KR20070115575A - Method and system for managing domain - Google Patents

Abstract

A method and a system for managing a domain is provided to prevent formation of an illegal domain with steal of login information by making a domain manager store/manage a preset and past location of the domain, and manage domain moving information. A plurality of devices(120) use contents in the domain(100). The domain manager(140) manages the domain, stores a restriction rule for domain moving, and keeps or discards the moved domain according to the stored restriction rule if the location of the domain is moved. The domain manager receives the present location information from the devices or a representative device(110) selected among the devices. The present location information is detected by using one of an IP(Internet Protocol) address, an IP subnet address, a MAC(Media Access Control) address, a GPS(Global Positioning System) address, or mobile location information of the devices or the representative device. The domain manager stores/manages the present and past location information of the domain and discriminates the domain moving by comparing the present location of the domain with the previous location of the domain.

Description

Method and System for Managing Domain

1 is a block diagram showing the main configuration of a DRM interoperable system.

2 is an exemplary diagram illustrating an example in which a user moves a domain and uses a DRM interoperable service.

3 is an exemplary diagram illustrating a case in which an illegal intruder intrudes into a DRM interoperable system using only a user's login information.

4 is a flowchart illustrating a flow of a domain management method according to a first embodiment of the present invention.

5 is a flowchart illustrating a flow of a domain management method according to a second embodiment of the present invention.

<Description of the symbols for the main parts of the drawings>

100: Domain

110: Domain Reference Point

120: Device

122: client

140: Domain Manager

150: Rights Manager

200: Native DRM System

210: Contents Server

220: License Server

The present invention relates to a method and a system for managing a domain. The present invention can store and manage current and past locations of a domain using a domain manager that manages a domain, and restrict movement of a location of a domain according to predetermined restriction criteria. The present invention relates to a domain management method and system.

In general, digital content has the property of infinite copying, making it very vulnerable to illegal copying and use. Therefore, the content protection technology that can protect digital content from illegal copying and use is essential for the service of digital content.

Such content protection technologies include copyright tracking technologies such as water marking, finger printing, and digital object identifier (DOI), and copyright rights such as digital rights management (DRM). Can be divided into management skills.

Among them, DRM is a comprehensive digital content protection technology that prevents illegal copying and use of digital content, and ensures that only authorized users can use digital content. In other words, DRM provides a comprehensive framework for the distribution of digital content. For example, DRM uses encryption technology to convert digital content into encrypted data in the form of packages. Accordingly, even if digital content is accidentally acquired by a specific user, the digital content cannot be used unless a proper authentication process is performed.

On the other hand, it is common for DRM to use its own technology and policy that is different from other DRM. For example, in the case of a license format, each DRM system has a different format. As such, DRM has technical and policy closures.

However, technical and policy closure of the DRM may be a cause of deterioration of user convenience. This is because the user wants to use various contents regardless of what DRM is applied to the content by one time authentication or payment, but the content that can be used when a specific DRM is installed on the user's device is limited. Because. It is true that such technical and policy closure of DRM promotes illegal distribution and use of contents to users and acts as a factor to hinder the activation of digital content market.

Accordingly, recently, researches on a system capable of interoperating heterogeneous DRM structures have been actively conducted. A representative example is a DRM interoperability system.

The DRM interoperability system is a system that enables interoperability between heterogeneous DRMs by properly mediating the differences between different closed DRMs. Such a DRM interoperable system is very useful in terms of service and system construction. For example, in terms of service, a user can freely use content with heterogeneous DRM even if a specific DRM is installed in his device. Therefore, it is possible to reduce the dissatisfaction of content consumers due to the closedness of DRM. In addition, in terms of system construction, it is easy to build an integrated system integrating various types of DRM services.

In order to improve the completeness of such DRM interoperable system, reliable management and security of contents is essential. In particular, the DRM interoperable system introduces the concept of domain as a basic unit of the DRM Trusted Framework, so it is necessary to thoroughly manage security problems that may occur in domain management and maintenance.

However, the current DRM interoperable system can freely form a domain through the user's login information. Therefore, illegal use of content by an external device when an illegal domain is formed by the theft of another person is unknown. And there is a problem that can be replicated. If these problems are neglected, the DRM system itself becomes meaningless beyond the usability of the DRM interoperable system. In other words, in the construction of DRM interoperable systems, the meaning of DRM interoperability is inevitably faded unless the security maintained by individual DRM systems is more thoroughly maintained.

Therefore, there is an urgent need for technologies that can enhance security in the construction of DRM interoperable systems.

An object of the present invention is to provide a domain management method and system capable of preventing the formation of an illegal domain by stealing login information by managing movement information of a domain.

In the domain management method according to the present invention for achieving the above object, in a method of managing a domain to which the DRM interoperable system is applied, a domain administrator who manages the domain sets a predetermined limit based on the movement of the domain. Storing; And maintaining or discarding the moved domain according to the stored restriction criteria when the position movement of the domain occurs. At this time, the domain manager stores and manages the current location and the past location of the domain.

The limit criterion may be variable according to a cost paid by the user, and the maximum of the limit criterion may be set by a service provider's policy. Preferably, the limiting criterion may mean the number of domain movement allowances, which is information for limiting the number of movements of the domain.

In this case, the processing may include: determining, by the domain manager, a movement of a domain by comparing a current location with a previous location of the domain; And if it is determined that the domain has moved, comparing the total number of domain movements up to now with the number of stored domain movements allowed and maintaining or destroying the domain.

In this case, the movement detection of the domain may include receiving current location information from a specific device in the domain; And comparing the provided current location information with previously stored location information to determine whether to move.

In addition, the comparing and processing step may include: calculating the total number of domain movements up to now using the total number of domain movements accumulated up to now; Comparing the obtained total number of domain moves with the number of domain moves allowed; And maintaining the currently formed domain when the total number of domain moves is equal to or less than the number of allowed domain moves, and discarding the currently formed domain when the total number of domain moves is greater than the number of allowed domain moves. It may include.

The limit criterion may be an allowable number of domain locations, which is information for limiting a moving location of the domain.

In this case, the processing may include: determining, by the domain manager, a movement of a domain by comparing a current location with a previous location of the domain; If it is determined that the domain has moved, determining whether the current domain location is a new location; If the current domain location is a new location, storing the current domain location; And comparing the number of total domain forming positions to date with the allowable number of stored domain positions, and maintaining or destroying the domain.

In this case, the movement detection of the domain may include receiving current location information from a specific device in the domain; And comparing the provided current location information with previously stored location information to determine whether to move.

Further, the comparing and processing step may include comparing the total number of domain formation positions to date and the allowable number of domain positions; And maintaining the currently formed domain if the total domain formation location number is less than or equal to the domain location allowance number, and discarding the currently formed domain if the total domain formation location number is greater than the domain location allowance number. It may include a step.

On the other hand, the system according to the present invention for achieving the above object, in the system for forming a domain at a predetermined location, and provides a DRM mutual compatibility service in the domain, at least one included in the domain to use the content Device of; And a domain manager that manages the domain, stores the restriction criteria according to the movement of the location of the domain, and maintains or destroys the moved domain according to the stored restriction criteria when the location of the domain is moved.

The domain manager may be provided with current location information from the device or at least one representative device selected from among the devices. In this case, the current location information may include an IP address, an IP subnet address, a media access control (MAC) address, global positioning system (GPS) information, and movement of the device or the representative device. It can detect using any one of communication location information.

The domain manager may store and manage current and past location information of the domain, and determine a movement of the domain by comparing the current location with the previous location of the domain. In addition, the domain manager may destroy the domain when the location of the domain is moved and compares the movement information of the domain with the limiting criteria and violates the limiting criteria.

The limiting criterion may be at least one of the number of domain movement allowances, which is information for limiting the number of movement of the domain, and the number of domain position allowances, which is information for limiting the formation position of the domain.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art may easily implement the present invention. In the preferred embodiment of the present invention described below, specific technical terms are used for clarity of content. However, the invention is not limited to the particular term selected, and it is to be understood that each specific term includes all technical synonyms that operate in a similar manner to achieve a similar purpose.

FIG. 1 is a block diagram illustrating a main configuration of a DRM interoperable system, and exemplarily illustrates a domain, main entities constituting the domain, and an association between the entities.

As shown in FIG. 1, the DRM interoperable system forms a domain 100. The domain 100 is a basic unit of the DRM trust system and means an area to which the DRM interoperable system is applied. In this case, an area may mean an area of a physical concept or may mean a logical area. For example, domain 100 may be a collection of authorized devices that exist within a particular region or may be a bundle of logically designated devices.

The device 120 existing in the domain 100 may play the content to which the heterogeneous DRM is applied in the authority given to the user regardless of the type of the DRM installed in the user. Therefore, the user may log in to the DRM interoperable system, form the domain 100 in a desired region, and then use the desired contents. For example, a user can create a domain in his / her home and use various PCs, PMPs, MP3 players, PDAs, and other devices in the house (with or without DRM installed in each device). You can freely and legally play music, videos, games, etc., that are protected by.

As such, the domain 100 may be the most basic concept in the construction of a DRM interoperable system and an object requiring thorough management.

Referring to FIG. 1, the domain 100 may include at least one domain client 122, a domain reference point 110, a rights manager 150, and a domain manager. 140 or the like. In this case, the entities 110 to 150 are modules that can be mounted in a specific device in the form of software or a hardware chip, and each has a unique role.

Looking at the role of each entity (110 ~ 150) and the location (Builtin) as follows.

1. Client 122: The client 122 is an entity that finally uses the content. That is, it may mean an end point of using content. The client 122 may be mounted on devices 120 existing in the domain, for example, a mobile phone, a PC, a PDA, a TV, a PMP, an MP3 player, or the like. The device 120 on which the client 122 is mounted can use the content within the authorized limit.

2. Domain Representative 110: The domain representative 110 is an entity that determines the scope of the domain 100 and the environment of the domain 100. For example, the domain representative 100 may check a proximity of the devices 120 to determine a physical boundary, and may determine a range of the domain 100 based on this. The range of the domain 100 may be determined by a physical distance, the number of hops, a reaction time, and the like. In addition, the domain representative 110 may also perform functions such as distributing credentials for authenticating the client 122 and registering a domain representative with the domain manager 140.

Such domain representative 110 may be mounted on devices existing within domain 100, such as client 122 described above. The device on which the domain representative 110 is mounted may be a domain representative device. Such a domain representative device may be selected by a predetermined procedure in the initial configuration of the domain 100.

3. Authorization manager 150: Authorization manager 150 performs a function of managing the content usage rights information of the user. For example, the authority manager 150 may be a typical online service management manager that provides a login function for a user and stores the content usage right information of the user. The user may access the DRM interoperable system through the login. The main functions of the authority manager 150 include creating and deleting user names, creating and deleting content usage rights information, associating user names with content usage rights information, authentication, and managing rights information. There is this.

The content usage right information may mean domain accounts. In this case, the domain account may mean a unique identifier indicating the content usage rights of the user logged in by the authority manager 150, that is, the user connected to the DRM interoperable system. Therefore, in order for a user to use a specific content in the domain 100, it is necessary to confirm information of a domain account.

The authority manager 150 may be mounted on a service provider (SP) side serving a content, for example, on a server of a service provider. However, the authority manager 150 does not always have to exist on the service provider side, and in some cases, may exist within the domain 100.

4. Domain manager 140: The domain manager 140 is an entity that performs a function of managing the domain (100). For example, domain manager 140 may be responsible for creating domain 100, destroying wholesaler 100, managing clients 122 and accounts, discovering and removing domain representative 110, and so forth. ), Authentication, etc. can be performed.

In addition, the domain manager 140 stores and manages list information of the device 120 (client mounted) registered in the domain 100. In this case, the domain manager 140 may limit the number of devices 120 registered in the domain 100. For example, the number of devices 120 registered in the domain 100 may be limited to 16, and the excess devices may not be registered. In addition, the domain manager 140 may also perform a time limit, a streaming service limit, a subscription service limit, and the like.

The domain manager 140 may exist anywhere inside or outside the domain 100. For example, in the example shown in FIG. 1, domain manager 140 resides outside of domain 100. In this case, the domain manager 140 may be mounted on a server of a service provider or a server of a DRM interoperable service provider, and may interwork with the domain representative 110 and the client 122 through a wide area network such as the Internet. On the other hand, the domain manager 140 may exist inside the domain 100. In this case, the domain manager 140 may be mounted on any one of devices provided in the domain 100. That is, the aforementioned authority manager 150 and domain manager 140 may be mounted anywhere inside or outside the domain 100 according to an implementation environment. This may be optional.

Such a DRM interoperable system may be linked with at least one native DRM system 200.

The native DRM system 200 may include a content server 210 for providing content to the device 120 in the domain 100 and a license server 220 for issuing a license for using the content. In this case, it is assumed that the DRM used in the native DRM system 200 and the DRM installed in the device 120 are different from each other. Content provided by the content server 210 is converted into a format and DRM suitable for the device 120, which may be converted by a content converter (not shown). Since the content converter (not shown) is not directly related to the gist of the present invention, a separate illustration is omitted in FIG. 1. In addition, the license server 220 issues a license to the device 120 by using the content usage right information managed by the rights manager 150.

Using the DRM interoperable system described above, a user forms a domain 100 in a desired region using his or her login information, for example, an ID and a password, and uses a device 120 in the domain 100. To play the desired mutually compatible content. However, in this case, there is a possibility that another user illegally steals the user's login information to form a domain and then invades the domain to illegally use the contents.

2 is an exemplary diagram illustrating an example in which a user moves a domain and uses a DRM interoperable service.

As shown in FIG. 2, the user forms a domain D1 for using the DRM interoperable service in his or her home, which is the first region, and uses a MP3, a PC, a mobile phone, a PMP, etc. in the domain D1 to select a desired sound source. Listened. Then, the user moves to the second area of the school with his MP3 and creates a new domain called domain D2 using his domain login information. Then, the user can listen to the sound source using his MP3 belonging to D2. At this time, the existing domain D1 is destroyed and only D2 becomes a valid domain. Therefore, PCs, mobile phones, and PMPs that have been left in the domain D1 do not have DRM interoperability services.

3 is a diagram illustrating a case in which an illegal intruder intrudes into a DRM interoperable system using only a user's login information. FIG. 3 illustrates a possibility that another user can steal a user's domain by stealing login information of an existing user. Giving.

As shown in FIG. 3, the user forms a domain D1 for using the DRM interoperable service in his or her home, which is the first region, and listens to a desired sound source using an MP3, a PC, a mobile phone, a PMP, etc. in the domain D1. It was.

However, at this time, the illegal user may steal the user's login information to form an illegal domain D3, and then illegally listen to the sound source using the MP3 player. In this case, the domain D1 formed by the user is destroyed. If the user finds it immediately, the user can immediately report it to the service provider, but if not, both the consumer and the service provider have no choice but to damage.

In order to prevent such a case, in the present invention, the DRM interoperable system manages the location movement information of the domain. In other words, limit the moving position or the number of movement of the domain, and check the change in the position of the domain to destroy the domain or take a separate action when the domain is out of the limited range.

Hereinafter, a domain management method according to a preferred embodiment of the present invention will be described. First, embodiments of the domain management method to be described below may be divided into a method of limiting the number of movements of the domain, a method of limiting the location of the domain, and the like. For convenience of understanding, the former will be named the first embodiment, and the latter will be named the second embodiment. In addition, in the following description, the system basis refers to FIG. 1.

<First Embodiment>

4 is a flowchart illustrating a flow of a domain management method according to a first preferred embodiment of the present invention, in which the number of allowable movements (Na) of domains corresponding to login information is set, and the number of movements of the domains is checked. The procedure for limiting the formation of these compounds is shown.

To this end, the domain manager 140 stores the number of domain movement allowances Na corresponding to the login information. The number of allowable domain movements (Na) may be variable according to the cost paid by the user, and the maximum may be set policy by the service provider. The number of domain movement allowances Na may be set to, for example, five times, ten times, or the like. In addition, the domain manager 140 stores and manages the current position and the past position of the domain 100, and stores and manages the number of movements when the movement of the domain 100 occurs.

Referring to FIG. 4, the domain manager 140 first checks the location of the current domain 100 (step: S1) and determines whether the location of the domain 100 has moved (step: S2). That is, the movement is determined by comparing the current domain 100 position with the domain position at the time of the previous inspection. This determination may be performed every predetermined period, may be performed whenever a new domain 100 is formed, or may be arbitrarily performed by monitoring of a service provider.

In determining the location of the domain 100, a representative device in the domain 100 may be involved. The representative device may be a specific device in the domain 100 on which the domain representative 110 is mounted, or may mean any device specially selected to provide location information of the domain 100. The representative device may be one in the domain 100, but a plurality of representative devices may be provided when the distances between the devices provided in the domain 100 are adjacent to each other. Such a representative device informs the domain manager 140 of information in the current domain 100, for example, location information of the domain 100, on behalf of other devices in the domain 100.

On the other hand, the representative device may not be involved in determining the location of the domain 100, and each device may access the domain manager 140 to provide information in the domain 100. That is, the representative device may or may not be involved in determining the location of the domain 100. This is optional depending on the implementation environment. Therefore, the location of the domain 100 may mean a representative device location or a location of each device in the domain 100. Meanwhile, security may be improved by limiting the number of elections of the representative device to a specific number. In addition, the user may log in through the representative device.

There are the following methods for determining the location of the domain 100.

First, the location of the domain 100 may be determined using an IP address such as a representative device. This is the case in a model where a high-speed Internet service provider assigns a static IP.

Second, the location may be determined using an IP subnet address of the representative device or the like. For example, if they have the same subnet address, they are regarded as the same location. If the subnet address is changed and the TTL is not within 3 hops, the domain 100 is considered to have moved.

Third, a method of acknowledging the location may be used when the mobile station enters the peripheral area right of the representative device by using the media access control (MAC) address of the representative device. For example, if a high-speed Internet service provider installs a set-top box at home that is recognized as a separate representative device, the perimeter is set as a domain, and the device connected to the set-top box and wired or wirelessly is designated as a specific domain to designate a location. Can be.

Fourth, the position of a device in the domain 100 may be determined using a global positioning system (GPS).

Fifth, in the case of a mobile terminal such as a mobile phone, it is possible to determine the location of a device in the domain 100 from the base station.

On the other hand, when the domain 100 is moved as a result of determining whether the location of the domain 100 is moved, the domain manager 140 increases the value of the number of times the domain moves up to "1" (step: S3), and increases the increased current. Check the total number of domain movements (N) up to (step: S4). On the other hand, if the domain 100 is not moved, the currently formed domain 100 is maintained (step: S8).

Subsequently, the domain manager 140 compares the total number of domain moves N to date with the number of stored domain moves allowed Na (step: S5). As a result of the comparison, when the total number of domain moves N is equal to or smaller than the number of allowed domain moves Na, the domain manager 140 maintains the current domain 100 (step: S8). On the other hand, when the comparison result that the total number of domain moves N is greater than the number of allowed domain moves Na, the domain manager 140 discards the current domain 100 (step: S6).

Next, the domain manager 140 records a service suspension history for the current user (step S7). In addition, the wholesaler manager 140 may report the information about the destruction of the domain 100 to the service provider, and the service provider or the domain manager 140 may transmit a warning message to the user. The service provider or domain manager 140 may also encourage the user to purchase new domain login information through the consumer payment system.

Meanwhile, the accumulated number of domain movements may be reset every specific period according to the service provider's policy. For example, the number of domain moves can be reset once a year.

Second Embodiment

FIG. 5 is a flowchart illustrating a flow of a domain management method according to a second exemplary embodiment of the present invention, and illustrates a procedure of checking the formation location of the domain 100 to restrict the domain 100.

To this end, the domain manager 140 stores the allowable number Ma of domain locations corresponding to the login information. This domain location allowable number Ma may vary depending on the cost paid by the user, the maximum of which may be set policy by the service provider. The domain location allowable number Ma may be set to, for example, five or eight. In addition, domain manager 140 stores and manages current and past locations of domain 100.

Referring to FIG. 5, first, the domain manager 140 examines the current location of the domain 100 (step S10), and determines whether the location of the domain 100 has moved (step S11). That is, the movement is determined by comparing the current domain 100 position with the domain position at the time of the previous inspection. This determination may be performed every predetermined period, may be performed whenever a new domain 100 is formed, or may be arbitrarily performed by monitoring of a service provider.

In determining the location of the domain 100, as mentioned above, a representative device in the domain 100 may or may not be involved. In addition, the location determination of the domain 100 may use an IP address, an IP subnet address, MAC information of a representative device, GPS, mobile communication information, and the like.

If the domain 100 is not moved as a result of determining whether the domain 100 is moved, the domain manager 140 maintains the current domain 100 (step: S18). On the other hand, if the domain 100 is moved as a result of determining whether the location of the domain 100 is moved, the domain manager 140 compares the current domain 100 location with the (stored) past domain location and compares the current domain 100 with the current domain 100. It is determined whether this generated position is a new position (step S12).

As a result of the determination, if the current domain 100 location is not the new location, the domain manager 140 maintains the current domain 100 (step S18). On the other hand, if the current domain 100 location is a new location, the domain manager 140 stores the current domain 100 location (step: S13).

Subsequently, the domain manager 140 obtains the number M of the total domain formation positions including the position of the current domain 100 (step S14), and compares it with the preset number of allowed domain positions Ma (step S14). : S15). As a result of the comparison, when the number M of total domain formation positions is equal to or smaller than the allowed number of domain positions Ma, the domain manager 140 maintains the current domain (step S18). On the other hand, if the comparison result (M) of the total total domain formation location (M) is larger than the domain location allowed number (Ma), the domain manager 140 discards the current domain (100) (step: S16).

Next, the domain manager 140 records the service suspension history for the current user (step S17). In addition, the domain manager 140 may report the information about the destruction of the domain 100 to the service provider, and the service provider or the domain manager 140 may transmit a warning message to the user. The service provider or domain manager 140 may also encourage the user to purchase new domain login information through the consumer payment system.

As described above, in the second embodiment, the domain manager 140 restricts the formation of the domain 100 according to the formation position of the domain 100. For example, if a service provider allows a total of four domain-forming locations, the domain manager automatically remembers the location of the domain from the beginning to four, and then the domains formed after that are outside the four allowed locations. To judge the will. At this time, if the domain is formed only in the memorized location, even if the domain moves frequently, no restriction is imposed. However, if the domain is moved to the place other than the four stored locations, the domain manager restricts the domain formation.

On the other hand, if the scope of the user's behavior is completely changed, for example, if the user moves, a new domain is formed based on the moved position other than the domain formation position that the first domain administrator remembered when the domain mismatch occurred. You need to save the location. In this case, the domain formation position information may be reset and newly reset by a special request of the user.

In addition, the resetting of the domain formation location information may be performed by a policy of the service user, in which case the number of times may be limited. For example, resetting of the domain formation position information may be limited to once or twice a year or the like. On the other hand, the change of the domain formation location information can be defined through service subscription information and service login information in addition to the change of the IP address.

Although the present invention has been described above with reference to its preferred embodiments, those skilled in the art will variously modify the present invention without departing from the spirit and scope of the invention as set forth in the claims below. And can be practiced with modification. Accordingly, modifications to future embodiments of the present invention will not depart from the technology of the present invention.

As described above, according to the present invention, by managing the current and past location information of the domain using the domain manager, it is possible to limit the formation of the domain according to the number of domain formation or the domain formation position. Therefore, it is possible to prevent the use of illegal contents that can be executed through the theft of login information, and ultimately, it is possible to improve the reliability in terms of security of the DRM interoperable system.

Claims (18)

In the method of managing the domain to which the DRM interoperable system is applied, Storing, by a domain administrator in charge of the domain, predetermined limitation criteria according to the movement of the location of the domain; And And maintaining or discarding the moved domain according to the stored restriction criteria when the location movement of the domain occurs. The method of claim 1, wherein the domain manager stores and manages a current location and a past location of the domain. The method of claim 1, wherein the limiting criteria is a number of domain movement allowances, which is information for limiting the number of movements of the domain. The method of claim 2, wherein the processing step, Determining, by the domain manager, a movement of a domain by comparing a current location with a previous location of the domain; And And determining that the domain has been moved, by comparing the total number of domain movements up to now with the number of permitted movements of the stored domains, and maintaining or destroying the domains. The method of claim 4, wherein the movement detection of the domain comprises: Receiving current location information from a specific device in the domain; And And comparing the provided current location information with previously stored location information to determine whether to move. The method of claim 4, wherein the comparing and processing step, Obtaining the total number of domain movements up to the present time using the total number of domain movements accumulated up to now; Comparing the obtained total number of domain moves with the number of domain moves allowed; And Maintaining the currently formed domain if the total number of domain moves is equal to or less than the number of allowed domain moves, and discarding the currently formed domain if the total number of domain moves is greater than the allowed number of domain moves. A domain management method, characterized in that. The domain management method according to claim 1, wherein the limiting criterion is information of a domain location allowance, which is information for limiting a moving location of the domain. 8. The method of claim 7, wherein said treating step comprises: Determining, by the domain manager, a movement of a domain by comparing a current location with a previous location of the domain; If it is determined that the domain has moved, determining whether the current domain location is a new location; If the current domain location is a new location, storing the current domain location; And And comparing the total number of domain forming positions to date with the allowable number of stored domain positions so as to maintain or destroy the domain. The method of claim 8, wherein the detecting of the movement of the domain comprises: Receiving current location information from a specific device in the domain; And And comparing the provided current location information with previously stored location information to determine whether to move. The method of claim 8, wherein the comparing and processing step, Comparing the total number of domain formation positions to date with the number of allowed domain positions; And Maintaining the currently formed domain if the total domain formation location number is less than or equal to the domain location allowance number; and discarding the currently formed domain if the total domain formation location number is greater than the domain location allowance number. Domain management method comprising a. The domain management method according to claim 1, further comprising recording a service suspension history for the current user when the domain is destroyed as a result of the processing. The method of claim 1, wherein the limiting criterion is variable according to a cost paid by a user, and a maximum of the limiting criterion is set by a policy of a service provider. In the system to form a domain at a predetermined position, and provide a DRM interoperable service in the domain, At least one device included in the domain to use content; And And a domain manager that manages the domain, stores the restriction criteria according to the movement of the location of the domain, and maintains or destroys the moved domain according to the stored restriction criteria when the location of the domain is moved. System. The system of claim 13, wherein the domain manager receives current location information from at least one of the device and at least one representative device selected from the devices. The system of claim 14, wherein the current location information is detected using any one of an IP address, an IP subnet address, a MAC address, GPS information, and mobile communication location information of the device or the representative device. The system of claim 13, wherein the domain manager stores and manages current and past location information of the domain, and compares the current location with the previous location of the domain to determine the location movement of the domain. . The system of claim 13, wherein the domain manager discards the domain when the location of the domain is moved and compares the movement information of the domain with the limiting criteria and violates the limiting criteria. The method of claim 13, wherein the limiting criterion is at least one of the number of domain movement allowances, which is information for limiting the number of movement of the domain, and the number of domain position allowances, which is information for limiting the formation position of the domain. System.

Images