KR20100023624A - Drm contents service system and drm contents service method - Google Patents

Abstract

PURPOSE: A DRM(Digital Rights Management) content service system and a DRM content service method are provided to strongly and effectively encode and service contents. CONSTITUTION: A broadcasting providing server(20) transmits DRM contents and an ECM(Entitlement Control Message) scrambled in a CAS(Conditional Access System). A client device(100) downloads the scrambled DRM contents and ECM transmitted from the broadcasting providing server. The client device descrambled and stores the scrambled DRM contents using a CW(Control Word) within the ECM. The client device generates a DRM encoding key based on characteristic information in the ECM. The client device stores the DRM encoding key in a security area.

Description

DRM content providing system and DRM content providing method {DRM CONTENTS SERVICE SYSTEM AND DRM CONTENTS SERVICE METHOD}

The present invention relates to a system for providing a DRM content and a method for providing a DRM content. More particularly, the present invention provides an encrypted content applied by integrating a CAS technology based on a broadcasting technology and a DRM technology based on a communication technology to a client device. The present invention relates to a DRM content providing system and a method for providing a DRM content, and a client device and a method for controlling the client device, which can further extend a copyright protection function of the content.

With the development of wired and wireless content services, DRM (Digital Rights Management) technology is widely used to protect copyright in the distribution of contents.

In general, DRM technology provides a terminal device with an encrypted content (DRM Contents Format) and a right to use the content (Rights Object). The RO includes rights / restriction information consisting of meta information such as a Contents Encryption Key (CEK) used for encrypting content, the number of times of content playback, and the content ID. In particular, it is important information that CEK and rights / restriction information corresponding to different secret values for each content are protected from being added / deleted / modified by any unauthorized user or terminal device. Therefore, the CEK encrypts and transmits the information so that only a legitimate user or terminal can know it.

On the other hand, the CAS (Conditional Access System) technology generally used for the protection of broadcast contents in a broadcast system, can only be viewed or listened to by scrambling and transmitting the broadcast content, and de-scrambles it only in a terminal device having the right to receive the broadcast content. have. However, in case of storing / recording the broadcast content viewed or listened to by the legitimate terminal device, it is difficult to properly protect the copyright of the broadcast content.

For example, if a terminal device having a legitimate right de-scrambles and stores / records the broadcast content, the terminal device may re-watch the broadcast content at any time without a limited viewing period so that the copyright of the broadcast content is properly protected. It can not be said. In addition, since the other terminal device can copy and view the broadcast content stored / recorded in the terminal device having the right, the copyright of the broadcast content cannot be properly protected.

Accordingly, by integrating CAS technology based on broadcasting technology and DRM technology based on communication technology, the contents (including broadcasting contents) can be encrypted and provided more powerfully, thereby extending the copyright protection function of the contents. System is required.

The present invention was created in view of the above circumstances, and an object of the present invention is to generate a DRM encryption key based on characteristic information corresponding to predetermined content provided from the outside, and to generate the DRM encryption key using the DRM encryption key. A CAS server for packaging content in a DRM content format (DCF), a DRM packager, a scrambling of the DCF packaged DRM content, and an ECM corresponding to the DCF packaged DRM content, including the characteristic information corresponding to the content. And a broadcast providing server that broadcasts the DRM content and the ECM scrambled in the CAS, the scrambled DRM content and the ECM broadcasted from the broadcast providing server, and downloads a control word (CW) in the ECM. Descrambles and stores the scrambled DRM content using Provides a DRM content providing system including a client device for generating a DRM encryption key based on the DRM encryption key and storing the DRM encryption key in a secure area, and a method for providing the DRM content according thereto, and integrates CAS technology and DRM technology to copyright the content. It is to extend the protection function.

The present invention was created in view of the above circumstances, and another object to be achieved in the present invention is to generate a DRM encryption key based on characteristic information corresponding to predetermined broadcast content provided from the outside, and then to set an external predetermined RIs issuer. A cryptographic key generation device provided to the server, a CAS server scrambled the broadcast content, and a CAS server for generating an ECM corresponding to the broadcast content by including characteristic information corresponding to the broadcast content, and the scrambled at the CAS server. A broadcast providing server for broadcasting the broadcast content and the ECM, the scrambled broadcast content and the ECM broadcasted from the broadcast providing server, and receiving the scrambled broadcast content using a control word (CW) in the ECM. Describing a DRM and generating a DRM encryption key based on the characteristic information in the ECM And a client device for packaging the descrambled broadcast content into a DRM content format (DCF) using the DRM encryption key and storing the same, and storing the DRM encryption key in a secure area. By providing a broadcast content providing method, it integrates CAS technology and DRM technology to extend the copyright protection function of broadcast content.

The present invention was created in view of the above circumstances, and another object of the present invention is to provide a secure memory card including a public domain and a secure domain, and a corresponding DRM content downloaded according to a download request of DRM contents. A PVR manager for providing the secure memory card to store in the public area of the secure memory card, and when a user is requested to download the DRM content provided through a predetermined broadcast channel, the DRM content is downloaded and executed on the DRM content. The downloaded DRM content is descrambled using the control word (CW) included in the corresponding received ECM and provided to the PVR manager, and the DRM password corresponding to the DRM content is based on the characteristic information included in the ECM. A CAS manager for generating a key and the DRM encryption key generated by the CAS manager; Providing a client device including a DRM manager provided to the secure memory card to store in the secure area of the secure memory card and a method of controlling the client device, thereby integrating CAS technology and DRM technology to protect contents copyright. Is to expand more.

The DRM content providing system according to the first aspect of the present invention for achieving the above object, generates a DRM encryption key based on the characteristic information corresponding to the predetermined content provided from the outside, using the DRM encryption key A DRM packager for packaging a DRM content format (DCF); A CAS server that scrambles the DCF packaged DRM content and generates an ECM corresponding to the DCF packaged DRM content by including characteristic information corresponding to the content; A broadcast providing server that broadcasts the DRM content and the ECM scrambled in the CAS; And downloading the scrambled DRM content and the ECM broadcasted from the broadcast providing server, descrambling and storing the scrambled DRM content using a control word (CW) in the ECM, and the characteristic information in the ECM. And a client device for generating a DRM encryption key based on the request, and storing the DRM encryption key in a secure area.

Preferably, the DRM (Digital Rights Management) package, based on the characteristic information corresponding to the predetermined content provided from the outside, the DRM encryption key (CEK: Contents Encryption Key) corresponding to the content and the content ID (CID) Contents ID) may be generated, and meta information included in the CEK, the CID, and the characteristic information may be provided to an external predetermined Rights Issuer (RI) server.

Preferably, the CAS (Conditional Access System) server scrambles the DCF packaged DRM content using a predetermined control word (CW), and corresponds to the control word (CW) and the content in response to the DRM content. Generating the Entitlement Control Message (ECM) including the corresponding characteristic information, encrypting the ECM using a client encryption key corresponding to a client device having a legitimate download authority, and scrambled the DRM content and the encrypted ECM. It may be provided to the broadcast providing server.

Preferably, the client device generates the DRM encryption key (CEK) and the content ID (CID) based on the feature information in the ECM received from the broadcast providing server, and the CEK and the CID and the feature. Rights objects (ROs) including rights / restrictions included in the information may be generated and stored in the security area.

Preferably, the CEK and the CID and the meta information corresponding to the corresponding content are stored for each content, and if the authority information (RO) corresponding to the predetermined content is requested from an external predetermined client device, the meta information of the corresponding content is requested. It may further include a RI (Right Issuer) server for generating the authority information (RO) including the CEK based on the provided to the client device.

Preferably, the characteristic information corresponding to the content includes device / memory binding information indicating whether SEED information, broadcast time information, broadcast channel number information, program ID information, device binding, or memory binding corresponding to the content. It may include at least one of subscription binding information indicating whether or not a subscription, play count information, download availability information.

Preferably, the rights information (RO) generated by the client device and stored in the security area and the rights information (RO) provided from the RI server to the client device, the device / memory binding information and the subscription It may include binding information corresponding to at least one of the binding information.

Preferably, when authority information (RO) corresponding to a predetermined content is requested from an external predetermined client device, the client device is induced to connect to the RI server that provides the authority information (RO), and the client device. The apparatus may further include a PS (Presentation Server) server that provides at least one of the device / memory binding information and the subscription binding information corresponding to the requested content to the client device.

Preferably, the client device generates the authority information RO based on the characteristic information corresponding to the corresponding content, and then the device / memory binding information and the subscription of the authority information RO and the characteristic information. Store the binding information corresponding to at least one of the binding information in the security area, and provide the authority information (RO) provided from the RI server and the PS server in response to requesting authority information (RO) corresponding to a predetermined content. The binding information may be stored in the security area.

Preferably, the client device stores the authority information (RO) in the secure area and informs an external predetermined presentation server (PS) server of completion of storing the authority information (RO) corresponding to the corresponding content. Can be.

A client device according to a second aspect of the present invention for achieving the above object, a secure memory card including a public area and a security area; A PVR manager for providing the DRM contents to the secure memory card to store the downloaded DRM contents in the public area of the secure memory card according to a download request of the DRM contents; When a download of DRM content provided through a predetermined broadcast channel is requested from a user, the DRM content is downloaded and executed using the control word (CW) included in the received ECM corresponding to the DRM content. A CAS manager that descrambles the PVR manager and generates a DRM encryption key corresponding to the DRM content based on the characteristic information included in the ECM; And a DRM manager providing the DRM encryption key generated by the CAS manager to the secure memory card to store the DRM encryption key in the secure area of the secure memory card.

Preferably, the CAS (Conditional Access System) manager decrypts a given Entitlement Control Message (ECM) using its client encryption key to decode the control word (CW) and the characteristic information included in the ECM. If a request is made to generate rights information (RO), a DRM encryption key (CEK: Contents Encryption Key) corresponding to the digital rights management (DRM) content and a content ID (CID: Contents) based on the characteristic information are requested. ID), a smart card for generating rights information (RO) including rights / restriction information included in the CEK and the CID and the characteristic information, and an ECM received corresponding to the DRM content. Provided to the smart card, using the control word (CW) obtained from the smart card to descramble the downloaded DRM content to provide to the PVR manager, It may include a CAS client for requesting the generation of the authority information (RO) corresponding to the DRM content to the smart card by providing the authority information (RO) generated in the smart card to the DRM manager.

Preferably, the CAS client, when the storage of the DRM content downloaded by the PVR (Personal Video Recorder) manager is completed, request the smart card to generate the authority information (RO) corresponding to the DRM content Can be.

Preferably, the PVR manager may provide the secure memory card to reassemble the descrambled DRM content in the form of a packet provided from the CAS manager and store it in the public area of the secure memory card.

Preferably, the CAS client provides the smart card with the device information included when the CAS client requests the generation of the authority information (RO) to the smart card, and the smart card provides the device / memory with the characteristic information. If there is binding information corresponding to at least one of the binding information and the subscription information, the binding information is included in the rights / restriction information in the rights information (RO) when the rights information (RO) is generated, and in the binding information. When device binding information is included as the device / memory binding information, the device binding information based on the device information from the CAS client may be included as the device / memory binding information.

Preferably, the CAS client provides the device information included in the smart card to the smart card when requesting the generation of the authority information (RO) to the smart card, and the authority information (RO) and binding provided from the smart card. Provide the DRM manager with information stored in the secure area of the secure memory card, and the smart card has binding information corresponding to at least one of the device / memory binding information and the subscription binding information in the characteristic information. If the authority information (RO) is generated, the authority information (RO) and the binding information are provided to the CAS client. When the binding information includes device binding information as the device / memory binding information, the CAS is included. The device binding information based on the device information from a client; It can be included as swap / memory binding information.

Preferably, in response to a request for playing a predetermined DRM content from a user, a request for authorization of the corresponding DRM content is requested, and if the authority is answered, a request for decryption of the corresponding DRM content is requested to play the content corresponding to the decrypted DRM content. Further comprising a player; The DRM manager requests the authority for the DRM content corresponding to the secure memory card according to the authority confirmation request from the player, and decryption is requested from the player as the authority is answered from the secure memory card. If so, the DRM content may be requested to the secure memory card, and the content corresponding to the decrypted DRM content may be provided to the player.

Preferably, the DRM manager, when requesting the authority for the DRM content, provides the secure memory card with the CID corresponding to the DRM content, device information including the device information, and the secure memory card from the DRM manager. When the authority for the DRM content is requested, at least one of authority information (RO) and binding information corresponding to the CID of the security area is searched based on the CID provided from the DRM manager to perform authority information (RO). And judging whether or not the authority is based on at least one of the binding information, and if the authority is determined, return the authority to the DRM administrator, and if the authority is not, the authority is returned. The authority of the DRM content is returned from the DRM administrator. When decryption is requested, the corresponding DRM content of the public domain is decrypted using the CEK of the authority information RO. You can reply.

Preferably, the secure memory card does not respond by determining whether the device information provided from the DRM manager corresponds to the device information of the device binding information when the device binding information exists as the device / memory binding information in the binding information. If not, the authority may return no permission to the DRM manager. If non-subscription binding information exists as the subscription binding information in the binding information, the authority may be returned to the DRM manager.

Preferably, the DRM manager, when the authority is returned from the secure memory card, when a new authority information (RO) corresponding to the DRM content is requested from a user, the DRM manager is sent to an external predetermined RI (Right Issuer) server. The new authority information RO may be requested, and if the requested authority information RO is provided from the RI server, the new authority information RO may be provided to the secure memory card to store the authority information RO in the secure area.

Preferably, the DRM manager, if the authority is returned from the secure memory card, when a new authority information (RO) corresponding to the DRM content is requested from a user, the DRM manager is sent to an external predetermined RI (Right Issuer) server. The authority information RO is requested when the new authority information RO is provided, the authority information RO requested from the RI server is provided, and binding information corresponding to the corresponding content is provided from an external predetermined presentation server (PS) server. And providing the binding information to the secure memory card to store the binding information in the secure area.

Preferably, in response to a request for playing a predetermined DRM content from a user, a request for authorization of the corresponding DRM content is requested, and if the authority is answered, a request for decryption of the corresponding DRM content is requested to play the content corresponding to the decrypted DRM content. Further comprising a player; The DRM manager requests the authority for the DRM content corresponding to the secure memory card according to the authority confirmation request from the player, and decryption is requested from the player as the authority is answered from the secure memory card. Request the CEK of the authority information (RO) stored in the secure area corresponding to the DRM content and the DRM content stored in the public area of the secure memory card, and decrypt the corresponding DRM content by using the CEK. It can be provided to the player.

Preferably, the DRM manager, when requesting the authority for the DRM content, provides the CID corresponding to the DRM content, the device information that includes the device information, and includes the device information including the device information. When the authority for the DRM content is requested, at least one of authority information (RO) and binding information corresponding to the CID of the security area is searched based on the CID provided from the DRM manager, and the authority information (RO) is obtained. Judge the presence or absence of authority based on at least one of the information and the binding information, and if the authority is determined, return the authority to the DRM administrator, and if the authority is not found, return the authority, and the public domain from the DRM administrator. The CEK of the authority information (RO) stored in the security area corresponding to the DRM content and the DRM content stored in the If the Agency can provide it to the DRM manager.

Preferably, the secure memory card, if the device binding information as the device / memory binding information is present in the binding information, and determines whether the device information provided from the DRM manager corresponds to the device information of the device binding information, If not corresponding, the authority may return no authority to the DRM manager. If non-subscription binding information exists as the subscription binding information in the binding information, the authority may be returned to the DRM manager.

The broadcast content providing system according to the third aspect of the present invention for achieving the above object, by generating a DRM encryption key based on the characteristic information corresponding to the predetermined broadcast content provided from the outside of the external predetermined RIs server (Rights Issuer) Encryption key generation device provided by; A CAS server that scrambles the broadcast content and generates an ECM corresponding to the broadcast content by including characteristic information corresponding to the broadcast content; A broadcast providing server that broadcasts the broadcast content and the ECM scrambled by the CAS server; And receiving the scrambled broadcast content broadcast from the broadcast providing server and the ECM, descrambling the scrambled broadcast content using a control word (CW) in the ECM, and based on the characteristic information in the ECM. And generating a DRM encryption key, packaging the descrambled broadcast content into a DRM content format (DCF) using the DRM encryption key, and storing the same, and storing the DRM encryption key in a secure area. .

Preferably, the encryption key generation growth value, based on the characteristic information corresponding to the predetermined content provided from the outside, the DRM encryption key (CEK: Contents Encryption Key) corresponding to the content and the Content ID (CID: Contents ID) ) And meta information included in the CEK and the CID and the characteristic information to an external predetermined Rights Issuer (RI) server.

Preferably, the CAS server scrambles the broadcast content using a predetermined control word CW, and corresponds to the control word CW and the broadcast content corresponding to the broadcast content. Generate the Entitlement Control Message (ECM) including the characteristic information, encrypt the ECM using a client encryption key corresponding to a client device having a legitimate download authority, and encrypt the scrambled broadcast content and the encrypted ECM. It can be provided by the broadcast providing server.

Preferably, the characteristic information corresponding to the content includes device / memory binding information indicating whether SEED information, broadcast time information, broadcast channel number information, program ID information, device binding, or memory binding corresponding to the content. It may include at least one of subscription binding information indicating whether or not the subscription, play count information, download availability information.

Preferably, the client device generates the DRM encryption key (CEK) and the content ID (CID) based on the feature information in the ECM received from the broadcast providing server, and the CEK and the CID and the feature. Rights objects (ROs) including rights / restrictions included in the information may be generated and stored in the security area.

A client device according to a fourth aspect of the present invention for achieving the above object, a secure memory card including a public area and a security area; According to the recording request of the broadcast content, the PVR manager to package the received broadcast content in the DRM content format (DCF) using a predetermined DRM encryption key to the secure memory card to store in the public area of the secure memory card. ; When recording of broadcast content received from a user through a predetermined broadcast channel is requested, the received broadcast content is descrambled using a control word (CW) included in the received ECM corresponding to the broadcast content to the PVR manager. Providing and generating a DRM encryption key (CEK) corresponding to the DRM content to the PVR manager based on the characteristic information included in the ECM, and generating authorization information (RO) including the DRM encryption key. CAS manager; And a DRM manager providing the authority information RO generated by the CAS manager to the secure memory card to store the authority information RO in the secure area of the secure memory card.

Preferably, in response to a request to play a predetermined DRM content from a user, a request for authorization of the corresponding DRM content is requested, and if the authority is answered, a request for decryption of the corresponding DRM content is requested to play broadcast content corresponding to the decrypted DRM content. Further comprising a player; The DRM manager requests the authority for the DRM content corresponding to the secure memory card according to the authority confirmation request from the player, and decryption is requested from the player as the authority is answered from the secure memory card. If so, the DRM content may be requested to the secure memory card, and the broadcast content corresponding to the decrypted DRM content may be provided to the player.

Preferably, the DRM manager, when requesting the authority for the DRM content, provides the CID corresponding to the DRM content, the device information that includes the device information, and includes the device information including the device information. When the authority for the DRM content is requested, binding information and authority information corresponding to at least one of the device / memory binding information and the subscription binding information corresponding to the security area based on the CID provided from the DRM manager. Search for at least one of the (RO) and determine whether or not the authority based on at least one of the binding information and the authority information (RO), if it is determined that the authority is returned to the DRM manager and determines that there is no authority If no permission is returned, the DRM manager requests decryption of the DRM content. Group can be decoded by the corresponding DRM content of the public domain using the CEK of the credential (RO) to be provided to the DRM manager.

Preferably, the DRM manager, when the authority is returned from the secure memory card, when a new authority information (RO) corresponding to the DRM content is requested from a user, the DRM manager is sent to an external predetermined RI (Right Issuer) server. The new authority information RO may be requested.

DRM content providing method according to a fifth aspect of the present invention for achieving the above object, the DRM packager generates a DRM encryption key based on the characteristic information corresponding to the predetermined content provided from the outside, using the DRM encryption key Packaging the content into a DRM content format (DCF); A CAS server scrambled the DCF packaged DRM content in the DRM package, and generating an ECM corresponding to the DCF packaged DRM content by including characteristic information corresponding to the content; A broadcast providing server broadcasting the DRM content and the ECM scrambled by the CAS server; And a client device downloads the scrambled DRM content and the ECM broadcasted from the broadcast providing server, descrambles and stores the scrambled DRM content using a control word (CW) in the ECM, and Generating a DRM encryption key based on the characteristic information in an ECM and storing the DRM encryption key in a secure area.

Preferably, the DRM packager generates a DRM encryption key (CEK) and a content ID (CID: Contents ID) corresponding to the content, based on the characteristic information corresponding to the content. The method may further include providing meta information included in the CEK, the CID, and the characteristic information to an external predetermined Rights Issuer (RI) server.

Preferably, when rights information corresponding to predetermined DRM content is requested from the client device, the RI server receives rights information including the CEK based on the meta information of the requested content. The method may further include generating and providing the generated client device to the client device.

According to a sixth aspect of the present invention, there is provided a method of controlling a client device, when a user requests a download of DRM content provided through a predetermined broadcast channel, the DRM content is downloaded and corresponding to the DRM content. Descrambling the downloaded DRM content using a control word (CW) included in a received ECM; Storing the descrambled DRM content in a public area of a secure memory card; Generating a Contents Encryption Key (CEK) and a Contents ID (CID) corresponding to the DRM content based on the characteristic information included in the ECM; And generating rights information (RO) including right / restriction information included in the CEK and the CID and the characteristic information, and storing the rights information (RO) in a secure area of the secure memory card.

Preferably, in response to a request to play a predetermined DRM content from a user, requesting authority for the DRM content to the secure memory card; Determining, by the secure memory card, whether or not there is an authority based on corresponding authority information (RO) stored in the secure area; Determining whether or not the authority in the secure memory card as a result, it may further comprise the step of decrypting the DRM content using the CEK of the authority information (RO) and playing the decrypted content.

Preferably, if it is determined that there is no authority as a result of determining whether the authority is present or not in the secure memory card, when a new authority information (RO) corresponding to the DRM content is requested from a user, an external predetermined RI (Right Issuer) is requested. The method may further include requesting the new authority information RO from the server.

Broadcast content providing method according to a seventh aspect of the present invention for achieving the above object, the encryption key generating device based on the DRM encryption key (CEK: Contents Encryption Key) based on the characteristic information corresponding to the predetermined broadcast content provided from the outside; And generating a Contents ID (CID) and providing meta information included in the CEK, the CID, and the characteristic information to an external predetermined Rights Issuer (RI) server. A CAS server scrambled the broadcast content, and generating an ECM corresponding to the broadcast content by including characteristic information corresponding to the broadcast content; Broadcasting, by a broadcast providing server, the broadcast content and the ECM scrambled by the CAS server; And a client device receives the scrambled broadcast content and the ECM broadcasted from the broadcast providing server, descrambles the scrambled broadcast content using a control word (CW) in the ECM, and Generating a DRM encryption key based on the characteristic information, packaging the descrambled broadcast content into a DRM content format (DCF) using the DRM encryption key, and storing the decoded broadcast content; and storing the DRM encryption key in a secure area. Steps.

According to an eighth aspect of the present invention, there is provided a method of controlling a client device, when a user requests recording of broadcast content provided through a predetermined broadcast channel, the received broadcast content corresponding to the broadcast content. Descrambling using a control word (CW) included in the received ECM; Generating a DRM encryption key (CEK) and a content ID (CID) corresponding to the broadcast content based on the characteristic information included in the ECM; Packaging the descrambled broadcast content in a DRM content format (DCF) using the CEK, and storing the packaged DRM content in a public area of a secure memory card; And generating rights information (RO) including the generated CEK, the CID, and rights / restriction information included in the characteristic information, and storing the rights information (RO) in a secure area of the secure memory card.

Accordingly, according to the DRM content providing system and DRM content providing method of the present invention, after packaging in DRM content format (DCF), CA system processing and broadcasting through a broadcasting network, a legitimate subscriber client device downloads the DRM encryption key By generating the authority information (RO) including the (CEK) and storing the DRM content in the security area of the secure memory card, respectively, the authority information (RO) stored in the security area when replaying the stored DRM content. As a result, only legitimate client devices can decode and play the DRM content.

Accordingly, according to the DRM content providing system and the DRM content providing method according to the present invention as described above, through the encrypted DRM content applied by integrating the CAS technology based on the broadcast technology and the DRM technology based on the communication technology, The copyright protection function of the content can be further extended, and the client device generates RO information by itself when downloading or recording, and saves it in the secure area of the secure memory card, thereby preventing illegal copying and illegal reproduction of the stored DRM content. By increasing the user's rights can also be secured.

Hereinafter, with reference to the accompanying drawings will be described a preferred embodiment of the present invention.

1 is a diagram illustrating a DRM content providing system according to a first embodiment of the present invention.

As shown in FIG. 1, the DRM content providing system according to the present invention generates a DRM encryption key based on characteristic information corresponding to predetermined content provided from the outside, and uses the DRM encryption key. A CAS that scrambles the content into a DRM content format (DCF), scrambles the DCF packaged DRM content, and generates an ECM corresponding to the DCF packaged DRM content, including the characteristic information corresponding to the content. Download the server 35, the broadcast providing server 20 to broadcast the scrambled DRM content and ECM in the CAS server 35, and the scrambled DRM content and ECM broadcasted from the broadcast providing server 20, Secure the DRM encryption key by descrambling and storing scrambled DRM contents using the control word (CW) in the ECM, and generating a DRM encryption key based on the characteristic information in the ECM. And the client device 100 to store the station, and a RI server 40 and, PS server 50. Here, the client device 100 may be provided in plurality.

The DRM (Digital Rights Management) packager 30 receives predetermined content and characteristic information corresponding to the content from the outside. In this case, the content and the characteristic information corresponding to the content may be provided from the broadcast providing server 20 or may be provided from a CMS (Contents Management System) server not shown. Accordingly, the DRM packager 30 generates a DRM encryption key (CEK: Contents Encryption Key) corresponding to the content based on the characteristic information corresponding to the content, and converts the content into the DRM content format (DCF) using the generated CEK. Package it.

Here, the characteristic information corresponding to the content is information including meta information representing the corresponding content and rights / restriction information for viewing or playing specified in the corresponding content, and includes SEED information, broadcasting time information, and broadcasting corresponding to the content. It is preferable to include at least one of channel number information, program ID information, device / memory binding information indicating whether the device is a binding or a memory binding, subscription binding information indicating whether the subscription is available, play count information, and downloadability information. Do.

Accordingly, the DRM packager 30 may generate a CEK corresponding to the content based on unique information (eg, broadcast channel number information, program ID information, broadcast time information) among the characteristic information of the corresponding content. The DRM packager 30 generates the DRM content by encrypting and packaging the corresponding content in the DRM content format (DCF) using the generated CEK. Here, the packaging of the DRM packager 30 by encrypting the content in the DRM content format (DCF) using the CEK may apply a conventional DCF packaging technique, and a detailed description thereof will be omitted.

In addition, the DRM packager 30 has a content ID (CID :) corresponding to the content based on unique information (eg, broadcast channel number information, broadcast channel number information, broadcast time information) among the characteristic information of the corresponding content. Create Contents ID). For example, the DRM packager 30 uses the broadcast channel number information, the broadcast channel number information, and the broadcast time information of the corresponding content, such as "Content ID (CID) = broadcast time / broadcast channel number / program ID @ service provider domain." Can be generated with ".

Accordingly, the DRM packager 30 provides the CAS server 35 with the DRM content packaged with the content in the DRM content format (DCF), and generates a predetermined meta in the CEK and CID and the characteristic information generated corresponding to the content. Information is provided to the RIs 40 in response to the content.

The RI (Rights Issuer) server 40 pre-stores CEK, CID, and meta information corresponding to the corresponding content for each content. That is, the RI server 40 may store CEK, CID, and meta information provided from the DRM packager 30 corresponding to the predetermined content as described above. When the RI server 40 requests the authority information RO corresponding to the predetermined content from the external predetermined client device 100, the RI server 40 includes the corresponding CEK based on the meta information of the corresponding content requested by the client device 100. The authority information RO is generated and the generated authority information RO is provided to the client device 100. In this case, the RI server 40 may provide the requested authority information RO to the client device 100 when the charging for the authority information RO is completed.

Here, the meta information includes binding information corresponding to at least one of device / memory binding information and subscription binding information, so that the RI server 40 includes the binding information when generating the authority information (RO) including the corresponding CEK. Permission information RO may be generated.

The PS (Presentation Server) server 50, when the authority information (RO) corresponding to the predetermined content is requested from the external predetermined client device 100, the client to the RI server 40 that provides the authority information (RO) Induce the device 100 to connect. For example, the PS server 50 may trigger the client device 100 to the RI server 40. The PS server 50 may provide the client device 100 with binding information corresponding to at least one of device / memory binding information and subscription binding information corresponding to the corresponding content requested by the client device 100.

In this case, the connection between the client device 100 and the RI server 40 and the connection between the client device 100 and the PS server 50 may be made through the broadcasting network 1 and may be a mobile communication network or wireless data (not shown). It may be possible through a communication network or an internet network.

The CAS (Conditional Access System) 35 is a system for adjusting the viewing authority for DRM contents packaged in the DRM content format (DCF) in the DRM packager 30 on a subscriber basis, and corresponds to a conventional general CA system. Can be.

The CAS server 35 scrambles the DRM content packaged in the DRM content format (DCF) in the DRM packager 30 using a predetermined control word (CW), and corresponds to the control word (CW) in response to the DRM content. And an Entitlement Control Message (ECM) including the characteristic information of the content corresponding to the DRM content. The CAS server 35 encrypts the ECM using a client encryption key corresponding to a client device having a legitimate download authority, and provides the scrambled DRM content and the encrypted ECM to the broadcast providing server 20.

The broadcast providing server 20 broadcasts content through each broadcast channel in accordance with a broadcast schedule by an external predetermined broadcast scheduler (not shown). The broadcast providing server 20 may be provided with content to be broadcasted from an external predetermined content providing server 10.

Here, the content providing server 10 for providing content may include the aforementioned CMS server, which is not shown in FIG. 1, and the content providing server 10 binds to the PS server 50 corresponding to the corresponding content. By providing the information, the PS server 50 may preferably store binding information corresponding to at least one of device / memory binding information and subscription binding information for each content.

When the broadcast providing server 20 is requested to download from a predetermined client device 100 and provided with scrambled DRM content and an encrypted ECM from the CAS server 35, the broadcast providing server 20 converts the scrambled DRM content and ECM into TS packets and broadcasts the network ( Broadcast through 1). Here, the broadcast providing server 20 may simultaneously broadcast the scrambled DRM content and the corresponding ECM, and may broadcast the scrambled DRM content and the corresponding ECM, respectively.

As a result, after the contents are packaged in the DRM content format (DCF) based on the DRM technology based on the communication technology in the DRM packager 30, the CAS server 35 based on the broadcast technology based on the broadcast technology. Then, the DRM content is scrambled through a CA system process, and broadcast is transmitted from the broadcast providing server 20. Here, the configurations as described above, that is, the CAS server 35, the DRM packager 30, the RI server 40, the PS server 50 and the broadcast providing server 20 are described and illustrated in their respective configurations. However, this is only one embodiment, CAS server 35 and DRM packager 30 and RI server 40 and PS server 50 and the broadcast providing server 20 are all configured to be integrated into one system. It is possible.

Here, it is preferable that the DRM content providing system according to the first embodiment of the present invention deals with content that cannot be viewed or listened to in real time, such as game content or application content.

The client device 100 downloads the scrambled DRM content broadcasted from the broadcast providing server 20 and the corresponding ECM, descrambles and stores the scrambled DRM content using a control word (CW) in the ECM, and stores the ECM. The DRM encryption key (CEK) is generated based on the characteristic information within and stores the CEK in the security domain. Here, the client device 100 not only generates a CEK, but also generates a content ID (CID: Contents ID) based on the characteristic information, generates the CEK, the CID, and the rights / limiting information included in the characteristic information. Generates Rights Objects (RO) that contain and stores them in the security domain.

When the client device 100 generates the rights information RO, the client device 100 includes the binding information corresponding to at least one of the device / memory binding information and the subscription binding information included in the characteristic information to generate the rights information RO. Alternatively, the authority information RO may be generated so as not to include the binding information, and the authority information RO and the binding information may be stored in the security area, respectively.

At this time, the client device 100, after storing the authority information (RO) in the security area, it is preferable to notify the PS server 50 of the completion of the storage of the authority information (RO) corresponding to the content.

Then, when the client device 100 is requested to play the pre-stored DRM content from the user of the client device 100, the client device 100 has the authority to play the DRM content based on the authority information (RO) stored in the security area. Decode the corresponding DRM content stored using the CEK of the authority information (RO), and play the decoded content. If the client device 100 does not have the authority to play the DRM content, the client device 100 requests authority information (RO) corresponding to the DRM content from the RI server 40 through the PS server 50 and is provided from the RI server 40. After newly storing the authority information (RO) in the security area, it is possible to decrypt the stored DRM content by using the CEK of the new authority information (RO) and then play the decrypted content.

Herein, binding information corresponding to at least one of device / memory binding information and subscription binding information corresponding to the DRM content is further provided from the PS server 50, so that the client device 100 has authority from the RI server 40. When the information RO is stored in the secure area, binding information from the PS server 50 may also be stored in the secure area. Thus, when the client device 100 intends to play the DRM content, the client device 100 may determine whether the authority is present or not based on the authority information (RO) and the binding information of the security area.

On the other hand, the binding information corresponding to the DRM content from the PS server 50 is not provided to the client device 100, the client in the form that the binding information is included in the authority information (RO) provided from the RI server 40 It may be provided to the device 100.

Hereinafter, the configuration of the client device 100 will be described in more detail with reference to FIG. 2.

The client device 100 includes a secure memory card 150 including a public area 153 and a secure area 157, and the corresponding DRM content downloaded according to a download request of the DRM content of the secure memory card 150. The PVR manager 140 which provides the secure memory card 150 to store in the public area 153 and when the user requests the download of the DRM content provided through a predetermined broadcast channel, the DRM content is downloaded and executed on the DRM content. The decoded DRM content is provided to the PVR manager 140 by using the control word CW included in the corresponding received ECM, and the DRM password corresponding to the DRM content is based on the characteristic information included in the ECM. DRM management, which provides the CAS manager 120 for generating a key and the DRM encryption key generated by the CAS manager 120 to the secure memory card 150 to store in the secure area 157 of the secure memory card 150. It comprises 130. The client device 100 may include an EPG 110 and a player 160.

The secure memory card 150 may include an open area 153 and a secure area 157, and may include an SD memory card or a Secure MMC memory card having a security function. That is, the secure memory card 150 is loaded with an application having a security function (which may be referred to as a card OS), and is disclosed through communication with a host (the client device 100) on which the secure memory card 150 is mounted. Data can be added / deleted / modified / leaded such as storing data in the area 153 and the security area 157 or providing the data to the host.

The EPG 110 provides various types of broadcast information on content transmitted through the respective broadcast channels in the broadcast providing server 20, and provides user input of the client device 100 and user input of the client device 100. As a configuration for interfacing the operations, since it corresponds to an existing general configuration, a detailed description thereof will be omitted.

The personal video recorder (PVR) manager 140 receives the DRM contents in the form of descrambled TS packets from the CAS manager 120 to reassemble all TS packets to MERGING the DRM contents, and to secure the secure memory card 150. Requests the secure memory card 150 to be stored in the public area 153 of the provided. In this case, the DRM content MERGING in the PVR manager 140 may be recorded / stored in the public area 153 of the secure memory card 150 through the host application toolfit.

The CAS (Conditional Access System) manager 120 is configured to descramble the DRM content broadcasted from the broadcast providing server 20 through a CA system process, and the CAS client 122 and the smart card 120. It can be divided into.

The CAS client 122 provides an ECM (Entitlement Control Message) received in response to the DRM content broadcasted from the broadcast providing server 20 to the smart card 124, and in the ECM obtained from the smart card 124. Of the information, the downloaded DRM content is descrambled using the control word (CW) and provided to the PVR manager 140.

The CAS client 122 requests the smart card 124 to generate the authority information RO corresponding to the DRM content, and sends the authority information RO generated by the smart card 124 to the DRM manager 130. to provide.

Here, when the CAS client 122 requests the smart card 124 to generate the authority information (RO) corresponding to the DRM content, the information in the ECM obtained from the smart card 124 (the characteristic corresponding to the corresponding DRM content). Information) to the smart card 124. Here, when the storage of the DRM content downloaded by the PVR manager 140 is completed, the CAS client 122 may request the smart card 124 to generate the authority information RO corresponding to the DRM content. This is to prevent the generation of unnecessary authority information (RO) when the download of the DRM content fails.

The smart card 124 decodes a predetermined ECM provided from the CAS client 122 using its client encryption key to obtain control words (CW) included in the ECM and characteristic information corresponding to the corresponding DRM content. This is provided to the CAS client 122. When the smart card 124 generates a request for generating rights information (RO) from the CAS client 122, the smart card 124 corresponds to a DRM encryption key (CEK: Contents Encryption Key) corresponding to the DRM content based on the characteristic information. And a Content ID (CID: Contents ID), a rights information (RO) including the CEK and the CID and the rights / restriction information included in the corresponding characteristic information, is generated and provided to the CAS client 122.

Here, the smart card 124 should generate the same CEK as the CEK generated by the DRM packager 30 used to encrypt the DRM content downloaded through the broadcasting network 1 into the DRM content format (DCF). In addition, the smart card 124 should generate the same CID as the CID generated by the DRM packager 30 in response to the corresponding DRM content downloaded through the broadcasting network 1. Accordingly, the process and the use parameter for generating the CEK and CID based on the characteristic information acquired in the ECM by the smart card 124 are the same as the process and the use parameter for generating the CEK and CID in the DRM packager 30. Shall be.

Here, the CAS manager 120, when there is binding information corresponding to at least one of the device / memory binding information and the subscription binding information in the characteristic information obtained in the ECM, the binding information when generating the authority information (RO) Authorization information (RO) including the generated binding information and the binding information may be provided to the DRM manager 130. Alternatively, the CAS manager 120 generates the rights information (RO) so as not to include the binding information when the binding information exists in the characteristic information acquired in the ECM, and the rights information (RO) and the binding information to the DRM manager. 130 may be provided.

At this time, when the device binding information is included as the device / memory binding information in the characteristic information acquired in the ECM, the device / memory of the binding information included in the authority information RO or the binding information separate from the authority information RO It is preferable to include device binding information based on device information (eg, device ID, device identification information, etc.) of the client device 100 as binding information.

For example, in the case where the binding information is included in the authority information RO, the CAS client 122 includes the binding information when the smart card 124 requests the generation of the authority information RO. The device information (eg, device ID, device identification information, etc.) to be provided is provided to the smart card 124. If the smart card 124 has binding information corresponding to at least one of the device / memory binding information and the subscription binding information in the characteristic information acquired in the ECM, the right / Include binding information in the restriction information. In this case, the smart card 124 may include the device binding information based on the device information from the CAS client 122 as the device / memory binding information, when the binding information includes the device binding information as the device / memory binding information. .

In addition, when the authority information (RO) is generated without including the binding information and the authority information (RO) and the binding information are separately provided to the DRM manager 130, the CAS client 122, the authority information (RO) When requesting the generation of the smart card to the smart card 124, the device information (eg, device ID, device identification information, etc.) included in the smart card 124 is provided to the smart card 124. If the smart card 124 has binding information corresponding to at least one of the device / memory binding information and the subscription binding information in the characteristic information acquired in the ECM, the right / Create without restricting binding information. The smart card 124 provides the generated rights information RO and binding information to the DRM manager 130. At this time, the smart card 124 includes the device binding information based on the device information from the CAS client 122 as the device / memory binding information, when the binding information includes the device binding information as the device / memory binding information. Provided at 130.

As such, the binding information having device binding information based on the device information (eg, device ID, device identification information, etc.) of the client device 100 may be included in the authority information RO or separately from the authority information RO. In the secure area 157, the DRM content is stored only in the client device 100 equipped with the secure memory card 150 when the DRM content and the corresponding authority information RO are stored in the secure memory card 150. This is to allow playback. That is, by removing the secure memory card 150 storing the DRM content and the corresponding authority information (RO) from the client device 100 and attaching the secure memory card 150 to the other client device, it is possible to prevent the DRM content from being played on the other client device. would.

The DRM manager 130 provides the secure memory card 150 to store the authority information RO generated by the CAS manager 120 in the secure area 157 of the secure memory card 150. That is, the DRM manager 130 may provide the rights information (RO) secure memory card 150 including the binding information provided from the CAS manager 120, or the binding information provided from the CAS manager 120. The authority information RO may be provided to the secure memory card 150, respectively. At this time, the authority information RO provided by the DRM manager 130 may be recorded / stored in the secure area 157 of the secure memory card 150 through the host application toolfit.

Thus, the downloaded DRM content 151 is stored in the open area 153 of the secure memory card 150, and the authority information of the downloaded DRM content 151 is stored in the secure area 157 of the secure memory card 150. RO) 155 (including binding information) may be stored. Alternatively, authority information RO (not shown, binding information not included) and binding information (not shown) of the downloaded DRM content 151 may be stored in the security area 157 of the secure memory card 150.

Hereinafter, for convenience of description, an example in which the authority information (RO) 155 including the binding information is stored in the security area 157 will be described.

The player 160 is configured to play content received through the broadcasting network 1 in real time or to play previously stored content. When the player 160 is requested to play the pre-stored DRM content 151 from the user, the player 160 requests the DRM manager 130 to check the authority of the DRM content, and if the authority is answered, the DRM content 151. Request the decryption of the 151 to the DRM manager 130. Accordingly, when the corresponding content from which the DRM content 151 is decoded from the DRM manager 130 is provided, the content is reproduced.

When the DRM manager 130 requests the authority of the corresponding DRM content 151 to be played back from the player 160, the DRM manager 130 requests the authority of the corresponding DRM content 151 to the secure memory card 150. At this time, when the DRM manager 130 requests the authority for the DRM content 151, the CID corresponding to the DRM content 151 and the device information (eg, device ID and device identification information) including the DRM manager 130 itself. Etc.) to the secure memory card 150 is preferable.

Accordingly, the secure memory card 150 searches for the authority information (RO) 155 corresponding to the CID in the secure area 157 according to the authority confirmation request from the DRM manager 130 to determine whether or not it exists. . If the DRM content 151 stored in the public area 153 of the secure memory card 150 is content that the client device 100 normally downloads through the broadcasting network 1, the authority corresponding to the DRM content 151 is provided. Information (RO) 155 will be retrieved from security zone 157. However, if the DRM content 151 stored in the open area 153 of the secure memory card 150 is a content copied from another client device (not shown), the authority information (RO) 155 corresponding to the DRM content 151 is provided. ) Cannot be retrieved from the security zone 157 because it cannot be copied.

Accordingly, the secure memory card 150 determines whether the client device 100 has a reproduction authority through the authority information (RO) 155 corresponding to the CID retrieved from the security area 157, and determines the DRM manager. Reply back to 130. This may be determined by the secure memory card 150 based on right / limit information (eg, play count information, binding information, etc.) included in the authority information RO 155.

For example, if the playable count information is 0, the secure memory card 150 is based on the right / limit information (eg, playable count information, binding information, etc.) included in the authority information RO. Unauthorized can be returned to the DRM manager 130, if the playable count information is 2 it can be returned to the DRM manager 130, and the playable count information can be changed to 1 and stored. In addition, the secure memory card 150 may include the memory bind information in the binding information based on the rights / limiting information (for example, the number of times of play, binding information, etc.) included in the authority information RO. If the authority can reply to the DRM manager 130. In addition, the secure memory card 150 may include device binding information in binding information based on rights / limiting information (eg, play count information, binding information, etc.) included in the authority information RO. If the device information (eg, device ID, device identification information, etc.) provided from the DRM manager 130 corresponds to the device information of the device binding information, and if it does not correspond to the device information of the device binding information, it returns to the DRM manager 130 If the corresponding, the authority can reply to the DRM manager 130. In addition, the secure memory card 150 may include subscription binding information in binding information based on rights / limiting information (eg, play count information, binding information, etc.) included in the authority information RO. In this case, the authority may be returned to the DRM manager 130, and if the non-subscription binding information is included, the authority may be returned to the DRM manager 130. Here, the authorization check request and response between the DRM manager 130 and the secure memory card 150 may be transmitted through the Host SDK.

In addition, the DRM manager 130 provides an authority response to the player 160 when the authority is answered from the secure memory card 150 in response to the authority request, and the authority is not answered from the security memory card 150. Provide a none response to player 160.

Here, when the DRM manager 130 responds with no permission from the secure memory card 150, the DRM manager 130 induces the purchase of new authority information RO corresponding to the corresponding DRM content 151 of the public area 153 from the user. You can make the UI available to the user. In addition, the DRM manager 130 is connected to the PS server 50 to provide the CID corresponding to the DRM content 151, thereby providing the authority information (RO) corresponding to the DRM content 151. The connection to the RI server 40 can be triggered.

Accordingly, when a new authority information (RO) corresponding to the corresponding DRM content 151 is requested from the user, the DRM manager 130 accesses the RI server 40 through the PS server 50 and the RI server ( 40 request new authority information (RO) corresponding to the corresponding DRM content 151 to be reproduced, and receives the new authority information (RO) from the RI server 40, and the security area of the secure memory card 150 Can be stored at 157.

At this time, the DRM manager 130 accesses the RI server 40 through the PS server 50 and requests new authority information (RO) corresponding to the corresponding DRM content 151 to be reproduced by the RI server 40. When the new authority information RO is provided from the RI server 40 and the binding information corresponding to the corresponding DRM content 151 is provided from the PS server 50, the authority information RO and the binding information are secured in the secure area. It may be stored in the security area 157 of the memory card 150.

As such, when new authority information RO (including binding information) or respective authority information RO and binding information is stored in the security area 157 of the secure memory card 150, the secure memory card 150 is newly updated. The authoritative response to the DRM content 151 will be provided to the DRM manager 130 based on the stored authority information RO (including binding information) or the respective authority information RO and binding information.

When the DRM manager 130 requests the decryption of the DRM content 151 from the player 160 by providing the authoritative response to the player 160, the DRM manager 130 requests the decryption of the DRM content 151 to the secure memory card 150. do. Accordingly, the secure memory card 150 uses the CEK of the authority information (RO) 155 of the security area 157 corresponding to the DRM content 151 to select the corresponding DRM content 151 of the public area 153. The decrypted content is returned to the DRM manager 130. Here, the decryption request and the content reply between the DRM manager 130 and the secure memory card 150 may be transmitted through the Host SDK.

Accordingly, the DRM manager 130 may provide the player 160 with the decrypted content returned from the secure memory card 150, and the player 160 may play the provided content.

On the other hand, if there is no processing logic capable of decrypting the DRM content in the secure memory card 150, the process logic for decrypting the DRM content may be provided in the DRM manager 130 to adopt the method as follows. It is possible.

When the DRM manager 130 requests the decryption of the DRM content 151 from the player 160 by providing the authoritative response to the player 160, the DRM manager 130 stores the DRM content stored in the public area 153 of the secure memory card 150. In response to the 151 and the DRM content 151, the secure memory card 150 requests the CEK of the authority information (RO) 155 stored in the secure area 157. Accordingly, when the CEK corresponding to the DRM content 151 and the DRM content 151 is provided from the secure memory card 150, the DRM manager 130 may use the CEK corresponding to the DRM content 151. Decode 151 and provide the decrypted content to player 160.

Accordingly, the player 160 may play the content provided from the DRM manager 130.

As described above, according to the DRM content providing system according to the present invention, after packaging in the DRM content format (DCF) in the DRM packager 30, the CAS server 35 processes the CA system through the broadcast network (1) When the broadcast is transmitted, the legitimate subscriber client device 100 downloads it and generates the authority information RO including the DRM encryption key (CEK) to the public area 153 and the security area 157 of the secure memory card 150. By storing each, the DRM content can be decrypted and reproduced only in the legitimate client device 100 according to the authority information RO stored in the security area 157 when the stored DRM content is to be reproduced.

Accordingly, according to the DRM content providing system according to the present invention as described above, provides the encrypted DRM content to the client device 100 by applying the CAS technology based on the broadcast technology and the DRM technology based on the communication technology. Accordingly, the copyright protection function of the content can be further extended, and the client device 100 generates the authority information RO by downloading and stores the rights information RO in the secure area 157 of the secure memory card 150, thereby saving the stored DRM content. By increasing the protection against illegal copying and illegal reproduction, the user's right to use can also be secured.

In addition, according to the DRM content providing system according to the present invention as described above, when dealing with content that can not watch or listen to the broadcast in real time, such as game content or application content, expensive wireless network for the safety of the content Since it is possible to download through the low-cost broadcasting network (1) that had to be through, it is possible to reduce the download cost from the user's point of view while maintaining the safety of content download.

Meanwhile, referring to FIGS. 3 to 4, a broadcast content providing system according to a second embodiment of the present invention will be described. For convenience of description, the configuration corresponding to the above-described first embodiment will be omitted or briefly described.

As shown in FIG. 3, the broadcast content providing system according to the present invention generates a DRM encryption key based on characteristic information corresponding to a predetermined broadcast content provided from the outside, thereby forming an external predetermined Rights Issuer (RI) server 40. And a CAS server 35 'which scrambles the broadcast content and generates the ECM corresponding to the broadcast content by including characteristic information corresponding to the broadcast content, and a CAS server. The broadcast providing server 20 'which broadcasts the scrambled broadcast content and the ECM at 35', and the scrambled broadcast content and the ECM which are broadcasted from the broadcast providing server 20 ', receive the control word in the ECM ( Descrambling the scrambled broadcast content using a CW), generating a DRM encryption key based on the characteristic information in the ECM, and converting the descrambled broadcast content using the DRM encryption key to the DRM content format (DCF). Storage after packaging into, and comprises a client device 100 'and, RI server (40') and, the server PS (50 ') for storing the DRM encryption key in the security zone.

The encryption key generation device 30 'receives the characteristic information corresponding to the predetermined broadcast content provided from the broadcast providing server 20'. Accordingly, the encryption key generation device 30 'is a DRM encryption code corresponding to the content based on unique information (for example, broadcasting channel number information, program ID information, and broadcasting time information) among the characteristic information corresponding to the broadcasting content. Create a key (CEK) and create a Content ID. The encryption key generation device 30 'provides the RIK and CID generated in response to the broadcast content and meta information included in the characteristic information to the RIs 40r corresponding to the broadcast content. .

Here, the characteristic information corresponding to the broadcast content provided from the broadcast providing server 20 'includes information including meta information indicating the broadcast content and rights / limiting information on viewing or playing specified in the broadcast content. For example, SEED information, broadcast time information, broadcast channel number information, program ID information, device / memory binding information indicating whether device binding or memory binding corresponds to broadcast content, and subscription / non-subscription binding information indicating whether subscription is present. It may preferably include at least one of the number of times of play information, information on whether or not recording.

The RI (Rights Issuer) server 40 'pre-stores CEK, CID, and meta information corresponding to the corresponding content for each broadcast content. That is, the RI server 40 'may store the CEK, CID, and meta information provided corresponding to the predetermined broadcast content from the encryption key generation device 30' as described above. The RI server 40 ', when the authority information RO corresponding to the predetermined broadcast content is requested from the external predetermined client device 100', based on the meta information of the broadcast content requested by the client device 100 '. The authority information RO including the CEK is generated and the generated authority information RO is provided to the client device 100 '.

Here, the meta information includes binding information corresponding to at least one of device / memory binding information and subscription binding information for broadcast content, so that the RI server 40 'may generate rights information (RO) including the corresponding CEK. When the binding information may be included, the authority information RO may be generated.

The PS server 50 ', when the authority information RO corresponding to the predetermined broadcast content is requested from an external predetermined client device 100', requests the client to the RI server 40 'that provides the authority information RO. Induce the device 100 'to connect. For example, the PS server 50 'may trigger the client device 100' to the RI server 40 '. The PS server 50 'may provide binding information corresponding to at least one of device / memory binding information and subscription binding information corresponding to the content requested by the client device 100' to the client device 100 '. Can be.

The CAS 35 'is a system for adjusting the viewing authority for the broadcast content provided by the broadcast providing server 20' for each subscriber, and may be a configuration corresponding to a conventional general CA system.

The CAS 35 'scrambles the broadcast content provided from the broadcast providing server 20' using a predetermined control word CW, and corresponds to the control word CW and the broadcast content corresponding to the broadcast content. Generate an Entitlement Control Message (ECM) that includes the characteristic information. The CAS 35 'encrypts the ECM using a client encryption key corresponding to a client device having a legitimate download authority, and provides the scrambled broadcast content and the encrypted ECM to the broadcast providing server 20'.

The broadcast providing server 20 'broadcasts broadcast content through each broadcast channel according to a broadcast schedule by an external broadcast scheduler (not shown).

In other words, when the scrambled broadcast content and the encrypted ECM are provided from the CAS 35 ', the broadcast providing server 20' converts the scrambled broadcast content and the ECM into TS packets and broadcasts them through the broadcast network 1.

The client device 100 'receives the scrambled broadcast content broadcasted from the broadcast providing server 20' and the corresponding ECM, and descrambles the scrambled broadcast content using a control word (CW) in the ECM. Generates a DRM encryption key (CEK) based on the characteristic information in the package and stores the descrambled broadcast content in the DRM content format (DCF) using CEK, and stores the content ID (CID: Contents ID) based on the characteristic information. Rights Objects (RO) including CEK and CID generated by using the generated information and rights / restriction information included in the characteristic information are generated and stored in the security area.

When the client device 100 ′ generates the authorization information RO, the client device 100 ′ includes the binding information corresponding to at least one of the device / memory binding information and the subscription binding information included in the characteristic information to include the authorization information RO. Alternatively, the authority information RO may be generated so as not to include the binding information, and the authority information RO and the binding information may be stored in the security area, respectively.

At this time, the client device 100 ', after storing the authority information (RO) in the security area, it is preferable to inform the PS server 50' of the completion of storing the authority information (RO) corresponding to the content.

Hereinafter, the configuration of the client device 100 'will be described in more detail with reference to FIG. 4.

The client device 100 'includes a secure memory card 150' including an open area 153 'and a secure area 157', and a received DRM code for a received broadcast content according to a recording request for broadcast content. PVR manager 140 'which provides a secure memory card 150' for packaging in DRM content format (DCF) using the key CEK and storing it in the open area 153 'of the secure memory card 150'. When the user requests recording of broadcast content received through a predetermined broadcast channel, the PVR manager 140 'descrambles the received broadcast content using a control word (CW) included in the received ECM corresponding to the broadcast content. ), And generate the DRM encryption key (CEK) corresponding to the DRM content based on the characteristic information included in the ECM, provide it to the PVR manager 140 ', and include the DRM encryption key (CEK). To the CAS manager 120 'and the CAS manager 120' To store the generated credential (RO) in the "security zone (157), the secure memory card 150 'and a' DRM manager (130 to provide a) a secure memory card 150 '. The client device 100 ′ may include an EPG 110 ′ and a player 160 ′.

The secure memory card 150 'is preferably the same as the secure memory card 150 according to the first embodiment.

The PVR manager 140 'may package the broadcast content in the form of TS packets descrambled by the CAS manager 120' into a DRM content format (DCF) by using the CEK provided from the CAS manager 120 '. Provided to the secure memory card 150 'for storage in the open area 153' of 150 '.

The DRM manager 130 ′ packages the reassembled broadcast content in the PVR manager 140 ′ into a DRM content format (DCF) using the CEK provided by the CAS client 122 ′, and the PRM packaged DRM content in the PVR manager 140 ′. Provided to the manager 140 '.

The CAS (Conditional Access System) manager 120 'is configured to descramble the broadcast content transmitted from the broadcast providing server 20' through a CA system process, and the CAS client 122 'and the smart card. It may be configured to be separated by (120 ').

The CAS client 122 'provides the ECM received in response to the broadcast content broadcasted from the broadcast providing server 20' to the smart card 124 ', and the smart card 124' provides the CAS client 122 '. The predetermined ECM provided from the C-P is decrypted using its client encryption key to obtain the control word (CW) included in the ECM and the characteristic information corresponding to the corresponding DRM content, and provide the same to the CAS client 122 '.

Accordingly, the CAS client 122 ′ descrambles the broadcast content recorded using the control word CW among the information in the ECM obtained from the smart card 124 ′, and provides the descrambled broadcast content to the PVR manager 140 ′. At this time, the CAS client 122 'requests the smart card 124' to generate a Contents Encryption Key (CEK) corresponding to the broadcast content based on the characteristic information in the ECM, and the PVR manager generates the generated CEK. Preferably at 140 '.

The CAS client 122 'corresponds to the broadcast content when the storage of the DRM content stored in the secure memory card 150' is completed by the PVR manager 140 'or when the recording end is input from the user. It is preferable to request the smart card 124 to generate the authority information RO.

When the smart card 124 'is requested to generate the authority information RO from the CAS client 122', the smart card 124 'generates an ID (CID: Contents ID) corresponding to the broadcast content based on the characteristic information. Authorization information (RO) including the generated CEK and CID and the rights / restrictions of the corresponding DRM content included in the characteristic information is generated and provided to the CAS client 122 '. Accordingly, the CAS client 122 'provides the authority information RO generated by the smart card 124' to the DRM manager 130 ', and the DRM manager 130' provides the security information RO to the secure memory. The card 150 'is requested to be stored in the secure area 157' of the secure memory card 150 '.

Here, the smart card 124 'should generate the same CEK and CID as the CEK and CID generated by the cryptographic key generation device 30'. Accordingly, the process and the use parameter for generating the CEK and CID based on the characteristic information acquired in the ECM by the smart card 124 'is the process and the use parameter for generating the CEK and CID in the encryption key generation device 30'. It is assumed that the same as.

Here, the CAS manager 120 ′, when there is binding information corresponding to at least one of device / memory binding information and subscription binding information in the characteristic information acquired in the ECM, provides the binding information when generating the authority information (RO). Authorization information (RO) including the generated binding information and the binding information may be provided to the DRM manager 130 '. Alternatively, if there is binding information in the characteristic information acquired in the ECM, the CAS manager 120 'generates the rights information (RO) so as not to include the binding information, and the rights information (RO) and the binding information are DRM. It may be provided to the manager 130 '.

Here, when generating the authority information RO corresponding to the broadcast content, when the device binding information is included as the device / memory binding information in the characteristic information obtained in the ECM, the binding information is included in the authority information (RO). ) Or generating the rights information (RO) that does not include the binding information and providing the rights information (RO) and binding information to the DRM manager 130 ', respectively, as described above with respect to the first embodiment. The same is preferable.

Accordingly, the DRM content 151 'corresponding to the recorded broadcast content is stored in the open area 153' of the secure memory card 150 ', and the secure area 157' of the secure memory card 150 'is recorded. Authorization information (RO) 155 ′ of the DRM content 151 ′ corresponding to the broadcast content may be stored.

Accordingly, the DRM content 151 'corresponding to the recorded broadcast content is stored in the open area 153' of the secure memory card 150 ', and the secure area 157' of the secure memory card 150 'is recorded. Authorization information (RO) 155 '(including binding information) of the DRM content 151' corresponding to the broadcast content may be stored. Alternatively, in the security area 157 'of the secure memory card 150', authority information RO (not shown, binding information not included) and binding information (not shown) of the DRM content 151 'corresponding to the recorded broadcast content are shown. ) Can be stored.

Hereinafter, for convenience of description, an example of storing the authority information (RO) 155 'having the binding information in the security area 157' will be described.

The player 160 ′ is configured to reproduce broadcast contents received through the broadcasting network 1 in real time or to store previously stored contents. When the player 160 'is requested to play the DRM content 151' corresponding to the pre-stored broadcast content from the user, the player 160 'requests the DRM manager 130' to check the authority of the DRM content accordingly. If the authority is answered, the DRM manager 130 'requests the decryption of the corresponding DRM content 151'. Accordingly, when the corresponding broadcast content from which the DRM content 151 'is decoded is provided from the DRM manager 130', the broadcast content is reproduced.

When the DRM manager 130 'is requested to check the authority of the corresponding DRM content 151' that is requested to be played from the player 160 ', the DRM manager 130' grants a right to the DRM content 151 'corresponding to the secure memory card 150'. request. In this case, when the DRM manager 130 'requests the authority for the DRM content 151', the CRM corresponding to the DRM content 151 'and the device information (eg, device ID) including the DRM manager 130' itself. , Device identification information, etc.) to the secure memory card 150 '.

Accordingly, the secure memory card 150 'searches for the corresponding authority information (RO) 155' corresponding to the CID in the secure area 157 'according to the authority confirmation request from the DRM manager 130'. The authority information (RO) 155 ′ determines whether the client device 100 ′ has a reproduction authority and returns the determination result to the DRM manager 130 ′. This may be determined by the secure memory card 150 'based on the right / limit information (eg, play count information, binding information, etc.) included in the authority information (RO) 155'.

For example, the secure memory card 150 'may have zero playable count information based on right / limit information (eg, playable count information, binding information, etc.) included in the authority information RO. In this case, the permission can be returned to the DRM manager 130 '. If the playable count information is 2, the permission can be returned to the DRM manager 130' and the playable count information can be changed to 1 and stored. In addition, the secure memory card 150 'includes the memory bind information in the binding information based on the rights / limiting information (for example, the number of times of play, binding information, etc.) included in the authority information RO. If so, the authority can reply to the DRM manager 130 '. In addition, the secure memory card 150 'includes device binding information in binding information based on rights / limiting information (eg, play count information, binding information, etc.) included in the authority information RO. If the device information (eg device ID, device identification information, etc.) provided from the DRM manager 130 'corresponds to the device information of the device binding information, and if it does not correspond to the device information (DRM manager 130') If the response is in response, the DRM administrator 130 'may be returned to the authority. In addition, the secure memory card 150 'includes subscription binding information in binding information based on rights / limiting information (for example, play count information, binding information, etc.) included in the authority information RO. If it is, the authority may reply to the DRM manager 130 ', and if the non-subscription binding information is included, the authority may be returned to the DRM manager 130'.

And, in response to the authority request, the DRM manager 130 'provides an authority response to the player 160' when the authority is answered from the secure memory card 150 ', and has no authority from the security memory card 150'. If so, provide an unauthorized response to player 160 '.

Here, the DRM manager 130 ', as in the above-described first embodiment, accesses the RI server 40' through the PS server 50 'and provides a CID corresponding to the corresponding DRM content 151. In response to the request, the RI server 40 'requests the authority information RO corresponding to the corresponding DRM content 151'. Accordingly, the DRM manager 130 ′ may receive new authority information RO from the RI server 40 and store the new authority information RO in the secure area 157 of the secure memory card 150.

As such, when new authority information RO (including binding information) or respective authority information RO and binding information is stored in the security area 157 'of the secure memory card 150', the security memory card 150 ') Provides the DRM administrator 130' with an authoritative response to the DRM content 151 'based on newly stored rights information (including binding information) or respective rights information (RO) and binding information. something to do.

When the DRM manager 130 'requests a decryption of the DRM content 151' from the player 160 'by providing an authorized response to the player 160', the DRM manager 130 'decrypts the DRM content 151'. (150 '). Accordingly, the secure memory card 150 'uses the CEK of the authority information (RO) 155' of the security area 157 'corresponding to the DRM content 151' to correspond to the DRM of the public area 153 '. The content 151 'is decoded and the decoded broadcast content is returned to the DRM manager 130'.

Accordingly, the DRM manager 130 'may provide decrypted broadcast content returned from the secure memory card 150' to the player 160 ', and the player 160' may play the provided content.

On the other hand, if there is no processing logic capable of decrypting the DRM content on the secure memory card 150 ', the DRM content 151' of the open area 153 'from the secure memory card 150' and the corresponding logic are present. By providing the CEK to the PVR manager 140 ', it may be possible for the PVR manager 140' to decrypt the DRM content and provide it to the player 160 '.

As described above, according to the broadcast content providing system according to the present invention, the client device 100 'receives the broadcast content broadcasted through the CAS technology, packages the DRM content format (DCF), and then stores the secure memory card ( 150 '), and generate the corresponding authority information (RO) and store it in the security area 157') of the secure memory card 150 ', thereby restoring DRM content corresponding to the stored broadcast content. According to the authority information RO stored in the area 157 ', only the legitimate client device 100' can decode and play the DRM content.

Accordingly, according to the broadcast content providing system according to the present invention as described above, the copyright protection function of the content through the encrypted DRM content applied by integrating the CAS technology based on the broadcast technology and the DRM technology based on the communication technology. Can be further extended, and the client device 100 'generates the rights information RO during recording and stores them in the secure area 157' of the secure memory card 150 ', thereby illegally copying the stored DRM contents. And by increasing the effect of preventing illegal reproduction, the user's right to use can also be secured.

Hereinafter, a control flow of a method for providing DRM content according to a first embodiment of the present invention will be described with reference to FIGS. 5 to 7. Here, for the convenience of description, the configuration shown in FIGS. 1 to 2 described above will be described with reference to the corresponding reference numerals.

DRM content providing method according to the first embodiment of the present invention, the DRM packager 30 generates a DRM encryption key (CEK) based on the characteristic information corresponding to the predetermined content provided from the outside, and the content using the CEK To the DRM content format (DCF), the CAS server 35 scrambles the DCF packaged DRM content in the DRM packager 30, the ECM corresponding to the DCF packaged DRM content characteristic information corresponding to the content Generating, including, and transmitting the scrambled DRM content and the ECM from the CAS server 35 by the broadcast providing server 20 and broadcasting from the broadcast providing server 20 by the predetermined client device 100. Download the scrambled DRM content and ECM to be sent, descramble and store the scrambled DRM content using the control word (CW) in the ECM, and generate the CEK based on the characteristic information in the ECM. Storing the CEK in a secure area.

Referring to FIG. 5, a control flow for providing DRM content in the method for providing DRM content according to the first embodiment of the present invention will be described.

First, the broadcast providing server 20 requests the DRM packager 30 for DCF packaging for predetermined content that is requested to be downloaded from a predetermined client device 100 (S10). Accordingly, the DRM packager 30 may use the DRM encryption key (CEK :) corresponding to the content based on unique information (eg, broadcast channel number information, program ID information, and broadcast time information) among the characteristic information corresponding to the content. Contents Encryption Key) and Contents ID (CID: Contents ID) are generated (S20).

Here, the characteristic information corresponding to the content provided from the broadcast providing server 20 is information including meta information indicating the corresponding content and rights / limiting information on viewing or playing specified in the corresponding content. SEED information, broadcast time information, broadcast channel number information, program ID information, device / memory binding information indicating whether it is a device binding or a memory binding, subscription / non-subscription binding information indicating whether or not a subscription, play count information, It is preferable to include at least one of the downloadability information.

Accordingly, the DRM packager 30 provides the RIK (Rights Issuer) server 40 with the CEK and CID generated in response to the content and the meta information included in the characteristic information, and requests to register the corresponding content (S30). ). Accordingly, the RI server 40 will store the CEK, CID, and meta information provided corresponding to the predetermined contents from the DRM packager 30 as described above (S40).

On the other hand, after step S20, the DRM packager 30 packages the content into a DRM content format (DCF) using the generated CEK (S50), and provides the packaged DRM content to the CAS server 35 (S70).

The CAS server 35 scrambles the packaged DRM content using a predetermined control word (CW) (S80), and includes the characteristic information of the content corresponding to the control word (CW) and the DRM content in response to the DRM content. An Entitlement Control Message (ECM) is generated (S90). The CAS server 35 encrypts the ECM using a client encryption key corresponding to a client device having a legitimate download authority, and provides the scrambled DRM content and the encrypted ECM to the broadcast providing server 20 (S100). .

Accordingly, when the scrambled DRM content and the encrypted ECM are provided from the CAS server 35, the broadcast providing server 20 broadcasts the scrambled DRM content and the ECM into TS packets (S110) and broadcasts them through the broadcasting network 1. (S120).

Accordingly, the client device 100 having a legitimate download authority downloads the scrambled DRM content broadcasted from the broadcast providing server 20 and the corresponding ECM, and downloads the scrambled DRM content using the control word (CW) in the ECM. Descrambling and storing, and stores the authority information (RO) generated based on the characteristic information in the ECM in the security area (157) (S130). Then, the client device 100 informs the PS server 50 of the completion of normal storage of the authority information RO (S135).

Then, when the client device 100 is requested to play the pre-stored DRM content from the user of the client device 100, the client device 100 checks the authority information (RO) of the security area (157) (S140), If there is, the decrypted DRM content can be decrypted using the CEK of the authority information RO stored in the security area 157 and then played back. Of course, the CEK generated in step S20 and the CEK of the authority information RO generated in step S130 will be the same.

On the other hand, if there is no authority to play the result of the check in step S140, the client device 100 by requesting a new authority information (RO) corresponding to the DRM content to the PS server 50, RI providing the authority information (RO) Triggered by the server 40 (S150). Accordingly, the client device 100 requests the corresponding RO information 40 to the RI server 40, and the RI server 40 uses the CEK, CID, and meta information corresponding to the corresponding content. It generates and provides to the client device 100, the client device 100 may be provided with the new authority information (RO) corresponding to the DRM content (S170). Thus, the client device 100 may play the DRM content using the new authority information RO.

Here, the binding information corresponding to at least one of the device / memory binding information and the subscription binding information is included in the meta information of the RI server 40, and the RI server 40 generates the authority information RO including the corresponding CEK. In this case, the binding information may be included to generate / provide the authority information RO.

Meanwhile, in consideration of the case where the binding information RO provided by the RI server 40 does not include the binding information, the PS server 50 receives the binding information corresponding to the corresponding DRM content requested from the client device 100. It may be provided to the client device 100 (S180). As such, when binding information is provided from the PS server 50, the client device 100 secures the authority information (RO, binding information not included) provided from the RI server 40 and the binding information provided from the PS server 50, respectively. Can be stored in the area.

Here, with reference to FIG. 6, will be described in more detail the control flow of downloading the DRM content of the control method of the client device 100 according to the first embodiment of the present invention.

When the user selects a predetermined download channel among the contents through each broadcasting channel identified through the EPG 110 and downloads the content (S210), the CAS client 122 of the CAS (Conditional Access System) manager 120 broadcasts. In operation S215, an ECM (Entitlement Control Message) received in response to the DRM content broadcasted from the providing server 20 is provided to the smart card 124. Accordingly, the predetermined ECM provided from the CAS client 122 is decrypted using its client encryption key to obtain a control word (CW) included in the ECM and characteristic information corresponding to the corresponding DRM content (S220). Provided to the client 122 (S225). Here, if the client device 100 is a device without viewing authority, the client device 100 may not have a client encryption key capable of decrypting the ECM.

The CAS client 122 downloads the DRM content from the broadcast providing server 20 (S230), and decodes the DRM content downloaded using a control word (CW) among the information in the ECM provided from the smart card 124. By scrambling (S235), and provides to the PVR manager 140 (S240).

The PVR manager 140 receiving the descrambled DRM content from the CAS client 122 reassembles all TS packets to MERGING the DRM content (S245), and releases the MERGING DRM content of the secure memory card 150. The secure memory card 150 is requested to be stored in the area 153 and provided (S250). At this time, the DRM content MERGING in the PVR manager 140 may be recorded / stored in the open area 153 of the secure memory card 150 through the host application Toolfit (S255).

Here, the PVR manager 140 requests the storage of the DRM content to the open area 153 of the secure memory card 150, and then informs the CAS client 122 of the completion of storing the DRM content (S260). Thus, when the storage of the DRM content downloaded by the PVR manager 140 is completed, the CAS client 122 requests the smart card 124 to generate the authority information (RO) corresponding to the DRM content (S265). .

Accordingly, the smart card 124 generates a DRM encryption key (CEK: Contents Encryption Key) and a content ID (CID: Contents ID) corresponding to the DRM content based on the corresponding characteristic information, and generates the CEK and CID and the corresponding characteristic information. Authorization information RO including right / restriction information of the corresponding DRM content is generated (S270) and provided to the CAS client 122 (S275).

Accordingly, the CAS client 122 provides the authority information RO generated by the smart card 124 to the DRM manager 130 (S277), and the DRM manager 130 transmits the authority information RO to the secure memory card. Provided to (150) and requests the secure memory card 150 to store in the secure area (157) (S280). At this time, the authority information RO provided by the CAS client 122 may be recorded / stored in the secure area 157 of the secure memory card 150 through the host application Toolfit. Accordingly, the authority information RO is stored in the security area 157 of the secure memory card 150 (S285), and the DRM manager 130 completes the download of the DRM contents and the authority information RO to the EPG 110. Inform (S290), the PS server 50 can be informed of the completion of the storage.

7, a control flow of reproducing stored DRM content in the control method of the client device 100 according to the first embodiment of the present invention will be described.

When the player 160 requests to play the pre-stored DRM content 151 from the user, the player 160 requests the DRM manager 130 to confirm the authority of the DRM content (S310). Accordingly, when the DRM manager 130 requests the authority of the corresponding DRM content 151 to be played from the player 160, the DRM manager 130 requests the authority of the corresponding DRM content 151 to the secure memory card 150 ( S320).

Accordingly, the secure memory card 150 searches for the authority information (RO) 155 corresponding to the DRM content 151 in the security area 157 according to the authority confirmation request from the DRM manager 130. Whether or not, and based on the authority information RO (eg, right / limit information (eg, playable information, binding information, etc.) included in the authority information RO (S330) (S330). The client device 100 determines whether or not there is a playback right (S340).

If the DRM content 151 stored in the open area 153 of the secure memory card 150 is content that the client device 100 normally downloads through the broadcasting network 1, the authority information corresponding to the DRM content 151 may be used. (RO) 155 will be retrieved from security zone 157. However, if the DRM content 151 stored in the open area 153 of the secure memory card 150 is a content copied from another client device (not shown), the authority information (RO) 155 corresponding to the DRM content 151 is provided. ) Cannot be retrieved from the security zone 157 because it cannot be copied.

Thus, the secure memory card 150, if it is determined that the client device 100 does not have a playback authority, responds to the DRM administrator 130 without permission (①), and if it is determined that the playback authority, the DRM manager 130 Will respond with (S350).

For example, if the playable count information is 0, the secure memory card 150 is based on the right / limit information (eg, playable count information, binding information, etc.) included in the authority information RO. Unauthorized can be returned to the DRM manager 130, if the playable count information is 2 it can be returned to the DRM manager 130, and the playable count information can be changed to 1 and stored. In addition, the secure memory card 150 may include the memory bind information in the binding information based on the rights / limiting information (for example, the number of times of play, binding information, etc.) included in the authority information RO. If the authority can reply to the DRM manager 130. In addition, the secure memory card 150 may include device binding information in binding information based on rights / limiting information (eg, play count information, binding information, etc.) included in the authority information RO. If the device information (eg, device ID, device identification information, etc.) provided from the DRM manager 130 corresponds to the device information of the device binding information, and if it does not correspond to the device information of the device binding information, it returns to the DRM manager 130 If the corresponding, the authority can reply to the DRM manager 130. In addition, the secure memory card 150 may include subscription binding information in binding information based on rights / limiting information (eg, play count information, binding information, etc.) included in the authority information RO. In this case, the authority may be returned to the DRM manager 130, and if the non-subscription binding information is included, the authority may be returned to the DRM manager 130.

Here, if it is determined in step S340 that there is no playback authority (①), the DRM manager 130 requests the new authority information (RO) corresponding to the RI server 40 (②), RI server 40 The new authorization information RO may be received from the secure memory card 150 and stored in the secure area 157 of the secure memory card 150 (③). As such, when the new authority information RO is stored in the security area 157 of the secure memory card 150, the secure memory card 150 has authority to the DRM content 151 based on the new authority information RO. The response will be provided to the DRM manager 130.

As the authority is answered, the player 160 who has returned the authority from the DRM manager 130 requests the DRM manager 130 to decrypt the DRM content 151 (S360), and the DRM manager 130 The decryption of the DRM content 151 is requested to the secure memory card 150. Accordingly, the secure memory card 150 uses the CEK of the authority information (RO) 155 of the security area 157 corresponding to the DRM content 151 to select the corresponding DRM content 151 of the public area 153. Decoded (S370), the decrypted content is returned to the DRM manager 130 (S380), and thus, the decrypted content is provided to the player 160.

Accordingly, when the corresponding content from which the DRM content 151 is decoded from the DRM manager 130 is provided, the player 160 may play the content (S390).

As described above, according to the DRM content providing method according to the present invention, after packaging in the DRM content format (DCF) in the DRM packager 30, the CAS server 35 processes the CA system through the broadcasting network (1) When the broadcast is transmitted, the legitimate subscriber client device 100 downloads it and generates the authority information RO including the DRM encryption key (CEK) to the public area 153 and the security area 157 of the secure memory card 150. When storing the DRM content, the DRM content can be decrypted and reproduced only in the legitimate client device 100 according to the authority information RO stored in the security area 157.

Accordingly, according to the method for providing DRM content according to the present invention as described above, the encrypted DRM content applied by integrating the CAS technology based on the broadcast technology and the DRM technology based on the communication technology is provided to the client device 100. Accordingly, the copyright protection function of the content can be further extended, and the client device 100 generates the authority information RO by downloading and stores the rights information RO in the secure area 157 of the secure memory card 150, thereby saving the stored DRM content. By increasing the protection against illegal copying and illegal reproduction, the user's right to use can also be secured.

In addition, according to the DRM content providing method according to the present invention as described above, when dealing with content that can not watch or listen to the broadcast in real time, such as game content or application content, expensive radio for the safety of the content Since the download, which had to be through the network, is made possible through the low-cost broadcasting network 1, the download cost can be reduced from the user's point of view while maintaining the safety of the content download.

Hereinafter, a control flow of a broadcast content providing method according to a second embodiment of the present invention will be described with reference to FIGS. 8 to 10. Here, for the convenience of description, the configuration shown in FIGS. 3 to 4 will be described with reference to the corresponding reference numerals.

Referring to FIG. 8, a control flow for providing broadcast content in the broadcast content providing method according to the second embodiment of the present invention will be described.

First, the encryption key generation device 30 ′ corresponds to broadcast content based on unique information (for example, broadcast channel number information, program ID information, and broadcast time information) among characteristic information corresponding to predetermined broadcast content. Generates DRM encryption key (CEK: Contents Encryption Key) and Content ID (CID: Contents ID) (S20 '), and provides meta information included in CEK and CID and characteristic information to RI server 40' for registration. Request (S30 ').

The CAS 35 'scrambles the predetermined broadcast content using a predetermined control word CW (S80'), and the characteristic information corresponding to the control word CW and the broadcast content corresponding to the broadcast content. Create an ECM including (S90 '). The CAS 35 'encrypts the ECM using a client encryption key corresponding to a client device having a legitimate download authority, and provides the scrambled broadcast content and the encrypted ECM to the broadcast providing server 20' (S100). ').

Accordingly, the broadcast providing server 20 'broadcasts the scrambled broadcast content and the ECM through the broadcasting network 1 by TS packetizing (S110') (S120 ').

Accordingly, the client device 100 ′ having a legitimate download authority receives the scrambled broadcast content and the corresponding ECM broadcasted from the broadcast providing server 20 ′, stores the broadcast content as DRM content, and stores the characteristic information in the ECM. The authority information RO generated based on the S is stored in the security area 157 '(S130'). Then, the client device 100 'informs the PS server 50 of the completion of normal storage of the authority information RO (S135').

Then, when the client device 100 'is requested to play the pre-stored DRM content from the user of the client device 100', the client device 100 'checks the authority information RO of the security area 157' (S140 '). ), If there is a right to play, the decrypted DRM content can be decrypted using the CEK of the authority information RO stored in the security area 157 'and then the decoded broadcast content can be played. Of course, the CEK generated in step S20 'and the CEK of the authority information RO generated in step S130' will be the same.

On the other hand, if there is no authority to play the result of the check in step S140 ', the client device 100' requests the authority information (RO) by requesting new authority information (RO) corresponding to the DRM content to the PS server 50 ', It is triggered by the provided RI server 40 '(S150'). Accordingly, the client device 100 'requests the corresponding RO information to the RI server 40', and the RI server 40 'uses the CEK, CID, and meta information corresponding to the content to provide the authorization information (RO). It generates the RO) and provides it to the client device 100 ', and thus the client device 100' may receive new authority information RO corresponding to the DRM content and store it in the secure area (S170 '). Accordingly, the client device 100 ′ may play the DRM content using the new authority information RO.

Here, the binding information corresponding to at least one of the device / memory binding information and the subscription binding information is included in the meta information of the RI server 40 ', and the RI server 40' includes the authority information (RO) including the corresponding CEK. When generating the information, the binding information may be included / created and provided.

On the other hand, considering that the binding information is not included in the authority information RO provided by the RI server 40 ', the PS server 50' corresponds to the corresponding DRM content requested from the client device 100 '. The binding information may be provided to the client device 100 '(S180'). As such, when the binding information is provided from the PS server 50, the client device 100 'is provided with the authority information (RO, binding information not included) provided from the RI server 40' and the binding information provided from the PS server 50 '. Can be stored in each security zone.

9, a control flow of recording broadcast content in the control method of the client device 100 ′ according to the second embodiment of the present invention will be described in more detail.

When a user selects a predetermined broadcast channel from among contents through each broadcast channel identified through the EPG 110 'to record broadcast content (S210'), the CAS client 122 'of the CAS manager 120' broadcasts the broadcast. The ECM received corresponding to the broadcast content broadcasted from the provision server 20 'is provided to the smart card 124' (S215 '). Accordingly, the predetermined ECM provided from the CAS client 122 'is decrypted using its client encryption key to obtain control words (CW) included in the ECM and characteristic information corresponding to the corresponding DRM content (S220'). ) It is provided to the CAS client 122 '(S225').

The CAS client 122 'receives the broadcast content from the broadcast providing server 20' (S230 ') and is received using a control word (CW) among the information in the ECM provided from the smart card 124'. The broadcast content is descrambled (S235 ') and provided to the PVR manager 140' (S240 ').

At this time, the CAS client 122 'requests the smart card 124' to generate a DRM encryption key (CEK: Contents Encryption Key) corresponding to the broadcast content based on the characteristic information in the ECM. Preferably at 140 '.

The PVR manager 140 ', having received the descrambled broadcast content and CEK from the CAS client 122', reassembles all TS packets to MERGING the broadcast content (S245 '), and decodes the descrambled broadcast content to the CEK. It is packaged in the DRM content format (DCF) by using (S248 '). Accordingly, the PVR manager 140 'requests and provides the secure memory card 150' to store the DCF packaged DRM content in the open area 153 'of the secure memory card 150' (S250 '). Accordingly, the DRM content corresponding to the broadcast content is stored in the public area 153 'of the secure memory card 150' (S255 ').

Here, the PVR manager 140 'requests the storage of the DRM content to the public area 153' of the secure memory card 150 ', and when the DRM content storage is completed or the recording end is input from the user, the CAS client ( 122 ') is preferably informed (S260'). Accordingly, the CAS client 122 'requests the smart card 124' to generate the authority information RO corresponding to the DRM content (S265 ').

Accordingly, the smart card 124 ′ generates a DRM encryption key (CEK: Contents Encryption Key) and a content ID (CID: Contents ID) corresponding to the DRM content based on the corresponding characteristic information, and generates the CEK and CID and the corresponding characteristic information. Authorization information (RO) including rights / restriction information of the corresponding DRM content included in is generated (S270 ') and provided to the CAS client 122' (S275 ').

Accordingly, the CAS client 122 'provides the authority information RO generated by the smart card 124' to the DRM manager 130 '(S277'), and the DRM manager 130 provides the authority information RO. To the secure memory card 150 'and request the secure memory card 150' to store in the secure area 157 '(S280'). Accordingly, the authority information RO is stored in the security area 157 'of the secure memory card 150' (S285 '), and the DRM manager 130' downloads (records) the DRM content and the authority information RO. The EPG 110 may be notified of the completion (S290 ′), and the PS server 50 may be notified of the completion of storage.

10, a control flow of reproducing broadcast content corresponding to stored DRM content in the control method of the client device 100 ′ according to the second embodiment of the present invention will be described.

When the player 160 ′ is requested to play the pre-stored DRM content 151 ′, the player 160 ′ requests the DRM manager 130 ′ to confirm the authority of the DRM content (S310 ′). Accordingly, the DRM manager 130 'requests the right for the DRM content 151' corresponding to the secure memory card 150 '(S320').

Accordingly, the secure memory card 150 ', in response to the authorization confirmation request from the DRM manager 130', stores the authorization information (RO) 155 'corresponding to the DRM content 151' in the secure area 157 '. ) To determine whether or not it exists, and to determine the authority information (RO) (e.g., rights / restriction information included in the authority information (RO) (e.g., play count information, binding information, etc.) (155 '). Based on the operation S330 ', it is determined whether the client device 100' has the reproduction authority (S340 ').

Accordingly, the secure memory card 150 'responds to the DRM administrator 130' when the client device 100 'does not have a playback authority (①), and when the client device 100' determines that there is a playback authority, the DRM is authorized. The administrator 130'will respond (S350 ').

For example, the secure memory card 150 'may have zero playable count information based on right / limit information (eg, playable count information, binding information, etc.) included in the authority information RO. In this case, the permission can be returned to the DRM manager 130 '. If the playable count information is 2, the permission can be returned to the DRM manager 130' and the playable count information can be changed to 1 and stored. In addition, the secure memory card 150 'includes the memory bind information in the binding information based on the rights / limiting information (for example, the number of times of play, binding information, etc.) included in the authority information RO. If so, the authority can reply to the DRM manager 130 '. In addition, the secure memory card 150 'includes device binding information in the binding information based on the rights / limiting information (for example, the number of times of play, binding information, etc.) included in the authority information RO. The device information (eg, device ID, device identification information, etc.) provided from the DRM manager 130 'corresponds to the device information of the device binding information. ), And if so, to the DRM manager 130 '. In addition, the secure memory card 150 'includes subscription binding information in binding information based on rights / limiting information (for example, play count information, binding information, etc.) included in the authority information RO. If it is, the authority may reply to the DRM manager 130 ', and if the non-subscription binding information is included, the authority may be returned to the DRM manager 130'.

Here, if it is determined in step S340 'that there is no playback authority (①), the DRM manager 130' requests the new authority information (RO) corresponding to the RI server 40 '(②), RI server The new authority information RO may be received from 40 'and stored in the secure area 157' of the secure memory card 150 '(③). As such, when the new authority information RO is stored in the secure area 157 'of the secure memory card 150', the secure memory card 150 'sends an authorized response to the DRM content 151' to the DRM administrator ( 130 ').

In response to the authority being answered, the player 160 'who has returned the authority from the DRM manager 130' requests the DRM manager 130 'to decrypt the corresponding DRM content 151' (S360 ').

The DRM manager 130 'requests the decryption of the DRM content 151' to the secure memory card 150 '. Accordingly, the secure memory card 150 'uses the CEK of the authority information (RO) 155' of the security area 157 'corresponding to the DRM content 151' to correspond to the DRM of the public area 153 '. The content 151 'is decoded (S370'), and the decoded broadcast content is returned to the DRM manager 130 '(S380'). The decoded content is provided to the player 160 '.

Accordingly, when the corresponding broadcast content is provided from which the DRM content 151 'is decoded from the DRM manager 130', the player 160 may play the content (S390 ').

As described above, according to the broadcast content providing method according to the present invention, the client device 100 'receives the broadcast content broadcasted through the CAS technology, packages the DRM content format (DCF), and then stores the secure memory card ( 150 '), and generate the corresponding authority information (RO) and store it in the security area 157') of the secure memory card 150 ', so that when the DRM content corresponding to the stored broadcasting content is reproduced, According to the authority information RO stored in the area 157 ', only the legitimate client device 100' can decode and play the DRM content.

Accordingly, according to the broadcast content providing method according to the present invention as described above, the copyright protection function of the content through the encrypted DRM content applied by integrating the CAS technology based on the broadcast technology and the DRM technology based on the communication technology. Can be further extended, and the client device 100 'generates the rights information RO during recording and stores them in the secure area 157' of the secure memory card 150 ', thereby illegally copying the stored DRM contents. And by increasing the effect of preventing illegal reproduction, the user's right to use can also be secured.

Although the present invention has been described in detail with reference to preferred embodiments, the present invention is not limited to the above-described embodiments, and the technical field to which the present invention belongs without departing from the gist of the present invention as claimed in the following claims. Anyone skilled in the art will have the technical idea of the present invention to the extent that various changes or modifications can be made.

Encrypted DRM content by integrating CAS technology based on broadcasting technology and DRM technology based on communication technology can further extend copyright protection of the content, and the client device can download the rights information when downloading or recording. By generating RO) by itself and storing it in the secure area of the secure memory card, it is possible to increase the effect of preventing illegal copying and illegal reproduction of the stored DRM contents, thereby providing a DRM contents providing system and a method of providing DRM contents that can secure the user's right to use. Is effective in terms of security and copyright protection of contents broadcasting, and can bring great progress in the development of new business models and diversification of contents usage by service providers, and provides applied client devices and broadcasting services. Possibility of market or sales of server Since sufficient, as well as the degree to which is in reality obviously carried invention there is industrial applicability.

1 is a control block diagram of a DRM content providing system according to a first embodiment of the present invention.

2 is a control block diagram of a client device in a DRM content providing system according to a first embodiment of the present invention.

3 is a control block diagram of a broadcast content providing system according to a second embodiment of the present invention.

4 is a control block diagram of a client device in a broadcast content providing system according to a second embodiment of the present invention.

5 is a control flowchart of a method for providing DRM content according to a first embodiment of the present invention.

6 is a control flowchart of DRM content download in a method of controlling a client device according to a first embodiment of the present invention.

7 is a control flowchart of playing stored DRM content in a method of controlling a client device according to a first embodiment of the present invention.

8 is a control flowchart of a broadcast content providing method according to a second embodiment of the present invention.

9 is a control flowchart of broadcast content recording in a method of controlling a client device according to a second embodiment of the present invention.

10 is a control flowchart of stored broadcast content reproduction in a method for controlling a client device according to a second embodiment of the present invention.

<Explanation of symbols for the main parts of the drawings>

1: broadcasting network 10: content providing server

20: Broadcasting server 30: DRM Packager

35: CAS 40: RI server

50: PS server 100: client device

Claims (34)

A DRM packager for generating a DRM encryption key based on characteristic information corresponding to predetermined content provided from the outside and packaging the content in a DRM content format (DCF) using the DRM encryption key; A CAS server that scrambles the DCF packaged DRM content and generates an ECM corresponding to the DCF packaged DRM content by including characteristic information corresponding to the content; A broadcast providing server that broadcasts the DRM content and the ECM scrambled in the CAS; And Downloading the scrambled DRM content and the ECM broadcasted from the broadcast providing server, descrambling and storing the scrambled DRM content using a control word (CW) in the ECM, and in the characteristic information in the ECM And a client device for generating a DRM encryption key and storing the DRM encryption key in a secure area. The method of claim 1, The DRM (Digital Rights Management) packager, Based on the characteristic information corresponding to the predetermined content provided from the outside, a DRM encryption key (CEK: Contents Encryption Key) and a content ID (CID: Contents ID) corresponding to the content are generated, and the CEK and the CID DRM content providing system, characterized in that to provide meta information included in the characteristic information to an external predetermined Rights Issuer (RI) server. The method of claim 2, The CAS (Conditional Access System) server, The DCM packaged DRM content is scrambled using a predetermined control word (CW), and the Entitlement Control Message (ECM) includes the control word (CW) and the characteristic information corresponding to the content in response to the DRM content. DRM content, the ECM is encrypted using a client encryption key corresponding to a client device having a legitimate download authority, and the scrambled DRM content and the encrypted ECM are provided to the broadcast providing server. Provide system. The method of claim 3, wherein The client device, The DRM encryption key (CEK) and the content ID (CID) are generated based on the feature information in the ECM received from the broadcast providing server, and the rights / restriction information included in the CEK and the CID and the feature information are generated. DRM content providing system, characterized in that for generating the rights information (RO) to include in the security area. The method of claim 4, wherein The CEK, the CID, and the meta information corresponding to the corresponding content are stored for each content, and the authority information (RO) corresponding to the predetermined content is requested from an external predetermined client device, based on the meta information of the corresponding content. DRM content providing system, characterized in that it further comprises a RI (Right Issuer) server for generating a rights information (RO) including a CEK to provide to the client device. The method of claim 5, wherein The characteristic information corresponding to the content is SEED information, broadcast time information, broadcast channel number information, program ID information, device / memory binding information indicating whether device binding or memory binding corresponding to the content, subscription / non-subscription binding information indicating whether or not subscription, and playback DRM content providing system, characterized in that it comprises at least one of the available count information, downloadable information. The method of claim 6, The authorization information (RO) generated by the client device and stored in the secure area, and the authorization information (RO) provided from the RI server to the client device, are the device / memory binding information and the subscription / non-subscription. DRM content providing system comprising binding information corresponding to at least one of the binding information. The method of claim 6, When the authority information (RO) corresponding to the predetermined content is requested from an external predetermined client device, the client device induces the client device to access the RI server providing the authority information (RO), and the corresponding content requested by the client device. And a PS (Presentation Server) server that provides at least one of the device / memory binding information and the Subscription / Non-Subscription binding information corresponding to the client device. The method of claim 8, The client device, After generating the authority information RO based on the characteristic information corresponding to the corresponding content, at least one of the rights information RO, the device / memory binding information of the characteristic information, and the subscription / non-subscription binding information. Storing the binding information corresponding to the security information, and requesting the authority information (RO) corresponding to a predetermined content, the authority information (RO) provided from the RI server and the binding information provided from the PS server. DRM content providing system, characterized in that the storage in the secure area. The method according to any one of claims 4 to 7, or 9, The client device, And storing the authority information (RO) in the secure area and notifying the external predetermined presentation server (PS) server of completion of storing the authority information (RO) corresponding to the corresponding content. A secure memory card including an open area and a secure area; A PVR manager for providing the DRM contents to the secure memory card to store the downloaded DRM contents in the public area of the secure memory card according to a download request of the DRM contents; When a download of DRM content provided through a predetermined broadcast channel is requested from a user, the DRM content is downloaded and executed using the control word (CW) included in the received ECM corresponding to the DRM content. A CAS manager that descrambles the PVR manager and generates a DRM encryption key corresponding to the DRM content based on the characteristic information included in the ECM; And And a DRM manager for providing the DRM encryption key generated by the CAS manager to the secure memory card so as to be stored in the secure area of the secure memory card. The method of claim 11, The CAS (Conditional Access System) manager, Decode a given Entitlement Control Message (ECM) using its own client encryption key to obtain a control word (CW) and the characteristic information included in the ECM, and generate rights information (RO). When requested, generate a DRM Encryption Key (CEK: Contents Encryption Key) and a Content ID (CID: Contents ID) corresponding to the Digital Rights Management (DRM) content based on the feature information, and generate the CEK, the CID, and the feature. A smart card for generating rights information (RO) including rights / restrictions included in the information; The ECM received corresponding to the DRM content is provided to the smart card, and the downloaded DRM content is descrambled to the PVR manager using the control word (CW) acquired from the smart card, and the DRM is provided. And a CAS client for requesting the generation of the authority information (RO) corresponding to the content to the smart card and providing the authority information (RO) generated by the smart card to the DRM manager. The method of claim 12, The CAS client, And when the storage of the DRM content downloaded by the personal video recorder (PVR) manager is completed, requesting the smart card to generate authorization information (RO) corresponding to the DRM content. The method of claim 12, The PVR manager, And providing the secure memory card to reassemble the descrambled DRM content in the form of a packet provided from the CAS manager to store in the public area of the secure memory card. The method of claim 14, The CAS client, Providing the device information included in the smart card to the smart card when requesting the generation of the authority information (RO) to the smart card, The smart card, If there is binding information corresponding to at least one of device / memory binding information indicating whether device binding or memory binding and subscription / non-subscription binding information indicating whether subscription exists in the characteristic information, generating the authority information (RO) The device based on the device information from the CAS client when the binding information is included in the right / restriction information in the authority information RO, and the device binding information is included as the device / memory binding information in the binding information. Client device comprising binding information as the device / memory binding information. The method of claim 14, The CAS client, When requesting the generation of the authority information (RO) to the smart card provides the device information that includes itself to the smart card, the authority information (RO) and binding information provided from the smart card to the security of the secure memory card Provide to the DRM manager to save in the area, The smart card, If there is binding information corresponding to at least one of device / memory binding information indicating whether device binding or memory binding and subscription / non-subscription binding information indicating whether subscription exists in the characteristic information, the authority information RO is determined. After generating the authority information (RO) and the binding information to the CAS client, if the binding information includes the device binding information as the device / memory binding information, the device based on the device information from the CAS client And device binding information as the device / memory binding information. The method according to claim 15 or 16, The apparatus further includes a player for requesting authorization of the corresponding DRM content according to a request for playing the predetermined DRM content from the user, and requesting the decryption of the corresponding DRM content when the authority is answered, and playing the content corresponding to the decrypted DRM content. and; The DRM manager, In response to the authority confirmation request from the player, the authority for the DRM content corresponding to the secure memory card is requested, and if the decryption is requested from the player as the authority is answered from the secure memory card, the DRM content is requested. Requesting decryption to the secure memory card, and providing the content corresponding to the decrypted DRM content to the player. The method of claim 17, The DRM manager, When requesting the authority for the DRM content, the secure memory card provides the CID corresponding to the DRM content and device information including the self. The secure memory card, When receiving the authority for the DRM content from the DRM manager, the authority is searched for at least one of authority information (RO) and binding information corresponding to the CID of the security area based on the CID provided from the DRM manager. Determining whether or not the authority is based on at least one of the information (RO) and binding information, and if it is determined that the authority, and the authority is returned to the DRM manager; And requesting decryption of the DRM content to decrypt and reply to the corresponding DRM content in the public domain by using the CEK of the authority information (RO). The method of claim 18, The secure memory card, If device binding information exists as the device / memory binding information in the binding information, it is determined whether the device information provided from the DRM manager corresponds to the device information of the device binding information. And if there is non-subscription binding information as the subscription / non-subscription binding information in the binding information, returning no permission to the DRM manager. The method of claim 19, The DRM manager, When the permission is returned from the secure memory card, when a new authority information (RO) corresponding to the DRM content is requested from a user, the new authority information (RO) is requested to an external predetermined RI (Right Issuer) server. And providing the authority information (RO) to the secure memory card so as to store the authority information (RO) in the secure area when the authority information (RO) requested from the RI server is provided. The method of claim 19, The DRM manager, When the permission is returned from the secure memory card, when a new authority information (RO) corresponding to the DRM content is requested from a user, the new authority information (RO) is requested to an external predetermined RI (Right Issuer) server. When the authority information (RO) requested from the RI server is provided and binding information corresponding to the corresponding content is provided from an external predetermined presentation server (PS) server, the authority information (RO) and the binding information are transmitted to the security area. And provide the secure memory card for storage. The method according to claim 15 or 16, The apparatus further includes a player for requesting authorization of the corresponding DRM content according to a request for playing the predetermined DRM content from the user, and requesting the decryption of the corresponding DRM content when the authority is answered, and playing the content corresponding to the decrypted DRM content. and; The DRM manager, In response to a request for confirmation of authority from the player, a request for a right for the DRM content corresponding to the secure memory card, and the decryption request from the player as the authority is answered from the secure memory card, the secure memo Requesting the CEK of the authority information (RO) stored in the secure area in response to the DRM content and the DRM content stored in the public area of the recard, and decrypting the corresponding DRM content using the CEK to provide the player. Client device, characterized in that. The method of claim 22, The DRM manager, When requesting the authority for the DRM content, the secure memory card provides the CID corresponding to the DRM content and device information including the self. The secure memory card, When receiving the authority for the DRM content from the DRM manager, the authority is searched for at least one of authority information (RO) and binding information corresponding to the CID of the security area based on the CID provided from the DRM manager. Determining whether or not the authority is based on at least one of the information (RO) and binding information, and if it is determined that the authority, and the authority is returned to the DRM manager; And when the CEK of the authority information (RO) stored in the secure area is requested in response to the DRM content stored in the public area and the DRM content, provide the same to the DRM manager. The method of claim 23, The secure memory card, If device binding information exists as the device / memory binding information in the binding information, it is determined whether the device information provided from the DRM manager corresponds to the device information of the device binding information. And if there is non-subscription binding information as the subscription / non-subscription binding information in the binding information, returning no permission to the DRM manager. An encryption key generation device for generating a DRM encryption key based on characteristic information corresponding to predetermined broadcast content provided from the outside and providing the same to a predetermined RI (Rights Issuer) server; A CAS server that scrambles the broadcast content using a predetermined control word (CW) and generates an ECM corresponding to the broadcast content by including the control word (CW) and the characteristic information corresponding to the broadcast content; A broadcast providing server that broadcasts the broadcast content and the ECM scrambled by the CAS server; And Receiving the scrambled broadcast content and the ECM broadcasted from the broadcast providing server, descrambling the scrambled broadcast content using a control word (CW) in the ECM, and based on the characteristic information in the ECM. Generating a DRM encryption key, packaging the descrambled broadcast content in a DRM content format (DCF) using the DRM encryption key, and storing the same; and storing the DRM encryption key in a secure area. Broadcast content providing system characterized in that. The method of claim 25, The encryption key growth value, Based on the characteristic information corresponding to the predetermined content provided from the outside, a DRM encryption key (CEK: Contents Encryption Key) and a content ID (CID: Contents ID) corresponding to the content are generated, and the CEK and the CID DRM content providing system, characterized in that to provide meta information included in the characteristic information to an external predetermined Rights Issuer (RI) server. A secure memory card including an open area and a secure area; According to the recording request of the broadcast content, the PVR manager to package the received broadcast content in the DRM content format (DCF) using a predetermined DRM encryption key to the secure memory card to store in the public area of the secure memory card. ; When recording of broadcast content received from a user through a predetermined broadcast channel is requested, the received broadcast content is descrambled using a control word (CW) included in the received ECM corresponding to the broadcast content to the PVR manager. Providing and generating a DRM encryption key (CEK) corresponding to the DRM content to the PVR manager based on the characteristic information included in the ECM, and generating authorization information (RO) including the DRM encryption key. CAS manager; And And a DRM manager providing the authority information (RO) generated by the CAS manager to the secure memory card to store the authority information (RO) in the secure area of the secure memory card. The method of claim 27, Requesting authorization of the DRM content in response to a request for playing the predetermined DRM content from the user, and if the authority is answered, requesting the decoding of the corresponding DRM content to further play a broadcast content corresponding to the decrypted DRM content. Including; The DRM manager, In response to the authority confirmation request from the player, if the authority for the DRM content corresponding to the secure memory card is requested, and the decryption is requested from the player as the authority is answered from the secure memory card, the DRM content is requested. Requesting decryption to the secure memory card and providing broadcast content corresponding to the decrypted DRM content to the player. 29. The method of claim 28, The DRM manager, When the permission is returned from the secure memory card, when a new authority information (RO) corresponding to the DRM content is requested from a user, the new authority information (RO) is requested to an external predetermined RI (Right Issuer) server. Client device, characterized in that. A Digital Rights Management (DRM) packager generates a Contents Encryption Key (CEK) based on characteristic information corresponding to predetermined content provided from the outside, and uses the DRM Encryption Key (CEK) to DRM the content. Packaging in a content format (DCF); The DRM packager generates a content ID (CID: Contents ID) corresponding to the content on the basis of the characteristic information corresponding to the content, and sets a CEK and meta information included in the CID and the characteristic information. (Rights Issuer) providing to the server; A CAS server scrambled the DCF packaged DRM content in the DRM package, and generating an ECM corresponding to the DCF packaged DRM content by including characteristic information corresponding to the content; A broadcast providing server broadcasting the DRM content and the ECM scrambled by the CAS server; And A client device downloads the scrambled DRM content and the ECM broadcasted from the broadcast providing server, descrambles and stores the scrambled DRM content using a control word (CW) in the ECM, and stores the ECM. Generating a DRM encryption key based on the characteristic information therein and storing the DRM encryption key in a secure area. When a download of DRM content provided through a predetermined broadcast channel is requested from a user, the DRM content is downloaded and executed using the control word (CW) included in the received ECM corresponding to the DRM content. Descrambling; Storing the descrambled DRM content in a public area of a secure memory card;  Generating a Contents Encryption Key (CEK) and a Contents ID (CID) corresponding to the DRM content based on the characteristic information included in the ECM; And And generating rights information (RO) including the CEK, the CID, and rights / restriction information included in the characteristic information, and storing the rights information (RO) in a secure area of the secure memory card. Control method. The method of claim 31, wherein In response to a request for playing a predetermined DRM content from a user, requesting authority for the DRM content to the secure memory card; Determining, by the secure memory card, whether or not there is an authority based on corresponding authority information (RO) stored in the secure area;  Determining whether or not the authority in the secure memory card is determined, further comprising the step of decrypting the DRM content and playing the decrypted content using the CEK of the authority information (RO); How to control client devices. The encryption key generation device generates a DRM encryption key (CEK: Contents Encryption Key) and content ID (CID: Contents ID) based on the characteristic information corresponding to predetermined broadcast content provided from the outside, and generates the CEK, the CID, and the Providing meta information included in the characteristic information to an external predetermined Rights Issuer (RI) server; A CAS server scrambled the broadcast content, and generating an ECM corresponding to the broadcast content by including characteristic information corresponding to the broadcast content; Broadcasting, by a broadcast providing server, the broadcast content and the ECM scrambled by the CAS server; And A predetermined client device receives the scrambled broadcast content and the ECM broadcasted from the broadcast providing server, descrambles the scrambled broadcast content using a control word (CW) in the ECM, and stores the scrambled broadcast content in the ECM. Generating a DRM encryption key based on the characteristic information, packaging and storing the descrambled broadcast content in a DRM content format (DCF) using the DRM encryption key, and storing the DRM encryption key in a secure area; Broadcast content providing method comprising a. If the user requests recording of broadcast content provided through a predetermined broadcast channel, descramble the received broadcast content using a control word (CW) included in the received ECM corresponding to the broadcast content; Generating a DRM encryption key (CEK) and a content ID (CID) corresponding to the broadcast content based on the characteristic information included in the ECM; Packaging the descrambled broadcast content in a DRM content format (DCF) using the CEK, and storing the packaged DRM content in a public area of a secure memory card; And  And generating rights information (RO) including the generated CEK and the CID and rights / restriction information included in the characteristic information, and storing the rights information (RO) in a secure area of the secure memory card. How to control client devices.

Images