent 11 to start to RI41.
Fig. 3 illustrates the example text that the mobile-initiated grammer of RO according to the present invention is described.Underscore part in Fig. 3 particularly illustrates text expansion.
When the first DRM agent 11 receive the ROAP including<roapTrigger>element (it has<roMove>element) trigger time, the first DRM agent 11 should obtain the license of first user and start ROAP-RO and move request protocol.If the first DRM agent moves the RI context (Context) of<riID>that do not specify in triggering at received RO, then the first DRM agent 11 should be used in RO<roapURL>unit moving in triggering and usually starts ROAP-device call registration protocol (helloregistrationprotocol).
When first user selects one or more RO to be sent, RI41 can move appointment (multiple)<roID>element in triggering at RO.
After being moved triggering by RO and receiving<roID>element specified by RI41, the first DRM agent 11 should by the identifier of RO or roID(RO to be sent) include (interpolations) and move at ROAP-RO and ask in message (that is, ROAP-ro moves request).
The first user being it desired to send its RO to another equipment specifies target device, then RI41 should arrange<targetDeviceID>element in<roapTrigger>element.Therefore, can have<targetDeviceID>element including<roapTrigger>element moved at RO in triggering.<targetDeviceID>element can include the ID value of the RO equipment (that is, target device) arrived to be communicated.
Following description RO moves request message.
RO is moved request message (that is, ROAP-RO moves request message) and is sent to RI41 from transmission equipment, to be started mobility protocol by RI.This message represents, via RI, RO is sent to target DRM Agent.With reference to Fig. 2, in step S14, RO is moved request message and be sent to RI41 from the first DRM agent 11.
Fig. 4 illustrates that the RO according to the present invention moves the parameter of request message.In the diagram, M represents essential composition, and o is optional member.
Device id represents request equipment (that is, sending equipment).RIID represents the ID of server (that is, RI).
It is identical that trigger nonce (triggernonce) moves the real data value that triggering includes with the RO received from RI41.When specifying (definition) trigger nonce parameter, namely RI41 can preserve the ID(of first user target device designated during browsing, the ID of the second equipment).(definition) target device ID parameter is specified in such a case, it is possible to need not move in request message at RO.
Equipment real data (devicenonce) represents the real data selected by transmission equipment (that is, the first equipment).
Request time represents the current DRM time that transmission equipment identifies.
If moving triggering from the RI RO received there is<targetDeviceID>, then should specify target device ID.<targetDeviceID>element that target device ID value should move with this RO in triggering is identical.Without specifying target device ID parameter, then first user should specify target device in RI porch.
(multiple) ROInfo parameter represents one or more RO moving (transmission).It can comprise one or more ROID and state information object pair, or comprises one or more shielded RO and state information object.
The content of shielded RO should with initial from the content of the RI RO received except including<protectedRO>in element<ro>element<encKey>element and including<protectedRO>in element<mac>content beyond element is identical.
<encKey>element has encapsulated rights encryption key (REK) and MAC key.With the RI privacy key shared, the two key should be encoded by the PKI of the first equipment utilization RI or before, be shared in being mutually authenticated process before this PKI.
<mac>element includes<protectedRO>the mac value of element.The MAC key in<encKey>element should be utilized or utilize newly-generated MAC key to calculate this mac value, and being attached in<mac>element.
When RO is the RO having state, the parameter of (multiple) state information object should be included in RO and move in request message.The parameter of described (multiple) state information object represents the status information managed by the first DRM agent of the first equipment.
When intactly transmitting (movement) specifically RO, generate state information object according to the whole corresponding status information with concrete RO.On the contrary, when partly transmitting concrete RO, generate state information object according to the status information corresponding with a part of this concrete RO.
If RI context does not represent that RI has saved the device certificate information that it is required, then move request message at RO and include certChain parameter.
Spreading parameter can include redirecting identifier extension.When there is redirection identifier extension in spreading parameter field, spreading parameter represents the ID of the reception equipment (such as, the second equipment) receiving shielded RO.ID can be by the telephone number that cellular carrier is the setting of each equipment.If redirecting identifier extension to be absent from, then implicitly to RO, this represents that the new RO of the value with equal value or less is submitted to untapped RO(here by the first equipment, and untapped RO is corresponding with shielded RO parameter).Namely; the spreading parameter field of request message is absent from redirect identifier extension if moved at RO; then receive RO move request message RI identify include RO move request message in RO(namely, the RO corresponding with shielded RO field) to be issued by being converted into another RO.
Signature parameter represents that RO moves the digital signature of request message.
Fig. 5 illustrates that the RO according to the present invention moves the example syntax of request message.In Figure 5,<roMoveRequest>element definition ROAP-RO moves request message, and has " roap:ROMoveRequest " of complex data type.Basic " roap:Requesttype " function of " roap:ROMoveRequest " Extended-type.
Fig. 6 illustrates the general section redirecting identifier spreading parameter included in move request message according to the RO of the present invention.
Following description RO moves response message.
Move request message (that is, ROAP-RO moves request) in response to RO, RO is moved response message (that is, ROAP-RO moves response) and is sent to transmission equipment from RI, i.e. step S18 in fig. 2 is sent to from RI41 the message of the first DRM agent.RO moves response message and represents whether RI confirms successfully transmission (transmission) RO.
Fig. 7 illustrates that the RO according to the present invention moves the example syntax of request message.
State (status) parameter represents that the RO undertaken by RI moves the process state of request message.If processing successfully, then status parameter values is " success ".Otherwise, RI selects a status message representing mistake.
Device id parameter represents the ID receiving the equipment that RO moves response message.This parameter has and includes moving, at RO, the value that the device id parameter value (that is, the device id parameter value of Fig. 4) in request message is identical.
RIID parameter represents the ID sending the RI that RO moves response message.RI real data parameter has the real data selected by this RI.
ROURI parameter represents the address (such as, HTTPURL) for obtaining the RO with target device binding.ROURI can be passed to target device by equipment, to allow this target device to download this RO.
Move response message for RO and define spreading parameter, but here do not use.
Signature parameter represents that RO moves the digital signature of response message.
Fig. 8 illustrates that the RO shown according to the present invention moves the example text of the grammer of request message.
<roMoveResponse>element definition ROAP-RO moves response message.
<roMoveResponse>element has " roap:ROMoveResponse " complex data type.This complex data type extends " roap:Response " type substantially.
Hereinafter, illustrate to include the digital signature in the RO sent by RI.
When RO is sent to another DRM agent from a DRM agent by hope, no matter RO is transmitted via RI or is directly transmitted, and RI sends the RO with digital signature.When the RO request of moving is processed, this digital signature can provide non repudiation protocol function for RI, so that RI checks whether this RO is that himself sends.
With reference to Fig. 2, when the first equipment 10 receives the RO sent by RI41 and installs it, if define in<rights>element " move(moves) " license, then the first DRM agent 11 of the first equipment 10 should preserve the value of<signature>element (here, if RO includes mobile license, then generated the value of<signature>element by RI).First DRM agent 11 should create<rights>element identical with<rights>element included in the RO sent at first by RI41.
Additionally, the first DRM agent 11 should preserve REK and the MAC key included in the RO sent at first.
Fig. 9 illustrates the exemplary XML document showing that " movement " that include in RO permits.
It is positioned at<type>element below<Move>element and can have " via RI " and/or (multiple) value of " directly transmitting ".If the value of<type>element is " via RI ", then the first DRM agent 11 can move RO via RI41.If the value of<type>element is " directly transmitting ", then RO directly can be moved to another DRM agent (here, it is not intended that directly transmit the detailed description of RO in the present invention) by the first DRM agent 11.
<count>element representation under<constraint>element transmits the number of times of RO.
If the value of<count>element is " 0 ", then the first DRM agent 11 should not send the RO for this RO to RI41 and move request message.
Can be equally applicable in the first DRM agent 11 to install this RO of RO(to be sent be the RO sent by RI41 at first when the second DRM agent 21 of the second equipment 20 installs received RO) time performed process operate.
In another embodiment of the present invention, the method transmitting right objects via server between devices will be described.In another embodiment, send device-to-server and send RO identifier rather than RO itself, to ask RO to move.That is, this another embodiment and above-mentioned first and second embodiments are different in that, send device-to-server and send RO identifier rather than RO.
See figures.1.and.2, to via server 40(namely, RI41) situation that the RO of the first equipment 10 is sent to the second equipment 20 illustrates.
If RI41 has saved the RO of the first equipment 10, then the first equipment 10 and RI41 can identify this RO based on RO identifier.
The RO of the RO identifier included for identifying RO is moved request message and is sent to RI41 by the first equipment 10, to ask RI41 that its RO sends to the second equipment 20.Here, RO moves request message can not include (multiple) as the essential composition shielded RO parameter shown in Fig. 4, and includes RO identifier as essential composition.
RI41 is then checked for and includes moving, at received RO, the RO that the RO identifier in request message is corresponding.RI41 utilizes its private key or privacy key shared with the first equipment 10 before, and the RO after checking is decoded.Then, RI41 utilizes the PKI of the second equipment 20 or privacy key shared with the second equipment 20 before, and decoded RO is encoded.
When RO is encoded, if decoded RO has the restriction of mobile number of times, then RI41 will transmit number of times minimizing 1.RI41 also utilizes the PKI of the second equipment 20 or privacy key shared with the second equipment 20 before, and REK and the MAC key in the RO included after the decoding is encoded.RI41, by calculating MAC key or newly-generated MAC key, generates mac value.
If RO is the RO having state, then state information object can be encoded by RI41.
So, generate to be moved to after the RO of the second equipment 20 or during generating RO, RI41 moves request message in response to RO, and response message (such as, RO moves response message) is sent to the first equipment 10.If this response message represents the successful transmission guaranteeing RO, then the first equipment 10 deletes RO for the situation transferring complete RO, and modifies for the status information that the situation pair transferring a part of RO is relevant to this RO.
RI41 sends the Ro after coding and state information object (when there being the RO of state) to second equipment 20.Second equipment 20 correspondingly receives this RO, to install.
As described hitherto, the invention provides and all or part of of RO acquired for particular device transmitted (movement) to method of another equipment via server, it is possible to via server, the RO for certain content sent by this server is sent to another equipment.
Describe the present invention according to being only used as schematic embodiment.It is obvious that those skilled in the art without departing from the spirit or scope of the present invention can modifications and variations of the present invention are.Therefore, it is contemplated that contain these modifications and variations of the present invention fallen in claims and equivalency range thereof.
Claims (12)
1. the method transmitting, to the second equipment, the right objects RO issued to the first equipment by this server via server, the method comprises the following steps:
Described server sends for indicating described first equipment to start to transmit the triggering message of described RO;
Described server receives right objects from described first equipment and moves request message, transmits described RO via described server to described second equipment with request;
Wherein, described right objects moves request message and includes digital signature,
Wherein, if described triggering message includes specific element, then described right objects moves and asks message to include RO to be sent,
Digital signature described in described server authentication is to check whether described RO is issued by described server;
As the response that described right objects moves request message, described server sends right objects to described first equipment and moves response message;
Described server generates the RO with described second apparatus bound based on described RO;And
Described server execution typical 1 is led to or 2 logical copyrights obtain agreements to indicate the RO of the second device downloads and described second apparatus bound.
2. method according to claim 1, wherein, described right objects moves response message and includes described right objects and move the process state of request message, receive described right objects and move the ID of equipment of response message, the ID of described server, real data and described right objects and move the digital signature of response message as mandatory parameter.
3. method according to claim 1, wherein, the step generating the RO with described second apparatus bound includes:
Generate digital signature value;
Utilize described second equipment PKI or before with the privacy key of described second collaborative share, rights encryption key REK and MAC key are encoded;And
Generate mac value.
4. method according to claim 1, wherein, after being successfully completed copyright acquisition agreement, from described server to the RO of described second device downloads Yu described second apparatus bound, and installs downloaded RO at described second equipment.
5. method according to claim 1, wherein, described RO includes mobile license.
6. method according to claim 1, wherein, described right objects move request message include the ID for identifying described first equipment, for identify described server ID, by the equipment real data of described first equipment choice, the current DRM time by described first equipment identification, the information about described RO and for described right objects move request message digital signature as mandatory parameter.
7. transmit the server in the equipment of the right objects RO issued by server to the first equipment to the second equipment, this server includes:
Communication module, it is with described first equipment and described second equipment communication;And
Copyright publishing center RI, it cooperates with performing following steps with described communication module:
Described server sends for indicating described first equipment to start to transmit the triggering message of described RO;
Described server receives right objects from described first equipment and moves request message, transmits described RO via described server to described second equipment with request;
Wherein, described right objects moves request message and includes digital signature,
Wherein, if described triggering message includes specific element, then described right objects moves and asks message to include RO to be sent,
Verify that described digital signature is to check whether described RO is issued by described server;
As the response that described right objects moves request message, described server sends right objects to described first equipment and moves response message;
The RO with described second apparatus bound is generated based on described RO;And
Perform that typical 1 is logical or 2 logical copyrights obtain agreements to indicate the RO of the second device downloads and described second apparatus bound.
8. server according to claim 7, wherein, described right objects moves response message and includes described right objects and move the process state of request message, receive described right objects and move the ID of equipment of response message, the ID of described server, real data and described right objects and move the digital signature of response message as mandatory parameter.
9. server according to claim 7, wherein, described RI is also configured to
Generate digital signature value;
Utilize described second equipment PKI or before with the privacy key of described second collaborative share, rights encryption key REK and MAC key are encoded;And
Generate mac value.
10. server according to claim 7, wherein, after being successfully completed copyright acquisition agreement, from described server to the RO of described second device downloads Yu described second apparatus bound, and installs downloaded RO at described second equipment.
11. server according to claim 7, wherein, described RO includes mobile license.
12. server according to claim 7, wherein, described right objects move request message include the ID for identifying described first equipment, for identify described server ID, by the equipment real data of described first equipment choice, the current DRM time by described first equipment identification, the information about described RO and for described right objects move request message digital signature as mandatory parameter.
Applications Claiming Priority (8)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| KR10-2006-0008575 | 2006-01-26 | ||
| KR1020060008575A KR20070078340A (en) | 2006-01-26 | 2006-01-26 | System and method for transfering content rights among devices |
| US78723206P | 2006-03-30 | 2006-03-30 | |
| US60/787,232 | 2006-03-30 | ||
| US83349306P | 2006-07-27 | 2006-07-27 | |
| US60/833,493 | 2006-07-27 | ||
| KR10-2006-0081343 | 2006-08-25 | ||
| KR1020060081343A KR100830941B1 (en) | 2006-03-30 | 2006-08-25 | Method for moving rights object in digital rights management and device thereof |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200780003696.1A Division CN101375543B (en) | 2006-01-26 | 2007-01-25 | Via server by right objects the apparatus and method from an equipment moving to another equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103023640A CN103023640A (en) | 2013-04-03 |
| CN103023640B true CN103023640B (en) | 2016-06-29 |
Family
ID=43824260
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210396734.7A Expired - Fee Related CN103023640B (en) | 2006-01-26 | 2007-01-25 | Via server, right objects is moved to from an equipment apparatus and method of another equipment |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103023640B (en) |
| BR (1) | BRPI0706751A2 (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9591066B1 (en) * | 2016-01-29 | 2017-03-07 | Xero Limited | Multiple server automation for secure cloud reconciliation |
| CN109379740B (en) * | 2018-10-10 | 2022-03-04 | 北京智芯微电子科技有限公司 | Wireless cooperative communication safety interaction method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1554063A (en) * | 2001-07-06 | 2004-12-08 | ��˹��ŵ�� | Digital rights management in a mobile communications environment |
| CN1585324A (en) * | 2003-08-21 | 2005-02-23 | 三星电子株式会社 | Method for sharing rights objects between users |
| KR20050111534A (en) * | 2005-04-08 | 2005-11-25 | (주)인테고소프트 | The trade intermediation system and method of digital contents right to use and memory media recoding program to operate the method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE10326553A1 (en) * | 2003-06-12 | 2005-01-05 | Siemens Ag | Picking warehouse system for order picking of transport units |
| KR100677344B1 (en) * | 2004-07-29 | 2007-02-02 | 엘지전자 주식회사 | Message for processing ro and ro processing method and system thehreby |
-
2007
- 2007-01-25 BR BRPI0706751-8A patent/BRPI0706751A2/en not_active IP Right Cessation
- 2007-01-25 CN CN201210396734.7A patent/CN103023640B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1554063A (en) * | 2001-07-06 | 2004-12-08 | ��˹��ŵ�� | Digital rights management in a mobile communications environment |
| CN1585324A (en) * | 2003-08-21 | 2005-02-23 | 三星电子株式会社 | Method for sharing rights objects between users |
| KR20050111534A (en) * | 2005-04-08 | 2005-11-25 | (주)인테고소프트 | The trade intermediation system and method of digital contents right to use and memory media recoding program to operate the method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103023640A (en) | 2013-04-03 |
| BRPI0706751A2 (en) | 2011-04-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1982458B1 (en) | Apparatus and method for moving rights object from one device to another device via server | |
| JP4482451B2 (en) | Method for transmitting encrypted user data objects | |
| KR101248790B1 (en) | Method of providing access to encrypted content to one of a plurality of consumer systems, device for providing access to encrypted content and method of generating a secure content package | |
| JP4980592B2 (en) | How to provide a rights data object | |
| CN101305545B (en) | Method and apparatus for managing digital rights of secure removable media | |
| AU2004260419B2 (en) | Application rights management in a mobile environment | |
| US8321673B2 (en) | Method and terminal for authenticating between DRM agents for moving RO | |
| CN102934118B (en) | Subscriber equipment and control method thereof | |
| CN101321168B (en) | Right object acquisition method and system | |
| KR101944800B1 (en) | Method and apparatus for downloading drm module | |
| EP1769604A1 (en) | System and method for digital rights management of electronic content | |
| US20030009667A1 (en) | Data terminal device that can easily obtain content data again, a program executed in such terminal device, and recording medium recorded with such program | |
| CN101375543B (en) | Via server by right objects the apparatus and method from an equipment moving to another equipment | |
| US9226041B2 (en) | Method and device for imposing usage constraints of digital content | |
| CN103023640B (en) | Via server, right objects is moved to from an equipment apparatus and method of another equipment | |
| CN102812470A (en) | Content Binding At First Access | |
| CN101539971A (en) | Method for protecting the copyright of Java application files, device and mobile terminal | |
| KR100809432B1 (en) | Apparatus and method of executing drm tool in contents device for interoperable drm | |
| KR101190946B1 (en) | Method and System for Managing Digital Content Right by Using "Over The Air" Actication | |
| MX2008009649A (en) | Apparatus and method for moving rights object from one device to another device via server | |
| JP2007525738A (en) | Download multiple objects | |
| JP2008123190A (en) | Content distribution system, key used for the same, and content distribution method | |
| KR20080078624A (en) | Method and apparatus for managing digital rights of secure removable media | |
| KR20110111988A (en) | Method and system for controlling execution of application installed mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160629 Termination date: 20210125 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |