KR20080024958A - Method for managing service token and method for processing secure time - Google Patents

Abstract

A method of managing a service token and a method of processing a secure time are provided to manage service information required for a domain service efficiently and improve the reliability of services related to time limit. A method of managing a service token including unit information using a DRM(Digital Rights Management) domain system defines the service token such that the service token corresponds to an information matrix. The unit information corresponds to a cell of an information matrix according to a predetermined cell information input path sequence. The service token corresponding to the information matrix is compressed through a designated compression method and managed.

Description

{Method for Managing Service Token and Method for Processing Secure Time}

1 is a block diagram showing the configuration of a DRM domain system.

2 exemplarily shows a structure of an information matrix defined for representing a service mark.

3 is an exemplary diagram for describing an example in which an information matrix of a service mark is actually expressed through a compression expression method.

FIG. 4 is an exemplary diagram for describing an example in which an information matrix of a size mark including content identifier information is expressed through a compression expression method.

5 is an exemplary diagram illustrating an example of expressing a size mark that defines a valid period of a specific content in an information matrix.

6 is an exemplary diagram illustrating an example of a definition of a specific service area in an information matrix.

7 is a block diagram illustrating a configuration of a DRM domain system capable of guaranteeing secure time.

8 is a block diagram illustrating a detailed configuration of the secure time processing module shown in FIG. 7.

9 is a flowchart illustrating a secure time processing process using the secure time processing module.

<Description of the symbols for the main parts of the drawings>

10: client

12: client device

30: domain manager

40: license manager

70: trust manager

100: secure time processing module

The present invention relates to a method for managing service tokens and a method for processing secure time, and more particularly, a method for efficiently managing a service token including service information in a DRM domain service. And it relates to a processing method that can increase the reliability of the time-limited service.

Recently, as the digitization of information is accelerated, the copyright problem of digital content is emerging. Unlike analog content, digital content can be easily copied without illegal information, and thus is easily exposed to illegal copying and illegal use. Therefore, for the service of digital content, a technology capable of stably protecting digital content from illegal copying and use must be supported.

Digital Rights Management (DRM) is a comprehensive digital content protection technology that prevents illegal copying and use of digital content and ensures that only authorized users can use the digital content. This DRM provides a comprehensive framework for the distribution of digital content. For example, DRM uses encryption technology to convert digital content into encrypted data in the form of packages, and the content cannot be used without legitimate authentication.

Such DRM has been linked with various content service models and has become the foundation of stable and legal content service. In fact, current content service providers adopt their own DRM to protect the content they serve. For example, a music service that provides sound sources online provides sound sources encrypted with a specific encryption pattern to prevent illegal duplication. Such sound sources can be played only by applications provided by the service provider. have. Therefore, the user may purchase a sound source from a specific service provider and then play the sound source using a device on which an application provided from the service provider is installed, such as a PC or a mobile phone, such as an MP3 player.

However, since the DRM has a very closed technical or policy characteristic, the DRM is generally not compatible with each other. For this reason, the DRM content service is far superior to the general content service in terms of stability and legitimacy, but has a very limited problem for the user consuming the content. This problem acts as a factor that hinders the flexibility of the digital content distribution structure, and as a result, it is preventing the activation of the content market.

Accordingly, recently, a DRM system that allows devices within the same DRM framework to freely share and use content, or a DRM interoperable system that provides an interoperable framework for interoperability between different closed DRMs is proposed. It is becoming.

These systems commonly introduce the concept of Domain as the basic unit of the DRM Trusted Framework. A domain may mean a collection of authorized devices or software systems. Through a set of legitimate procedures, domain-certified devices or software systems (hereinafter referred to as devices) can share and use freely the same DRM or different DRM-applied content.

Hereinafter, a DRM system or a DRM interoperable system constituting such a domain will be collectively referred to as a DRM domain system. The DRM domain system can be configured by defining the functions of each entity based on the physical interworking environment of the entities constituting the domain and properly linking the entities.

An important key to effective operation of such DRM domain system is to maintain strict security through reliable service management and to be able to perform efficient management of information. To this end, a secure time management system capable of systematically managing secure time applied to a service of a DRM domain system and a method for efficiently managing and operating service related information are required.

SUMMARY OF THE INVENTION The present invention has been made in this background, and an object of the present invention is to provide a method for managing a service mark that can more efficiently manage DRM service information using a DRM domain system.

Another object of the present invention is to provide a secure time processing method capable of processing secure time capable of guaranteeing reliability of a time-related service in a DRM domain system.

In order to achieve this object, the present invention provides a service mark management method in one aspect. In the method of managing a service mark, a method of managing a service mark including a plurality of unit information by using a DRM domain system, the service mark is defined corresponding to an information matrix, wherein the unit information is defined in a cell of the information matrix. Respectively correspond in order of a predefined cell information input path; The service mark corresponding to the information matrix is compressed and managed through a designated compression expression method.

In this case, the information matrix has a rectangular shape and may have a size of n x n (n is an integer greater than 1). The cell information input path may mean a path for mapping the plurality of pieces of unit information to cells of the information matrix in a zigzag order from cells of one row and one column of the information matrix.

The designated compression expression method is a method of sequentially expressing unit cell information including position information of the cell and unit information input to the cell in order of the cell information input path. In the compressed representation, unit cell information of a cell without unit information is omitted and only unit information of a cell in which unit information exists is represented. In this case, the unit cell information of the last cell in the cell information input path may be expressed last.

In addition, the position information of the cell may be cell interval information of a previous cell having the unit information on the cell information input path. In this case, in the designated compression expression method, the size of the information matrix may be calculated by adding 1 to the sum of the position information of the cells.

On the other hand, the present invention provides a secure time processing method in order to achieve the other object described above. The secure time processing method may include: determining whether there is a trust model credential provided from a trust manager on the client device when the client device is requested to process the secure time for a specific service related to a time limit; And if the trust model credential exists in the client device as a result of the determination, validating the client device and the secure time based on the trust model credential.

The secure time processing method may further include verifying the validity of the client device and the secure time by accessing the trust manager when the trust model credentials do not exist in the client device as a result of the determination.

In addition, the secure time processing method may further include applying the secure time validated by analyzing the authority related to the time limit of the specific service. The secure time processing method may further include performing at least one of a secure time setting and a secure time change by using the trust model credentials when the trust model credentials exist in the client device.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art may easily implement the present invention. In the preferred embodiment of the present invention described below, specific technical terms are used for clarity of content. The invention, however, is not limited to the particular term selected, and it is to be understood that each specific term includes all technical synonyms that operate in a similar manner to achieve a similar purpose.

FIG. 1 is a block diagram illustrating a configuration of a DRM domain system, and exemplarily illustrates a domain, basic entities for configuring the domain, and an association relationship between the entities.

First, the DRM domain system illustrated in FIG. 1 may be either a DRM system or a DRM interoperable system.

As shown in FIG. 1, the DRM domain system includes entities such as client 10, domain manager 30, license manager 40, and the like. In this case, the entity may mean a network node, for example, a device or a software system that performs a specific function. Each object can be organically linked with other objects through a specific interface.

This DRM domain system forms the domain 1 as a basic unit of the DRM trust system. The domain 1 is a set of devices or software systems (hereinafter, referred to as "devices or software systems" as "devices") authorized to use a service, and may mean, for example, a set of client devices 12. .

The domain 1 may be configured in consideration of the physical location of the client device 12 or may be configured only with logically authenticated clients without considering the physical location of the client device 12. For example, if the domain is configured in consideration of the physical location of the client device 12, the domain may be configured only with authenticated client devices 12 existing within a specific local area that meets the network and security criteria. . On the other hand, when the domain is configured without considering the physical location of the client device 12, the domain may be configured with clients that have undergone proper authentication regardless of where the client device 12 exists.

In the first embodiment, it is assumed that a domain in which the two concepts of domains are mixed is configured. That is, the domain is configured with the client devices 12 authenticated in a specific local area, but the client device 12 connected through the wide area network outside the local area can also authenticate to the domain. Here, the client devices 12 in the local area may interwork through a wired or wireless local network such as universal serial bus (USB), power line communication (PLC), Bluetooth, and the like, and the local network may be a wide area such as the Internet. It can also work with networks.

This client device 12 is provided with a client 10. In other words, the client device 12 may refer to a device or a software system provided with the client 10. The client 10 is an entity that performs various functions so that a user can receive a content service through a DRM domain system. The client 10 may perform a function of requesting authentication to a domain, a function of using (playing) content, a request of transmitting content or a license to a specific destination, a user interface function, and the like. That is, the client 10 may be an entity that is an end point of consumption of content.

The client 10 may authenticate the domain 1 by requesting the domain manager 30 for authentication. The client device 12 including the authenticated client 10 may be provided with a service provided by the DRM domain system. For example, when the DRM domain system is a DRM system, the DRM content to which the same DRM is applied may be shared among client devices 12 belonging to the domain. In addition, when the DRM domain system is a DRM interoperable system, the same DRM content as well as different DRM content may be shared among client devices 12 belonging to the domain.

The domain manager 30 is an entity that performs a function of creating and managing the domain 1. The domain manager 30 may be configured to create a domain 1, destroy a domain 1, associating clients 10 with the domain 1, Removing Clients from a Domain, Registering Domain Reference Points, and the like may be performed.

The license manager 40 is an entity that performs a function of managing license information of a user. For example, the license manager 40 may provide a login function for a user and perform a function of a typical online service manager that stores and manages license information of the user. The license manager 40 is responsible for creating user names, deleting user names, associating license names with user names, creating license information, and licensing. Deleting License Information can be performed.

The domain manager 30 and the license manager 40 are preferably provided on the server side of the service provider. That is, it is provided in the wide area network stage. However, this is not a limitation and the domain manager 30 or the license manager 40 may be provided in a specific device in the local area. In this case, the domain manager or the license manager can connect to the client through the local network without going through the external wide area network.

In addition to the objects described above, the DRM domain system, although not shown, is a reference point controller, a content mediator, a content exporter, a content transformer, a content importer. (Content Importer), a license mediator (License Mediator) and the like may further include a variety of entities that perform a particular unique function, but these are not directly related to the subject matter of the present invention will not be described in detail.

Such a DRM domain system provides a user with a service that can share and use contents of a specific DRM among client devices 12 in a domain, or interoperate with a plurality of DRM systems to distribute content of heterogeneous DRMs to a client device 12 in a domain. It is possible to provide users with DRM interoperable services that can be shared and used between users.

Meanwhile, the DRM domain system manages service tokens. The service mark may mean information that defines a service right of whether a specific subject can be provided in a domain. These service marks may be defined in units of users, in units of client devices, in units of user-client devices, or in units of content.

For example, the service mark of each user may include authority information of a service that a specific user can receive in the domain. The service mark of each client device may include information defining the authority of a service that can be provided by a specific client device in a domain. In addition, the service information of the content unit may include information defining a right for any subject to receive specific content in a domain. That is, the service mark may refer to information such as rights token in the DRM interoperable system. The user, device, content, etc. are distinguished through a unique identifier.

There may be various types of service rights included in service marks for the user, client device, content, and the like. For example, the service right may include a copy right, a play right, a render right, a move right, a subscribe right, and a record right. In addition, such service rights may be limited by various restriction information such as time limit, service number limit, and validity period.

The management entity that creates, stores and manages these service marks can be either a domain manager or a license manager.

2 exemplarily shows a structure of an information matrix defined for representing a service mark.

As shown in FIG. 2, the service mark may be defined as an information matrix of n × n (n is an integer greater than 1). In the example illustrated in FIG. 2, the case where n is 8 is shown. An information matrix having n is 8 may have n x n, that is, 64 cells. Each cell corresponds to each unit information of the service mark. In this case, the order in which the unit information corresponds to the cell of the information matrix is the same as the cell information input path “a”. That is, the unit information corresponds to the zigzag path order from the cells in the 1st row 1 column to the 8th 8th column. In the figure of FIG. 2, the corresponding order of the unit information is indicated numerically in each cell of the information matrix.

Each unit information corresponding to a cell includes various information such as a content identifier, an expiration time, a service type, and the like. In practice, however, when the service mark is defined as such an information matrix, there are many cases where there are more cells without data than cells with data. Therefore, in order to reduce the data amount of the service mark, the data amount can be reduced by simply compressing and managing the service mark in the form of information matrix using a specific compression expression method.

In the compressed representation, unit cell information including position information of a cell and unit information input to a cell in the information matrix is sequentially expressed in the order of the cell information input path, but unit cell information of a cell without unit information Omits the unit cell information of the last cell, and represents only the unit cell information of the cell in which the unit information exists. In this case, the location information of the cell may mean cell interval information of a previous neighboring cell having unit information on a cell information input path.

This compression expression is expressed in Equation 1 for easy understanding.

Compressed Representation of Information Matrix = (A0, B0), (A1, B1), (A2, B2), ..., (A [n-1], B [n-1])

At this time, (A0, B0), (A1, B1), (A2, B2), ..., (A [n-1], B [n-1]) mean unit cell information, respectively. Ai (i = 0, 1, ..., n-1) of each unit cell information means cell position information. In addition, Bi (i = 0, 1, ..., n-1) means unit information input to the cell.

Here, if Bi has no information (for example, "0"), the unit cell information is not represented. In this case, the last cell represents unit cell information even if Bi is "0" for calculating the size of the information matrix. To calculate the size of the information matrix, it is possible to detect by adding 1 to the sum of all the position information of the cells of the expressed unit cell information.

3 is an exemplary diagram for describing an example in which an information matrix of a service mark is actually expressed through a compression expression method.

As shown in FIG. 3, in the information matrix defining the service mark, only 7 cells have unit information and the rest does not have unit information. Therefore, when the information matrix is expressed in the compression notation, the first cell (0, 14), the next cell (1, 2), the next cell (1, 3), and the next cell (1, 1) on the cell information input path "a" -2), cell ins 10, -1, etc., which are separated by 10 cells on the cell information input error "a", are sequentially expressed.

This is expressed as equation (2).

Compressed Representation of Information Matrix = (0, 14), (1, 2), (1, 3), (1, -2), (10, -1), (3, -2), (28, 1) , (19,0)

At this time, the last (19, 0) was put in the result value to calculate the size of the matrix. It can be seen that the size of the information matrix is an 8 × 8 sized information matrix having 64 cells, which is a sum of Ai (63 + 0 + 1 + 1 + 1 + 10 + 3 + 28 + 19) plus 64 cells.

As described above, the size mark is defined as an information matrix, and the amount of data of the service mark can be greatly reduced by compressing the size mark through the compressed representation.

4 is an exemplary diagram for describing an example in which an information matrix of a size mark including information of a content identifier (ID) is expressed through a compression expression method.

Referring to FIG. 4, the content identifier is generally made up of an integer having a large size. This content identifier may be defined by any rule or given a random number. As such, a large amount of information, such as a content identifier, can be distributed in a certain area of the information matrix.

When the content identifier illustrated in FIG. 4 is expressed in a compression notation, "(0, Contents ID0), (1, Contents ID1), (0, Contents ID2), (1, Contents ID3), (0, Contents ID4), (1, Contents ID5) ". In this expression, it can be seen that a content identifier having a large data amount is divided into six cells and correspondingly represented by six cell unit information.

 5 is an exemplary diagram illustrating an example of expressing a size mark that defines a valid period of a specific content in an information matrix.

Referring to FIG. 5, an identifier 'Content ID' of a specific content, a year 'Time (yr)' of an expiration time, a date 'Time (Date)', a time 'Time (hr)' minute 'Time (min)' It can be seen that the seconds 'Time (sec)' are sequentially input along the cell information input path. Expressed in compressed notation: "(0, Content ID), (1, Time (yr)), (1, Time (date)), (1, Time (hr)), (1, Time (min)) , (1, Time (sec)) ".

6 is an exemplary diagram illustrating an example of a definition of a specific service area in an information matrix.

As shown in FIG. 6, the third column of the information matrix defines the copy right of the content, and the second row defines the number of executions. Accordingly, cell b7 may correspond to unit information that defines the number of copies of content.

In the above, an example of managing a service mark through an information matrix has been described. A management entity such as a domain manager or a license manager manages a service mark in the concept of an information matrix, but can increase resource efficiency by using information expressed in a compressed expression method when storing and managing data.

Meanwhile, the DRM-applied content records time information for usage restriction, that is, an expiration date (start time, expiration time, and time can be described as “year / month / day / hour / minute / second”). In addition, the multimedia player (ie, the client device) to which the DRM is applied may limit the use of the content by checking the validity period of the content at the current time.

In particular, in the method of limiting the use of content by time information, the accuracy and reliability of the current time, which is a standard for checking the validity period of the content, must be guaranteed. Here, the accuracy means that the current time which is elapsed according to the device clock in the multimedia player matches with the actual current time without error, and the reliability means that the current time in the multimedia player is not arbitrarily manipulated and changed by the user. It can mean that it can only be changed by a person who has been properly authorized.

Accordingly, the client device that plays the content in the DRM domain system should guarantee the secure time to reliably process the content having the time limit such as the validity period. In this case, the secure time is a current time of which accuracy and reliability are guaranteed, and means a time that is a standard for checking the validity period of the service. This secure time cannot be arbitrarily manipulated by the user, and provides a current accurate time.

7 is a block diagram illustrating a configuration of a DRM domain system capable of guaranteeing secure time.

As shown in FIG. 7, the DRM domain system includes a domain manager 30, a license manager 40, a client 10, and a trust manager 70. Here, the domain manager 30, the license manager 40, and the client 10 have been described above.

The trust manager 70 generates and manages secure time that is guaranteed to be accurate and reliable. The trust manager 70 may provide secure time and related information to the client device 12 and manage it. The trust manager 70 may be configured as a server on the service provider side or may be provided in the form of a module in the client device 12. In the present embodiment, as shown in FIG. 7, a case in which the trust manager 70 is configured as a separate server will be described. However, this is not a limitation.

The trust manager 70 supports a unique trust model for authenticating and managing secure time. The trust model is defined and managed by the trust manager 70. The client device 12 may authenticate with the trust manager 70 and receive and store a trust model credential. The client device 12 that stores the trust model credentials may be considered to be a valid device capable of supporting that trust model. One client device 12 may support one trust model, but may also support multiple trust models when interworking with multiple trust managers.

The client device 12 receiving the domain service should be guaranteed a reliable service for the use of the service or the content with the time constraint or the expiration date. To this end, the client device 12 is provided with a secure time processing module 100.

8 is a block diagram showing a detailed configuration of the secure time processing module 100 shown in FIG.

As shown in FIG. 8, the secure time processing module 100 includes a trust manager interworking unit 120, an authority analyzing unit 130, and a secure time processing unit 110. In this case, the trust manager interworking unit 120 and the authority analyzer 130 may interwork with the trust manager 70 and the domain manager 30 as necessary.

The trust manager interworking unit 120 interlocks the secure time processing unit 110 and the trust manager 70. For example, the trust manager interworking unit 120 may provide various request signals transmitted from the secure time processing unit 110 to the trust manager 70, and control related to the time of the control transmitted from the trust manager 70. The signal and the information signal may be transmitted to the secure time processor 110. On the other hand, when the trust manager 70 is configured in the client device 12 in the form of a module, the secure time processor 110 and the trust manager 70 may directly interwork.

In addition, the trust manager interworking unit 120 may receive and store the trust model credentials provided through authentication from the trust manager 70. This trust model credential may act as a bridge between the client device 12 and the trust manager 70. Trust model credentials will be described in more detail later.

At the request of the secure time processor 110, the authority analyzer 130 analyzes a time-related authority for using a specific service and provides the analysis result to the secure time processor 110. On the other hand, in the case of a service having a time limit, the domain manager 30 manages the authority information related to the time limit. In this case, the authority analyzer 130 requests the domain manager 30 to determine the time limit. Once you have the information, you can use that information to perform an authorization analysis.

The secure time processor 110 may perform various functions for processing secure time. For example, the secure time processing unit 110 receives a secure time processing request for a service having a time limit from the service entity 14 in the client device 12, performs the requested secure time processing, and then sends a response information. The function of outputting to the service object 14 can be performed. In addition, a request may be made to the trust manager 70, and the presence or absence of a trust model credential may be used to verify the validity of the client device 12.

The service entity 14 may be an entity that plays content or performs a service according to an allowed authority, for example, a client having a content playback function, a video player, a sound player, and the like. In addition, the specific service means a service having a time limit. For example, such a service may include various services such as a service capable of freely playing content only up to a specific time, a service capable of copying content only up to a specific time, and a service capable of freely sharing a plurality of contents up to a specific time.

Looking at the detailed configuration of the secure time processing unit 110, the secure time processing unit 110 is a controller (112), a secure time analyzer (114), a time setter (116), time A time changer 118 or the like.

The controller 112 may perform a function of controlling the entire process of the secure time. For example, the controller 112 receives the secure time processing request from the service entity 14 of the client device 12, controls the secure time analyzer to receive the secure time, and applies the provided secure time to the service entity 14. 14).

The secure time analyzer 114 verifies the validity of the client device 12 under the control of the controller 112, confirms how the secure time is currently set in the client device 12, and validates the confirmed secure time. After verifying whether or not to provide a function such as the control unit 114.

A domain service may not have only one service, or only one trust model supporting a service may not exist. Therefore, since the client device 12 can support not only one trust model but also multiple trust models, the secure time analyzer 114 can not only provide a service when analyzing secure time, but also the secure time in which trust model. Analyze if it is supported. That is, the secure time analyzer 114 may also analyze the type and setting of the trust model.

The time setter 116 initially sets the secure time according to the time information appropriate for the region when the client device 12 uses the region. The time changer 118 operates when a change in the secure time is needed. This time changer 118 may operate in a number of cases. In this case, for example, when an error of the secure time occurs, when the client device 12 moves to a time difference region, or when the service provider is changed.

The secure time setting, secure time conversion, secure time processing, and the like may be requested from a particular service entity 14 of the client device 12. In addition, for secure time setting, secure time processing, and the like, the client device 12 must have a trust model credential for guaranteeing secure time.

9 is a flowchart illustrating a secure time processing process using the secure time processing module 100.

Referring to FIG. 9, when a service having a time limit is requested (step: S1), and a process for secure time is requested (step: S2), the secure time processing module 100 may transmit a trust model to the client device 12. Check if the credentials exist (step: S3).

The trust model credential is issued and stored after the client device 12 has been properly authenticated by the trust manager, and can verify the validity of the client device 12 and the secure time existing in the client device 12. Information.

Such trust model credentials may include device model information, device origin information, device version information, trust model platform information, etc. of the client device 12, and if the trust model credentials are present in the client device 12, a separate network connection Secure time can be guaranteed without (eg, connecting with a trust manager). In this case, the trust model platform must be implemented in the client device 12. The trust model platform may mean a platform approved according to a trust model supported by the trust manager 70. Trust model platforms can exist in many forms. For example, it may be implemented as a general process and storage device, or may be stored in the form of registers in the CPU. The secure time function can be driven in association with a software application program whose information is higher. In this case, the trust model platform may store various recognition information about the trust model, for example, a version name, a server name, an update history, and the like.

If the client device 12 does not have a trust model credential, the secure time processing module 100 accesses the trust manager 70 (step S4) and verifies that the device is a valid device (step S5). Here, the valid device refers to a device to which a trust model supported by the trust manager 70 is applied. If the client device 12 is verified to be a valid device, the secure time processing module 100 may be provided with secure time from the trust manager 70 (step: S6). Thereafter, the authority analysis of the requested service is performed (step: S11), the secure time is applied (step: S12), and the result information is output in response to the first request (step: S13). In this case, since there is no trust model credential in the client device 12, the secure time setting, the secure time change, and the like may be difficult to perform without being connected to the trust manager 70.

On the other hand, if there is a trust model credential in the client device 12, the secure time processing module 100 checks the secure time currently executed (step: S7), checks its validity (step: S8), and It is determined whether the secure time is present in the client device 12 (step: S9), and if it is present in the client device 12, the validity of the device is determined (step: S10). These processes can be based on trust model credentials. Thereafter, the authority analysis of the requested service is performed (step: S11), the secure time is applied (step: S12), and the result information is output in response to the first request (step: S13).

Although the present invention has been described above with reference to its preferred embodiments, those skilled in the art will variously modify the present invention without departing from the spirit and scope of the invention as set forth in the claims below. And can be practiced with modification. Accordingly, modifications to future embodiments of the present invention will not depart from the technology of the present invention.

As described above, according to the present invention, necessary service information in the domain service can be managed simply and efficiently. In addition, by providing a structure and a procedure for processing secure time in the DRM domain system, it is possible to improve the reliability of the time-related services.

Claims (12)

A method of managing a service mark including a plurality of unit information by using a DRM domain system, The service mark is defined in correspondence with an information matrix, and the unit information corresponds to cells of the information matrix in the order of a predefined cell information input path. And the service mark corresponding to the information matrix is compressed and managed through a designated compression expression method. 2. The method of claim 1, wherein the information matrix has a size of n x n (n is an integer greater than 1). The method of claim 1, wherein the cell information input path corresponds to a path that maps the plurality of pieces of unit information to cells of the information matrix in a zigzag order from cells of one row and one column of the information matrix. . The service mark of claim 1, wherein the designated compression expression method sequentially expresses unit cell information including position information of the cell and unit information input to the cell, in order of the cell information input path. How to manage. The method of claim 4, wherein the designated compression expression method omits unit cell information of a cell without the unit information and expresses only unit information of a cell in which the unit information exists. 6. The method of claim 5, wherein the designated compression representation method represents unit cell information of a last cell in the cell information input path at the end. 6. The method of claim 5, wherein the location information of the cell is cell spacing information from a previous cell including the unit information on the cell information input path. 8. The method according to claim 7, wherein the size of the information matrix in the designated compression representation can be calculated by adding 1 to the sum of the position information of the cells. Determining whether a trust model credential provided from a trust manager exists in the client device when the client device is requested to process secure time for a specific service related to a time limit; And And if the trust model credential exists in the client device, verifying the validity of the client device and the secure time based on the trust model credential. 10. The method of claim 9, further comprising the step of verifying the validity of the client device and the secure time by accessing the trust manager if the trust model credentials do not exist in the client device. How to deal with time. 10. The method of claim 9, further comprising applying a secure time in which the validity is verified by performing an authority analysis related to a time limit of the specific service. The secure time of claim 9, further comprising: performing at least one of secure time setting and secure time change using the trust model credential if the trust model credential exists in the client device. Treatment method.

Images