KR100821083B1 - System and method for self-made contents distribution using digital rights management - Google Patents

Abstract

Disclosed are a self-contained content distribution system using digital rights management for distributing self-contained content in a client and a method thereof. That is, after registering content and content information of self-produced content and downloading and distributing DRM packaged content, at least one client requesting / receiving a rights object (RO) for the content and using the content ; A service server configured to receive the content and information of the content from the client, package the content in DRM content, and register the information of the content in a rights issuer when receiving a request for purchasing a rights object of the content; And a digital content management system using digital rights management, which includes a rights issuer for encrypting a rights object based on the contents information and is issued to the client, thereby applying and distributing DRM technology to the own content. The reliability is very high, the client user is regarded as a Contents Provider (CP), and the profits of the rights issuance can be distributed to the service providers as a subject in distributing their own contents, thereby obtaining a certain profit.

DRM, original content, distribution

Description

Homegrown content distribution system using digital rights management and its method {SYSTEM AND METHOD FOR SELF-MADE CONTENTS DISTRIBUTION USING DIGITAL RIGHTS MANAGEMENT}

1 is a block diagram showing a content distribution system model using a DRM according to the prior art.

Figure 2 is a block diagram showing a model of the own content distribution system using the DRM according to the first embodiment of the present invention.

Figure 3 is a block diagram showing a model of the own content distribution system using the DRM according to a second embodiment of the present invention.

4 is a block diagram showing a model of a self-contained content distribution system using DRM according to a third embodiment of the present invention.

Figure 5 is a block diagram showing a model of the own content distribution system using the DRM according to a fourth embodiment of the present invention.

* Explanation of Codes on Major Parts of Drawings *

510: first client 520: second client

530: expression server 540: rights issuer

The present invention relates to a DRM content distribution system and a method thereof, and more particularly, to a self-content content distribution system and a method using digital rights management that reliably distributes content produced by a client.

1 is a block diagram showing a content distribution system model using a DRM according to the prior art.

As shown in FIG. 1, the system model includes: a first client 110; Second client 120; A content issuer 130 that receives content from a content provider (CP), encrypts the content, and provides the encrypted content to the first client 110; A rights issuer 150 for encrypting a rights object (RO) that can use the encrypted content; And a presentation server 140 providing content requested from the first client 110 or providing a rights object requested from the first and / or second client 120.

The content issuer 130 performs DRM packaging on the content registered by the CP according to a request of the expression server 140. DRM packaging of such content is the process of encrypting the content so that it can be reused only through the rights object and configuring it for a specific format. In addition, the content issuer 130 needs a content encryption key (CEK), a content ID (CID), and a DCF hash to generate the rights object. The encrypted content is encrypted in the DRM content format (DCF), and examples of DCF include OMA DCF 1.0 and DCF 2.0. In addition, the content issuer 130 transmits the encrypted DRM content to the first client 110 and then transmits the corresponding content information to the rights issuer 150 for reference in generating a rights object. In particular, with regard to sharing content information between the content issuer 130 and the rights issuer 150, the sharing of the CEK may use a Diffie-Helman key sharing algorithm, and the content issuer 130 may use the CEK. It may be sent directly to the rights issuer 150.

The rights issuer (RI) 150 encrypts the rights object with reference to the content information registered in advance for the rights requested from the expression server 140, and then the first client 110 and / or the second client. To the client 120. As a result, the DRM content distributed from the first client 110 (super-distribution) can be legally used.

The expression server 140 serves as a service provider for the first client 110 and the second client 120. In particular, when the first client 110 requests a specific content, the expression server 140 receives the request and requests the content issuer 130 for the DRM content for the corresponding content, and the content issuer 130 receives the first client ( 110) to provide the DRM content.

Hereinafter, a content distribution method using DRM according to the prior art, such as an Open Mobile Alliance (OMA) DRM 2.0, will be described.

First, during the use of a predetermined service provided by the expression server 140, the first client 110 requests the expression server 140 to provide specific content (S101).

Then, the expression server 140 requests the content issuer 130 for the DRM content for the content, and the content issuer 130 performs the DRM packaging on the content to generate the DRM content for the first client 110. Provided by (S102-S104). At this time, the content issuer 130 registers the content information on the encrypted content with the rights issuer 150 and shares them with each other (S105).

Thereafter, when the first client 110 subsequently uses the content provided from the content issuer 130, the first client 110 requests the expression server 140 for rights to the corresponding content (S106). Then, the expression server 140 requests the rights object to the rights issuer 150, and the rights issuer 150 encrypts the rights object for the content with reference to previously registered content information to the first client 110. FIG. (S107-S109).

In addition, when the second client 120 wants to use the DRM content legally distributed by the first client 110, the second client 120 expresses rights to the DRM content. (S110-S111). In this case, if the second client 120 is not registered with the rights issuer, the device registration procedure is first performed, and then, the rights server for the DRM content is requested to the expression server 140.

Then, the expression server 140 requests the rights object to the rights issuer 150, and the rights issuer 150 encrypts the rights object for the content by referring to previously registered content information to the second client 120. (S112-S114).

Thus, the second client 120 is provided with only the rights object for the downloaded content by the first client 110, it is possible to simply and legally use the content without having to download through the expression server 140.

As described above, by applying the DRM technology to the content provided by the CP, it was possible to prevent illegal distribution and foster the digital content market.

However, as various image production tools and digital cameras are rapidly spread to the general public, the level of their own contents is improved day by day, and they are frequently used without the author's approval. .

In addition, the load on the amount of content managed by the expression server (that is, the service server) is considerable, and when the content and content information are registered by individual subscribers, the amount of the load becomes unacceptably large. There was a problem.

Accordingly, an object of the present invention is to provide a system and method for distributing own content using digital rights management which prevents illegal distribution of contents produced by a general person other than a professional service provider using DRM.

In addition, another object of the present invention is to provide a home-based content distribution system and method using digital rights management to reduce the server load of a service provider provided to prevent illegal distribution of content produced by the general person. have.

In order to achieve the above object, the client of the own content distribution system using Digital Rights Management (DRM) according to a preferred embodiment of the present invention, the registration means for performing a client registration; Content production means for producing predetermined content; DRM content packaging means for performing DRM content packaging of the produced content; And distribution means for legally distributing the packaged DRM content.

In addition, according to a preferred embodiment of the present invention Digital Rights Management (DRM) including a client using a predetermined content and a rights issuer for issuing a rights object (RO) for the content to the client; The service server of the own content distribution system, comprising: a rights proposal configuration module for configuring a rights offer based on a purchase request of a rights object (RO) from the client; An analysis module for interpreting a rights issuer location information (RI URL) based on a rights object (RO) purchase request transmitted from the client; A first receiving module for receiving a user's selection of a purchase request and a right offer of a right object from the client; A second receiving module receiving a MAC verification result and a ROAP trigger from the right issuer; A first transmission module for transmitting the content information, a rights agreement, and a ROAP trigger request message received from the client to the rights issuer; And a second transmitting module for transmitting the ROAP trigger received from the right issuer and the configured right proposal to the client.

In addition, the rights issuer of the own content distribution system using Digital Rights Management (DRM) including a client using the content and a service server for relaying the rights object to use the content according to an embodiment of the present invention. A receiving unit receiving content information and a Rights Agreement from the service server and receiving a Rights Object Acquisition Protocol (ROAP) trigger request; A verification unit which performs MAC verification based on the content information and transmits the result to the service server; And a transmitter for transmitting the requested ROAP trigger.

In addition, the own content distribution system using digital rights management according to the first embodiment of the present invention, if the DRM packaged content is downloaded and distributed through the expression server 240 after registering self-produced content and content information, At least one client requesting / receiving a rights object (RO) for the content to use the content; A service server configured to receive the content and information of the content from the client, package the content in DRM content, and register the information of the content in a rights issuer when receiving a request for purchasing a rights object of the content; And a rights issuer for encrypting a rights object based on the content information and issuing the rights object to the client.

In addition, the own content distribution system using digital rights management according to the second embodiment of the present invention, after legally distributing the self-produced content, requests to receive / receive a Rights Object (RO) for the content At least one client using the content; After receiving the content and the information of the content from the client and packaging the content in DRM content, the content information is managed but the content is deleted, and the right object purchase request message of the content corresponding to the registered content information is received. A service server for transferring the information of the contents to the rights issuer; And a rights issuer for encrypting a rights object based on the content information and issuing the rights object to the client.

In addition, the own content distribution system using digital rights management according to the third embodiment of the present invention, after performing the DRM content packaging of the content produced by itself, and legally distribute the packaged DRM content, At least one client requesting / receiving a rights object (RO) to use the content; A service server for transmitting the information of the content to the rights issuer after receiving the information on the content from the client and receiving a request for purchasing the rights object of the content corresponding to the registered content information; And a rights issuer for encrypting a rights object based on the content information and issuing the rights object to the client.

In addition, the own content distribution system using digital rights management (DRM) according to the fourth embodiment of the present invention performs DRM content packaging of self-produced content and legally distributes the packaged DRM content. At least one client using the content by requesting / receiving a rights object for the content; A service server that registers the client, receives a rights object purchase request message from the client, analyzes the content information included in the rights object purchase request message, and delivers the analyzed content information to the rights issuer; And a rights issuer for performing MAC verification based on the content information transmitted from the service server and issuing a rights object for the content.

On the other hand, the own content distribution method using digital rights management according to the first embodiment of the present invention, (a) the first client to produce its own content, and registering the produced content and content information to the service server; (b) registering, by the service server, the content information with a rights issuer; (c) a second client requesting the content; (d) after the service server performs DRM content packaging on the content, downloading the packaged DRM content to the second client; (e) the second client requesting a rights object (RO) to a service server; And (f) relaying, by the service server, the issue of the rights object from the rights issuer to the second client.

In addition, the own content distribution method using the digital rights management according to the second embodiment of the present invention, (1) the first client to produce its own content, and registering the produced content and content information to the service server; (2) registering, by the service server, the content information with the rights issuer, performing the DRM content packaging, and downloading the packaged DRM content to the first client; (3) the first client legally distributing the packaged DRM content to at least one second client; (4) the second client requesting a rights object (RO) to a service server; And (5) the service server relaying the issue of the rights object from the rights issuer to the second client.

In addition, in the own content distribution method using digital rights management according to the third embodiment of the present invention, (a) the first client produces its own content, and after the DRM content packaging of the produced content, Registering the content information with the service server; (B) registering, by the service server, the content information with a rights issuer; (C) the first client legally distributing the packaged DRM content to at least one second client; (D) the second client requesting a rights object (RO) to a service server; And (ㅁ) the service server relaying the issue of the rights object from the rights issuer to the second client.

According to a fourth aspect of the present invention, there is provided a method for distributing own content using digital rights management, comprising: (A) a first client registering a device with a service server, and packaging DRM content of its own content to at least one; Legally circulating to a second client; (B) the service server receives a rights object (RO) purchase request from the second client, and decodes the content information by analyzing the rights issuer address information (RI URL) included in the purchase request; Transmitting the content information to the rights issuer; (C) the rights issuer performing MAC verification based on the content information and transmitting the MAC to the service server; (D) receiving, by the service server, the MAC verification result, constructing a Rights Offer, and transmitting it to the second client; (E) transmitting, by the second client, user selection details to the service server; And (F) relaying the rights object after the service server transmits a rights agreement (RA) to the rights issuer based on the user selection details.

Hereinafter, the present invention will be described in detail with reference to the accompanying drawings and preferred embodiments. Like reference numerals refer to like or similar elements throughout the drawings.

FIG. 2 is a block diagram showing a model of a self-contained content distribution system using a DRM according to a first embodiment of the present invention.

As shown in FIG. 2, the system model includes: a first client 210 that self-creates content; At least one second client 220 receiving the content produced by the first client 210 by a super-distribution; A presentation server 240 that receives content and content information from the first client 210 and encrypts the content and content information, and provides rights objects (ROs) requested from the second client 220; And a rights issuer 250 that encrypts a rights object that can use the encrypted content.

Such a system model configuration differs from FIG. 1 described in the prior art in the following points.

The first client 210 registers the content and the content information with the expression server 240 by producing the content as one of the CPs. In this case, the first client 210 may be provided with the authoring tool necessary for producing the content in the expression server 240. After registering the content and the content information, the first client 210 registers the content with the at least one second client 220. By distributing the content legally, it distributes its own contents.

The expression server 240 stores and registers the content and content information uploaded from the first client 210, performs DRM packaging of the content, and shares the CEK with the rights issuer 250 or together with the Content ID. The right issuer 250 is transmitted. In addition, the expression server 240 performs a role for the distribution of the content registered by the first client 210 by providing the encrypted content for the content provided from the second client 220. do. In addition, the expression server 240 provides a rights object requested by the at least one second client 220 in association with the rights issuer 250.

Hereinafter, a content distribution method according to the first embodiment of the present invention will be described.

First, with respect to content (hereinafter, content A) produced by the first client 210 itself, information of the corresponding content A and the content A is registered in the expression server 240 (S201-S202). Then, the expression server 240 registers the information about the content A in the rights issuer 250, and prepares for the right object request corresponding to the content A later (S203).

Thereafter, when the second client 220 requests the content A from the expression server 240, the expression server 240 DRM packages the content A and downloads the content A to the second client 220. ) Requests the right object for using the content A to the expression server 240 (S204-S207). In this case, the DRM packaging for the content A may be performed before the content request of the second client 220. In addition, the second client must be preceded by the device registration procedure prior to the request for the rights object.

Accordingly, the expression server 240 requests the rights issuer 250 for the rights object for the content A, and the rights issuer 250 encrypts the rights object for the content A, and then ROAP (RO Acquisition Protocol) The rights object is downloaded to the second client 220 by using a trigger so that the second client 220 can use the content A (S208-S210).

Figure 3 is a block diagram showing a model of the own content distribution system using the DRM according to a second embodiment of the present invention.

As shown in FIG. 3, the system model includes: a first client 310 that self-creates content; At least one second client 320 provided with the content produced by the first client 310 by super-distribution; Representation server for receiving the content and content information from the first client 310 and encrypts it, and provides a rights object requested from the second client 320 (Presentation Server, 340); And a rights issuer 350 that encrypts a rights object that can use the encrypted content.

Such a system model configuration differs from the above-described first embodiment in the following points.

The first client 310 registers the content and the content information with the expression server 340 by producing content as one of the CPs. In this case, the first client 310 may be provided with the authoring tool necessary for producing the content in the expression server 340. After registering the content and the content information, the first client 310 may provide the content to the at least one second client 320. By legally distributing, the contents produced by itself are distributed.

The expression server 340 registers the content and content information uploaded from the first client 310, performs DRM packaging of the content, shares the CEK with the rights issuer 350, or the rights issuer together with the Content ID. Send to 350. In addition, the expression server 340 provides a rights object requested by the at least one second client 320 in association with the rights issuer 350.

In summary, the expression server 340 may perform DRM packaging, content registration, and content information registration of content with respect to the first client 310, and support issuance of a rights object. Therefore, the expression server does not need to continuously manage the content itself because there is no need for the distribution of the content itself, and this transaction reduces the load of the server since the transaction does not occur.

Hereinafter, a content distribution method according to a second embodiment of the present invention will be described.

First, the first client 310 registers the information of the content B and the content B with the expression server 340 for the self-produced content (hereinafter referred to as content B), and issues the rights object for the content B. Request (S301-S302). In this case, unless the first client 310 transfers ownership of the content B to the expression server 340, the first client 310 may be a right holder who produced the corresponding content, and thus the right issuance may be omitted.

Then, the expression server 340 registers the information on the content B in the rights issuer 350 to prepare for the request for the right object corresponding to the content B in the future, the right object for using the content B of the first client 310 After requesting the rights issuer 350, the content B is encrypted through the DRM packaging to be downloaded to the first client 310 to enable legal distribution (S303-S305).

Meanwhile, the rights issuer 350 receiving the request for issuing the rights object for the content B in step 303 performs packaging of the rights object based on the information on the content B transmitted by the first client 310 to perform the rights client packaging. And transmits to 310 (S306-S307).

Thereafter, the first client 310 legally distributes the DRM packaged content B to at least one or more second clients 320 (S308). Accordingly, since the expression server 340 does not need to act as a distribution, the expression server 340 does not need to be stored.

The second client 320 requests the expression server 340 for the rights object for using the content B (S309). Accordingly, the expression server 340 requests the rights issuer 350 for the rights object for the content B, and the rights issuer 350 encrypts the rights object for the content B to generate a RO Acquisition Protocol (ROAP) trigger. By downloading to the second client 320, the second client 320 can use the content B (S310-S312).

Figure 4 is a block diagram showing a model of the own content distribution system using a DRM according to a third embodiment of the present invention.

As shown in FIG. 4, the system model includes: a first client 410 for producing content by itself and encrypting the content through DRM packaging; At least one second client 420 produced by the first client 410 and provided with the DRM packaged content by a super-distribution; A presentation server that receives content information from the first client 410 and provides a rights object requested from the second client 420; And a rights issuer 450 that encrypts a Rights Object that can use the DRM packaged content.

Such a system model configuration differs from the above-described second embodiment in the following points.

The first client 410 is provided with a DRM agent (not shown) on its own to encrypt the contents produced by the DRM packaging. That is, since the first client 410 is a subject of creation and authoring, and there is no need for DRM packaging in the expression server 440, this reduces the server load caused by the packaging request for numerous contents.

The expression server 440 registers the content information uploaded from the first client 410 and shares the CEK with the rights issuer 450 using the content information, or transmits the information to the rights issuer 450 together with the CID. do. In addition, the expression server 440 provides a rights object requested by the at least one second client 420 in association with the rights issuer 450. Accordingly, unlike the second embodiment, the expression server 440 does not have a load on a corresponding function because there is no need to manage the content itself and a role of DRM packaging for the content. In summary, the expression server 440 performs content information registration with respect to the first client 410 and performs only support for issuing a rights object.

Hereinafter, a content distribution method according to a third embodiment of the present invention will be described.

First, the first client 410 registers the information of the content C with the expression server 440 with respect to the content (hereinafter, content C) produced by the first client, and encrypts the content C through DRM packaging. The issue of a rights object for the content C is requested (S401-S403). In this case, the first client 410 may omit the rights issuance unless the ownership of the content C is not transferred to the expression server 440.

Then, the expression server 440 registers the information on the content C in the rights issuer 450, and prepares for the rights object request corresponding to the content C of at least one or more second clients 420 later, and the first client ( The right object for the use of the content C of 410 is requested to the rights issuer 450 (S404). Accordingly, the rights issuer 450 performs packaging of the rights object based on the information on the content C and transmits the rights object to the first client 410 (S405-S406).

Here, the information of the content C registered in the rights issuer 450 in the expression server 440 is a content encryption key (CEK) and a content ID (Content ID), and information necessary for performing rights object packaging. Should further contain the authorization information of the DCF hash and the configurable rights. In addition, constraint information (Constraint) of the settable right may also be included.

On the other hand, CEK sharing between the expression server 440 and the rights issuer 450 is also possible through a Diffie-Hellman key sharing algorithm, and CID is information linking content and rights. In the present invention, a parameter indicating that the content is own is required. On the other hand, the DCF hash is information inserted into the rights object to ensure the integrity of the content, and the permission information that can be set includes whether it can be set to play, display, execute, print, and export. The restriction information of the settable right may include whether the number, duration, date, etc. can be set.

In particular, the CID follows the Content URI (RFC 2396) or CID (RFC 2392) format recommended by OMA DRM 2.0 to satisfy the third embodiment of the present invention.

For example, the CID format is defined by "cid-url" = "cid" ":" local-part "@" domain. Here, to satisfy the semantics of the domain, it is defined as follows according to the type of client.

Cid: sequenceNumber @ clientType-clientValue

At this time, "sequenceNumber" is counted each time it is produced by a specific client, and uniqueness within the specific client is guaranteed. In addition, "clientType" uses the following form.

Mobile Identification Number (MIN), Electronic Serial Number (ESN), International Mobile Subscriber Identifier (IMSI), Static IPv4 Address (IPv4), Static IPv6 Address (IPv6), Individual Identifier Based on MIN (ITSI), OID-IMSI (SK) Telecom Operator Client Identifier Based on IMSI (Device Identifier)

In addition, a corresponding client value (clientValue) must be set after the "clientType", and a random number may be added to ensure uniqueness.

Accordingly, it is possible to determine that the DRM content is own content through the CID analysis as described above.

Thereafter, the first client 410 legally distributes the DRM packaged content C to at least one or more second clients 420 (S407).

Therefore, the second client 420 requests the rights object to the expression server 440 in order to use the legally distributed content C (S408). Accordingly, the expression server 440 requests the rights object for the content C to the rights issuer 450, and the rights issuer 450 encrypts the rights object for the content C to generate a RO Acquisition Protocol (ROAP) trigger. By downloading to the second client 420, the second client 420 can use the content C (S409-S411).

FIG. 5 is a block diagram showing a model for distributing own content using DRM according to a fourth embodiment of the present invention, which is a system model proposed by a need to minimize the involvement and burden of an expression server.

As shown in FIG. 5, the system model includes: a first client 510 for performing DRM content packaging of self-produced content and legally distributing the packaged DRM content; At least one second client 520 using the content by requesting / receiving a rights object for the content; The first client 510 is registered, the rights object purchase request message is received from the second client 520, the content information included in the rights object purchase request message is interpreted, and the analyzed content information. Representation server 540 for transmitting to the rights issuer to be described later; And a rights issuer 550 for performing MAC verification based on the content information transmitted from the service server and issuing a rights object for the content.

The configuration of such a system model differs from the above-described third embodiment in the following points.

That is, the operator (eg, a service provider) of the expression server 540 generally registers content to be serviced through contracts with specific content providers CP. Therefore, the registration process for the user's content and content information, such as the general CP, to support their own content is not only cumbersome, but also burdens the expression server 540.

For example, the second and third embodiments that manage information on the content without managing the content itself and the third embodiment which DRM packages the content on the first client 510 are more efficient than the prior art, but are still expressed. There is a management burden for the content information of the server 540, especially since not all registered content is purchased, there is a problem that the management burden is unnecessarily added.

Therefore, in the fourth embodiment, the subject of creation and authorization becomes a user, and users distribute content through P2P without passing through the expression server 540, and the expression server 540 does not perform DRM packaging of the content. In this paper, we propose a system model that reduces the load because it is unnecessary to register and manage contents information for issuing rights.

The first client 510 has a DRM agent on its own, encrypts the contents produced by the DRM packaging, and registers a device with the expression server 540 using a ROAP trigger. In addition, the first client 510 legally distributes the DRM content to at least one or more second clients 520, so that the second client 520 can use the content.

The expression server 540 does not need to register the content information uploaded from the first client 510, and the rights issuer (Rights Object) purchase request for at least one request from the second client 520. 550) in conjunction with the provision. That is, when the expression server 540 receives the request for purchasing the rights object together with the information necessary for the packaging of the rights object from the second client 520, the expression server 540 interprets the URL of the rights issuer and the content related to the purchase request to the rights issuer 550. After sending the ID, the encrypted CEK, the DCF hash, the configurable rights allowance information, and the MAC, and returning the MAC verification success message of the rights issuer, the second object that requested the rights object by constructing a Rights Offer. Send to client 520. In addition, the expression server 540 delivers a rights agreement to the rights issuer 550 through the above-mentioned rights proposal, and requests a ROAP trigger to package the rights object to the second client through the rights issuer 550. 520 to be transmitted.

Hereinafter, a content distribution method according to a fourth embodiment of the present invention will be described.

First, the first client 510 requests the ROAP trigger to perform the device registration protocol from the expression server 540 to perform client registration, and for the self-produced content (hereinafter, content D), the corresponding content. After encrypting D through DRM packaging, legal distribution of the content D is performed to at least one or more second clients 520 (S500-S503). At this time, the first client 510 may omit the rights issuance unless the ownership of the content D is not transferred to the expression server 540.

In addition, the first client 510 generates a CEK and is transmitted to the second client and the expression server in an encrypted state, as well as the first client 510 and the expression server 540 to implement the Diffie-Hellman algorithm. There may be a model that shares the CEK, in which case provisioning of the Diffie-Hellman certificate must precede.

In this case, the client registration is performed through the device registration protocol of OMA DRM 2.0, and in addition, the client type and the client value described in the third embodiment are inserted into the content ID. It is used to connect the right object and the right object can be compensated for the user with the issued rights object history.

In this case, when the first client 510 and the expression server 540 utilize the Diffie-Hellman key sharing algorithm, the DIP-Hellman is expressed in the expression server with respect to the registered client type and the client value. Certificate management is required.

In addition, since the first client does not register the content information with the expression server, the rights issuer configures the information necessary for packaging the rights object when the second object 520 requests the purchase of the rights object from the second client 520 to the expression server 540. Should be sent to 540. In the first to third embodiments described above, the content information (ie, Content ID, DCF Hash, CEK, etc.) necessary for issuing a rights object has been explicitly registered, but in the present embodiment, the content information Since the content is not managed by the expression server 540, the content information should be provided to the expression server 540 for the issue of the rights object.

Accordingly, the second client 520 uses the custom header of the textual header and the mutable DRM information box, which is an editable space, in the packaged content file (DCF file) structure as shown in FIG. 550 Configure an address (RI URL).

In addition, the CID is configured in the same manner as in the third embodiment to ensure integrity with the DCF hash. The DCF hash is conventionally generated by the expression server 540 to ensure the integrity of the DCF file and inserted when the rights object is created. However, in the present embodiment, the DCF hash is generated by the first client 510 and inserted into the DCF file. At the time of distribution, the DCF file should be interpreted by the second client 520 and provided to the expression server 540. To this end, a DCF hash value is inserted into a mutable DRM information box which is an editable space in the DCF file structure of FIG. 11.

Also, in relation to CEK, since the CEK is very important information for security, it should not be exposed to the outside. Therefore, the CEK is encrypted with a public key of the rights issuer 550 and then inserted into the Custom Header field of the DCF file. However, the first client 510 using the Diffie-Hellman key sharing algorithm uses only the Content ID value as the input parameter of the hash function in the Diffie-Hellman algorithm using the Diffie-Hellman certificate, thereby providing unique CEK for each content. Can be generated. Accordingly, since the expression server 540 manages the Diffie-Hellman certificate according to the client type and the client value, the expression server 540 uses the CID provided at the request of the rights object of the second client 520. CEK can be generated.

It also inserts permission information that can be set in the Custom Header field. That is, about 2 bytes can be allocated for playback, display, execution, printing, transmission, etc., and it can be set using the following binary number. An example is given below.

"0000000000011001" (set in order of play, display, execute, print, and transmit from LSB, and set 11 bits of MSB as reserved bit)

In addition, since the details of constraints are not related to the type of content, there is no need to provide information to the rights issuer 550. However, since some restrictions are dependent on the permission details of some rights, the first client 510 may not. The restriction field for the content D can be added to the custom header field in the same manner as the permission information of the rights or in a different manner so that the setting field can be set accordingly. In addition, price information may be defined and added to the Custom Header field so that a content producer can determine a price for the content D. FIG.

Accordingly, the second client 520 requests the purchase of the rights object by combining the URL header, the Content ID header, the Custom header, and the DCF Hash information of the Mutable DRM Information header of the rights issuer 550 when the rights object purchase request is made. . For example, when generating the CEK in the first client 510 is as follows.

`` RIURL? ContentID = ContentID & Permission = permission & DCFHash = DcfHashValue & MAC = MACValue & EncryptedCEK = encryptedCEK ''

In addition, when using the Diffie-Hellman key sharing algorithm is as follows.

`` RIURL? ContentID = ContentID & Permission = permission & DCFHash = DcfHashValue & MAC = MACValue ''

Subsequently, when the second client 520 requests the purchase of the rights object to the expression server 540 to use the distributed DRM content, the expression server 540 transmits the rights issuer address transmitted from the second client 520. (RI URL) is interpreted, and the content information (ie, Content ID, encrypted CEK, DCF hash, allowable information of the settable rights and MAC) for the content D is transmitted to the right issuer 550 (S504-S506). ). Here, if the second client 520 is not registered in the rights issuer 550, the device registration procedure is performed and then the corresponding procedure is performed. In addition, it is recommended to use an alternate subject name (ASN) existing in an extension field of a device certificate as the RI issuer address, and it is recommended to configure the ASN as a domain name system (DNS). .

In this case, too, when the first client 510 and the expression server 540 share the CEK through the Diffie-Hellman algorithm without generating the CEK in the first client 510, the expression server 540. Parses the URL of the rights issuer 550 transmitted from the second client 520 and obtains the content information (ie, CID, DCF hash, allowable information of the settable rights and MAC) for the content D from the corresponding rights issuer ( 550). In addition, the above-mentioned MAC transmission is transmitted only when the rights issuer 550 performs MAC verification. If the MAC verification is performed in the expression server 540, the MAC transmission is omitted, and step 507 will be described later. It is also omitted.

The reason for performing the MAC verification is to prevent the forgery of the DCF hash during content distribution. In other words, after changing the Content ID representing the author or forging the permission information of the settable right of the Custom Header field, an attack that replaces the DCF hash with the hash algorithm can be performed.

In addition, in order to protect the DCF Hash, a MAC (Message Authentication Code) value is generated using the DCF Hash as an input, and a part of the original content may be used as the MAC input to improve security. In order to provide this MAC information to the expression server 540, the MAC value is inserted into a Mutable DRM Information Box which is an Editable Space. Here, the MAC key is derived from the secure information CEK using a hash function. The MAC is preferably composed of a hashed MAC or a block cipher MAC that has performed more than 16 rounds of hash operations.

Then, the rights issuer 550 returns the result to the expression server 540 after MAC verification (S507).

Accordingly, the expression server 540 configures a rights offer and transmits the rights to the second client 520, and the user of the second client 520 selects a desired right among the proposed rights and expresses the desired server. 540) (S508-S509).

Then, after the expression server 540 transmits the rights agreement to the rights issuer 550 and requests a ROAP trigger, the rights issuer 550 transmits the ROAP trigger to the second client 520 via the expression server 540. (S510-S512).

Upon receiving the above-described ROAP trigger, the second client 520 requests a rights object from the rights issuer 550 according to the corresponding protocol. Then, the rights issuer 550 packages the rights object for the content D and transmits the rights object to the second client 520 (S513-S515). Here, the rights issuer 550 packages the rights object by decrypting the encrypted CEK.

At this time, if the first client 510 does not generate the CEK and the first client 510 and the expression server 540 share the CEK through the Diffie-Hellman algorithm, the Diffie-Hellman algorithm in step 514. Creates a CEK and packages the rights object.

In addition, in the case of the step 505 or step 507, when generating the CEK in the first client 510 is as follows.

First, the expression server 540 analyzes the URL of the rights issuer 550 transmitted from the second client 520, extracts the content ID, the encrypted CEK, the permission, the DCF hash, and the MAC, and delivers the URL to the rights issuer 550. .

When the rights issuer 550 analyzes the CID and confirms that the format is the same as in the third embodiment, the rights issuer 550 determines the right object request for the own content, and then encrypts the encrypted CEK with the private key of the rights issuer 550. ), And verify the MAC by generating a MAC having the DCF Hash value as an input and comparing it with the delivered MAC, and transmits the result to the expression server 540.

Accordingly, the expression server 540 configures Rights Offer as shown in step 508 based on the permission information received from the second client 520 when the MAC verification result is successful, and an error when the verification result fails. Show the window.

On the other hand, when using the Diffie-Hellman key sharing algorithm is as follows.

The expression server 540 analyzes the URL of the rights issuer 550 transmitted from the second client 520, extracts the Content ID, the encrypted CEK, the Permission, the DCF Hash, the MAC, and delivers the URL to the rights issuer 550.

When the rights issuer 550 analyzes the Content ID and confirms that the format is the same as in the third embodiment, the rights issuer 550 determines the rights object request for own content. Then, the rights issuer 550 generates a CEK for the corresponding content using the received Content ID, Diffie-Hellman certificate, and Diffie-Hellman key sharing algorithm, and then generates a MAC that inputs a DCF hash value. By comparing with the delivered MAC, the MAC is verified and the result is sent to the presentation server 540.

Accordingly, the expression server 540 composes a rights offer such as step 508 based on the permission information received from the second client 520.

Security information to be considered in the DRM distribution system and method according to the present invention is as follows.

First, unlike the first to third embodiments in which content creators register information necessary for issuance of a rights object, at least one second client 520 user who wants to use the content distributed in the fourth embodiment requests a rights object. Provides information required for issuance of city rights object to the expression server 540. Accordingly, in case the user insists that the content is produced by forgering the distributed content as an attacker, the present embodiment provides the following security elements.

First, Content ID and Permission are protected by integrity of Content ID and Permission by inserting DCF Hash into right object according to OMA DRM 2.0 specification.

Next, when the CEK generates the CEK on the first client 510, the CEK is encrypted and protected by the public key of the rights issuer 550. When the CEK utilizes the Diffie-Hellman key sharing algorithm, the attacker uses the author. The private key for Diffie-Hellman's algorithm cannot be obtained and thus protected.

Lastly, in the case of DCF Hash and MAC, in this embodiment, a method of inserting into the "Mutable DRM Information Header" is proposed. However, since the header is located in the "Editable Space", the user can arbitrarily operate. Accordingly, the present embodiment responds to this through the following security method.

First, if a malicious user forges the DCF itself, it can be recognized as a DCF hash value. Next, when a malicious user forges DCF itself and DCF hash value, it can be recognized as MAC value. Finally, if the malicious user wants to forge the DCF itself, the DCF Hash, and the MAC value, the MAC key cannot be generated unless the CEK is leaked.

While the present invention has been described in detail with reference to preferred embodiments, those skilled in the art will recognize that various modifications or changes can be made without departing from the spirit and scope of the invention.

As described above, according to the present invention, by applying the DRM technology to the original content, the reliability is very high.

In addition, according to the present invention, the client user is regarded as one CP, and in the self-distribution of contents, it is possible to take a predetermined profit by distributing the profit according to the issue of the rights with the service provider.

In addition, compared to the conventional method of applying the DRM technology to the own content, it is effective to easily support the corresponding service by reducing the burden on the server.

In addition, according to the present invention, there is an effect of fostering the digital content market and contributing to the industrial development by increasing the creative desire of the client user.

Claims (66)

delete In the own content distribution system using Digital Rights Management (DRM), Registration means for performing client registration; Content producing means for producing a predetermined own content; DRM content packaging means for performing DRM content packaging for the produced original content; And Distribution means for distributing the packaged DRM content; The DRM content packaging means, A Content ID (CID) generation module for adding an identifier indicating that the content is own content; And A CEK generation module for generating a content encryption key (CEK) using a predetermined code word of the own content and inserting the generated content encryption key into a DCF file; The client is Requesting means for requesting purchase of Rights Objects (RO) for using the packaged DRM content; Input / output means for receiving a Rights Offer and displaying it on a screen, and receiving a selection from a user with respect to the right offer; And And a receiving means for receiving the packaged RO. delete delete delete In the own content distribution system using Digital Rights Management (DRM), Registration means for performing client registration; Content producing means for producing a predetermined own content; DRM content packaging means for performing DRM content packaging for the produced original content; And Distribution means for distributing the packaged DRM content; The DRM content packaging means, A Content ID (CID) generation module for adding an identifier indicating that the content is own content; And A CEK generation module for generating a content encryption key (CEK) using a predetermined code word of the own content and inserting the generated content encryption key into a DCF file; The CID generation module, Generating a content ID (hereinafter referred to as a CID) indicating that the content is produced by a specific client and adding a different number for each produced content, the client type information, the client value information, and the random number according to time; Client. In the own content distribution system using Digital Rights Management (DRM), Registration means for performing client registration; Content producing means for producing a predetermined own content; DRM content packaging means for performing DRM content packaging for the produced original content; And Distribution means for distributing the packaged DRM content; The DRM content packaging means, A Content ID (CID) generation module for adding an identifier indicating that the content is own content; And A CEK generation module for generating a content encryption key (CEK) using a predetermined code word of the own content and inserting the generated content encryption key into a DCF file; The CEK generation module, And encrypting the generated CEK through a predetermined public key and inserting the generated CEK into a custom header field in a DCF file. In the own content distribution system using Digital Rights Management (DRM), Registration means for performing client registration; Content producing means for producing a predetermined own content; DRM content packaging means for performing DRM content packaging for the produced original content; And Distribution means for distributing the packaged DRM content; The DRM content packaging means, A Content ID (CID) generation module for adding an identifier indicating that the content is own content; And A CEK generation module for generating a content encryption key (CEK) using a predetermined code word of the own content and inserting the generated content encryption key into a DCF file; The DRM content packaging means, A DCF hash configuration module for inserting a DCF hash into a DCF file to ensure the integrity of the DRM content file (DRM Content Format; DCF); A MAC (Message Authentication Code) configuration module that blocks forgery of the DCF hash configured in the DCF hash configuration module; A permission information generation module for inserting permission information of a configurable right for the own content; And Further comprising a price information generation module for inserting the price information for the own content, The DCF hash configuration module, And inserting the DCF hash into a portion of the DCF file excluded from the hash operation. delete The method of claim 8, wherein the MAC configuration module, The DCF hash is input, and a client generates a MAC value through a MAC key derived from the CEK and inserts it into a portion of the DCF file. delete delete The method of claim 2, wherein the requesting means, A client characterized by requesting a RO purchase by combining DCF hash information of a rights issuer URL header, a CID header, a custom header, and a mutable DRM information header. delete delete The method of claim 13, wherein the custom header (Custom Header), Including permission information and price information of configurable rights, The client further comprises an encrypted CEK. delete The method of claim 2, wherein the DRM content packaging means, A Content ID (CID) generation module to add an identifier indicating the original content; And And a CEK generation module for generating a CEK using the CID value as an input parameter of the hash function in the Diffie-Helman algorithm using a Diffie-Helman certificate. The method of claim 18, wherein the CID generation module, Characterized by generating a CID including a sequence number, a client type information, a client value information, and a random number according to time indicating that the content is produced by a specific client and adding different numbers for each of the produced original contents. Client made. The method of claim 18, wherein the DRM content packaging means, A DCF hash configuration module for inserting a DCF hash into a DCF file to ensure the integrity of the DRM content file (DRM Content Format; DCF); A MAC (Message Authentication Code) configuration module that blocks forgery of the DCF hash configured in the DCF hash configuration module; A permission information generation module for inserting permission information of a configurable right for the own content; And Further comprising a price information generation module for inserting the price information for the own content, The DCF hash configuration module, And inserting the DCF hash into a portion of the DCF file excluded from the hash operation. delete The method of claim 20, wherein the MAC configuration module, The DCF hash is input, and a client generates a MAC value through a MAC key derived from the CEK and inserts it into a portion of the DCF file. delete delete In the own content distribution system using Digital Rights Management (DRM), comprising a client using a specific own content and a rights issuer for issuing a rights object (RO) to the client. A rights proposal configuration module for constructing a rights offer based on a rights object purchase request sent from the client; An analysis module for interpreting a rights issuer location information (RI URL) based on a rights object (RO) purchase request transmitted from the client; A first receiving module for receiving a user's selection of a purchase request and a right offer of a right object from the client; A second receiving module receiving a MAC verification result and a ROAP trigger from the right issuer; A first information for receiving content information, a rights agreement, and a ROAP trigger request message included in a message corresponding to a rights object (RO) purchase request received from the client and transmitting the received message from the client to the rights issuer; A transmission module; And And a second transmitting module for transmitting the ROAP trigger received from the right issuer and the configured right proposal to the client. delete delete delete In the own content distribution system using Digital Rights Management (DRM) including a client using the own content and a service server for relaying the rights object to use the content, Receive content information and rights agreement included in the message corresponding to the rights object purchase request from the service server through a rights object object (RO) purchase request of the client, and receive a rights object acquisition protocol (ROAP) A receiver for receiving a trigger request; A verification unit which performs MAC verification based on the content information and transmits the result to the service server; And It includes a transmitter for transmitting the requested ROAP trigger, The verification unit, Among the contents information, the encrypted CEK is decrypted based on a private key, a MAC generated with a DCF hash value is input, and then the MAC transmitted with the contents information is compared with the generated MAC and verified. Right issuer, characterized in that. delete The method of claim 29, wherein the verification unit, Among the contents information, the CID, the Diffie-Hellman certificate and the Diffie-Hellman key sharing algorithm generate the CEK for the content, generate the MAC with the DCF hash value, and then transmit the MAC and the MAC transmitted with the content information. Right issuer, characterized in that for verifying by comparing the generated MAC. delete delete In the own content distribution system using Digital Rights Management (DRM), At least one client using the content by performing DRM content packaging on self-produced content, distributing the packaged DRM content, and requesting / receiving a rights object for the own content; A service server that registers the client, receives a rights object purchase request message from the client, analyzes the content information included in the rights object purchase request message, and delivers the analyzed content information to the rights issuer; And It includes a rights issuer for performing the MAC verification based on the content information transmitted from the service server to issue a rights object for the content, The client, Includes a DRM package agent that generates Content ID (CID), Content Encryption Key (CEK), DRM Content Format (DCF) hash, MAC (Message Authentication Code), configurable rights permission and price information , The DRM package agent, And the DCF hash as an input, and generate a MAC value through a MAC key derived from the CEK. In the own content distribution system using Digital Rights Management (DRM), At least one client using the content by performing DRM content packaging on self-produced content, distributing the packaged DRM content, and requesting / receiving a rights object for the own content; A service server that registers the client, receives a rights object purchase request message from the client, analyzes the content information included in the rights object purchase request message, and delivers the analyzed content information to the rights issuer; And It includes a rights issuer for performing the MAC verification based on the content information transmitted from the service server to issue a rights object for the content, The client, Includes a DRM package agent that generates Content ID (CID), Content Encryption Key (CEK), DRM Content Format (DCF) hash, MAC (Message Authentication Code), configurable rights permission and price information , The client, Digital rights including a Content ID (CID), a DRM Content Format (DCF) hash, a Message Authentication Code (MAC), a DRM package agent for generating permission information and price information of configurable rights Your own content distribution system using management. In the own content distribution system using Digital Rights Management (DRM), At least one client using the content by performing DRM content packaging on self-produced content, distributing the packaged DRM content, and requesting / receiving a rights object for the own content; A service server that registers the client, receives a rights object purchase request message from the client, analyzes the content information included in the rights object purchase request message, and delivers the analyzed content information to the rights issuer; And It includes a rights issuer for performing the MAC verification based on the content information transmitted from the service server to issue a rights object for the content, The client, Includes a DRM package agent that generates Content ID (CID), Content Encryption Key (CEK), DRM Content Format (DCF) hash, MAC (Message Authentication Code), configurable rights permission and price information , The DRM package agent, Using a digital rights management, characterized in that the CID is generated by generating a CID including the sequence number, the client type information, and the client value information indicating the random number over time indicating that the specific content has been produced by the specific client. Your own content distribution system. delete delete delete delete delete In the own content distribution method using digital rights management, (A) a first client registering a device with a service server, packaging DRM contents of the self-manufactured content, and distributing it to at least one second client; (B) the service server receives a rights object (RO) purchase request from the second client, and decodes the corresponding content information by interpreting the rights issuer address information (RI URL) included in the purchase request; Transmitting the content information to a rights issuer; (C) the rights issuer performing MAC verification based on the content information and transmitting the MAC to the service server; (D) receiving, by the service server, the MAC verification result, constructing a Rights Offer, and transmitting it to the second client; (E) transmitting, by the second client, user selection details to the service server; And And (F) the service server forwarding a rights agreement (RA) to the rights issuer based on the user selection details, and relaying the rights object. Distribution method. 43. The method of claim 42, wherein (F) comprises (F1) the service server requesting a rights object acquisition protocol (ROAP) trigger from the rights issuer, and receiving the ROAP trigger and transmitting the ROAP trigger to the second client; (F2) the second client sending a rights object (RO) request message to a rights issuer; And (F3) the rights issuer packaging the rights object and delivering the rights object to the second client through a rights object (RO) response message. 44. The method of claim 42 or 43, wherein step (A) comprises And the first client registers a client type and a client value in the service server. 44. The method of claim 42 or 43, wherein step (A) comprises When packaging the DRM content, the content ID, DCF hash, CEK, permission information, configurable rights, price information and MAC are included in the DCF file The DCF hash is A method of distributing own content using digital rights management, which is inserted into a part of a DCF file excluded from a hash operation. The method of claim 45, wherein the content ID, A method of distributing own content using digital rights management, comprising: a sequence number, a client type information, a client value information, and a random number according to time, each of which indicates that the content is produced by a specific client and adds a different number for each produced content. The method of claim 45, wherein the CEK, And encrypting the generated CEK through a predetermined public key and inserting the generated CEK into a custom header field in a DCF file. delete The method of claim 45, wherein the MAC, And using the DCF hash as an input, generating a MAC value through a MAC key derived from the CEK, and inserting the MAC value into a portion of the DCF file. delete delete 44. The method of claim 42 or 43, wherein step (B) comprises: A method for distributing own content using digital rights management, comprising requesting the purchase of a rights object (RO) by combining DCF hash information of a rights issuer URL header, a CID header, a custom header, and a mutable DRM information header. delete delete The method of claim 52, wherein the custom header (Custom Header), Including permission information and price information of configurable rights, Authorized content distribution method using digital rights management, characterized in that it further comprises an encrypted CEK. delete 44. The method of claim 42 or 43, wherein step (C) comprises: (C1) decrypting an encrypted Contents Encryption Key (CEK) among the contents information based on a private key of the rights issuer; (C2) generating a MAC (Message Authentication Code) having a DCF (DRM Contents Format) hash value as input; And And (C3) comparing the generated MAC with the generated MAC and verifying the generated MAC. 44. The method of claim 42 or 43, wherein step (C) comprises: (C1) generating, among the contents information, a Contents Encryption Key (CEK) for the contents using a Contents ID (CID), a Diffie-Hellman certificate and a Diffie-Hellman key sharing algorithm; (C2) generating a MAC (Message Authentication Code) having a DCF (DRM Contents Format) hash value as input; And And (C3) comparing the generated MAC with the generated MAC and verifying the generated MAC. delete delete delete delete delete delete delete delete

Images