KR20140118199A - System and method for operating drm contents, and apparatus applied to the same - Google Patents

System and method for operating drm contents, and apparatus applied to the same Download PDF

Info

Publication number
KR20140118199A
KR20140118199A KR1020130033690A KR20130033690A KR20140118199A KR 20140118199 A KR20140118199 A KR 20140118199A KR 1020130033690 A KR1020130033690 A KR 1020130033690A KR 20130033690 A KR20130033690 A KR 20130033690A KR 20140118199 A KR20140118199 A KR 20140118199A
Authority
KR
South Korea
Prior art keywords
drm
content
contents
drm content
execution
Prior art date
Application number
KR1020130033690A
Other languages
Korean (ko)
Inventor
장도현
김세현
Original Assignee
에스케이플래닛 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 에스케이플래닛 주식회사 filed Critical 에스케이플래닛 주식회사
Priority to KR1020130033690A priority Critical patent/KR20140118199A/en
Publication of KR20140118199A publication Critical patent/KR20140118199A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
    • G06F21/126Interacting with the operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed by the present invention is a DRM content executing system, a method thereof, and a device applied with the same. When a user device based on a TrustZone technology is confirmed to be in need of authority information in relation to executing DRM content in a first operation area, the authority information stored in a second operation area is checked to correspond to the DRM content so that the outcome of checking the authority information stored in the second operation area can simply execute the DRM content. Accordingly, illegal use of the DRM content is effectively prevented through the combination of an execution environment segregated from security threat, and security technology of hardware.

Description

SYSTEM AND METHOD FOR OPERATING DRM CONTENTS, AND APPARATUS APPLIED TO THE SAME,

The present invention relates to a method for managing rights information required for execution of DRM contents based on TrustZone technology in an isolated operating domain separate from an operating domain in which DRM contents are executed.

In recent years, smartphones have been expanding explosively due to the development of hardware such as application processors and displays, the emergence of mobile operating systems, and the revitalization of the open market.

However, in the case of mobile terminals such as smart phones, the openness of the operating system, the risk of leakage of personal information (eg address book, text messages, financial information, certificates, etc.) due to the open market ecosystem that anyone can develop and participate in, In addition to being able to reproduce security threats on existing PCs, such as terminal malfunctions, excessive charging, and possible attacks on mobile networks, new types of security threats exist in wireless communication environments.

Accordingly, there is a need for a security platform technology capable of providing reliability in a mobile environment in order to protect users and network assets from security threats caused by the loss of a smartphone.

SUMMARY OF THE INVENTION The present invention has been made in view of the above circumstances, and an object of the present invention is to provide a user equipment based on TrustZone technology in which rights information is required in connection with execution of DRM contents in a first operation area The DRM content management unit checks the rights information stored in the second operating area to correspond to the DRM content and executes the DRM content in the first operating area only by checking the rights information stored in the second operating area, To effectively prevent illegal use of DRM contents through a combination of isolated execution environment and hardware security technology.

According to a first aspect of the present invention, there is provided a user device comprising: an execution unit for verifying that rights information is requested in association with execution of DRM contents in a first operating area; And a control unit for checking the rights information stored in the second operation region to correspond to the DRM contents and notifying the rights information stored in the second operation region only by checking the rights information stored in the second operation region, And a confirmation unit for allowing the DRM content to be executed.

More specifically, the user device further includes a storage unit for storing the right information corresponding to the DRM content in the second operation area, and the storage unit receives the previously designated user authentication information and determines that the user is an authorized user Only the DRM content corresponding to the DRM content is stored in the second operating area.

More specifically, the user authentication information is designated to correspond to each of the two or more DRM contents, or to correspond to both of the two or more DRM contents when the DRM contents are two or more.

More specifically, the user apparatus may further include a first operating system mounted on the first operating area and a second operating system mounted on the second operating area, wherein the first operating system further comprises: The DRM content management apparatus of claim 1, wherein the second operating system is a general-purpose operating system that provides an Open Application Program Interface (API) for supporting execution of DRM contents, And an API (Application Programmer Interface) for supporting identification of the application.

According to a second aspect of the present invention, there is provided a method of operating a user device, the method comprising: request verification step of verifying that rights information is requested in association with execution of DRM contents in a first operation area; And a rights information checking step of checking the rights information stored in the second operating area to correspond to the DRM content and executing the DRM content in the first operating area only based on a result of checking the right information stored in the second operating area .

More specifically, the method may further include storing the rights information corresponding to the DRM content in the second operating area before the request checking step, and the storing step may include storing the designated user authentication information And stores the rights information corresponding to the DRM content in the second operation area only when the received user information is authenticated.

More specifically, the user authentication information is designated to correspond to each of the two or more DRM contents, or to correspond to both of the two or more DRM contents, when the DRM contents are two or more.

According to an embodiment of the present invention, there is provided a DRM content execution system, a DRM content execution system, and a DRM content execution method. The DRM content execution system includes: Is managed in a separate isolated operating area, thereby effectively preventing the illegal use of the DRM contents.

1 is a schematic configuration diagram of a DRM content execution system according to an embodiment of the present invention;
2 is a configuration diagram of a user apparatus according to an embodiment of the present invention;
FIG. 3 is a block diagram of a user apparatus employing a TrustZone technology according to an embodiment of the present invention. FIG.
FIG. 4 is a schematic flowchart illustrating an operation flow in a DRM content execution system according to an embodiment of the present invention; FIG.
5 is a schematic flow diagram illustrating operation of a user device according to an embodiment of the present invention;

Hereinafter, an embodiment of the present invention will be described with reference to the accompanying drawings.

1 is a diagram illustrating a DRM content execution system according to an embodiment of the present invention.

1, a DRM content execution system according to an embodiment of the present invention includes a content providing apparatus 100 for providing DRM content and a user apparatus 200 for executing DRM content .

The content providing apparatus 100 refers to a web server for providing DRM contents to the user apparatus 200 and provides DRM contents to a user apparatus 200 connected to the user apparatus 200 through a wire or wireless connection.

Here, the DRM content refers to multimedia contents for which DRM (Digital Rights Management) has been set. The DRM contents include music, video, electronic documents, and images transmitted through online or offline (Copyright, use rights, etc.) of digital information creators, distributors, publishers, service providers, governments and end users by protecting various types of digital contents such as digital contents.

The user device 200 refers to a device for executing DRM contents. For example, the content providing device 100 may include, but is not limited to, a smart phone, a tablet PC, and a PDA. And a device capable of wireless / wired communication with the wireless communication device 100 may all be included.

According to an embodiment of the present invention, a hardware security solution is adopted as a security platform technology for preventing unauthorized use (e.g., illegal copy) of DRM contents executed in the user device 200. [

In this regard, there are UICC (Universal Integrated Circuit Card), Mobile TPM (Trusted Platform Module), and the like as a hardware security solution that provides high security in a mobile terminal such as the user device 200.

Here, the UICC is a smart card for storing personal information such as messages, e-mail and address book as well as subscriber, network and authentication information in 3G mobile network, and is generally called a 'Universal Subscriber Identity Module (USIM) card'.

The Mobile TPM is a Mobile TPM that enables the TPM (Trusted Platform Module) defined by TCG (Trusted Computing Group), a standardization organization developing business standards for hardware-based trusted computing and security technologies, to be used in mobile terminals as well. Algorithm, and provides user, terminal authentication and terminal integrity verification, and user data protection.

UICC, however, can not satisfy the Trusted Execution Environment (TEE), which defines security hardware and software functions that provide a secure execution environment for security-related applications on mobile terminals due to limited performance processors and low transfer rates.

In addition, in the case of Mobile TPM, it has a disadvantage that cost increase due to the use of a separate chip and application code protection are difficult.

Therefore, in an embodiment of the present invention, a TrustZone technology that provides a hardware isolated environment from security threats, rather than using a separate hardware security chip such as the UICC and the Mobile TPM, I want to apply.

3, the trust zone is divided into a 'Normal World' (hereinafter, referred to as a 'first operating region') and a 'Secure World' (hereinafter referred to as a 'second operating region' The general application provides an execution environment that operates in the first operating area and the application that requires security is operated in the second operating area.

That is, the first operating region and the second operating region are isolated from each other in hardware and operate only by respective operating systems (first operating system and second operating system), and the first operating region is attacked from malicious code The applet and the stored data in the second operating area are ensured to be securely managed and executed from malicious code.

In other words, in the case of the first operating area, security can not be assured against various security threats by operating on a general-purpose operating system (first operating system) disclosed to others, but in the case of the second operating area, (Second operating system), which is not disclosed to a third party differently from the first operating region, in a hardware-isolated environment, and thus various security You will be assured of security from threats.

As described above, the user equipment 200 according to an embodiment of the present invention applies the above-described trust zone technology. Hereinafter, the user equipment 200 requests The following is a detailed description of the method for managing the authorization information.

The content providing apparatus 100 performs a function of providing DRM content to the user apparatus 200. [

More specifically, when it is confirmed that a predetermined fee for use of the DRM contents is paid by the user apparatus 200 connected to the content providing apparatus 100, the content providing apparatus 100 provides the DRM content to the user apparatus 200 do.

At this time, the content providing apparatus 100 provides the user device 200 with the rights information required to execute the DRM content in a form mapped to the DRM content itself, or as independent information separated from the DRM content, (100).

Here, the DRM content itself includes an execution key (KEY) for executing the DRM content, and the rights information (KEY) corresponding to the execution key is loaded in the rights information.

The user device 200 performs a function of storing DRM contents.

More specifically, the user apparatus 200 accesses the content providing apparatus 100 via wire / wireless and pays a predetermined fee for use of the DRM content, thereby acquiring the DRM content and the DRM content from the content providing apparatus 100, Lt; / RTI >

At this time, the user device 200 stores the DRM contents in the first operating area, while storing the DRM contents in the second operating area in case of the rights information, by dividing the DRM contents and the authority information as individual information.

For this purpose, the user device 200 displays an information input window for receiving the user authentication information from the user in association with the storage of the above-described privilege information, and displays, through the displayed information input window, The authority information is stored in the second operating area.

By applying the method of dividing and storing the rights information required for the execution of the DRM contents into the second operating area which is an execution environment isolated in hardware from the DRM contents stored in the first operating area, The rights information stored in the second operating area can not be moved / copied so that execution of the DRM contents moved / copied in the protection of intellectual property rights can not be performed.

Referring to FIG. 3, by executing an associated application (APP) installed in the first operating area in connection with wired / wireless communication, the content providing apparatus 100 can access the DRM content and the DRM content The received DRM content is stored in a memory area located in the first operating area.

In addition, when the reception of the right information in the first operating area is confirmed, an applet mounted in the second operating area is executed in association with information storage, thereby displaying an information input window to receive the user authentication information from the user, The received rights information is stored in the memory area of the second operating area only when it is confirmed that the user is an authenticated user.

In addition, the user device 200 performs a function of executing DRM contents.

More specifically, the user device 200 confirms the rights information stored in the second operation area to correspond to the DRM contents to execute the DRM contents stored in the first operation area, thereby executing the DRM contents stored in the first operation area .

At this time, the user device 200 compares the execution key mounted on the DRM contents with the rights key mounted on the rights information, and as a result of comparison, the DRM contents stored in the first operation area and the rights information stored in the second operation area The DRM content is executed in the first operating area only when the corresponding information is confirmed.

Referring to FIG. 3, an application installed in the first operating area is executed in association with the execution of the content, thereby extracting an execution key mounted on the DRM content stored in the first operating area, To the applet mounted in the second operating area.

The applet receiving the execution key extracts the authority key from the authority information stored in the second operation region, compares the same with the execution key, and transmits the comparison result to the first operation region, So that DRM contents can be normally executed without checking the directly mapped rights information.

Hereinafter, the configuration of the user apparatus 200 according to an embodiment of the present invention will be described in more detail with reference to FIG.

That is, it has a basic configuration including an execution unit 210 for executing DRM content according to an embodiment of the present invention and an authentication unit 220 for checking the rights information required for execution of DRM contents.

In addition to the above-described configuration, the user apparatus 200 according to an embodiment of the present invention includes a receiving unit 230 for receiving DRM content from the content providing apparatus 100, and a storage unit 240 for storing the right information ). ≪ / RTI >

Here, the execution unit 210 and the receiving unit 230 may be implemented as software modules in a configuration corresponding to an application (APP) installed in the first operating area.

Here, the first operating system includes an execution unit 210 located in the first operating area, and a general-purpose application providing an open application program interface (API) for supporting the operation of each of the receiving units 230 System (eg Android).

On the other hand, in the case of the confirmation unit 220 and the storage unit 240, it may be implemented as a software module in a configuration corresponding to an applet mounted in the second operating area.

Here, the second operating system refers to a dedicated operating system that provides the above-described confirmation unit 220 located in the second operating area, and an API for supporting only the operation of the storage unit 240. [

The receiving unit 230 performs a function of storing DRM contents.

More specifically, the receiving unit 230 accesses the content providing apparatus 100 via wire / wireless and pays a predetermined fee for use of the DRM content, thereby receiving the DRM content and the DRM content from the content providing apparatus 100 Stores the received DRM content in the first operating area, and transmits the received rights information to the storage unit 240. [0050] FIG.

That is, the receiving unit 230 accesses the content providing apparatus 100 by calling the open API provided by the first operating system to receive the DRM content and the rights information required for the execution of the DRM content, In the memory area located in the first operation area, and transmits the received permission information to the storage part 240 located in the second operation area.

The storage unit 240 stores the authority information.

More specifically, when the rights information is received from the receiving unit 230, the storage unit 240 confirms that the user is an authenticated user based on the user authentication information input from the user, and stores the right information in the second operation region.

That is, the storage unit 240 displays an information input window by calling an API provided by the second operating system, confirms that the user is an authenticated user based on the user authentication information received through the information input window, Only when the user is confirmed to be a user, the privilege information is stored in the memory area located in the second operating area.

Here, the user authentication information is cryptographic information set for confirming that the user is accessible to the second operation area, and is set as individual cryptographic information corresponding to each of the DRM contents, or one representative It can be set in advance as password information.

The execution unit 210 performs a function of executing DRM contents.

More specifically, when the execution unit 210 desires to execute the DRM content according to the user's request, the execution unit 210 extracts the execution key embedded in the DRM content and transmits the extracted execution key to the verification unit 220, You will be asked for confirmation.

That is, the execution unit 210 extracts the execution key mounted on the DRM contents by calling the open API provided by the first operating system, and transmits the extracted execution key to the verification unit 220 located in the second operation area And requests confirmation of the rights information required for the execution of the DRM contents.

The verification unit 220 performs a function of verifying the authority information.

More specifically, when the execution key of the DRM content is received from the executing unit 210, the verifying unit 220 extracts the privilege key from the privilege information stored in the second operating region and compares the same with the execution key, The DRM contents stored in the second operation area and the rights information stored in the second operation area correspond to each other.

That is, the verification unit 220 extracts the privilege key from the privilege information stored in the second operating area by calling the API provided by the second operating system, and outputs the extracted privilege key to the execution key And transmits the comparison result to the execution unit 210 so that the execution unit 210 can execute the DRM content normally even if the execution unit 210 does not check the rights information directly mapped to the DRM content.

As described above, according to the DRM content execution system according to an embodiment of the present invention, when the DRM content is executed in the first operation area on the basis of the TrustZone technology in the user device 200, The DRM content management unit checks the rights information stored in the second operation area to correspond to the DRM content and executes the DRM content in the first operation area only by checking the rights information stored in the second operation area (Copyright, usage rights, etc.) of DRM content creators, distributors, publishers, service providers, governments and end users through a combination of isolated execution environments and hardware security technologies that are not exposed to security threats And manage it.

Hereinafter, an advertisement service method according to an embodiment of the present invention will be described with reference to FIGS. 4 and 5. FIG. Here, for convenience of description, the components shown in FIGS. 1 to 3 will be described with reference to corresponding reference numerals.

First, the operation flow in the DRM contents execution system according to an embodiment of the present invention will be described with reference to FIG.

First, when it is confirmed that a predetermined fee for use of DRM contents has been paid by the user apparatus 200 connected to the content providing apparatus 100, the content providing apparatus 100 provides the DRM contents to the user apparatus 200 (S110 -S120).

At this time, the content providing apparatus 100 provides the user device 200 with the rights information required to execute the DRM content in a form mapped to the DRM content itself, or as independent information separated from the DRM content, (100).

In this regard, the user device 200 distinguishes between the DRM content received from the content providing apparatus 100 and the rights information required to execute the DRM content via wire / wireless, and stores the separated DRM content in operation S130.

At this time, the user device 200 stores the DRM contents and the rights information in the first operation area by dividing the DRM contents and the rights information as separate information, while in the case of the rights information, the user device 200 stores the DRM contents in the second operation area.

Then, when the DRM content stored in the first operating area is executed, the user device 200 executes the DRM content stored in the first operating area by checking the rights information stored in the second operating area to correspond to the DRM content (S140-S160).

At this time, the user device 200 compares the execution key mounted on the DRM contents with the rights key mounted on the rights information, and if the DRM contents stored in the first operation area and the rights information stored in the second operation area correspond to each other The DRM contents are executed in the first operating area only when it is confirmed that the information is the information to be transmitted.

Hereinafter, the operation of the user apparatus 200 according to an embodiment of the present invention will be described in detail with reference to FIG.

First, the receiving unit 230 accesses the content providing apparatus 100 via wire / wireless and pays a predetermined fee for using the DRM content, thereby allowing the DRM content and the DRM content to be executed from the content providing apparatus 100 And stores the received DRM contents in the first operation area, and transfers the received rights information to the storage unit 240 in steps S210-S230.

At this time, the receiver 230 accesses the content providing apparatus 100 by calling the open API provided by the first operating system, receives the DRM content, the rights information required for execution of the DRM content, The content is stored in a memory area located in the first operating area and the received rights information is transmitted to the storing part 240 located in the second operating area.

Then, when the right information is received from the receiving unit 230, the storage unit 240 stores the right information in the second operating area only when it is confirmed that the user is an authenticated user based on the user authentication information input from the user (S240-S250).

At this time, the storage unit 240 displays an information input window by calling the API provided by the second operating system, and confirms that the user is authenticated based on the user authentication information received through the information input window. The authority information is stored in the memory area located in the second operating area only when the < RTI ID = 0.0 >

In addition, when the execution unit 210 desires to execute the DRM content according to the user's request, the execution unit 210 extracts the execution key mounted on the DRM content and transmits the extracted execution key to the verification unit 220, (S270).

At this time, the execution unit 210 extracts the execution key mounted on the DRM contents by calling the open API provided by the first operating system, and transmits the extracted execution key to the verification unit 220 located in the second operation area And requests confirmation of the rights information required for the execution of the DRM contents.

When the execution key of the DRM content is received from the executing unit 210, the verifying unit 220 extracts the rights key from the right information stored in the second operating region, compares the right with the execution key, It is confirmed whether the DRM contents and the authority information stored in the second operation area correspond to each other (S280 - S310).

At this time, the verification unit 220 extracts the privilege key from the privilege information stored in the second operating region by calling the API provided by the second operating system, and outputs the extracted privilege key to the execution key And transmits the comparison result to the execution unit 210 so that the execution unit 210 can execute the DRM content normally even if the execution unit 210 does not check the rights information directly mapped to the DRM content.

As described above, according to the DRM content reproduction Q method according to the embodiment of the present invention, the user device 200 can perform the DRM content playback in the first operation area based on the TrustZone technology, Checking the rights information stored in the second operating area to correspond to the DRM content and executing the DRM content in the first operating area only by checking the right information stored in the second operating area (Copyrights, licenses, etc.) of DRM content creators, distributors, publishers, service providers, governments and end users through a combination of isolated execution environments and hardware security technologies that are not exposed to security threats. Can be guaranteed and managed.

Meanwhile, the steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, or may be embodied in a computer readable medium, in the form of a program instruction, which may be carried out through various computer means. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions recorded on the medium may be those specially designed and constructed for the present invention or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape; optical media such as CD-ROMs and DVDs; magnetic media such as floppy disks; Magneto-optical media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

According to the DRM contents execution system and method, and the device applied thereto, the DRM contents execution system of the present invention restricts the execution of some important functions among the functions loaded in the user apparatus that has received the lost notification based on the TrustZone technology Is an invention that is industrially applicable because it is beyond the limit of the existing technology and is not only the use of the related technology but also the possibility of commercialization or operation of the applied device as well as being practically and practically possible.

100: Content providing device
200: User device
210: execution unit 220: confirmation unit
230: Receiving unit 240:

Claims (7)

An execution unit for confirming that the rights information is required in association with the execution of the DRM contents in the first operation area; And
The DRM content management apparatus according to claim 1, further comprising: a verification unit configured to verify the rights information stored in the second operation region to correspond to the DRM content, And a confirmation unit for allowing the content to be executed. The method according to claim 1,
The user device comprising:
And a storage unit for storing the rights information corresponding to the DRM contents in the second operation area,
Wherein,
And stores the rights information corresponding to the DRM contents in the second operating area only when it is determined that the user is authenticated by receiving the predetermined user authentication information. 3. The method of claim 2,
Wherein the user authentication information includes:
Wherein the DRM content is designated to correspond to each of the two or more DRM contents when the DRM contents are two or more, or to correspond to all of the two or more DRM contents. The method according to claim 1,
The user device comprising:
Further comprising a first operating system mounted on the first operating area and a second operating system mounted on the second operating area,
Wherein the first operating system comprises:
A general operating system providing an Open Application Program Interface (API) for supporting execution of the DRM contents in the first operating area,
Wherein the second operating system comprises:
And an API (Application Programmer Interface) for supporting identification of the stored rights information corresponding to the DRM contents in the second operation area. A request confirmation step of confirming that the rights information is required in association with the execution of the DRM contents in the first operation area; And
Checking the rights information stored in the second operating area to correspond to the DRM content and executing the DRM content in the first operating area only based on the result of the checking of the right information stored in the second operating area Wherein the user device is a mobile terminal. 6. The method of claim 5,
The method comprises:
Storing the rights information corresponding to the DRM content in the second operation area before the request confirmation step,
Wherein,
And storing the rights information corresponding to the DRM content in the second operating area only when it is determined that the user is authenticated by receiving the predetermined user authentication information. The method according to claim 6,
Wherein the user authentication information includes:
Wherein the DRM contents are designated to correspond to the two or more DRM contents when the DRM contents are two or more, or to correspond to all of the two or more DRM contents.
KR1020130033690A 2013-03-28 2013-03-28 System and method for operating drm contents, and apparatus applied to the same KR20140118199A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020130033690A KR20140118199A (en) 2013-03-28 2013-03-28 System and method for operating drm contents, and apparatus applied to the same

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020130033690A KR20140118199A (en) 2013-03-28 2013-03-28 System and method for operating drm contents, and apparatus applied to the same

Publications (1)

Publication Number Publication Date
KR20140118199A true KR20140118199A (en) 2014-10-08

Family

ID=51991085

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020130033690A KR20140118199A (en) 2013-03-28 2013-03-28 System and method for operating drm contents, and apparatus applied to the same

Country Status (1)

Country Link
KR (1) KR20140118199A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104581214A (en) * 2015-01-28 2015-04-29 三星电子(中国)研发中心 Multimedia content protecting method and device based on ARM TrustZone system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104581214A (en) * 2015-01-28 2015-04-29 三星电子(中国)研发中心 Multimedia content protecting method and device based on ARM TrustZone system
CN104581214B (en) * 2015-01-28 2018-09-11 三星电子(中国)研发中心 Multimedia content guard method based on ARM TrustZone systems and device

Similar Documents

Publication Publication Date Title
KR102217501B1 (en) Mobile device with trusted execution environment
Vignesh et al. Modifying security policies towards BYOD
CN109923548A (en) Method, system and the computer program product that encryption data realizes data protection are accessed by supervisory process
CN109412812B (en) Data security processing system, method, device and storage medium
CN103827881A (en) Method and system for dynamic platform security in a device operating system
US20120137372A1 (en) Apparatus and method for protecting confidential information of mobile terminal
KR101403626B1 (en) Method of integrated smart terminal security management in cloud computing environment
CN103403669A (en) Securing and managing APPs on a device
US8862892B2 (en) System and method for detecting a security compromise on a device
CN105975867B (en) A kind of data processing method
CN101069154A (en) Non-intrusive trusted user interface
US9619653B2 (en) System and method for detecting a security compromise on a device
CN104199657A (en) Call method and device for open platform
CN107403109A (en) Encryption method and encryption system
US20110154436A1 (en) Provider Management Methods and Systems for a Portable Device Running Android Platform
WO2013168255A1 (en) Application program execution device
KR20140112785A (en) Financial service system and method thereof, and apparatus applied to the same
KR20160065261A (en) System for preventing forgery of application and method therefor
US12002040B2 (en) Device driver for contactless payments
KR101206735B1 (en) Apparatus for protecting information associated with security of mobile terminal and method thereof
CN102542698B (en) Safety protective method of electric power mobile payment terminal
KR20140118199A (en) System and method for operating drm contents, and apparatus applied to the same
CN111209561B (en) Application calling method and device of terminal equipment and terminal equipment
KR20150030047A (en) Method and system for application authentication
KR20130124885A (en) A apparatus and method of providing security to cloud data to prevent unauthorized access

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E601 Decision to refuse application