EP1820296A1 - Method of revoking public key of content privider - Google Patents
Method of revoking public key of content prividerInfo
- Publication number
- EP1820296A1 EP1820296A1 EP05821074A EP05821074A EP1820296A1 EP 1820296 A1 EP1820296 A1 EP 1820296A1 EP 05821074 A EP05821074 A EP 05821074A EP 05821074 A EP05821074 A EP 05821074A EP 1820296 A1 EP1820296 A1 EP 1820296A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- content
- content provider
- public key
- user device
- signature value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 101
- 238000012795 verification Methods 0.000 claims description 38
- 238000004590 computer program Methods 0.000 claims description 5
- 239000013256 coordination polymer Substances 0.000 description 197
- 238000010586 diagram Methods 0.000 description 8
- 239000000284 extract Substances 0.000 description 4
- 238000007796 conventional method Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
Definitions
- the present invention relates to a method of revoking content authority using a revocation list, and more particularly, to a method of revoking a public key of a content provider in a system in which a certifying authority certifies the public key of the content provider and the content provider transmits content to a user using the certified public key.
- Content is provided from a content manufacturer to a content provider, and the content provider transmits the content to a user device.
- the content manufacturer is a studio
- the content provider is an Internet business firm or a disc manufacturing company that changes the content into mass media files and distributes them to a user device.
- the user device is designed to determine whether the content provider is an authorized content provider and to reproduce the content after the content provider is determined to be an authorized content provider. This is because a content right may be terminated at the expiration of a contract or a content provider may try to disguise himself or herself as another content provider.
- a method of determining whether a content provider is an authorized content provider includes user authentication that determines whether the content provider is a revoked content provider and whether the content provider disguises himself or herself as another content provider.
- the former is performed using a revocation list and the latter is performed using an electronic signature.
- FIG. 1 is a flowchart of a conventional method of revoking content authority.
- FIG. 2 is a diagram illustrating a structure of a revocation list used in the method of FIG. 1.
- a certificate authority CA makes a certificate C_CA_CP that certifies a CP public key PK_CP of a content provider CP and transmits a certificate to the CP (operation 110).
- the certificate C_CA_CP includes a signature value Sl generated by electronically signing the public key PK_CP using a private key SK_CA, and the public key PK_CP.
- the certificate C_CA_CP may be expressed as follows:
- the content provider generates content Cont and a certificate C_CP_UD that certifies the content Cont and transmits them to a user device UD (operation 120).
- the CP certificate C_CP_UD includes the certificate C_CA_CP, and a signature value S2 generated by electronically signing the content Cont using a private key SK_CP of the content provider.
- the certificate C_CP_UD may be expressed as follows:
- the user device UD extracts the signature values Sl and S2 and the public key PK_CP from the certificate C_CP_UD (operation 130).
- the user device UD determines whether the certificate C_CP_UD is revoked by checking whether a revocation list RL includes the public key PK_CP extracted in operation 130 (operation 140).
- the revocation list may include a public key PK_CP of a revoked content provider.
- the method proceeds to operation 150, and otherwise, the method proceeds to operation 170.
- the user device UD determines whether verification of the content
- the verification function V() is expressed as follows:
- the user device UD determines whether verification of the public key
- the verification function V() is expressed as follows:
- the user device UD determines the content provider CP as a revoked content provider when the public key PK_CP extracted in operation 130 is included in the revocation list, or as a content provider who disguises himself or herself as another content provider when verification is determined to fail in operation 150 or 160. In these cases, the user device UD rejects reproduction of the content Cont.
- the certificate authority CA transmits its certificate C_CA_CP to the content provider CP
- the content provider CP transmits the first content Cont_l to the user device UD using the certificate C_CP_UD of the content provider CP
- a revocation list RL stored in the user device UD is updated to include the certificate C_CP_UD at a time tl
- the content provider CP transmits second content Cont_2 to the user device UD using the revoked certificate C_CP_UD.
- the user device UD performs user authentication, which is described with reference to FIG. 1, for both the first and second contents Cont_l and Cont_2 using the revoked certificate C_CP_UD, and thus cannot reproduce both the first content Cont_l, and the second content Cont_2 transmitted after the time tl.
- the content provider CP is revoked for only a business reason, it is unreasonable to prevent the user device UD from using the first content Cont_l transmitted to the user device UD from the content provider CP before the time tl when the content provider CP was revoked. Disclosure of Invention
- the present invention provides a method of authenticating a content provider, which allows reproduction of content transmitted from the content provider before the content provider is revoked and a certificate of the revoked content provider cannot be updated, and revoking the content provider using the same.
- the present invention it is possible to allow a user device to identify content that must not be revoked by transmitting to the user device a revocation list which includes a time when content authority is revoked, and an exception list. Accordingly, it is possible to prevent rightly obtained content from being revoked.
- FIG. 1 is a flowchart of a conventional method of revoking content authority
- FIG. 2 is a diagram illustrating a structure of a revocation list used in the method of
- FIG. 1 A first figure.
- FIG. 3 is a flowchart of a method of revoking content authority according to an embodiment of the present invention.
- FIG. 4 is a diagram illustrating a structure of a revocation list used in the method of
- FIG. 3
- FIG. 5 is a flowchart of a method of revoking content authority according to another embodiment of the present invention.
- FIG. 6 is a diagram illustrating a structure of a revocation list used in the method of
- FIG. 5 A first figure.
- FIG. 7 is a flowchart of a method of revoking content authority according to yet another embodiment of the present invention.
- FIG. 8 is a diagram illustrating a structure of a revocation list used in the method of
- the method includes the user device determining whether the predetermined content is revoked by comparing a time when a signature of the public key is generated with a time when the public key is revoked. Accordingly, it is possible to allow the user device to identify content that must not be revoked according to the time when the public key is revoked and a revocation list which includes an exception list, thereby preventing rightly obtained content from being revoked.
- the present invention introduces two methods of preventing improper revocation of content authority.
- a revocation list is made to include information regarding a time when the content authority is revoked.
- the revocation list includes a content identifier for identifying the content of which content authority must not be revoked.
- a signature value of a certificate authority that the first method requires is different from that of the certificate authority that the second method requires.
- a certificate authority inserts information regarding a time when a signature of the certificate authority is made into a certificate to be provided to a content provider.
- a revocation list which is to be transmitted to a user device includes both a public key of a content provider to be revoked and information regarding a time when the public key is revoked.
- the user device determines whether each content authority must be revoked, according to the time when the signature is made and the time when the public key is revoked.
- a certificate authority inserts a content identifier to be signed into a certificate of the certificate authority to be provided to a content provider.
- a revocation list which is to be transmitted to a user device, includes both a public key of a content provider to be revoked, and an exception list specifying an identifier of content that must not be revoked.
- the user device determines whether each content authority must be revoked, using the content identifier and the exception list.
- FIGS. 3 and 5 illustrate embodiments of the first method according to the present invention
- FIG. 7 illustrates an embodiment of the second method according to the present invention.
- FIG. 3 is a flowchart of a method of revoking content authority Cont according to one embodiment of the present invention.
- FIG. 4 is a diagram illustrating a structure of a revocation list RL used in the method of FIG. 3.
- a certificate authority CA makes a certificate C_CA_CP certifying a public key of a content provider CP and transmits it to the content provider CP (operation 310).
- the certificate C_CA_CP includes the time Ts, the public key PK_CP, and a signature value Sl generated by electronically signing a public key PK_CP of the content provider CP and a time Ts using a private key SK_CA of the certificate authority CA.
- the time Ts denotes a time when the signature value S 1 is obtained.
- the method of FIG. 3 is different from that of FIG. 1 in that the signature value S 1 is obtained by electronically signing both the public key PK_CP of the content provider CP and the time Ts.
- the certificate C_CA_CP is expressed as follows:
- the content provider CP makes the content Cont and a certificate C_CP_UD certifying the content Cont and transmits them to a user device UD (operation 320).
- the certificate C_CP_UD includes the certificate C_CA_CP of the certificate authority CA, and a signature value S2 generated when the content Cont is electronically signed using a private key SK_CP of the content provider CP.
- [48] S(SK_CA, TsllPK_CP)IITsllPK_CPIIS(SK_CP, Cont) ... (6)
- the user device UD extracts the signature values Sl and S2, the time Ts, and the public key PK_CP of the content provider CP from the certificate C_CP_UD
- the user device UD checks whether the revocation list RL includes the public key PK_CP extracted in operation 130 (operation 340). If the public key PK_CP is not included, the method proceeds to operation 360, and otherwise, the method proceeds to operation 350. [51] Referring to FIG. 4, the revocation list RL used in the method of FIG. 3 lists the public key PK_CP of a revoked content provider and a time Tr when the public key
- PK_CP is revoked.
- the revocation list RL is safely transmitted from the certificate authority CA or a third authority to the user device UD.
- the user device UD determines whether the time Ts extracted in operation 330 is earlier than the time Tr listed in the revocation list RL (operation 350). If the time Ts is earlier than the time Tr, the method proceeds to operations 360 and 370, and otherwise, the method proceeds to operation 380. [53] In operations 360 and 370, whether the public key PK_CP is valid and whether the time Ts has been modified are determined.
- the user device UD determines whether verification of the content Cont succeeds or fails by inputting the signature value S2 and the public key PK_CP of the content provider CP and the content Cont into a verification function V() (operation 360). That is, whether the content Cont is signed using the private key SK_CP is verified.
- the verification function V() is expressed as follows:
- the user device UD determines whether the public key PK_CP is valid and whether the time Ts is modified by inputting the signature value Sl, the public key
- the signature value Sl is obtained by electronically signing both the public key PK_CP and the time Ts.
- the user device UD does not authenticate the content provider CP as an authorized content provider, and rejects reproduction of the content Cont (operation 380). That is, the user device UD determines the content provider CP as a revoked content provider when it is determined in operation 340 that the public key PK_CP is included in the revocation list RL and it is determined in operation 350 that the time Ts is later than the time Tr; determines that the content provider CP disguises himself or herself as another content provider when it is determined in operation 360 that verification fails; and determines that the time Tr is altered when it is determined in operation 370 that verification fails. In these cases, the user device UD rejects production of the content Cont.
- the user device UD can distinguish between a time Ts_A when a signature is generated when content Cont_A is transmitted from a content provider CPl, and a time Ts_B when a signature is generated when content Cont_B is transmitted from the content provider CPl. Accordingly, the user device UD can selectively determine whether each content authority is revoked.
- the time Ts is included in the signature value Sl of the certificate authority CA in operation 310, and verified when the signature value Sl is verified in operation 370. If the user device UD arbitrarily changes the time Ts transmitted in operation 310, verification in operation 370 will fail. Therefore, the user device UD should be prevented from changing the time Ts, and the security of content in the method of FIG. 3 should be protected.
- verification of the public key PK_CP may be omitted.
- the user device UD can manipulate the time Ts.
- operation 340 to determine whether the public key PK_CP is revoked may be performed after verifying the public key PK_CP (operations 360 and 370). That is, according to the present invention, the order of performing operations 340, 350, and 370 can be changed.
- the method of FIG. 3 is a two-step process in which the certificate authority CA authenticates the content provider CP.
- an upper certificate authority may further authenticate the certificate authority CA.
- the present invention further includes an operation in which the upper certificate authority issues a certificate certifying the certificate authority CA using an electronic signature, and an operation in which the user device UD verifies a signature value of the upper certificate authority.
- FIG. 5 is a flowchart of a method of revoking content authority Cont according to another embodiment of the present invention.
- FIG. 6 is a diagram illustrating a structure of a revocation list RL used in the method of FIG. 5.
- a certificate authority CA generates a certificate C_CA_CP certifying a public key PK_CP of a content provider CP and transmits it to the content provider CP (operation 510).
- the certificate C_CA_CP includes a signature value Sl which is obtained by electronically signing a content identifier ID-Cont, a time Ts when the signature S 1 is generated, and the public key PK_CP using a private key SK_CA of the certificate authority CA; the content identifier ID_Cont, the time Ts, and the public key PK_CP.
- the method of FIG. 5 is different from that of FIG. 1 in that the signature value S 1 is obtained by electronically signing the public key PK_CP of the content provider CP, the content identifier ID_Cont, and the time Ts.
- the certificate C_CA_CP is expressed as follows:
- [68] S(SK_CA, ID_ContllTsllPK_CP)IIID_ContllTsllPK_CP ... (9)
- the content provider CP makes content Cont and a certificate C_CP_UD certifying the content Cont and transmits them to a user device UD (operation 520).
- the certificate C_CP_UD includes the certificate C_CA_CP, and a signature value S2 obtained by electronically signing the content Cont using the private key SK_CP of the content provider CP.
- the certificate C_CP_UD is expressed as follows:
- the user device UD extracts the signature value Sl, the content identifier
- the user device UD determines whether the revocation list RL includes the public key PK_CP extracted in operation 530 (operation 540). If the public key PK_CP is not included, the method proceeds to operation 560, otherwise, the method proceeds to operation 550.
- the revocation list RL used in the method of FIG. 5 includes the public key PK_CP of the revoked content provider CP, a time Tr when the public key PK_CP is revoked, and a content revocation list RL_C_Rev.
- the user device UD determines whether the time Ts extracted in operation
- the user device UD determines whether the content revocation list
- RL C Rev of the revocation list RL includes the content identifier ID Cont extracted in operation 530 (operation 555).
- the method proceeds to operation 580, and otherwise, the method proceeds to operation
- the user device UD determines whether the public key PK_CP of the content provider CP is valid and whether the content identifier ID_Cont or the time Ts has been altered by inputting the signature value Sl, and the public key PK_CA of the certificate authority CA, the content identifier ID_Cont extracted in operation 530, the time Ts, and the public key PK_CP of the content provider CP into the verification function V() (operation 570).
- the verification function V() is given by Equation (12).
- the signature value Sl is obtained by electronically signing the public key PK_CP of the content provider CP, the content identifier ID_Cont, and the time Ts.
- V(Sl, PK_CA, ID_ContllTsllPK_CP) V(S(SK_CA, ID_ContllTsllPK_CP),
- ID_ContllTsllPK_CP Success or Fail ... (12)
- the user device UD does not authenticate the content provider CP as an authorized content provider and rejects reproduction of the content Cont. More specifically, the user device UD determines that the content provider CP is a revoked content provider when it is determined in operation 540 that the public key PK_CP is included in the revocation list RL and it is determined in operation 550 that the time Ts is later than the time Tr, determines that the content provider CP disguises himself or herself as another content provider when the verification in operations 560 and 570 fails, and determines that the content identifier ID_Cont or the time Ts has been altered when the verification in operation 570 fails. In these cases, the user device UD rejects reproduction of the content Cont. [86] In the method of FIG. 5, a content identifier to be revoked is included in a revocation list, thereby allowing precise selection of an object to be revoked.
- a user device is capable of selectively determining whether each content authority is to be revoked, based on a comparison between a time when a signature is generated and a time when a public key of a content provider is revoked.
- the content identifier ID_Cont and the time Ts are included in the signature value Sl of the certificate authority CA in operation 510, and the content identifier ID_Cont and the time Ts are verified when the signature value S 1 is verified in operation 570. Accordingly, the user device UD cannot manipulate the content identifier ID_Cont and the time Ts, thereby increasing the security for the method of FIG. 5.
- FIG. 7 is a flowchart of a method of revoking content authority Cont according to yet another embodiment of the present invention.
- FIG. 8 is a diagram illustrating a structure of a revocation list RL used in the method of FIG. 7.
- a certificate authority CA makes a certificate C_CA_CP certifying a public key PK_CP of a content provider CP and transmits it to the content provider CP (operation 710).
- the certificate C_CA_CP includes a signature value Sl obtained by electronically signing the public key PK_CP and a content identifier ID_Cont of the content provider CP using a private key SK_CA of the certificate authority CA; the content identifier ID_Cont; and the public key PK_CP of the content provider CP.
- the method of FIG. 7 is different from that of FIG. 1 in that the signature value S 1 is obtained by electronically signing the public key PK_CP and the content identifier ID_Cont.
- the certificate C_CA_CP is expressed as follows:
- the content provider CP makes a content Cont and a certificate C_CP_UD certifying the content Cont and transmits them to the user device UD (operation 720).
- the certificate C_CP_UD includes the certificate C_CA_CP, and a signature value S2 generated by electronically signing the content Cont using a private key SK_CP of the content provider CP.
- the certificate C_CP_UD is expressed as follows:
- [96] S(SK_CA, ID_ContllPK_CP)IIID_ContllPK_CPIIS(SK_CP, Cont) ... (14)
- the user device UD extracts the signature value Sl, the content identifier
- the user device UD determines whether the revocation list RL includes the public key PK_CP of the content provider CP extracted in operation 730 (operation 740). When the public key PK_CP is not included, the method proceeds to operation 760, and otherwise, the method proceeds to operation 750.
- the revocation list RL used in the method of FIG. 7 includes the public key PK_CP of a revoked content provider and an exception list RL_C_nonRev.
- the exception list RL_C_nonRev lists a content identifier of content that is not revoked although the public key PK_CP of the content provider CP who provides the content is included in the revocation list RL.
- the user device UD determines whether the content identifier ID_Cont extracted in operation 730 is included in the exception list RL_C_nonRev of the revocation list RL (operation 750). If the content identifier ID_Cont is included, the method proceeds to operations 760 and 770, and otherwise, the method proceeds to operation 780.
- the user device UD determines whether verification of the content Cont succeeds or fails by inputting the signature value S2 and the public key PK_CP of the content provider CP, and the content Cont into a verification function V() (operation 760). That is, whether the content Cont is signed using the private key SK_CP is verified.
- the verification function V() is given by:
- the user device UD determines whether the public key PK_CP of the content provider CP is valid and whether the content identifier ID_Cont has been altered by inputting the signature value S 1 and the public key PK_CA of the certificate authority CA, the content identifier ID_Cont extracted in operation 730, and the public key PK_CP into the verification function V() (operation 770).
- the verification function V() is given by Equation (16).
- the signature value Sl is obtained by electronically signing both the public key PK_CP of the content provider CP and the content identifier ID_Cont.
- V(S 1 , PK_CA, ID_ContllPK_CP) V(S(SK_CA, ID_ContllPK_CP),
- the user device UD does not authenticate the content provider CP as an authorized content provider and rejects reproduction of the content Cont. More specifically, the user device UD determines the content provider CP to be a revoked content provider when it is determined in operation 740 that the public key PK_CP is included in the revocation list RL and it is determined in operation 750 that the content identifier ID_Cont is not included in the exception list RL_C_nonRev, determines the content provider CP to disguise himself or herself as another content provider when the verification fails in operations 760 and 770, and determines that the content identifier ID_Cont has been altered when the verification fails in operation 770. In these cases, the user device UD rejects reproduction of the content Cont.
- a revocation list additionally includes a content identifier of content that is not revoked although a public key of a content provider who provides the content is included in the revocation list. Accordingly, the user device can identify an object to be revoked, and thus, it is possible to prevent a properly authorized content from being revoked.
- the content identifier ID_Cont is included in the signature value Sl of the certificate authority CA in operation 710, and verified when the signature value S 1 is verified in operation 770. Therefore, the user device UD cannot alter the content identifier ID_Cont, thereby increasing the security for the method of FIG. 7.
- a method of revoking a public key of a content provider according to the present invention can be realized as a computer program. Codes and code segments of the computer program can be easily inferred by computer programmers in the art.
- the computer program may be stored in a computer readable medium. When the computer program is read and executed by a computer, the method is realized.
- the computer readable medium may be any medium, such as a magnetic recording medium, an optical recording medium, or a carrier wave.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
A method of revoking a public key of a content provider is provided. In a system in which a certificate authority certifies the public key of the content provider and the content provider transmits predetermined content to a user device using the certified public key, the method includes the user device determining whether the predetermined content is revoked by comparing a time when a signature of the public key is generated with a time when the public key is revoked. Accordingly, it is possible to allow the user device to identify content that must not be revoked according to the time when the public key is revoked and a revocation list which includes an exception list, thereby preventing rightly obtained content from being revoked.
Description
Description METHOD OF REVOKING PUBLIC KEY OF CONTENT
PROVIDER
Technical Field
[1] The present invention relates to a method of revoking content authority using a revocation list, and more particularly, to a method of revoking a public key of a content provider in a system in which a certifying authority certifies the public key of the content provider and the content provider transmits content to a user using the certified public key.
Background Art
[2] Content is provided from a content manufacturer to a content provider, and the content provider transmits the content to a user device. For instance, the content manufacturer is a studio, and the content provider is an Internet business firm or a disc manufacturing company that changes the content into mass media files and distributes them to a user device.
[3] The user device is designed to determine whether the content provider is an authorized content provider and to reproduce the content after the content provider is determined to be an authorized content provider. This is because a content right may be terminated at the expiration of a contract or a content provider may try to disguise himself or herself as another content provider.
[4] A method of determining whether a content provider is an authorized content provider, i.e., a method of authenticating the content provider, includes user authentication that determines whether the content provider is a revoked content provider and whether the content provider disguises himself or herself as another content provider. The former is performed using a revocation list and the latter is performed using an electronic signature.
[5] FIG. 1 is a flowchart of a conventional method of revoking content authority. FIG.
2 is a diagram illustrating a structure of a revocation list used in the method of FIG. 1.
[6] Referring to FIG. 1, a certificate authority CA makes a certificate C_CA_CP that certifies a CP public key PK_CP of a content provider CP and transmits a certificate to the CP (operation 110). The certificate C_CA_CP includes a signature value Sl generated by electronically signing the public key PK_CP using a private key SK_CA, and the public key PK_CP. The certificate C_CA_CP may be expressed as follows:
[7] C_CA_CP = S1IIPK_CP = S(SK_CA, PK_CP)IIPK_CP ... (1)
[8] Next, the content provider generates content Cont and a certificate C_CP_UD that certifies the content Cont and transmits them to a user device UD (operation 120). The
CP certificate C_CP_UD includes the certificate C_CA_CP, and a signature value S2 generated by electronically signing the content Cont using a private key SK_CP of the content provider. The certificate C_CP_UD may be expressed as follows:
[9] C_CP_UD = C_CA_CPIIS2
[10] = S1IIPK_CPIIS2
[11] = S(SK_CA, PK_CP)IIPK_CPIIS(SK_CP, Cont) ... (2)
[12] Next, the user device UD extracts the signature values Sl and S2 and the public key PK_CP from the certificate C_CP_UD (operation 130).
[13] Next, the user device UD determines whether the certificate C_CP_UD is revoked by checking whether a revocation list RL includes the public key PK_CP extracted in operation 130 (operation 140). As illustrated in FIG. 2, the revocation list may include a public key PK_CP of a revoked content provider. When the revocation list does not include the public key PK_CP, the method proceeds to operation 150, and otherwise, the method proceeds to operation 170.
[14] In operations 150 and 160, user authentication in which the validity of the public key PK_CP is checked.
[15] Specifically, the user device UD determines whether verification of the content
Cont succeeds or fails by inputting the signature value S2 and the public key PK_CP of the content provider CP, and the content Cont into a verification function V() (operation 150). That is, whether the content Cont has been signed using the private key SK_CP is verified. In this case, the verification function V() is expressed as follows:
[16] V(S2, PK_CP, Cont) = V(S(SK_CP, Cont), PK_CP, Cont) = Success or Fail ... (3)
[17] When the verification succeeds, the method proceeds to operation 160, and otherwise, the method proceeds to operation 170.
[18] Specifically, the user device UD determines whether verification of the public key
PK_CP succeeds or fails by inputting the signature value S 1 and the public key PK_CA of the certificate authority CA, and the public key PK_CP of the content provider CP into the verification function V() (operation 160). That is, it is determined whether the public key PK_CP has been signed using the private key SK_CP of the certificate authority CA. In this case, the verification function V() is expressed as follows:
[19] V(Sl, PK_CA, PK_CP) = V(S(SK_CA, PK_CP), PK_CA, PK_CP) = Success or
Fail ... (4)
[20] Next, if the user device UD does not authenticate the content provider CP as an authorized content provider the user device rejects reproduction of the content Cont (operation 170). That is, the user device UD determines the content provider CP as a revoked content provider when the public key PK_CP extracted in operation 130 is
included in the revocation list, or as a content provider who disguises himself or herself as another content provider when verification is determined to fail in operation 150 or 160. In these cases, the user device UD rejects reproduction of the content Cont.
[21] However, in the method of FIG. 1, when the user device UD was in an offline state when the content provider CP was revoked and thus did not substitute a new certificate for a certificate of content received before the content provider CP was revoked, the user device UD cannot reproduce all content Cont received from the content provider CP.
[22] It is assumed that the certificate authority CA transmits its certificate C_CA_CP to the content provider CP, the content provider CP transmits the first content Cont_l to the user device UD using the certificate C_CP_UD of the content provider CP, a revocation list RL stored in the user device UD is updated to include the certificate C_CP_UD at a time tl, and the content provider CP transmits second content Cont_2 to the user device UD using the revoked certificate C_CP_UD.
[23] In this case, the user device UD performs user authentication, which is described with reference to FIG. 1, for both the first and second contents Cont_l and Cont_2 using the revoked certificate C_CP_UD, and thus cannot reproduce both the first content Cont_l, and the second content Cont_2 transmitted after the time tl. However, if the content provider CP is revoked for only a business reason, it is unreasonable to prevent the user device UD from using the first content Cont_l transmitted to the user device UD from the content provider CP before the time tl when the content provider CP was revoked. Disclosure of Invention
Technical Solution
[24] The present invention provides a method of authenticating a content provider, which allows reproduction of content transmitted from the content provider before the content provider is revoked and a certificate of the revoked content provider cannot be updated, and revoking the content provider using the same.
Advantageous Effects
[25] According to the present invention, it is possible to allow a user device to identify content that must not be revoked by transmitting to the user device a revocation list which includes a time when content authority is revoked, and an exception list. Accordingly, it is possible to prevent rightly obtained content from being revoked.
[26] Further, according to the present invention, it is possible to prevent a user device from counterfeiting or altering a content identifier or a time when a signature of a certificate authority is generated by generating a signature value of the certificate authority to include the content identifier or the time when the signature is generated.
[27] While this invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Description of Drawings
[28] FIG. 1 is a flowchart of a conventional method of revoking content authority;
[29] FIG. 2 is a diagram illustrating a structure of a revocation list used in the method of
FIG. 1;
[30] FIG. 3 is a flowchart of a method of revoking content authority according to an embodiment of the present invention;
[31] FIG. 4 is a diagram illustrating a structure of a revocation list used in the method of
FIG. 3;
[32] FIG. 5 is a flowchart of a method of revoking content authority according to another embodiment of the present invention;
[33] FIG. 6 is a diagram illustrating a structure of a revocation list used in the method of
FIG. 5;
[34] FIG. 7 is a flowchart of a method of revoking content authority according to yet another embodiment of the present invention; and
[35] FIG. 8 is a diagram illustrating a structure of a revocation list used in the method of
FIG. 7.
Best Mode
[36] In a system in which a certificate authority certifies the public key of the content provider and the content provider transmits predetermined content to a user device using the certified public key, the method includes the user device determining whether the predetermined content is revoked by comparing a time when a signature of the public key is generated with a time when the public key is revoked. Accordingly, it is possible to allow the user device to identify content that must not be revoked according to the time when the public key is revoked and a revocation list which includes an exception list, thereby preventing rightly obtained content from being revoked.
Mode for Invention
[37] The present invention introduces two methods of preventing improper revocation of content authority. In the first method, a revocation list is made to include information regarding a time when the content authority is revoked. In the second method, the revocation list includes a content identifier for identifying the content of which content authority must not be revoked. A signature value of a certificate authority that the first method requires is different from that of the certificate authority
that the second method requires.
[38] More specifically, in the first method, a certificate authority inserts information regarding a time when a signature of the certificate authority is made into a certificate to be provided to a content provider. Next, a revocation list, which is to be transmitted to a user device includes both a public key of a content provider to be revoked and information regarding a time when the public key is revoked. Lastly, the user device determines whether each content authority must be revoked, according to the time when the signature is made and the time when the public key is revoked.
[39] In the second method, a certificate authority inserts a content identifier to be signed into a certificate of the certificate authority to be provided to a content provider. Next, a revocation list, which is to be transmitted to a user device, includes both a public key of a content provider to be revoked, and an exception list specifying an identifier of content that must not be revoked. Lastly, the user device determines whether each content authority must be revoked, using the content identifier and the exception list.
[40] Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.
[41] FIGS. 3 and 5 illustrate embodiments of the first method according to the present invention, and FIG. 7 illustrates an embodiment of the second method according to the present invention.
[42] In detail, FIG. 3 is a flowchart of a method of revoking content authority Cont according to one embodiment of the present invention. FIG. 4 is a diagram illustrating a structure of a revocation list RL used in the method of FIG. 3.
[43] Referring to FIG. 3, a certificate authority CA makes a certificate C_CA_CP certifying a public key of a content provider CP and transmits it to the content provider CP (operation 310). The certificate C_CA_CP includes the time Ts, the public key PK_CP, and a signature value Sl generated by electronically signing a public key PK_CP of the content provider CP and a time Ts using a private key SK_CA of the certificate authority CA. The time Ts denotes a time when the signature value S 1 is obtained. The method of FIG. 3 is different from that of FIG. 1 in that the signature value S 1 is obtained by electronically signing both the public key PK_CP of the content provider CP and the time Ts. The certificate C_CA_CP is expressed as follows:
[44] C_CA_CP = SlllTsllPK_CP = S(SK_CA, TsllPK_CP)IITsllPK_CP ... (5)
[45] Next, the content provider CP makes the content Cont and a certificate C_CP_UD certifying the content Cont and transmits them to a user device UD (operation 320). The certificate C_CP_UD includes the certificate C_CA_CP of the certificate authority CA, and a signature value S2 generated when the content Cont is electronically signed using a private key SK_CP of the content provider CP. The certificate C_CP_UD is
expressed as follows: [46] C_CP_UD = C_CA_CPIIS2
[47] = SlllTsllPK_CPIIS2
[48] = S(SK_CA, TsllPK_CP)IITsllPK_CPIIS(SK_CP, Cont) ... (6)
[49] Next, the user device UD extracts the signature values Sl and S2, the time Ts, and the public key PK_CP of the content provider CP from the certificate C_CP_UD
(operation 330). [50] Next, the user device UD checks whether the revocation list RL includes the public key PK_CP extracted in operation 130 (operation 340). If the public key PK_CP is not included, the method proceeds to operation 360, and otherwise, the method proceeds to operation 350. [51] Referring to FIG. 4, the revocation list RL used in the method of FIG. 3 lists the public key PK_CP of a revoked content provider and a time Tr when the public key
PK_CP is revoked. The revocation list RL is safely transmitted from the certificate authority CA or a third authority to the user device UD. [52] The user device UD determines whether the time Ts extracted in operation 330 is earlier than the time Tr listed in the revocation list RL (operation 350). If the time Ts is earlier than the time Tr, the method proceeds to operations 360 and 370, and otherwise, the method proceeds to operation 380. [53] In operations 360 and 370, whether the public key PK_CP is valid and whether the time Ts has been modified are determined. [54] The user device UD determines whether verification of the content Cont succeeds or fails by inputting the signature value S2 and the public key PK_CP of the content provider CP and the content Cont into a verification function V() (operation 360). That is, whether the content Cont is signed using the private key SK_CP is verified. In this case, the verification function V() is expressed as follows:
[55] V(S2, PK_CP, Cont) = V(S(SK_CP, Cont), PK_CP, Cont) = Success or Fail ... (7)
[56] If the verification succeeds, the method proceeds to operation 370, and otherwise, the method proceeds to operation 380. [57] The user device UD determines whether the public key PK_CP is valid and whether the time Ts is modified by inputting the signature value Sl, the public key
PK_CA of the certificate authority CA, the time Ts extracted from operation 330, and the public key PK_CP of the content provider CP into the verification function V()
(operation 370). In this case, the verification function V() is given by Equation (8).
Unlike in the method of FIG. 1, the signature value Sl is obtained by electronically signing both the public key PK_CP and the time Ts. [58] V(Sl, PK_CA, TsllPK_CP) = V(S(SK_CA, TsllPK_CP), PK_CA, TsllPK_CP) =
Success or Fail ... (8)
[59] The user device UD does not authenticate the content provider CP as an authorized content provider, and rejects reproduction of the content Cont (operation 380). That is, the user device UD determines the content provider CP as a revoked content provider when it is determined in operation 340 that the public key PK_CP is included in the revocation list RL and it is determined in operation 350 that the time Ts is later than the time Tr; determines that the content provider CP disguises himself or herself as another content provider when it is determined in operation 360 that verification fails; and determines that the time Tr is altered when it is determined in operation 370 that verification fails. In these cases, the user device UD rejects production of the content Cont.
[60] In operation 350, when the time Ts is earlier than the time Tr, the public key
PK_CP is not revoked and the method proceeds to operation 360 even if the public key PK_CP is included in the revocation list RL. In other words, the user device UD can distinguish between a time Ts_A when a signature is generated when content Cont_A is transmitted from a content provider CPl, and a time Ts_B when a signature is generated when content Cont_B is transmitted from the content provider CPl. Accordingly, the user device UD can selectively determine whether each content authority is revoked.
[61] In the method of FIG. 3, the time Ts is included in the signature value Sl of the certificate authority CA in operation 310, and verified when the signature value Sl is verified in operation 370. If the user device UD arbitrarily changes the time Ts transmitted in operation 310, verification in operation 370 will fail. Therefore, the user device UD should be prevented from changing the time Ts, and the security of content in the method of FIG. 3 should be protected.
[62] Alternatively, verification of the public key PK_CP (operations 360 and 370) may be omitted. However, in this case, the user device UD can manipulate the time Ts.
[63] Alternatively, operation 340 to determine whether the public key PK_CP is revoked may be performed after verifying the public key PK_CP (operations 360 and 370). That is, according to the present invention, the order of performing operations 340, 350, and 370 can be changed.
[64] The method of FIG. 3 is a two-step process in which the certificate authority CA authenticates the content provider CP. However, according to the embodiments of the present invention, an upper certificate authority may further authenticate the certificate authority CA. In this case, the present invention further includes an operation in which the upper certificate authority issues a certificate certifying the certificate authority CA using an electronic signature, and an operation in which the user device UD verifies a signature value of the upper certificate authority.
[65] FIG. 5 is a flowchart of a method of revoking content authority Cont according to
another embodiment of the present invention. FIG. 6 is a diagram illustrating a structure of a revocation list RL used in the method of FIG. 5.
[66] Referring to FIG. 5, a certificate authority CA generates a certificate C_CA_CP certifying a public key PK_CP of a content provider CP and transmits it to the content provider CP (operation 510). The certificate C_CA_CP includes a signature value Sl which is obtained by electronically signing a content identifier ID-Cont, a time Ts when the signature S 1 is generated, and the public key PK_CP using a private key SK_CA of the certificate authority CA; the content identifier ID_Cont, the time Ts, and the public key PK_CP. The method of FIG. 5 is different from that of FIG. 1 in that the signature value S 1 is obtained by electronically signing the public key PK_CP of the content provider CP, the content identifier ID_Cont, and the time Ts. The certificate C_CA_CP is expressed as follows:
[67] C_CA_CP = SlllID_ContllTsllPK_CP
[68] = S(SK_CA, ID_ContllTsllPK_CP)IIID_ContllTsllPK_CP ... (9)
[69] Next, the content provider CP makes content Cont and a certificate C_CP_UD certifying the content Cont and transmits them to a user device UD (operation 520). The certificate C_CP_UD includes the certificate C_CA_CP, and a signature value S2 obtained by electronically signing the content Cont using the private key SK_CP of the content provider CP. The certificate C_CP_UD is expressed as follows:
[70] C_CP_UD = C_CA_CPIIS2
[71] = SlllID_ContllTsllPK_CPIIS2
[72] = S(SK_CA, ID_ContllTsllPK_CP)IIID_ContllTsllPK_CPIIS(SK_CP, Cont) ... (10)
[73] Next, the user device UD extracts the signature value Sl, the content identifier
ID_Cont, the time Ts, the public key PK_CP of the content provider CP, and the signature value S2 from the certificate C_CP_UD (operation 530).
[74] Next, the user device UD determines whether the revocation list RL includes the public key PK_CP extracted in operation 530 (operation 540). If the public key PK_CP is not included, the method proceeds to operation 560, otherwise, the method proceeds to operation 550.
[75] Referring to FIG. 6, the revocation list RL used in the method of FIG. 5 includes the public key PK_CP of the revoked content provider CP, a time Tr when the public key PK_CP is revoked, and a content revocation list RL_C_Rev.
[76] Next, the user device UD determines whether the time Ts extracted in operation
530 is earlier than the time Tr (operation 550). If the time Ts is earlier than the time Tr, the method proceeds to operation 555, otherwise, the method proceeds to operation 580.
[77] Next, the user device UD determines whether the content revocation list
RL C Rev of the revocation list RL includes the content identifier ID Cont extracted
in operation 530 (operation 555). When the content identifier ID_Cont is included, the method proceeds to operation 580, and otherwise, the method proceeds to operation
560. [78] In operations 560 and 570, whether the public key PK_CP is valid and whether the user device UD changed the content identifier ID_Cont and the time Ts are determined. [79] The user device UD determines whether verification of the content Cont succeeds or fails by inputting the signature value S2 and the public key PK_CP of the content provider CP, and the content Cont into a verification function V() (operation 560).
That is, whether the content Cont is signed using the private key SK_CP of the content provider CP is verified. In this case, the verification function V() is expressed as follows: [80] V(S2, PK_CP, Cont) = V(S(SK_CP, Cont), PK_CP, Cont) = Success or Fail ...
(H)
[81] If the verification succeeds, the method proceeds to operation 570, and otherwise, the method proceeds to operation 580.
[82] Next, the user device UD determines whether the public key PK_CP of the content provider CP is valid and whether the content identifier ID_Cont or the time Ts has been altered by inputting the signature value Sl, and the public key PK_CA of the certificate authority CA, the content identifier ID_Cont extracted in operation 530, the time Ts, and the public key PK_CP of the content provider CP into the verification function V() (operation 570). The verification function V() is given by Equation (12). Unlike the method in FIG. 1, the signature value Sl is obtained by electronically signing the public key PK_CP of the content provider CP, the content identifier ID_Cont, and the time Ts.
[83] V(Sl, PK_CA, ID_ContllTsllPK_CP) = V(S(SK_CA, ID_ContllTsllPK_CP),
PK_CA,
[84] ID_ContllTsllPK_CP) = Success or Fail ... (12)
[85] In operation 580, the user device UD does not authenticate the content provider CP as an authorized content provider and rejects reproduction of the content Cont. More specifically, the user device UD determines that the content provider CP is a revoked content provider when it is determined in operation 540 that the public key PK_CP is included in the revocation list RL and it is determined in operation 550 that the time Ts is later than the time Tr, determines that the content provider CP disguises himself or herself as another content provider when the verification in operations 560 and 570 fails, and determines that the content identifier ID_Cont or the time Ts has been altered when the verification in operation 570 fails. In these cases, the user device UD rejects reproduction of the content Cont.
[86] In the method of FIG. 5, a content identifier to be revoked is included in a revocation list, thereby allowing precise selection of an object to be revoked.
[87] Similarly in the method of FIG. 3, according to the method of FIG. 5, a user device is capable of selectively determining whether each content authority is to be revoked, based on a comparison between a time when a signature is generated and a time when a public key of a content provider is revoked.
[88] Also, in the method of FIG. 5, the content identifier ID_Cont and the time Ts are included in the signature value Sl of the certificate authority CA in operation 510, and the content identifier ID_Cont and the time Ts are verified when the signature value S 1 is verified in operation 570. Accordingly, the user device UD cannot manipulate the content identifier ID_Cont and the time Ts, thereby increasing the security for the method of FIG. 5.
[89] FIG. 7 is a flowchart of a method of revoking content authority Cont according to yet another embodiment of the present invention. FIG. 8 is a diagram illustrating a structure of a revocation list RL used in the method of FIG. 7.
[90] Referring to FIG. 7, a certificate authority CA makes a certificate C_CA_CP certifying a public key PK_CP of a content provider CP and transmits it to the content provider CP (operation 710). The certificate C_CA_CP includes a signature value Sl obtained by electronically signing the public key PK_CP and a content identifier ID_Cont of the content provider CP using a private key SK_CA of the certificate authority CA; the content identifier ID_Cont; and the public key PK_CP of the content provider CP. The method of FIG. 7 is different from that of FIG. 1 in that the signature value S 1 is obtained by electronically signing the public key PK_CP and the content identifier ID_Cont. The certificate C_CA_CP is expressed as follows:
[91] C_CA_CP = SlllID_ContllPK_CP
[92] = S(SK_CA, ID_ContllPK_CP)IIID_ContllPK_CP ... (13)
[93] Next, the content provider CP makes a content Cont and a certificate C_CP_UD certifying the content Cont and transmits them to the user device UD (operation 720). The certificate C_CP_UD includes the certificate C_CA_CP, and a signature value S2 generated by electronically signing the content Cont using a private key SK_CP of the content provider CP. The certificate C_CP_UD is expressed as follows:
[94] C_CP_UD = C_CA_CPIIS2
[95] = SlllID_ContllPK_CPIIS2
[96] = S(SK_CA, ID_ContllPK_CP)IIID_ContllPK_CPIIS(SK_CP, Cont) ... (14)
[97] Next, the user device UD extracts the signature value Sl, the content identifier
ID_Cont, the public key PK_CP of the content provider CP, and the signature value S2 from the certificate C_CP_UD (operation 730).
[98] Next, the user device UD determines whether the revocation list RL includes the
public key PK_CP of the content provider CP extracted in operation 730 (operation 740). When the public key PK_CP is not included, the method proceeds to operation 760, and otherwise, the method proceeds to operation 750.
[99] Referring to FIG. 8, the revocation list RL used in the method of FIG. 7 includes the public key PK_CP of a revoked content provider and an exception list RL_C_nonRev. The exception list RL_C_nonRev lists a content identifier of content that is not revoked although the public key PK_CP of the content provider CP who provides the content is included in the revocation list RL.
[100] Next, the user device UD determines whether the content identifier ID_Cont extracted in operation 730 is included in the exception list RL_C_nonRev of the revocation list RL (operation 750). If the content identifier ID_Cont is included, the method proceeds to operations 760 and 770, and otherwise, the method proceeds to operation 780.
[101] In operations 760 and 770, whether the public key PK_CP is valid and whether the user device UD modified the content identifier ID_Cont are determined.
[102] The user device UD determines whether verification of the content Cont succeeds or fails by inputting the signature value S2 and the public key PK_CP of the content provider CP, and the content Cont into a verification function V() (operation 760). That is, whether the content Cont is signed using the private key SK_CP is verified. The verification function V() is given by:
[103] V(S2, PK_CP, Cont) = V(S(SK_CP, Cont), PK_CP, Cont) = Success or Fail ...
(15)
[104] When the verification succeeds, the method proceeds to operation 770, and otherwise, the method proceeds to operation 780.
[105] The user device UD determines whether the public key PK_CP of the content provider CP is valid and whether the content identifier ID_Cont has been altered by inputting the signature value S 1 and the public key PK_CA of the certificate authority CA, the content identifier ID_Cont extracted in operation 730, and the public key PK_CP into the verification function V() (operation 770). The verification function V() is given by Equation (16). Unlike in the method of FIG. 1, the signature value Sl is obtained by electronically signing both the public key PK_CP of the content provider CP and the content identifier ID_Cont.
[106] V(S 1 , PK_CA, ID_ContllPK_CP) = V(S(SK_CA, ID_ContllPK_CP),
PK_CA,ID_ContllPK_CP)
[107] = Success or Fail ... (16)
[108] In operation 780 the user device UD does not authenticate the content provider CP as an authorized content provider and rejects reproduction of the content Cont. More specifically, the user device UD determines the content provider CP to be a revoked
content provider when it is determined in operation 740 that the public key PK_CP is included in the revocation list RL and it is determined in operation 750 that the content identifier ID_Cont is not included in the exception list RL_C_nonRev, determines the content provider CP to disguise himself or herself as another content provider when the verification fails in operations 760 and 770, and determines that the content identifier ID_Cont has been altered when the verification fails in operation 770. In these cases, the user device UD rejects reproduction of the content Cont.
[109] According to the method of FIG. 7, a revocation list additionally includes a content identifier of content that is not revoked although a public key of a content provider who provides the content is included in the revocation list. Accordingly, the user device can identify an object to be revoked, and thus, it is possible to prevent a properly authorized content from being revoked.
[110] Also, in the method of FIG. 7, the content identifier ID_Cont is included in the signature value Sl of the certificate authority CA in operation 710, and verified when the signature value S 1 is verified in operation 770. Therefore, the user device UD cannot alter the content identifier ID_Cont, thereby increasing the security for the method of FIG. 7.
[I l l] A method of revoking a public key of a content provider according to the present invention can be realized as a computer program. Codes and code segments of the computer program can be easily inferred by computer programmers in the art. The computer program may be stored in a computer readable medium. When the computer program is read and executed by a computer, the method is realized. The computer readable medium may be any medium, such as a magnetic recording medium, an optical recording medium, or a carrier wave.
[112] While this invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims
[1] L A method of revoking a public key of a content provider in a system in which a certificate authority certifies the public key of the content provider and the content provider transmits predetermined content to a user device using the certified public key, the method comprising determining whether the predetermined content is revoked in the user device by comparing a time when a signature of the public key is generated with a time when the public key is revoked.
[2] 2. The method of claim 1, further comprising:
(a) the certificate authority electronically signing a time when the predetermined content is electronically signed and the public key of the content provider, and transmitting the result of signing to the content provider; and
(b) the content provider electronically signing the predetermined content and transmitting the predetermined content to the user device.
[3] 3. The method of claim 2, further comprising (c) the user device verifying the public key of the content provider and the time when the signature is generated.
[4] 4. The method of claim 3, wherein (a) comprises:
(al) generating a signature value of the certificate authority by electronically signing the public key of the content provider and the time when the signature is generated, using a private key of the certificate authority; (a2) transmitting the signature value of the certificate authority, the time when the signature is generated, and the public key of the content provider to the content provider.
[5] 5. The method of claim 4, wherein (b) comprises:
(bl) generating a signature value of the content provider by electronically signing the predetermined content using a private key of the content provider; and
(b2) transmitting the signature value of the certificate authority, the time when the signature is generated, the public key of the content provider, and the signature value of the content provider to the user device.
[6] 6. The method of claim 5, wherein (c) comprises:
(cl) determining whether the predetermined content is signed using the private key of the content provider by verifying the signature value of the content provider; and
(c2) determining whether the public key of the content provider is valid and whether the time when the signature is generated is manipulated by verifying the signature value of the certificate authority.
[7] 7. The method of claim 6, wherein (cl) comprises (cl 1) determining whether the predetermined content is signed using the private key of the content provider by verifying the signature value of the content provider by inputting the signature value and the public key of the content provider and the predetermined content into a verification function.
[8] 8. The method of claim 6, wherein (c2) comprises (cl2) determining whether the public key of the content provider is valid and whether the time when the signature is generated is manipulated by inputting the signature value and the public key of the certificate authority, the time when the signature is generated, and the public key of the content provider into the verification function.
[9] 9. A method of revoking a public key of a content provider in a system in which a certificate authority certifies the public key of the content provider and the content provider transmits predetermined content to a user device using the c ertified public key, the method comprising the user device determining whether the predetermined content is revoked based on whether a content identifier of the predetermined content is included in an exception list which lists content identifiers of contents that must not be revoked.
[10] 10. The method of claim 9, further comprising:
(a) the certificate authority electronically signing a content identifier of the predetermined content and the public key of the content provider and transmitting the signed content identifier and the public key to the content provider; and
(b) the content provider electronically signing the predetermined content and transmitting the predetermined content to the user device.
[11] 11. The method of claim 10, further comprising (c) the user device verifying the public key of the content provider and the content identifier.
[12] 12. The method of claim 11, wherein (a) comprises:
(al) generating a signature value of the certificate authority by electronically signing the public key of the content provider and the content identifier using a private key of the certificate authority;
(a2) transmitting the signature value of the certificate authority, the content identifier, and the public key of the content provider to the content provider.
[13] 13. The method of claim 12, wherein (b) comprises:
(bl) generating a signature value of the content provider by electronically signing a private key of the content provider; and
(b2) transmitting the signature value of the certificate authority, the content identifier, the public key of the content provider, and the signature value of the content provider to the user device.
[14] 14. The method of claim 13, wherein (c) comprises:
(cl) determining whether the predetermined content is signed using the private key of the content provider by verifying the signature value of the content provider; and
(c2) determining whether the public key of the content provider is valid and whether the content identifier is manipulated by verifying the signature value of the certificate authority.
[15] 15. The method of claim 14, wherein (cl) comprises (cl 1) determining whether the predetermined content is signed using the private key of the content provider by verifying the signature value of the content provider by inputting the signature value and the public key of the content provider, and the predetermined content into a verification function.
[16] 16. The method of claim 14, wherein (c2) comprises (cl2) determining whether the public key of the content provider is valid and whether the content identifier is manipulated by inputting the signature value and the public key of the certificate authority, the content identifier, and the public key of the content provider into the verification function.
[17] 17. A computer readable recording medium having embodied thereon a computer program for executing the method of claim 1.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US63457504P | 2004-12-10 | 2004-12-10 | |
KR1020040112241A KR100823254B1 (en) | 2004-12-10 | 2004-12-24 | Method for revoking a public key of content provider |
PCT/KR2005/004191 WO2006062358A1 (en) | 2004-12-10 | 2005-12-08 | Method of revoking public key of content privider |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1820296A1 true EP1820296A1 (en) | 2007-08-22 |
Family
ID=36578144
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP05821074A Withdrawn EP1820296A1 (en) | 2004-12-10 | 2005-12-08 | Method of revoking public key of content privider |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP1820296A1 (en) |
WO (1) | WO2006062358A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4268673B1 (en) * | 2007-10-02 | 2009-05-27 | パナソニック株式会社 | Copyright protection system, playback device, and playback method |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6131162A (en) * | 1997-06-05 | 2000-10-10 | Hitachi Ltd. | Digital data authentication method |
JP3900483B2 (en) * | 2002-06-24 | 2007-04-04 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Information distribution system, server and information processing apparatus |
-
2005
- 2005-12-08 WO PCT/KR2005/004191 patent/WO2006062358A1/en active Application Filing
- 2005-12-08 EP EP05821074A patent/EP1820296A1/en not_active Withdrawn
Non-Patent Citations (1)
Title |
---|
See references of WO2006062358A1 * |
Also Published As
Publication number | Publication date |
---|---|
WO2006062358A1 (en) | 2006-06-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210044441A1 (en) | Method and system for creating and checking the validity of device certificates | |
EP3966997B1 (en) | Methods and devices for public key management using a blockchain | |
US10361867B2 (en) | Verification of authenticity of a maintenance means connected to a controller of a passenger transportation/access device of a building and provision and obtainment of a license key for use therein | |
EP2332091A1 (en) | Method and means for digital authentication of valuable goods | |
WO2008004525A1 (en) | Information processing device, information recording device, information processing system, program update method, program, and integrated circuit | |
US20090106548A1 (en) | Method for controlling secured transactions using a single physical device, corresponding physical device, system and computer program | |
JP2007104657A (en) | Apparatus and method for executing security function using smart card | |
US20230412400A1 (en) | Method for suspending protection of an object achieved by a protection device | |
US20020194479A1 (en) | Method of protecting a microcomputer system against manipulation of data stored in a storage assembly of the microcomputer system | |
JP5183517B2 (en) | Information processing apparatus and program | |
US20060129827A1 (en) | Method of revoking public key of content provider | |
CN117692185A (en) | Electronic seal using method and device, electronic equipment and storage medium | |
JP2009003501A (en) | Onetime password authentication system | |
US8646099B2 (en) | Midlet signing and revocation | |
EP1820296A1 (en) | Method of revoking public key of content privider | |
CN114036490B (en) | Plug-in software interface calling security authentication method, USBKey driving device and authentication system | |
CN109672526B (en) | Method and system for managing executable program | |
US8844047B2 (en) | Secure programming of vehicle modules | |
JP2006050355A (en) | Data reproducing apparatus, data reproducing method and data reproducing program | |
CN113641986B (en) | Method and system for realizing alliance chain user private key hosting based on SoftHSM | |
CN116189340A (en) | Entrance guard management method, system, device and medium based on PKI security authentication | |
CN106375340B (en) | Method and system for improving certificate verification security | |
Steel | Towards a formal security analysis of the Sevecom API | |
Pohlmann et al. | Embedded PKI in industrial facilities | |
KR20220147610A (en) | Secure and documented key access by application |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20070323 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN |
|
18W | Application withdrawn |
Effective date: 20080929 |