MXPA06011034A

MXPA06011034A - Method and apparatus for acquiring and removing information regarding digital rights objects

Info

Publication number: MXPA06011034A
Application number: MXPA/A/2006/011034A
Authority: MX
Inventors: Lee Byungrae; Kim Taesung; Jung Kyungim; Oh Yunsang; Kim Shinhan
Original assignee: Samsung Electronics Co Ltd
Priority date: 2004-03-29
Filing date: 2006-09-26
Publication date: 2007-04-20

Abstract

A method and apparatus for acquiring and removing information regarding a digital rights object are provided. The method for acquiring removing information regarding a digital rights object includes receiving a request for data on a rights object from a device, processing the data on the rights object in response to the request, and providing the processed data to the device. The method of removing a digital rights object includes selecting information regarding a rights object to be removed, encrypting the selected information regarding the rights object using a common encryption key, embedding the encrypted information regarding the rights object into a signal to be transmitted to a portable storage device, and transmitting the signal to the portable storage device. A device requests information regarding a rights object from a portable storage device, receives the information regarding the rights object from the portable storage device, and removes an unnecessary rights object.

Description

METHOD AND APPARATUS FOR PURCHASING AND ELIMINATING INFORMATION REGARDING OBJECTS OF DIGITAL RIGHTS FIELD OF THE INVENTION The apparatuses and methods consistent with the present invention are related to the acquisition and elimination of information relating to digital rights objects, and more particularly, to acquire and eliminate information relating to digital rights objects, in which a device requests information relating to a digital rights object from a portable storage device, receives the information relating to the digital rights object transmitted from the portable storage device in response to the request, and manages the information referring to the digital rights object; that digital rights management (DRM) is developed efficiently and securely between the device and the portable storage device. BACKGROUND OF THE INVENTION Recently, DRM has been investigated and actively developed. DRM has been used and will be used in commercial services. The DRM needs to be used due to the following diverse characteristics of digital content. That is, digital content and different analog data can be copied without loss and can be reused, processed, and easily distributed, and only a small amount of cost is required to copy and distribute the digital content. However, it takes a lot of work, time and cost to produce the digital content. Thus, when digital content is copied and distributed without permission, the producer of digital content may lose profits, and the producer's enthusiasm for creations may be discouraged. This results in the development of the digital content business being hindered. There have been several efforts to protect digital content. Conventionally, the protection of digital content has focused on avoiding the non-permitted access to digital content, allowing access to digital content only to the people who paid the fees for it. Thus, the people who paid the fees for the digital content, are allowed to access the non-encrypted digital content while the people who did not pay the fees are not allowed to access. However, when a person who paid the dues, distributes the digital content to other people intentionally, the digital content can be used by the other people who did not pay the dues. To solve this problem, the DRM has been introduced. In the DRM, anyone is allowed to freely access the encoded digital content, but a license referred to as the object of rights is required to decode and execute the digital content. Therefore, digital content can be protected more effectively with the use of DRM. BRIEF DESCRIPTION OF THE INVENTION Technical Problem In Figure 1, the conception of the DRM is illustrated. The DRM is related to content management (hereinafter referred to as encrypted content) protected by the use of a method such as encryption or aleatorization and with rights objects that allow access to encrypted content. With reference to Figure 1, a DRM system includes user devices 110 and 150 that want to access content protected by DRM, a content issuer 120 that broadcasts content, a rights issuer 130 that issues a rights object containing a content. right to access the content, and a certification authority 140 that issues a certificate. In the operation, the user device 110 can obtain the desired content of the content issuer 120 in an encrypted format protected by DRM. The user device 110 may obtain a license to reproduce the encrypted content of a rights object received from the rights issuer 130. Then, the user device 110 can reproduce the encrypted content. Since the encrypted contents can be freely circulated or distributed, the user device 110 can freely transmit the encrypted content to the user device 150. The user device 150 needs the rights object to reproduce the encrypted content. The rights object can be obtained from the rights issuer 130. Meanwhile, the certification authority 140 issues a certificate indicating that the content issuer 120 is authentic and the user devices 110 and 150 are authorized. The certificate can be integrated into the devices used by the user devices 110 and 150 when the devices are manufactured and can be reissued by the certification authority 140 after a predetermined duration has expired. DRM protects the benefits of those who produced or supplied the digital content and thus can be useful in activating the digital content industry. Even though a rights object or encrypted content may be transferred between user devices, in practice this is an inconvenient matter. Accordingly, in order to facilitate the change of location of rights objects and encrypted contents between the devices, an efficient change of data location between a device and a portable storage device that intermediates between the devices is desirable. Technical Solution The present invention provides a method and apparatus for acquiring an information of the digital rights object, in which a device requests information regarding a rights object from a portable storage device, receives the information referring to the rights object transmitted from the portable storage device in response to the request, and manages the information regarding the object of digital rights so that the DRM is developed safely and efficiently between the device and the portable storage device. The present invention also provides a method and apparatus for removing a digital rights object, whereby an unnecessary rights object is removed based on the information relating to the rights object, thereby reducing a device load or a portable storage device and thus prevent the content from being consumed by an object of unauthorized rights. In accordance with one aspect of the present invention, there is provided a method for acquiring information relating to a digital rights object, which includes receiving a request for data on an object of rights stored from a device, accessing the object of rights in response to the request of the device, process the data on the digital rights object, and provide the processed data to the device.

In accordance with another aspect of the present invention, there is provided a method for acquiring information relating to a digital rights object, which includes receiving a request for the data on all available rights objects of a device, accessing all the objects of rights available in response to the request, process the data on all available rights objects, and provide the processed data to the device. According to yet another aspect of the present invention, a method for acquiring information relating to a digital rights object is provided, the method includes receiving a request for the data on all available rights objects of a device, accessing all the rights objects available in response to the request and process the data on all available rights objects, and provide the device with the processed data. In accordance with a further aspect of the present invention, a method for acquiring information relating to a digital rights object is provided, the method includes performing authentication with a portable storage device and generating an encryption key, requesting data about all the available rights objects of the authenticated portable storage device, and receive the processed data on all available rights objects of the portable storage device. In accordance with yet another aspect of the present invention, a method for removing a digital rights object is provided, the method includes selecting information relating to a rights object to be deleted, encrypting the selected information relating to the rights object that a rights object uses. common encryption key, incorporate the encrypted information concerning the object of rights within a signal that must be transmitted to a portable storage device, and transmit the signal to the portable storage device. In accordance with yet another aspect of the present invention, a method for removing a digital rights object is provided, the method includes receiving encrypted information to remove a rights object from a device, decrypting the encrypted information to remove a rights object with the use of a common encryption key, access a rights object that corresponds to the decrypted information to eliminate a rights object, and eliminate the rights object accessed. BRIEF DESCRIPTION OF THE FIGURES The foregoing and other aspects of the present invention will become more apparent from the detailed description of the exemplary embodiments with reference to the accompanying Figures in which: Figure 1 is a schematic diagram illustrating the concept of the DRM; Figure 2 is a schematic diagram illustrating the concept of DRM using a secure multimedia card (MMC); Figure 3 is a block diagram of a device in accordance with an exemplary embodiment of the present invention; Figure 4 is a block diagram of a secure CMM in accordance with an exemplary embodiment of the present invention; Figure 5 is a table illustrating the format of a rights object in accordance with an exemplary embodiment of the present invention; Figure 6 is a table illustrating the restrictions given for the permit shown in Figure 5; Figure 7 illustrates authentication between a device and a secure MMC; Figure 8 is a flow diagram of a protocol by which a device acquires information relating to a rights object specified from a secure MMC in an exemplary embodiment of the present invention; Figure 9 is a flow diagram of a protocol by which a device acquires information regarding all rights objects available from a secure MMC in an exemplary embodiment of the present invention.; Figure 10 is a flow chart of a protocol for removing a rights object specified by a device from a secure MMC in an exemplary embodiment of the present invention; Figures 11 to 15 illustrate examples of formats of an instruction, instruction parameters, and an output response, which are used when a device transmits information regarding the content desired by a user to a secure MMC in the protocol illustrated in the Figure 8 in an exemplary embodiment of the present invention; Figures 16 through 20 illustrate examples of an instruction formats, instruction parameters, and an output response, which are used when a device requests information regarding a rights object corresponding to the contents of a secure MMC in the illustrated protocol in Figure 8 in an exemplary embodiment of the present invention; and Figures 21, 22 and 23 illustrate examples of the information format relating to a rights object provided by a secure MMC in the protocol illustrated in Figure 8; Figures 24 through 28 illustrate examples of formats of an instruction, instruction parameters, and an output response, which are used when a device requests information regarding all rights objects available in the protocol illustrated in Figure 9 in an exemplary embodiment of the present invention; and Figures 29 through 33 illustrate examples of an instruction formats, instruction parameters, and an output response, which are used when a device requests a secure MMC to remove a particular rights object in the protocol illustrated in Figure 10. in an exemplary embodiment of the present invention. DETAILED DESCRIPTION OF THE INVENTION The present invention and the methods for obtaining same can be more easily understood with reference to the following detailed description of the exemplary embodiments and the appended Figures. However, the present invention can be characterized in several different ways and should not be construed as limiting the set of exemplary embodiments set forth herein. Rather, with these exemplary embodiments provided, the description will be deepened and complemented, and the concept of the invention will be fully transmitted to those skilled in the art, and the present invention will be defined only by the appended claims. Like reference numbers refer to similar elements throughout the specification. Hereinafter, the exemplary embodiments of the present invention will be described in detail with reference to the accompanying Figures. Before presenting the detailed description, the terms used in this specification will be briefly described. The description of the terms should be interpreted in order to achieve a better understanding of the specification and the terms that are not explicitly defined here are not intended to limit the broad aspect of the invention. -Key-Public cryptography Public-key cryptography refers to an asymmetric number in which a key used to encrypt is different from a key used to decrypt. A public-key algorithm is open to the public, but it is impossible or difficult to decrypt the original content with only a cryptographic algorithm, an encryption key, and an encrypted text. Examples of a public key cryptographic system include Diffie-Hellman cryptosystems, RSA cryptosystems, ElGamal cryptosystems, and elliptic curve cryptosystems. Public-key cryptography is approximately 100-1000 times slower than symmetric key cryptography and is thus generally used to exchange keys and as a digital signature not for the encryption of content. - Key-Symmetric Encryption Key-symmetric cryptography is a symmetric number that is referred to as secret-key cryptography that uses the same encryption and decryption key. A standard for data encryption (DES, for its acronym in English) is a very general symmetric figure. Recently, applications that use an advanced encryption standard (AES) have increased. -Certificate A certification authority certifies users of a public key with respect to a public-key figure. A certificate is a message that contains a public key and an identity information of the person, which are signed by the certification authority that uses a private key. Therefore, the integrity of the certificate can easily be considered when applying the public key of the certification authority for the certificate, and with this, the attackers are prevented from modulating a public user key. -Digital Signature A digital signature is generated by a signer to indicate that a document has been written. Examples of a digital signature are, a digital signature RSA, a digital signature ElGamal, a digital signature DSA, and digital signature Schnorr. When the RSA digital signature is used, an issuer encrypts a message with its (he / she) private key and sends the encrypted message to a receiver. The receiver decrypts the encrypted message. In this case, it is proved that the message has been encrypted by the issuer. -Random number A random number is a sequence of character numbers with random properties. Since it costs a lot to generate a complete random number, a pseudo-random number can be used. - Portable Storage Device A portable storage device used in the present invention includes a non-volatile memory such as a flash memory in which data can be written to, read from, and deleted from, and which can be connected to, a device Examples of such portable devices are smart media devices, stick memories, compact flash (CF) cards, xD cards, and multimedia cards. From here on, a secure MMC will be explained as a portable storage device. Figure 2 is a schematic diagram illustrating the concept of DRM using a secure multimedia card (MMC). A user device 210 can obtain encrypted content from a content emitter 220. The encrypted content is protected content by means of the DRM. To play the encrypted content, a Rights Object (RO) is needed for the encrypted content. An RO contains a definition of a right to a content, restriction to the right, and a right to the RO itself. An example of the right for the content may be the reproduction of pre-recorded data. Examples of restrictions may be the number of reproductions of pre-recorded data, one time of reproduction and one duration of reproduction. An example of the right for the RO can be a change of place or a copy. In other words, an RO that contains a right to move it to another device or a secure MMC. An RO that contains a right to copy can be copied to another device or to a secure MMC. When the RO is changed from location, the original RO is deactivated before being relocated (in this case, the same RO is deleted or a right contained in the RO is deleted). However, when the RO is copied, the original RO can be used in an activated state even after copying. After obtaining the encrypted content, the user device 210 requests a rights object (RO) from a rights issuer 230 to obtain a reproduction right. When the user device 210 receives the RO together with an RO response from the rights issuer 230, the user device 210 can reproduce the encrypted content with the use of the RO. Meanwhile, the user device 210 can transfer the RO to a user device 250 that has a corresponding encrypted object through a portable storage device. The portable storage device may be a secure MMC 260 having a DRM function. In this case, the user device 210 executes a mutual authentication with the secure MMC 260 and then changes location to the RO towards the secure MMC 260. In order to play the encrypted content, the user device 210 requests a right to play from the MMC 260 and receives the right to reproduce, in this case, a content encryption key, from the secure MMC 260. The user device 210 may reproduce the encrypted content with the use of the encryption key. Meanwhile, after executing mutual authentication with the user device 250, the secure MMC 260 may change location to the RO to the user device 250 or allow the user device 250 to play the encrypted content. In the encrypted embodiments of the present invention, authentication between a device and a secure MMC is required. An authentication procedure will be described in detail with reference to Figure 3. Here, a subscript "M" of an object indicates that the object is owned or generated by a device and a subscript "M" of an object indicates that the object is owned or generated by a secure MMC. Figure 3 is a block diagram of a device 300 in accordance with an exemplary embodiment of the present invention. In the exemplary embodiment, the term "module", as used herein, means, but is not limited to, a computer program or physical equipment component, such as a Field Programmable Gate Array (FPGA). , for its acronym in English) or an Integrated Application Specific Circuit (ASIC, for its acronym in English), which performs certain tasks. Conveniently, a module can be configured to reside on the addressable storage medium and configured to run on one or more processors. Thus, a module may include, by way of example, components, such as computer program components, object-oriented computer program components, class components and task components, processes, functions, attributes, procedures, subroutines, segments of program code, controllers, micro programs, micro codes, circuits, data, databases, data structures, tables, arrays, and variables. The functionality provided in the components and modules can be combined within a few components and modules or even more separated within the components and additional modules. Additionally, the components and modules can be implemented to execute one or more CPUs in a secure device or MMC.

To implement the DRM, the device 300 requires a security function, a content storage function or an RO, a data exchange function with another device, for example, a portable storage device or a multimedia device, PDA, cell phone, a data reception / transmission function that allows communication with a content provider or an RO sender, and a DRM function. To execute these functions, the device 300 includes an encryption module 365 that has an RSA 340 module, an encryption key generation module 350, and a standard advanced encryption module (AES) 360 for the security function, an content storage module / RO 330 with a storage function, an MMC interface module 310 that allows data exchange with a secure MMC, and a DRM 320 agent that controls each module to execute a DRM procedure. Additionally, the device 300 includes a transmitter-receiver module 370 for the data transmission / reception function and a display module 380 that displays content during playback of pre-recorded data. An encryption key generated by an encryption key generation module 350 includes a session key used for encryption and decryption during communication between the device 300 and a secure MMC and a hashing key used for a hash value indicating whether it is modified the information regarding an RO. The transceiver module 370 allows the device 300 to communicate with a content provider or an emitter of RO. The device 300 can acquire an RO or encrypted content from an external device through the transceiver module 370. The interface module MMC 310 allows the device 300 to be connected with the secure MMC. When the device 300 is connected to a secure MMC, fundamentally, the MMC interface module 310 of the device 300 is electrically connected to a secure MMC interface module. However, the electrical connection is only an example, and the connection can indicate a state in which the device 300 can communicate with the secure MMC through a wireless means without contact. The RSA 340 module executes a public-key encryption. More particularly, the RSA module 340 executes an RSA encryption in accordance with a request from the DRM agent 320. In the exemplary embodiments of the present invention, during authentication, the RSA encryption is used to exchange the key (random number) or digital signature . However, RSA encryption is just one example, and another public-key encryption can be employed. The public key generation module 350 generates a random number that must be transmitted to a secure MMC and generates a session key and a hashing key that uses the generated random number and a random number received from the secure MMC. The random number generated by the encryption key generation module 350 is encrypted by the RSA 340 module and subsequently transmitted to the secure MMC through the MMC interface module 310. Instead of generating the random number in the generation module of public key 350, the random number can be selected from a plurality of random numbers provided in advance. The AES 360 module executes a key-symmetric encryption that uses the generated session key. More particularly, the AES 360 module uses AES encryption to encrypt a content encryption key of an RO with the session key and to encrypt other important information during communication with another device. In an exemplary embodiment of the present invention, the session key is used to encrypt an RO during the location change of the RO. AES encryption is just one example, and can be used another symmetric key encryption such as a DES encryption. The content storage module / RO 330 contains encrypted content and ROs. The device 300 encrypts an RO in accordance with the AES encryption using a unique key that can not be read by another device or a secure MMC and decrypts the RO that uses the unique key to change location or copy the RO to another device or a secure MMC. The encryption of an RO that uses the unique key in accordance with the key-symmetric encryption is only an example. Alternatively, an RO can be encrypted with the use of a private key of the device 300 and can be decrypted with the use of a public key of the device 300 when necessary. The display module 380 visually displays the reproduction of the contents for which the RO allows reproduction. The display module 380 may be enabled with a liquid crystal display (LCD) device such as a thin-film transistor (TFT) LCD device or an organic electroluminescent (EL) display device. The DRM 320 agent checks whether the information has changed with respect to an RO received from a secure MMC. The verification can be executed based on a hash value generated by the secure MMC. The hash value is obtained with the use of a hashing key generated by the encryption key generation module 350 and a published hash algorithm, for example, the Security Hash Algorithm 1 (SHAl). When the information request is made with respect to an RO or elimination of an RO, a sequence counter (SSC) indicating a transmission sequence can be generated and incorporated into an application command to avoid that the request command is lost or that a non-authentic command is inserted between the request commands by an unauthorized invader. Meanwhile, the DRM agent 320 generates a deletion condition, in this case, an identifier (ID) of an RO or a list of ROs IDs, or an item related to the right information of an RO to be eliminated. Accordingly, the DRM 320 agent has the function of retrieving rights information of a received RO. Figure 4 is a block diagram of a secure MMC 400 in accordance with an exemplary embodiment of the present invention. In order to run the DRM, the secure MMC 400 needs a security function, a function to store content or an RO, a function to exchange data with another device, and a DRM function. To execute these functions, secure MMC 400 includes a encryption module 465 having a module 440, an encryption key generation module 450, and an AES 460 module for the security function, a content storage module / RO 430 with a storage function, an interface module 410 that allows the exchange of data with a device, and a DRM 420 agent that controls each module to execute a DRM procedure. The interface module 410 allows the secure MMC 400 to be connected to a device. When the secure MMC 400 is connected to a device, essentially, the interface module 410 of the secure MMC 400 is electrically connected to a device interface module. However, the electrical connection is only an example, and the connection can indicate a state in which the secure MMC can communicate with the device through a wireless means without contact. The RSA 440 module executes a public-key encryption. More particularly, the RSA module 440 executes an RSA encryption in accordance with a request from the DRM agent 420. In the exemplary embodiments of the present invention, during authentication, the RSA encryption is used for a key exchange (random number) or signature digital. However, RSA encryption is just one example, and you can use other public key encryption. The encryption key generation module 450 generates a random number to be transmitted to a device and generates a session key and a hashing key with the use of the generated random number and a random number received from the device. The random number generated by the encryption key generation module 450 is encrypted by the RSA module 440 and then transmitted to the device through the interface module 410. Instead of generating the random number in the generation module of the module. encryption key 450, the random number can be selected from a plurality of random numbers provided in advance. The AES 460 module executes a key-symmetric encryption with the use of the generated session key. More specifically, the AES 460 module uses AES encryption to encrypt a content encryption key of an RO with the session key and to encrypt other important information during communication with another device. In an exemplary embodiment of the present invention, the session key is used to encrypt an RO during the location change of the RO. AES encryption is just one example, and other key-symmetric encryptions such as DES encryption can be used. The content storage module / RO 430 stores encrypted content and ROs. The Secure MMC 400 encrypts an RO in accordance with AES encryption with the use of a unique key that can not be read by other devices and decrypts the RO that uses the unique key to change location or copy the RO to other devices. The encryption of an RO that uses the unique key in accordance with key-symmetric encryption is only an example. Alternatively, an RO can be encrypted with the use of a private key of the secure MMC 400 and when necessary, it can be decrypted with the use of a public key of the secure MMC 400. When a request is received for information regarding a RO from a device, the DRM agent 420 selectively processes information contained in the RO and provides the processed information to the device via the interface module 410, which will be described later in detail with reference to Figure 8. Additionally, the DRM 420 agent recovers an RO that must be eliminated. In detail, the DRM agent 420 recovers an RO according to a condition of an RO to be eliminated, such as an RO ID or an ID list, transmitted from a device. The recovered RO is eliminated. The elimination of an RO can physically indicate the elimination of the RO or inform that the RO is unnecessary when exchanging particular RO information. Additionally, the DRM 420 agent has a function of physically eliminating an unnecessary RO in response to a request. Figure 5 is a table illustrating the format of an RO according to one embodiment of the present invention. The RO includes a version 500 field, a resource field 520, and a permission field 530. The version field 510 contains version information of a DRM system. The resource field 520 contains information regarding the content data, the consumption of which is managed by the RO. The permit field 530 contains information regarding the use and action that are allowed by a rights issuer with respect to the content protected through the DRM. The information stored in resource field 520 will be described in greater detail. The "id" information indicates an identifier used to identify the RO. The "uid" information is used to identify the content of the use of which is dominated by the RO and is a uniform resource identifier (URI) of content data of a DRM content format (DCF, by its acronym in English). The information "inheritance" specifies the relation of inheritance between the resources of use of which is dominated by the RO and contains information regarding a precursor resource. If an inheritance relationship occurs between two resources, a descendant resource inherits all the rights of a precursor resource. The "Key value" information contains a binary key value used to encrypt the content, which is referred to as a content encryption key (CEK). The CEK is a key value used to decrypt encrypted content that must be used by a device. When the device receives the CEK from a secure MMC, this one can use the content. The information stored in the permit field 530 will be described in detail. The information "idref" has a reference value of the information "id" stored in resource field 520. "Permission" is a right to use a content allowed by the rights issuer. Permission types include "Play", "Deploy", "Run", and "Export". "Play" is a right to display DRM content in a video / audio format. Accordingly, a DRM agent does not allow access based on "Play" with respect to content such as JAVA games that can not be expressed in the audio / video format. The permission to Play optionally may have a restriction. If a specific restriction is present, the DRM agent grants a right to Play in accordance with the specified restriction. If the specified restrictions are not present, the DRM agent grants unlimited Play rights. The Deploy permission indicates a right to display DRM content through a display device. A DRM agent does not allow access based on Deploy with respect to content such as gif or jpeg images that can not be displayed through the display device. The Execute permission indicates a right to execute DRM content such as JAVA games and other application programs. The Print permission indicates a right to generate a hard copy of the DRM content such as jpeg images. The Export permission indicates a right to send DRM content and ROs corresponding to a DRM system other than an open mobile alliance DRM (OMA) system or a content protection architecture. The Export permission must have a restriction. The restriction specifies a DRM system of a content protection architecture with which the DRM content and its RO can be sent. The Export permission is divided into a change location mode and a copy mode. When an RO is exported from a current DRM system to another DRM system, the Ro is deleted from the current DRM system in the change location mode but is not deleted from the current DRM system in copy mode. The Change Location permission is divided into a secure device-to-MMC location change and a safe-to-device MMC location change. In the secure device-to-MMC location change, an RO is a device is sent to a secure MMC and the original RO on the device is deactivated. Similar operations are executed instead of safe-to-device MMC location. The Copy permission is divided into a secure device-to-MMC copy and a secure-to-device MMC copy. In the secure device-to-MMC copy, an RO in a device is sent to a secure MMC, but unlike the Change Location permission, the original RO in the device is not deactivated. Similar operations are executed in the safe-to-device MMC copy. Figure 6 is a table that illustrates the restrictions given for the permission shown in Figure 5. The permission restriction information restricts the consumption of digital content. A constraint of Count 600 has a positive integer value and specifies the number of times of permission given to the content. A DRM agent does not allow access to DRM content for a number of times greater than the permission specified by a value of the count constraint. Additionally, when the value of the Count constraint is not a positive integer, the DRM agent does not allow access to the DRM content. Meanwhile, the Times count restriction includes a count subfield and a time subfield to specify the allowance count granted for the content for a period of time defined by a timer. A date-period restriction 610 specifies a timescale of the permission and optionally includes a start item and a term item. When the start item is specified, access is not allowed before a particular period on a particular date. When the final item is specified, access is not allowed after a particular period on a particular date. Therefore, if a value of the start item is greater than the final item value, a DRM agent does not allow access to the DRM content. In the format of the start and end items, CC denotes a century, YY denotes year, MM denotes month, DD denotes date, T denotes a discriminant between date and period, and hh: mm: ss denotes hour: minute: second, respectively. An Interval restriction 620 specifies a duration for which a right is effective in a DRM content and optionally includes a start item and a final item. When the start item is specified, DRM content consumption is allowed for a period of time specified by the interval restriction after a particular period on a particular date. When the final item is specified, DRM content consumption is allowed for a period of time specified by the Interval restriction before a particular period on a particular date. Therefore, a DRM agent does not allow access to the DRM content after a cumulative period specified by an Interval restriction value has been completed. In the format of a Duration item, for example, P2Y10M15DT10H30M20S, it indicates the duration of 2 years, 10 months, 15 days, 10 hours, 30 minutes and 20 seconds. A Cumulative restriction 630 specifies a maximum measured period by which a right can be executed in a DRM content. A DRM agent does not allow access to contentDRM after a cumulative period specified by a value of the Accumulated restriction has ended. A restriction of Individuals 640 specifies an individual with whom the DRM content is attached. That is, the restriction of Individual 640 specifies the individual who uses an URI of the individual. Accordingly, if a user identity of the device is not identical with the identity of the person allowed to use the DRM content, a DRM agent does not allow access to the DRM content. A system restriction 650 specifies a DRM system or a content protection structure with which the content and a rights object can be exported. A Version item indicates information on the DRM system version or the content protection structure. An UID item indicates a DRM system name or content protection structure. Figure 7 illustrates an authentication procedure in accordance with an exemplary embodiment of the present invention.

Authentication is a procedure in which a secure device 710 and MMC 720 authenticate the originality of one another and exchange random numbers for the generation of a session key. A session key can be generated with the use of a random number obtained during authentication. In figure 7, the descriptions located above the lines with arrows are related to a command that requests another device to execute a certain operation and the descriptions located below the lines with arrows-headers are related to a parameter necessary to execute the command or the data transported. In an exemplary embodiment of the present invention, the device 710 issues all the commands for authentication and the secure MMC 720 executes the operations necessary to execute the command. For example, the device 710 may send a command such as an authentication response to the secure MMC 720. Subsequently, the secure MMC 720 sends a certificateM and an encrypted random numberM to the device 710 in response to the authentication response. In another exemplary embodiment of the present invention, both the 710 device and the secure MMC 720 can send commands. For example, the secure MMC 720 may send the authentication response together with the certificateM and the encrypted random numberM to the device 710. Detailed descriptions of the authentication procedure are set forth below. In the SlO operation, the device 710 sends an authentication request to the secure MMC 720. When authentication is requested, the device 710 sends a device public keyD to the secure MMC 720. For example, the public device keyD can be sent when sending a deviceD certificate issued for the 710 device by a certification authority. The device certificate D is signed with a digital signature of the certification authority and contains a device ID and the public device key. Based on the device certificate D, the secure MMC 720 can authenticate the device 710 and obtain the device public key. In operation S20, secure MMC 720 verifies whether the device certificateD is valid using a certificate revocation list (CRL). If the device certificate D is registered in the CRL, the secure MMC 720 can reject authentication with the device 710. If the device certificate D is not registered in the CRL, the secure MMC 720 obtains the device public key D using the certificate D of device. In operation S30, secure MMC 720 generates a random numberM. In step S40, the random number M is encrypted using the device public key. In step S50, an authentication response procedure is executed by sending an authentication response from the device 710 to the secure MMC 720 or from the secure MMC 720 to the device 710. During the authentication response procedure, the secure MMC 720 sends a secure MMC public key M and an encrypted random number M to the device 710. In an exemplary embodiment of the present invention, instead of the secure MMC public key M, a secure MMC certificate may be sent to • the device 710. In another exemplary embodiment of the present invention, the secure MMC 720 may send its digital signature to the device 710 together with the encrypted random number M and the secure MMC certificate. In the S60 operation, the device 710 receives the secure MMC certificate and the encrypted random number M, authenticates the secure MMC 720 by checking the secure MMC certificate, obtains the secure MMC public key M, and obtains the random number M by decrypting the M number randomly encrypted using the public device key. During operation S70, device 710 generates a random D number. In operation S80, the random D number is encrypted using the public MMC key of secure MMC. Hereinafter, a final authentication procedure is executed in the S90 operation where the device 710 sends the encrypted random number D to the secure MMC 720. In an exemplary embodiment of the present invention, the device 710 can send its digital signature to the secure MMC 720 together with the encrypted random number or. In operation SlOO, the secure MMC 720 receives and decrypts the encrypted random number D. As a result, the device 710 and the secure MMC 720 are supplied with a random number generated by one for the other. Here, since both the device 710 and the secure MMC 720 generate their own random numbers and each use the random numbers of the other, the randomness can be greatly increased and secure mutual authentication is possible. In other words, even if any, the device 710 and the secure CMM 720 have a weak randomness, the other one can reinforce the randomness. In the operation S110 and S120, the device 710 and the secure MMC 720 that each exchange random numbers of the other, generate their session keys and hashing keys that use both of their two random numbers. To generate a session key and a hashing key that use the two random numbers, you can use an algorithm that has been published. A simpler algorithm is to execute an XOR operation on the two random numbers. Once the session keys and the hashing keys have been generated, various operations protected by the DRM can be executed between the device 710 and the secure MMC 720. Figure 8 is a flowchart of a protocol by means of which a device 710 acquires information regarding a specified RO from a secure MMC 720 in an exemplary embodiment of the present invention. / Before, the device 710 requests the information regarding the RO specified from the secure MMC 720, the authentication between the device 710 and the secure MMC 720 is executed in the operation S200. In operations S210 and S220, each of device 710 and secure MMC 720 generates a session key for encryption and decryption executed during communication between device 710 and secure MMC 720 and a hashing key for a hashing algorithm that generates a value indicating whether the information provided from the secure MMC 720 is modified. In the operation S300, the device 710 requests information regarding the RO specified from the secure MMC 720. Here, to specify an RO, the information of which is must acquire, the device 710 can send a content ID or an RO ID. When the device 710 has a precursor RO, the RO ID includes a precursor RO ID to acquire information regarding a descendant RO corresponding to the precursor RO. Here, the precursor RO and the descendant RO are in a relationship in which an RO is defined by inheriting from another RO a permission and a restriction. The precursor RO defines a permission and a restriction for a DRM content and the descendant RO inherits them. The descendant RO refers to the content. Nevertheless, the precursor RO does not refer directly to the content itself but refers to its descendant RO. When access is allowed to the content in accordance with permission information regarding the parent or descendant RO, a DRM agent considers a restriction on the permission granting the access and all higher level restrictions on the parent and descendant ROs. This results in a rights issuer being able to support a subscription trading model. Alternatively, an ID of an RO may include the information from which it is to be acquired. The information that specifies an RO can be sent when the device 710 requests the information in the operation. S300 or can be sent through a special instruction before the 710 device requests the information. The special instruction will be described below with reference to Figure 11. In response to the request by the device 710, the secure MMC 720 retrieves and processes information regarding an RO that corresponds to the content ID or the RO ID received from the device 710 in operation S310 and send the processed information relating to the RO to device 710 in operation S320. In an exemplary embodiment of the present invention, the processed information concerning the RO selectively includes schematic information that relates to rights information represented by the RO among the information items included in the RO. For example, the processed information may include a content ID dominated by the right, a hash value indicating the content is modified, and permission information. However, the processed information that relates to the RO does not include a CEK used to decrypt encrypted content because the device 710 requests information regarding the RO to verify whether the secure MMC 720 has a right to use the desired content by a user and to identify the right processed by the secure MMC 720. In another embodiment of the present invention, the processing of the information relating to the RO may include converting a data format into a data format supported by the device 710 when the data format supported by the secure MMC 720 is not supported by the device 710. One or more ROs may correspond to a particular content, and therefore, two or more types of permission information may be included in the information relating to the RO. In an exemplary embodiment of the present invention, since the information regarding the RO transmitted to the device 710 does not include a CEK, the information does not need to be encrypted using the session key generated through authentication between the 710 device and the secure MMC 720. To allow the device 710 to determine whether the information regarding the RO is modified, the information may include a hash value. The hash value can be generated with the use of the hashing key generated through authentication and a known hash algorithm, for example, SHAl. The device 710 recognizes the current status of possession of ROs necessary to consume the particular content through a procedure for acquiring the information relating to the RO and requesting a right to reproduce, execute, print, or export the particular content from the secure MMC 720 in accordance with the ROs possessed by the secure MMC 720. When the secure MMC 720 has an RO corresponding to a requested permission, the secure MMC 720 encrypts the CEK using the session key and transmits the encrypted CEK to the 710 device to allow the 710 device decrypt the particular content that has been encrypted. Figure 9 is a flowchart of a protocol by which the device 710 acquires information regarding all available ROs from the secure MMC 720 in an exemplary embodiment of the present invention. A user of the device 710 can identify ROs stored in the secure MMC 720 to subsequently consume stored content or to later copy the content to another device in accordance with the identified ROs. Before the 710 device requests information regarding all available ROs of the secure MMC 720, in the operation S400 the authentication between the device 710 and the secure MMC 720. In the operations S410 and S420, each of the device 710 and the secure MMC 720 generates a session key for encrypting and decrypting and a hashing key. Regardless of the content to be consumed, in the S500 operation, the device 710 requests information regarding all the available ROs of the secure MMC 720. Afterwards, the secure MMC 720 recovers all the available ROs stored therein and processes information relating to it. to these in step S510 and send the processed information to the device in step S520. In an exemplary embodiment of the present invention, the processed information includes information regarding all available ROs stored in the secure MMC 720. For example, the processed information may include an ID of each RO, a content ID dominated by each RO, and the number of content IDs. However, the processed information does not include a CEK used to decrypt encrypted content because the device 710 requests information regarding the total available ROs to identify rights for the contents processed by the secure MMC 720.

In another exemplary embodiment of the present invention, the processing of the information regarding the total of available ROs may include converting a data format into a data format supported by the device 710 when the data format supported by the secure MMC 720 can not be supported by the device 710. The total of ROs available in the secure MMC 720 may be in number two or more. In an exemplary embodiment of the present invention, when two or more available ROs are stored in the secure MMC 720, templates containing information relating to the ROs can be linked individually to a single list and at the same time be transmitted to the 710 device. In order to receive information regarding all available ROs, the 710 device can manage the ROs by eliminating unnecessary rights, acquiring necessary rights, and moving some rights to another device. In an exemplary embodiment of the present invention, since the information regarding the total of available ROs transmitted to the device 710 does not include a CEK, the information does not need to be encrypted with the use of the session key generated through authentication between the device 710 and the secure MMC 720. To allow the device 710 to determine whether the information regarding the RO is modified, the information may include a hash value. The hash value can be generated with the use of the hashing key generated through authication and a known hash algorithm, for example, SHAl. Figure 10 is a flowchart of a protocol for removing an RO specified by the device 710 of the secure MMC 720 in an exemplary embodiment of the present invention. Before the device 710 requests the secure MMC 720 to eliminate a specified RO, in the operation S600 authentication is performed between the device 710 and the secure MMC 720. In the operations S610 and S620, each of the device 710 and the MMC Secure 720 generates a session key for encryption and decryption performed during communication between the device 710 and the secure MMC 720 and a hashing key for a hashing algorithm that generates a value indicating whether the information is modified. To request to delete the specified RO, the 710 device must know if the specified RO exists. To know the existence / non existence of the specified RO, in the operations S700 to 720, the device 710 acquires information regarding the specified RO that must be eliminated using the protocol illustrated in Figure 8. In the operation S730, the device 710 encrypts an ID of the RO to be deleted and a Sequence Sequence Counter (SSC) indicating a transmission sequence in the current protocol that uses the session key to request the removal of the RO. The SSC is a value that is incremented whenever a command packet is transmitted to detect if a command packet transmitted from the device 710 is lost or is tampered with by an unauthorized invader during transmission. In the S740 operation, in response to the request to delete the RO, the secure MMC 720 decrypts the ID of the encrypted RO transmitted from the device 710 using the session key and removes the RO corresponding to the RO ID. In another exemplary embodiment of the present invention, the device 710 can send IDs of two or more ROs to be deleted. In detail, the device 710 generates and encrypts a list of RO IDs and transmits the encrypted list. Upon receipt of the list, the secure MMC 720 decrypts the list and removes the ROs corresponding to the RO IDs in the list. Here, an operation is necessary to eliminate a plurality of ROs. In yet another exemplary embodiment of the present invention, instead of transmitting an ID of an RO to be eliminated, conditions of an RO to be eliminated can be established and transmitted. Here, an operation is necessary in which the secure CMM 720 recovers an RO that satisfies the conditions and eliminates it. Accordingly, operations S700 through S720 to acquire information regarding the RO stored in the secure MMC 720 illustrated in Figure 10 are optional because even though the device 710 does not know the information regarding the RO stored in the secure MMC 720, the device 710 can send a request to remove an RO that does not have a right to Copy or Execute by secure MMC 720. Conditions can be related to a right such as Read, Copy, Change Location, Exit, or Execute. The conditions can be to eliminate an RO that does not have a right to use it based on a current period or to eliminate an RO for content that does not exist in the 710 device or the secure MMC 720. The conditions are encrypted and transmitted to the secure CMM 720. Afterwards, the secure CMM 720 recovers an RO that satisfies the conditions and removes it. The elimination of an RO can indicate eliminating the RO of a device and also indicate that it points to the RO as deletable at any time because the RO can not be used. When removing an RO in a secure MMC in any request, the elimination period and the processing period can be increased. Accordingly, information regarding an RO can be changed and then, only when the storage space in the secure MMC is insufficient, an unnecessary RO can be eliminated. In other words, an RO can be stored in a portion where an unnecessary RO has already been stored. Accordingly, in exemplary embodiments of the present invention, the removal includes (1) a method for completely removing an RO from a portable storage device and (2) a method for changing particular information of an RO, for example, " id "of the resource field shown in Figure 5, within the information that indicates that the RO can not be used and that is why the RO will be eliminated. An RO designated as unnecessary is completely removed from a secure MMC when the storage space is insufficient or when an external request is received to eliminate it. Figures 11 through 15 illustrate examples of formats of an instruction, instruction parameters, and an output response which are used when the device transmits information regarding content desired by a user to a secure MMC in the protocol illustrated in Figure 8. in an exemplary embodiment of the present invention. Here, the instruction is SET_CO_INFO composed mainly by a header field and a data field (1100). The header field contains information that identifies an instruction and the data field contains information that refers to the instruction. A field Pl (1120) in the header field has a value indicating the instruction SET_CO_INFO. A T-field in the data field (1120) is a tag field that has a tag value that indicates the SET_CO_INFO instruction. An L-field in the data field has a value indicating a length of a V-field in the data field. The V-field has a value of a content ID. The V-field can have a value of an RO ID. The SET_CO_INFO instruction simply transmits a content ID to a secure MMC, and therefore, therefore, an output response (1140) for this instruction has no values in its -V, -T, and -L fields. A status word in the output response (1140) includes information about a result of executing the SET_CO__INFO instruction. The word status is expressed by a combination of SW1 and SW2 indicating one of the following, "successful execution of the instruction", "unknown tag", "incorrect parameter in the V-field", "general authentication need", " need for authentication "," failure to verify ", and" number of attempts ", shown in Figure 15. Figures 16 through 20 illustrate examples of formats of an instruction, instruction parameters, and an output response which are used when a device requests information regarding an RO corresponding to content of a secure MMC in the protocol illustrated in Figure 8 in an exemplary embodiment of the present invention. Here, the instruction is GET_RO_INFO 1200 and has a format similar to that of the SET_CO_INFO instruction. A field Pl in the header field (1220) has a value that indicates the GET_RO_INFO instruction. The GET_R0_INF0 instruction requests the secure MMC to transmit information regarding an RO that corresponds to a content specified by the SET_CO_INFO instruction, therefore, a data field (1220) included in the GET_RO_INFO instruction has no values. In an output response 1240, a data field includes information regarding the RO, and a status word reports a result of executing the instruction GET_RO_INFO. A T-field in the data field is a tag field that has a tag value that indicates a response for the GET_MOVE_RO instruction. An L-field has a value that indicates a length of a V-field. The V-field has the encrypted value of the RO. The information that refers to the RO of the V-field can be a combination of information that refers to the permission for the RO and a hash value that indicates if the information regarding the permission for the RO is modified. The information regarding permission for the RO will be described in detail with reference to Figures 21 through 23. A status word is expressed by a combination of SW1 and SW2 indicating one of the following, "successful execution of the instruction", " unknown tag "," incorrect parameter in the V-field "," general authentication need ", and" authentication need ". Figure 21 illustrates an example of the format of information regarding an RO (hereinafter referred to as RO information) provided by a secure MMC in the protocol illustrated in Figure 8. The RO information primarily includes basic information for identify an RO and permit information for the RO. Such data format is referred to for a current permit status format (CPSF). As described above, a CEK is excluded from the permit information. A permit status format specifies all types of permits required for an RO and basic information that refers to the RO. In an exemplary embodiment of the present invention, an RO is not transmitted directly, but a CPSF is transmitted, thereby reducing unnecessary headers between a device and a secure MMC. With reference to Figures 21 to 23, a CPSF in accordance with an exemplary embodiment of the present invention includes a content ID field 1310, 1410, or 1510, a message summary value field + message summary index 1330 , 1430, or 1530, and a permission information field 1340, 1440, or 1540.

In the content ID field 1310, 1410, or 1510, a content ID is established to identify particular content that can be used by means of the RO. In the message summary value + message summary index field 1330, 1430, or 1530, a message digest value is established for integrated transmission data protection. The message summary value can be generated with the use of a published hash algorithm (for example, SHAl). In permission information field 1340, 1440, or 1540, permit information is processed by the RO. The content of a CPSF can vary with a type of RO. In the exemplary embodiments of the present invention, the types of ROs are divided into general RO types, descendant RO types, and precursor RO types. The Tipol indicates a general RO. Type2 indicates a descendant RO. Type3 indicates a precursor RO. The general ROs are ROs that do not have relations with a subscription model (or a subscription business model) described in the open mobile alliance digital rights management (OMA DRM) language of rights expression ( REL, for its acronym in English) v2.0. The ROs that correspond to the subscription model described in the OMA DRM REL v.2.0 can be divided into descendant ROs and precursor ROs. A descendant RO includes a permit item and a restriction for the permit item. Other details of descendant ROs and precursor ROs are described in the OMA DRM REL v.2.0. The details of the OMA DRM REL v.2.0 can be obtained at http: // www. openmoilealliance.org/ Figure 21 illustrates a structure of a CPSF of a general RO in accordance with an exemplary embodiment of the present invention. The CPSF of a general RO may include at least one permission information field 1340, which includes the subfields: a field of type 1341, an index field of RO 1342, a field of resource index 1343, a field of permission index 1344, a number-of-constraints field 1345, and a restriction information field 1346. The type field 1341 includes information to identify a type of the RO. Table 1 shows the types of ROs. Table 1 The index field R0 1342 and the resource index field 1343 includes an internal R0 ID and an internal resource ID, respectively, in a secure MMC. The internal RO ID and the internal resource ID can be used respectively to identify a RO and a resource stored in the secure MMC. The permission index field 1344 includes identification information to identify a type of permit. The permission types have been described with reference to Figure 5. The number-of-constraints field 1345 includes the number of restriction information fields 1346. Each restriction field 1346 includes a restriction index field 1347 which indicates a type of a restriction and a restriction field 1348 that indicates the content of the restriction. The types of constraints have been described with reference to Figure 6. Figure 22 illustrates a structure of a CPSF of a descendant RO in accordance with an exemplary embodiment of the present invention. Since only one descendant RO can be used for a particular content, the CPSF includes an individual permission information field. The values set respectively in the content ID field 1410 and the message digest value field + message summary index 1430 have been described above. The permission information field 1440 includes the subfields: a field of type 1441, a field of precursor RO ID 1442, and a uniform resource location (URL) field issuing RO of descendant 1443. The Type field 1441 includes identification information to identify a type of rights object and has a value of "0x02". The precursor RO ID field 1442 includes identification information to identify a precursor rights object. The descendant RO sender URL field 1443 includes a URL of a descendant RO sender. Figure 23 illustrates a structure of a CPSF of a precursor RO in accordance with an exemplary embodiment of the present invention. The content ID field 1510 has been described above. Nevertheless, the precursor RO that complies with the subscription model described in the OMA DRM REL v2.0 does not have a CEK and a message summary value, and therefore, the message summary value field + summary index of message 1530 can be set to null. Since there is only one precursor RO that allows particular DRM content to be used, the CPSF includes an individual permission information field 1540. The permission information field 1540 includes subfields: a field of type 1541, an RO ID field. precursor 1542, a permission index 1543, a number-of-constraint field 1544, and a restriction information field 1545. The type field 1541 includes identification information to identify a type of rights object and has a value of "0x03" The precursor RO ID field 1542 includes identification information to identify the precursor rights object. The permission index field 1543, the number-restriction field 1544, and the restriction information field 1545 include the same type of information, in the same way as the permission index field 1344, the number-of field restrictions 1345, and restriction information field 1346 shown in Figure 21. Meanwhile, a secure MMC can include both a general RO and a descending RO that support particular content to be reproduced, or both a general RO and a precursor that they admit particular content to be reproduced. Figures 24 through 28 illustrate examples of formats of an instruction, instruction parameters, and an output response which are used when a device requests information regarding all available ROs in the protocol illustrated in Figure 9 in an exemplary embodiment of the present invention.

Here, the instruction is GET_RO_LIST composed of a header field and a data field (1600). The header field contains information that identifies an instruction and the data field contains information regarding the instruction. A field Pl in the header field has a value that indicates the instruction GET_RO_LIST. The GET_RO_LIST instruction requests to transmit information from a list of all available ROs stored in a secure MMC, and therefore, the data field of the GET_RO_LIST instruction has no values (1620). A data field of an output response 1640 includes information regarding the ROs, and a status word reports a result of executing the instruction. A T-field in the data field is a tag field that has a tag value that indicates that the output response (1640) is a response to the GET_RO_LIST statement. An L-field in the data field has a value indicating a length of a V-field in the data field. The V-field includes information from the list of all available ROs. A status word is expressed by a combination of SWl and SW2 that indicate any of the following, "successful execution of the instruction", "unknown tag", "incorrect parameter in the V-field", "general authentication need", and "need for authentication", as shown in Figure 28.

Figures 29 to 33 illustrate examples of an instruction formats, instruction parameters, and an output response, which are used when a device requests a secure MMC to eliminate a particular RO in the protocol illustrated in Figure 10 in an exemplary embodiment of the present invention. Here, the instruction is SET_DELETE_RO which includes a CLA field and an INS field which indicate a group of instructions. Therefore, the instructions that relate to the deletion have the same values in the CLA field and in the INS field. Several instructions that are related to eliminate are distinguished from each other by a field Pl and a field P2. An instruction data field includes an encrypted ID of an RO to be deleted. The data field includes a label field (T), a length field (L), and a value field (V). The T-field includes a category of the instruction. The L-field includes a length of the data included in the V-field. The V-field includes the encrypted ID of the RO to be deleted. In an output response sent by the secure MMC receiving the instruction SET_DELETE_RO, a status word is expressed by the values SWl and SW2 to indicate if the deletion has happened, if the data included in the T-field is wrong, if finds an error in the V-field, and if authentication is needed.

Industrial Applicability In accordance with the present invention, a device requests information corresponding to an RO coming from a storage device, receives the information that refers to the RO of the portable storage device, and eliminates an unnecessary RO, thereby making it easy to manage and efficiently the ROs. Upon completion of the detailed description, those skilled in the art will appreciate that many variations and modifications can be made to exemplary embodiments without substantially departing from the principles of the invention. Therefore, the described exemplary embodiments of the invention are used only in a generic and descriptive sense and not for the purpose of limiting. It is noted that in relation to this date, the best method known to the applicant to carry out the aforementioned invention, is that which is clear from the present description of the invention.

Claims

CLAIMS Having described the invention as above, the content of the following claims is claimed as property. A method for acquiring information relating to a digital rights object, characterized in that it comprises: receiving a request for data on a rights object of a device; process the data on the rights object in response to the request to generate processed data, and provide the processed data to the device. The method according to claim 1, characterized by further comprising, before processing the data, performing authentication with the device and generating an encryption key. The method according to claim 2, characterized in that the encryption key comprises a session key and a hashing key. . The method according to claim 1, characterized in that the processing of the data comprises: accessing a rights object corresponding to one of the following, a content identifier and a rights object identifier, which is provided by the device; process the data about the object of rights which is accessed. 5. The method according to claim 1 characterized in that the processed data comprises information included in the obj ect of rights. The method according to claim 5, characterized in that the processed data comprises a content identifier, information indicating whether the content is modified, permission information, and information indicating whether other information is modified. The method according to claim 6, characterized in that the information indicating whether the other information is modified comprises information indicating a transmission sequence of the device request. The method according to claim 6, characterized in that the permission information comprises at least two types of permission information. The method according to claim 1, characterized in that the processed data is converted into a format supported by the device. 10. A method for acquiring information that relates to a digital rights object, characterized by comprising: performing authentication with a portable storage device and generating an encryption key; request data about a rights object of the portable storage device; and receiving the processed data on the rights object of the portable storage device. The method according to claim 10, characterized in that the encryption key comprises a session key and a hashing key. 12. The method according to claim 10, characterized in that it also comprises converting the processed data. The method according to claim 12, characterized in that the conversion of the processed data includes checking whether the processed data is modified. 14. The method according to claim 12, characterized in that the conversion of the processed data comprises converting the processed data into a format supported by the device. The method according to claim 10, characterized in that the processed data comprises information in the rights object. The method according to claim 15, characterized in that the processed data comprises a content identifier, information indicating whether the content is modified, permission information, and information indicating whether other information is modified. 17. The method according to claim 16, characterized in that the information indicating whether the other information is modified comprises information indicating a transmission sequence of the device request. 18. A method for acquiring information relating to a digital rights object, characterized by comprising: receiving a request for data on all available rights objects of a device; access all available rights objects in response to the request and process the data on all available rights objects to generate processed data; And provide the processed data to the device. 19. The method according to claim 18, further comprising, before processing the data, performing authentication with the device and generating an encryption key. The method according to claim 19, characterized in that the encryption key comprises a session key and a hashing key. 21. The method according to claim 18, characterized in that the processed data comprises information included in the obj ect of rights. The method according to claim 21, characterized in that the processed data comprises a rights object identifier, content identifier, information indicating whether the content is modified, permission information, and information indicating whether other information is modified . 23. The method according to claim 22, characterized in that the information indicating whether the other information is modified comprises information indicating a transmission sequence of the device request. 24. The method according to claim 18, characterized in that the processed data is converted into a format supported by the device. 25. The method according to claim 21, characterized in that the permission information comprises at least two types of permission information. 26. A method for acquiring information that relates to a digital rights object, characterized in that it comprises: performing an authentication with a portable storage device and generating an encryption key; request data on all available rights objects of the portable storage device; and receiving the processed data on all available rights objects of the portable storage device. The method according to claim 26, characterized in that the encryption key comprises a session key and a hashing key. 28. The method according to claim 26, characterized in that it also comprises converting the processed data. 29. The method according to claim 28, characterized in that the conversion of the processed data comprises checking whether the processed data is modified. 30. The method according to claim 28, characterized in that the conversion of the processed data comprises converting the processed data into a format supported by the device. 31. The method according to claim 26, characterized in that the processed data comprises information included in the rights object. The method according to claim 31, characterized in that the processed data comprises a rights object identifier, a content identifier, information indicating whether the content is modified, permission information, and information indicating whether other information is modified. The method according to claim 32, characterized in that the information indicating whether the other information is modified comprises information indicating a transmission sequence of the device request. 34. A method for eliminating a digital rights object, characterized in that it comprises: selecting information regarding a rights object that must be eliminated; encrypt the information referring to the object of rights which is selected with the use of a common encryption key to generate encrypted information, - incorporate the encrypted information referring to the object of rights within a signal that must be transmitted to a portable storage device; and transmitting the signal to the portable storage device. 35. The method according to claim 34, characterized in that it also includes, before selecting the information, receiving information regarding the object of rights to be removed from the portable storage device. 36. The method according to claim 34, characterized in that it also comprises before selecting the information, performing an authentication with the portable storage device with the use of a public-key scheme and generating the common encryption key. 37. The method according to claim 34, characterized in that the selected information relating to the rights object is a rights object identifier. 38. The method according to claim 34, characterized in that the selected information relating to the rights object is information on whether a rights object can be used. 39. A method for removing a digital rights object, characterized in that it comprises: receiving deletion information of an encrypted rights object of a device; decrypting the deletion information of an encrypted rights object with the use of a common encryption key to generate decrypted rights object elimination information; access a digital rights object that corresponds to the deletion information of a decrypted rights object; and delete the rights object which is accessed. 40. The method according to claim 39, characterized in that it also comprises, before receiving the encrypted information of elimination of a rights object, to provide information regarding the object of rights to the device. 41. The method according to claim 39, characterized in that it also comprises, before receiving the encrypted information of elimination of a rights object, performing the authentication with the device and generating an encryption key. 42. The method according to claim 39, characterized in that the encrypted information of elimination of a rights object comprises a rights object identifier. 43. The method according to claim 39, characterized in that the encrypted information of elimination of a rights object comprises information on whether a rights object can be used. 44. The method according to claim 39, characterized in that the elimination of the rights object comprises completely eliminating the rights object. 45. The method according to claim 39, characterized in that the elimination of the rights object comprises changing predetermined information of the rights object to indicate the rights object as unnecessary. 46. The method according to claim 45, characterized in that the rights object indicated as unnecessary is completely eliminated if the storage space is insufficient. 47. The method according to claim 45, characterized in that the rights object indicated as unnecessary is completely eliminated in response to an external request. 48. A portable storage device characterized in that it comprises: a storage module which stores a rights object for content; an interface module which receives a request for the rights object of a device; and a digital rights management (DRM) agent which accesses the rights object in response to the request, processes the data on the digital rights object, and provides the data that is processed to the device through the interface module . 49. A device characterized in that it comprises: an interface module connected in communication with a portable storage device; a key-public encryption module which performs authentication with the portable storage device connected by means of the interface module; an encryption key generating module which generates a session key and a hashing key which are shared with the portable storage device; and a digital rights management (DRM) agent which requests data on a rights object of the portable storage device and receives the processed data on the rights object of the portable storage device. 50. A device characterized in that it comprises: a digital rights management (DRM) agent which selects information regarding the rights object to be deleted and incorporates the selected information regarding the rights object into a signal that must be transmitted to a storage device laptop; an encryption module which encrypts the information referring to the object of rights which is selected with the use of a common encryption key to generate encrypted information regarding the object of rights; and an interface module which transmits the signal that has the encrypted information that refers to the object of rights to the portable storage device. 51. The device according to claim 50, characterized in that the selected information relating to the rights object comprises a rights object identifier. 52. The device according to claim 50, characterized in that the selected information relating to the digital rights object comprises information on whether a rights object can be used. 53. A portable storage device, characterized in that it comprises: an interface module which receives encrypted information of elimination of a rights object of a device; an encryption module which decrypts the deletion information of a rights object with the use of a common encryption key; and a digital rights management (DRM) agent which accesses a rights object corresponding to the decrypted information of elimination of a rights object and removes the rights object. 54. The portable storage device according to claim 53, characterized in that the decrypted information of deletion of a rights object comprises a rights object identifier. 55. The portable storage device according to claim 53, characterized in that the decrypted information of deletion of a rights object is information on whether a rights object can be used. 56. The portable storage device according to claim 53, characterized in that the DRM agent removes the rights object by completely eliminating the rights object. 57. The portable storage device according to claim 53, characterized in that the DRM agent removes the rights object by changing predetermined information of the rights object by pointing the rights object as unnecessary. 58. The portable storage device according to claim 57, characterized in that the rights object indicated as unnecessary is completely eliminated if the storage space is insufficient. 59. The portable storage device according to claim 57, characterized in that the rights object indicated as unnecessary is completely eliminated in response to an external request. 60. A recording medium that has a computer-readable program recorded therein, the program for executing a method for acquiring information relating to a digital rights object, the method is characterized in that it comprises: receiving a request for data on an object of rights from a device; process the data about the rights object in response to the request to generate processed data; and provide the processed data to the device.