KR100819495B1 - Authorization method for moving rights object in drm and device thereof - Google Patents

Abstract

The present invention is a method and apparatus for authenticating a movement permission for movement of usage rights of DRM content between devices. The basic concept of the present invention is to authenticate the usage rights by receiving an update from the RI through the 2-Pass updateRO protocol, which includes a movement right so that a given device can move the usage right to another device. getting authorization. That is, the method according to the present invention comprises the steps of the first device accessing the RI to receive the movement permission for a specific right of use, and the movement of the right of use through the 2-Pass updateRO protocol between the first device and the RI. Authenticating the permission.

DRM, Rights, Rights Movement, Rights Certification, RI, CP, RO

Description

AUTHORIZATION METHOD FOR MOVING RIGHTS OBJECT IN DRM AND DEVICE THEREOF}

1 is a block diagram showing a digital rights management system.

Figure 2 is an embodiment of the present invention, a schematic block diagram showing the authentication for the movement of the usage rights between devices according to the present invention.

3 is a signal flow diagram illustrating a direct movement of a right of use between devices as an embodiment of the present invention.

4 is a signal flow diagram illustrating authentication for usage rights movement between devices as a first embodiment of the present invention.

FIG. 5 is a signal flow diagram illustrating authentication for usage rights movement between devices as a second embodiment of the present invention.

6 is an XML schema of an UpdateRo trigger as an embodiment of the present invention.

7 is an XML schema of an UpdateRo Request message as an embodiment of the present invention.

8 is an XML schema of an UpdateRo Response message according to one embodiment of the present invention.

FIG. 9 is a signal flow diagram illustrating authentication for usage rights movement between devices as a third embodiment of the present invention.

10 is a signal flow diagram of the 2-Pass UpdateRO protocol as an embodiment of the present invention.

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to digital rights management (hereinafter referred to as DRM), and in particular, a method of moving a rights object (RO) of certain DRM contents from one device to another. And to an apparatus.

DRM is a system technology for safeguarding and systematically managing the rights to digital contents, and provides a series of protection and management systems for preventing illegal copying of contents and acquiring the right to use the contents, creating and distributing the contents, and using them. do.

1 is a block diagram illustrating a digital rights management system, and the digital rights management system controls the content provider to use the content delivered to the user as much as the usage rights granted to the user. In this case, the content provider is an entity corresponding to a content issuer (CI) and / or a right issuer (RI).

The content issuer (CI) issues protected content (i.e., DRM content) using a specific encryption key to protect the content from users who do not have access rights, and the rights issuer (RI) issues the protected content. Issue Rights Object (RO) required to use the content.

The DRM agent is mounted on a terminal to receive the protected content and the right to use, interprets the license included in the right to use, and converts the protected content into a form that can be used on the terminal. To control. Here, the right to use the DRM content may include various kinds of restrictions applied when using the DRM content. For example, the right to use the DRM content may be the number or time or duration or system or the like of using the corresponding content.

On the other hand, a user of a given device that has purchased the right to use a specific DRM content may want to move (or transfer) the right to use it to an unspecified number or to a specific user (or other device). In this case, in order for the user to move his / her own usage right to another user, an additional permission for the movement of the usage right is required for the usage right.

Accordingly, it is an object of the present invention to provide a method and apparatus for receiving mobile permission authentication for moving the right of use of DRM content between devices.

In addition, another object of the present invention is to provide a method and apparatus for moving a usage right certified by the mobile permission from a device to another device.

In order to achieve the object of the present invention as described above, the method according to the present invention comprises the steps of: the first device is connected to the RI to obtain a move permission for a specific right of use; And authenticating a mobile permission for the use right through a specific protocol between the first device and the RI.

Advantageously, the protocol further comprises: the first device connecting to an RI, selecting at least one grant, and submitting the selected grant; The RI forwarding an updateRO trigger to the first device; Requesting, by the first device, update RO to the RI; Receiving, by the first device, an update RO Response message from the RI to update the usage right.

Preferably, the step of authenticating the movement permission for the right to use,

Receiving, by the first device, a trigger message for permission to move the right from the RI; Requesting, by the first device, the RI to update the usage right so that the usage right is included in the usage right; And in response to the usage right update request, the RI delivering the updated usage right through a usage right update response message to the first device.

Advantageously, the first device moves the updated usage rights to the second device; After moving the updated right to use, the first device decreasing the count constraint value of the move permission element; And installing, by the second device, the transferred updated usage right.

Advantageously, if the RI is unable to authenticate the move permission to the first device after receiving the request for renewal of the usage right from the first device, the RI sends a predetermined error message to the first device. It is characteristic.

In addition, in order to achieve the object of the present invention as described above, the apparatus according to the present invention, connected to the RI to move the right of use to at least one or more other devices,

It is characterized by receiving the authorization of the mobile license for the owned rights through a specific protocol connected to the RI.

Advantageously, the device requests the RI to update the usage rights to include permission for the movement of the usage rights, and by receiving the renewal of the usage rights from the RI by the request. It is characterized by being authorized to move.

Preferably, the specific protocol is a newly defined protocol, and is characterized in that the 2-Pass updateRo protocol.

Hereinafter, the configuration and operation of the embodiment of the present invention will be described with reference to the accompanying drawings.

The basic concept of the present invention is to authenticate the usage rights by receiving an update from the RI through the 2-Pass updateRO protocol, which includes a movement right so that a given device can move the usage right to another device. getting authorization.

Figure 2 is an embodiment of the present invention, a schematic block diagram showing the authentication for the movement of the usage rights between devices according to the present invention.

Referring briefly to the basic concepts of the present invention with reference to FIG. 2, the present invention provides a method for a given device (e.g., device A) to move (or transfer) usage rights to another device (e.g., device B). In order to do so, the user must renew his right to use (RO) by requesting to RI (ie, update RO Request) and renew his right to use (ie, update RO Response) including the permission to move to RI. Instantly receive authentication to transfer the right (ie update RO with <move permission>) to another device. That is, the predetermined device (i.e., device A) is renewed its own right to use, and furthermore, the right to use the rights to a specific device or a plurality of other unspecified devices as a right to use rights constraint. You can move it. In order to implement the present invention as described above, a so-called "UpdateRO protocol" is defined, and an element called "Move permission" is also defined. On the other hand, as the term used in the embodiments of the present invention, the device is a generic term for a user device (user device). Therefore, it includes a mobile communication terminal, a portable game machine, a PDA, a notebook computer, a desktop PC, and other home appliances. In addition, a content provider (CP) refers to a predetermined entity that issues content and usage rights to a device.

3 is a signal flow diagram illustrating a direct movement of a right of use between devices as an embodiment of the present invention.

Referring to FIG. 3, when user A requests device A to move the right to use specific DRM content to user device B (for example, press a specific key <key of keypad or specific key on touch screen>) (S1), the device A checks whether the usage right requested for the movement has a movement permission (S2). If there is a movement permission in the use right in step S2, the device A moves the use right to the user device B. In this case, the usage right may be moved through a content provider (CP), or may be directly moved without passing through a CP.

4 is a signal flow diagram illustrating authentication for usage rights movement between devices as a first embodiment of the present invention. FIG. 5 is a signal flow diagram illustrating authentication for usage rights movement between devices as a second embodiment of the present invention. However, device A is a device used by user A, and device B is a device used by user B. The predetermined step S100 of FIG. 4 operates in the same manner as the specific step S100 of FIG. 5. However, the predetermined step S200 of FIG. 4 operates similarly to the specific step S200 'of FIG. 5, except that the movement path of the right of use passes through the RI. Hereinafter, the common step S100 of FIGS. 4 and 5 will be described with reference to FIG. 4, and the predetermined step S200 of FIG. 4 and the predetermined step S200 ′ of FIG. 5 will be described.

As shown in FIG. 4, according to the first embodiment of the present invention, a step in which device A receives a right to move permission authorization through a right renewal of usage rights from RI (S100) and a right to receive permission to move to device B are performed. The movement may be divided into S200.

Referring to step S100 in more detail with reference to FIG. 4, when the user A requests the device A to move the right to use specific DRM content to the device B (S101), the device A moves to the requested right to move. Check whether there is permission (S102). At this time, if there is no move permission in the usage right, the device A informs the user A whether to obtain a move permission (ie, get move permission) (for example, the display of the device A can be notified through a letter) ( S103).

When the user A requests to obtain a movement permission for the usage right (S104), the device A uses the DCF RI URL or the RI URL stored in the RI context for the usage right, for example, RI. The browser is accessed and browsed (S105). In this case, user A may access the web of the RI portal and select a desired mobile permission.

The RI transmits an UpdateRo trigger for the corresponding mobile permission selected by the user A to the device A (S106). In this case, as shown in FIG. 6, the device A downloads the UpdateRo trigger in an XML schema format and performs a 2-pass updateRO protocol as shown in FIG. 6. Here, the 2-pass updateRO protocol is a newly defined protocol according to the present invention and is similar to the RO Request and RO Response protocols. This 2-pass updateRO protocol is used to update specific usage rights in the DRM agent attached to the user device. That is, the 2-pass updateRO protocol can be used to update the usage rights so that the usage rights movement permission is added. A detailed description of such a 2-pass updateRO protocol will be described later with reference to FIG. 10.

The device A, which has downloaded the UpdateRo trigger in step S106, transmits an UpdateRo request message to the RI (ie, Send UpdateRO Req) (S107). Here, the UpdateRO Request message is the first message of the 2-pass updateRO protocol procedure. Meanwhile, an example of the XML schema format of the UpdateRo request message is shown in FIG. 7.

The RI transmits an UpdateRo response message to the device A in response to the UpdadeRo request (S108). Here, the UpdateRO Response message is the second message of the 2-pass updateRO protocol procedure. Meanwhile, an example of an XML schema format of the UpdateRo Response message is shown in FIG. 8.

The device A receives the new right including the move permission through the UpdateRO Response message to update the use right (S109), and the device A informs the user A that the renewal of the right for the move right authentication has been successfully completed. Notify (S110).

Meanwhile, a newly defined element for a move permission, that is, a "<move>" element, is added to the usage right that the device A is updated from the RI through the step S100. The <move> element operates so that the DRM agent (i.e., included in device A) transfers a specific right of use (ie, a right to move). Here, the <move> element is passed from the RI to the first device with the updated usage rights, provided that the <move> element is included in the updated usage rights or is separated from the updated usage rights. Can be delivered.

 The element also includes a count (ie, "<count>") constraint as an optional specification. When the DRM agent moves the usage right to another device (e.g., device B), the value of the count (or the value of the count constraint) decreases. Therefore, the DRM agent may move the usage right to another user by the number of count values. If the count value is "1", the DRM agent can transfer the usage right to another device (ie device B) only once. And if the count value is "0", the DRM agent cannot move the right to another device (ie device B).

On the other hand, when the device A receives a move permission from the RI, the device A may receive the move permission without the <count> constraint by not selecting the <count> constraint as an optional specification ( Not shown). In this case, since the <move> element does not include an optional <count> constraint, the DRM agent may move the right to another device without limitation. However, in order to prevent indiscriminate (or illegal) movement or transmission of the right of use between devices, it is preferable that the CP limits the number of movements of the right of use using the <count> constraint.

As above, device A may move a usage right that includes a <move> element (i.e., an element that includes a <count> constraint) to device B, which is transferred directly from device A to device B. 4 may be distinguished from the first embodiment of FIG. 4 and the second embodiment of FIG. 5 that is moved to the device B via the RI.

First, as an example of the first embodiment of FIG. 4, the predetermined step S200 will be described. After the renewal of the right for use right movement authentication through step S100, user A may directly move the use right to user B (S200).

That is, when the user A requests the device A to move the updated usage right to the device B (S201), the device A directly transfers the usage right to the device B (that is, the device of the user B) (S202). At this time, the movement count value may be changed together or may be changed after receiving the response message. The device B receives the right to use and transmits a response message (ie, Move Successful) to the device A (S203), and installs the received right to use (S204). Then, the device A decreases the movement count value of the usage right by "1" (S205). If the number of movement count constraints of the usage rights owned by the device A is finally "0", the usage rights of the device A can be disabled or deleted. Therefore, the deactivated right of use of the device A can no longer be transferred to another device because the movement permission is exhausted.

Hereinafter, the predetermined step S200 ′ of the second embodiment of FIG. 5 will be described. As shown in predetermined step S200 ′ of FIG. 5, device A moves the usage right to device B via RI. The predetermined step S200 ′ of FIG. 5 is similar to the predetermined step S200 of FIG. 4. However, the predetermined step S200 ′ of FIG. 5 is different from the predetermined step S200 of FIG. 4 in that the usage right is moved from the device A to the device B via the RI.

That is, if the user A requests the device A to move the updated right to the device B (S201 '), the device A sends a rights move message (ie, a move right) to the RI so that the RI moves to the device B. Request to move the usage right (S202 ').

If the RI sends a response message (i.e., Move Req Accepted) to the device A (i.e., Move Req. Accepted) (S203 '), the device A is the value of the count (and counts) in the owned rights it owns. The value of the constraint) is reduced by " 1 " (S204 '). If the number of movement count constraints of the usage rights owned by the device A is finally "0", the usage rights of the device A are disabled. Thus, the deactivated right of use of device A can no longer be transferred to another device because its mobile license has been exhausted.

The RI moves the usage right to the device B according to the request of the device A (that is, the Move usage right) (S205 '). The device B installs the usage right received in the step S205 '(S206').

FIG. 9 is a signal flow diagram illustrating authentication for usage rights movement between devices as a third embodiment of the present invention. However, FIG. 9 is a signal flowchart when an error occurs in an authentication procedure for moving usage rights between devices.

The operations of the predetermined steps of FIG. 9 (ie, S101 to S107 in FIG. 9) are the same as the predetermined steps of FIG. 4 and 5 (that is, S101 to S107 in FIGS. 4 and 5). However, in FIG. 9, only signal flows (that is, S121 and S122) representing signal flows when an error occurs in an authentication procedure for moving usage rights between devices are different from those in FIGS. 4 and 5. That is, in FIG. 9, the device A delivers an UpdateRo request message to the RI (ie, Send UpdateRO Req) (S107). At this time, when the RI is unable to issue the right to move the permission to the device A, an error message, that is, an error message not to issue the right to move the permission is transferred (S121), and notifies the user A (S122). Thus, the user will acknowledge the error message and give up the right to move to device B.

10 is a signal flow diagram of the 2-Pass UpdateRO protocol as an embodiment of the present invention.

The 2-Pass UpdateRO protocol shown in FIG. 10 is a protocol newly defined in the present invention, and is similar to the RO Request-Response protocol (that is, the 2-Pass RO Acquisition protocol). The 2-Pass UpdateRO protocol is used when a DRM agent of a device updates a right to use specific DRM content. In particular, the 2-Pass UpdateRO protocol is a means of updating a right already existing in the DRM agent. In other words, the 2-Pass UpdateRO protocol is an interface to which a DRM agent (or device) connects to an RI. In particular, the 2-Pass UpdateRO protocol is a protocol applied to a right update for a predetermined permission.

The 2-Pass UpdateRO protocol is used to obtain new permissions on usage rights currently owned by a given device, or to obtain mobile permissions for a specific usage right, or to obtain specific DRM content (i.e., protected content). Is used to obtain the extension of the right to use).

As shown in FIG. 10, the 2-Pass UpdateRO protocol is similar to the signal flow diagram of the 2-Pass RO Acquisition protocol. However, the characteristic of the 2-Pass UpdateRO protocol is that at least one permission desired by a given device (or a given user) after the given device connects to the RI (e.g., the value of the count constraint as the number of move permission). Select to request a license renewal from the RI, and the device receives the license from the RI and renews the license.

Hereinafter, a detailed description will be given with reference to FIG. 10. However, details overlapping with the 2-Pass RO Acquisition protocol will be omitted for the sake of brevity.

The predetermined device (Device) connects to the RI (or RI portal) to browse (ie, browse the RI Portal), and the RI returns a service of html or xhtml to the device (S11). The device selects (e.g., selects the value of the count constraint in the move permission element) the permission (e.g., selects the value of the count constraint in the move permission element) to be renewed (i.e., selects in Figure 10). the permissions to update & Submit) (S12). The RI then sends an updateRO trigger message to the device so that the device can update the usage rights including the specific permission selected (ie, mobile permission) selected by the device (13).

When the device transmits an updateRO Request message to the RI (S14), the RI exchanges an OCSP Request and an OCSP Response message with an OCSP (Only Certificate Status Portal) for authentication of a right to update (S15). When the RI delivers the updated usage right to the device through an updateRO response message (S16), the device updates the usage right as a ratio (S17).

Accordingly, the 2-Pass UpdateRO protocol according to the present invention includes a specific permission (for example, a right to move a license) to be updated as an additional option to a license currently owned by the device.

The present invention has been described above with reference to the embodiments shown in the drawings of the present invention, but this is merely exemplary and various modifications and equivalent other embodiments may be made by those skilled in the art. Will understand. For example, the above-described embodiments of the present invention exemplify the authentication for the right of use movement, but may be applied to the right authentication for other purposes. In addition, although the count constraints included in the move permission element have been illustrated in the above-described embodiments of the present invention, it is apparent to those skilled in the art that other restrictions may be included in the move permission element. Therefore, the true technical protection scope of the present invention will be defined by the technical spirit of the appended claims.

As described above, the authentication method and apparatus for the movement of the usage rights between the devices according to the present invention, by the predetermined device is authenticated by the RI owned by the rights owned by the mobile device owned by the given device. There is an effect that can be renewed.

In addition, when a given device receives a movement permission certification for a use right owned by the RI, it is possible to select the number of movements of the use right as an optional feature to receive movement permission authentication.

In addition, there is an effect that can receive an error message if a given device is not currently able to receive a mobile permission authorization for use rights owned by the RI.

Claims (33)

Checking whether a move permission exists in a right owned by the first device; If the usage right of the first device does not have a movement permission, connecting the RI to the RI to move the usage right; And the first device renewing the usage right from the RI so that the usage right is included in the usage right. The method of claim 1, wherein the first device receives the usage right from the RI including the mobility authorization certificate. Authentication method for the usage rights movement between devices, characterized in that via the protocol formed between the first device and the RI. The method of claim 1, wherein the first device Authentication method for moving the right between devices, characterized in that to access the RI by using the information contained in the RI URL. The method of claim 2, wherein the protocol is Authentication method for the usage rights movement between devices, characterized in that the 2-Pass updateRo protocol. The method of claim 4 wherein the protocol is Authentication method for moving the usage rights between devices, characterized in that for updating the usage rights. The method of claim 4 wherein the protocol is The first device connecting to an RI, selecting one or more grants, and transmitting the selected grants; The RI forwarding an updateRO trigger to the first device; Requesting, by the first device, update RO to the RI; And receiving, by the first device, an update RO Response message from the RI to update the usage right. The method of claim 1, wherein the first device renews the usage right from the RI so that the usage right includes authentication of a mobile permission. Receiving, by the first device, a trigger message for permission to move the right from the RI; Sending, by the first device, the license renewal request to the RI such that the license is included in the license; And in response to the right renewal request, the RI sending the renewed right to the first device through a right renewal response message. The method of claim 7, wherein the renewed usage rights The method of claim 1, wherein the device can be moved from the first device to at least one different second device. The method of claim 7, wherein the license update response message is And a movement permission element for the usage right. 10. The method of claim 9, wherein the move permission element Contained within or separate from the renewed right; And the license is transferred from the RI to the first device together with the updated usage right. 11. The method of claim 10, wherein the move permission element Authentication method for the right-to-device usage rights movement comprising at least one constraint. The method of claim 11, wherein the constraint is Include count constraints, And the count constraint is a value of a number that can move the updated right to the second device from the first device. delete The method of claim 11, wherein And whenever the updated right is moved from the first device to at least one or more different second devices, the value of the number decreases. 15. The method of claim 14, wherein the value of the number is 0 And the updated right to use cannot move from the first device to the second device. The method according to claim 1 or 7, Moving, by the first device, the updated usage right to the second device; After moving the updated right to use, the first device decreasing the count constraint value of the move permission element; And installing, by the second device, the updated right to use. 17. The method of claim 16, wherein the renewed usage rights Authentication method for the right-to-device movement of rights, characterized in that moved directly from the first device to the second device. 18. The apparatus of claim 17, wherein the second device is And transmitting a response message informing of the success of the movement after receiving the updated usage right to the first device. 17. The method of claim 16, wherein the renewed usage rights And the first device is moved from the first device to the second device via the RI. 20. The method of claim 19, wherein the RI is After receiving the request to move the updated right to the second device from the first device Deliver a response message to the move request, And transmitting the updated usage right to the second device. The method according to claim 1 or 7, After the RI receives the request for renewal of the right from the first device If it is unable to authenticate the move permission to the first device, And the RI transmits an error message to the first device. delete delete delete delete delete delete delete delete delete delete delete delete

Images