WO2005010879A2 - Hybrid device and person based authorized domain architecture - Google Patents

Hybrid device and person based authorized domain architecture Download PDF

Info

Publication number
WO2005010879A2
WO2005010879A2 PCT/IB2004/051226 IB2004051226W WO2005010879A2 WO 2005010879 A2 WO2005010879 A2 WO 2005010879A2 IB 2004051226 W IB2004051226 W IB 2004051226W WO 2005010879 A2 WO2005010879 A2 WO 2005010879A2
Authority
WO
WIPO (PCT)
Prior art keywords
domain
content item
given
user
bound
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IB2004/051226
Other languages
English (en)
French (fr)
Other versions
WO2005010879A3 (en
Inventor
Franciscus L. A. J. Kamperman
Robert L. Koster
Geert J. Schrijen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Koninklijke Philips NV
Original Assignee
Koninklijke Philips Electronics NV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to EP20040744585 priority Critical patent/EP1652025B1/en
Priority to JP2006520958A priority patent/JP4694482B2/ja
Priority to MXPA06000880A priority patent/MXPA06000880A/es
Priority to KR1020067001648A priority patent/KR101060482B1/ko
Priority to CA2550768A priority patent/CA2550768C/en
Priority to AU2004260247A priority patent/AU2004260247B2/en
Priority to US10/565,663 priority patent/US9009308B2/en
Priority to ES04744585T priority patent/ES2428320T3/es
Priority to NZ544910A priority patent/NZ544910A/en
Application filed by Koninklijke Philips Electronics NV filed Critical Koninklijke Philips Electronics NV
Priority to BRPI0412787A priority patent/BRPI0412787B1/pt
Publication of WO2005010879A2 publication Critical patent/WO2005010879A2/en
Publication of WO2005010879A3 publication Critical patent/WO2005010879A3/en
Priority to IL173293A priority patent/IL173293A/en
Anticipated expiration legal-status Critical
Priority to NO20060905A priority patent/NO337782B1/no
Priority to US14/633,574 priority patent/US10038686B2/en
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/101Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
    • G06F21/1012Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to domains
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00731Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00855Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a step of exchanging information with a remote server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Definitions

  • the invention relates to a method of generating an Authorized Domain.
  • the invention further relates to a system for generating an Authorized Domain. Further, the invention relates to a computer readable medium having stored thereon instructions for causing one or more processing units to execute the method according to the invention.
  • a home network can be defined as a set of devices that are interconnected using some kind of network technology (e.g. Ethernet, IEEE 1394, BlueTooth, 802.Hb, 802.1 lg, etc.). Although network technology allows the different devices to communicate, this is not enough to allow devices to interoperate. To be able to do this, devices need to be able to discover and address the functions present in the other devices in the network.
  • CA conditional access
  • DRM Digital Rights Management
  • Such interoperability is provided by home networking middleware.
  • home networking middleware examples are Jini, HAVi, UPnP, AVC.
  • the concept of Authorized Domains (ADs) tries to find a solution to both serve the interests of the content owners (that want protection of their copyrights) and the content consumers (that want unrestricted use of the content).
  • the basic principle is to have a controlled network environment in which content can be used relatively freely as long as it does not cross the border of the authorized domain.
  • authorized domains are centered around the home environment, also referred to as home networks. Of course, other scenarios are also possible.
  • a user could for example take a portable device for audio and/or video with a limited amount of content with him on a trip, and use it in his hotel room to access or download additional content stored on his personal audio and/or video system at home. Even though the portable device is outside the home network, it is a part of the user's authorized domain.
  • an Authorized Domain is a system that allows access to content by devices in the domain, but not by any others.
  • a further example of a device based AD is e.g. given in European patent application serial number 02076998.0 (attorney docket PHNL020455) by the same applicant.
  • the domain is formed by a specific set of devices and content. Only the specific set of devices of the domain is allowed to access, use, etc. the content of that domain. There is not made any distinction of the various users of the specific set of devices.
  • a drawback of device based AD systems is that they typically do not provide the typical flexibility that a user wants or need, since users are restricted to a particular and limited set of devices. In this way, a user is not allowed to exercise the rights that the user has obtained anytime and anywhere he chooses.
  • Person based Authorized Domains typically offer easier domain management compared to device based ADs.
  • person based systems require person identification which is not always convenient or preferred by users.
  • a visitor to your home may want to access your content. As he does not have a person id device for that domain it is not possible for him to access content. It would be preferred if devices in the home belonging to the domain could enable access of domain content by the visitor. Therefore there is a need for a hybrid person and device based authorized domain having the individual advantages of each system.
  • An additional object is to provide a method and system solving the above-mentioned shortcomings of prior art.
  • a further object is to provide this in a simple, flexible and efficient way.
  • the method further comprises the step of binding at least one content item to the Authorized Domain given by the domain identifier.
  • the step of binding at least one user to the domain identifier comprises: obtaining or generating a Domain Users List (DUC) comprising the domain identifier and a unique identifier for a user thereby defining that the user is bound to the Authorized Domain and/or the step of binding at least one device to the domain identifier comprises: obtaining or generating a Domain Devices List comprising the domain identifier and a unique identifier for a device thereby defining that the device is bound to the domain.
  • DUC Domain Users List
  • the step of binding at least one content item to the Authorized Domain comprises: - binding a content item to a User Right, where said User Right is bound to a user bound to the Authorized Domain, and/or - binding a content item to a Device Right, where said Device Right is bound to a device bound to the Authorized Domain.
  • the step of binding at least one content item to the Authorized Domain comprises: - binding a content item to a Domain Right, where said Domain Right is bound to the Authorized Domain.
  • the User Right or the Device Right or the Domain Rights comprises rights data representing which rights exists in relation to the at least one content item bound to the User Right or the Device Right or the Domain Rights.
  • the method further comprises the step of controlling access to a given content item bound to the Authorized Domain by a given device being operated by a given user, the step comprising: - checking if the given user is bound to the same Authorized Domain as the given content item, or - checking if the given device is bound to the same Authorized Domain as the given content item, and allowing access for the given user via the given device and/or other devices to the content item if the given user is bound to the same Authorized Domain, or allowing access for the given user and/or other users via the given device to the content item if the given device is part of the same Authorized Domain.
  • the method further comprises the step of controlling access to a given content item, being bound to the Authorized Domain and having a unique content identifier, by a given device being operated by a given user comprising: - checking if the Domain Devices List of the Authorized Domain comprises an identifier of the given device, thereby checking if the given device is bound to the same Authorized Domain as the content item, and/or - checking if the Domain User List of the Authorized Domain comprises an identifier of the given user thereby checking if the given user is bound to the same Authorized Domain as the content item, - and allowing access to the given content item by the given device for any user if the given device is bound to the same Authorized Domain as the content item being accessed, and/or - allowing access to the given content item by any device including the given device for the given user if the given user is bound to the same Authorized Domain as the content item being accessed.
  • the step of controlling access of a given content item further comprises: - checking that the User Right for the given content item specifies that the given user has the right to access the given content item and only allowing access to the given content item in the affirmative.
  • every content item is encrypted and that a content right is bound to each content item and to a User Right or a Device Rights or a Domain Rights, and that the content right of a given content item comprises an decryption key for decrypting the given content item.
  • - the Domain Users List is implemented as or included in a Domain Users Certificate
  • - the Domain Devices List is implemented as or included in a Domain Devices Certificate
  • - the User Right is implemented as or included in a User Right Certificate
  • - the Device Right is implemented as or included in a Device Right Certificate
  • - the Domain Rights is implemented/included in a Domain Rights Certificate.
  • Figure 1 schematically illustrates binding of persons, devices, user rights, and content in an authorized domain (AD) according to the present invention
  • Figure 2 schematically illustrates binding of persons, devices, user rights and content in an authorized domain (AD) according to an alternative embodiment of the present invention
  • Figure 3 schematically illustrate the elements of a Domain Devices Certificate (DDC) and of a Domain Users Certificate (DUC)
  • Figure 4a illustrates an exemplary (partial) data structure of a content container, a content right (CR) and a user right certificate (URC) according to the embodiment of the present invention shown in Figure 1
  • Figure 4b illustrates an exemplary (partial) data structure of a content container, a content right (CR) and a Domain Rights Certificate (DRC) according to the embodiment of the present invention shown in Figure 2
  • Figure 5 schematically illustrate an exemplary system comprising devices and persons forming an authorized domain (AD).
  • FIG. 1 schematically illustrates binding of persons, devices, user rights and content in an authorized domain (AD) according to the present invention. Shown are an authorized domain (100) according to the present invention where a number of devices Dl, D2, D3, ..., DM (where M is equal to or larger than 1), a number of content items Cl, C2, C3, ..., CN 2 (where N is equal to or larger than 1) and a number of persons/users PI, P2, P3, ..., PNi (where Ni is equal to or larger than 1) is bound to the AD according to an embodiment of the present invention.
  • the devices, persons, and content items have been bound to the domain (100), as will be explained later. Also shown are one or more user rights (URC1, ...
  • URCN where preferably one content item is associated with one user right certificate specifying which rights a given person (or alternatively a given group of persons and/or all persons bound to the domain (100)) have in relation to the specific content item (or alternatively, several or all content items in the domain (100)).
  • the reader is referred to European patent application serial number 01204668.6 (attorney docket PHNL010880) by the same applicant or European patent application serial number 02076998.0 (attorney docket PHNL020455) by the same applicant.
  • European patent application serial number 02076998.0 (attorney docket PHNL020445) more specifically describes an implementation in which content and devices are coupled to a domain. Additionally, European patent application serial number 02079390.7 (attorney docket PHNL021063) by the same applicant describes an implementation in which content is coupled to persons which then are grouped into a domain. Please note that in practice content can only be accessed/used by means of a user operating a device. In the following text we assume that devices used in the system are compliant and "public" devices. This means that a device will adhere to certain operation rules (e.g. will not illegally output content on an unprotected digital interface) and that ownership of a device is not important (public).
  • the user right (URCl, ... URCN 2 ) is a single connection, binding, coupling etc. between one user and a content right (which is required to decrypt a piece of content).
  • - content (Cl, C2, C3, ..., CN 2 ): content items are preferably encrypted (there are many options, for example with a unique key per content title) and can be anywhere in the system; a content item is in this embodiment linked indirectly to a user right certificate via a content right, as also explained in connection with Figure 4a.
  • - content right (CR; not shown; see e.g. Figure 4a): contains cryptographic key(s) or other suitable protection means to access a certain (encrypted/protected) content item.
  • the system is flexible in the sense that content rights can be made unique per content title or even unique per specimen (copy) of content.
  • Content rights should be only transferred to compliant devices.
  • a more secure rule is to enforce that content rights may be only transferred to compliant devices that are operated by authorized users (i.e. users that are authorized to have access to the specific content right by means of their user rights).
  • Content rights might also be stored together with the content on for example an optical disk. However, content rights must be stored securely since they contain the content decryption key.
  • - user right certificate (URCl, ... URCN 2 ): a certificate or the like issued by the content provider that authorizes a person to use a certain content right (CR) (belonging to a certain piece of content).
  • User rights can be in principle anywhere in the system.
  • the user right certificate also comprises rules (e.g. restricted to viewers 18 years or older, or European market only, etc.) of access to a certain content item.
  • - device (Dl, D2, D3, ..., DM): a device that is used to play, operate, record, present, display, modify, etc. a content item.
  • a (compliant) device can also preferably identify a user by means of a personalized identification device (e.g. such as a smart-card, a mobile phone, a biometric sensor, etc.) and collect certificates (e.g. from the smartcard, or from other devices) that prove that the user is allowed to use a certain content right. This content right could be obtained from the smart-card where it was stored (if it was stored there), or be obtained (securely transferred) from another compliant device on a network.
  • - user/person P 1 , P2, P3 , ...
  • a user is identified by some biometric or preferably by a personalized identification device (e.g. a smartcard, mobile phone, a mobile phone containing a smartcard or other types of devices that uniquely identifies a user) that he/she is wearing, carrying or has access to.
  • a personalized identification device e.g. a smartcard, mobile phone, a mobile phone containing a smartcard or other types of devices that uniquely identifies a user
  • a mobile phone comprising a smart card or another device having storage means is preferred since it allows users to carry rights with them (for accessing content on off-line devices).
  • the identification device may itself be protected by a biometric authentication mechanism, so that anyone other than the legitimate owner cannot use the identification device.
  • a user may also be identified using public key technology or zero-knowledge protocols or a combination thereof.
  • authorized devices are bound to the AD (100) by a certificate.
  • authorized persons/users are preferably also bound to the AD (100) via certificates.
  • Content items are, in this particular embodiment, bound to a person by means of a user right certificate (URC).
  • URC user right certificate
  • This user right certificate enables the use of a corresponding content right (CR) that preferably contains a cryptographic key for accessing the content, as will be explained in greater detail in connection with Figure 4a.
  • a user right certificate (URC) is typically linked with one content item, but could also be linked with multiple content items.
  • An exemplary partial data structure of a content container (contains a content item), a URC and a CR are shown and explained in greater detail in connection with Figure 4a.
  • Domain certificates are preferably issued by a domain authority. Alternatively, compliant devices with domain management capabilities can manage these certificates.
  • each content item Cl, C2, ..., CN 2 is coupled to a user right certificate URCl, URC2, ..., URC N 2 .
  • URCl and URC2 are coupled to person PI
  • URC . 2 , URC 2 _ ⁇ and URC 2 are coupled to person PNi
  • URC4-URC 2 . 3 are distributed among person(s) P3 -PN M .
  • specific content Cl and C2 are coupled to a specific person PI
  • specific content CN . 2 , CN 2 . ⁇ and CN 2 are coupled to a specific person PNi
  • specific content C4-CN 2 are coupled to a user right certificate URCl, URC2, ..., URC N 2 .
  • URCl and URC2 are coupled to person PI
  • URC . 2 , URC 2 _ ⁇ and URC 2 are coupled to
  • a single content item is only allowed to be coupled to a single URC (indirectly via a content right) and thereby a single person. If several users needs a copy of the same content item it would in this embodiment be present once for each user and treated as different content items, which make rights management simpler.
  • a single content item could be coupled to more than one person, as a CR can be linked to multiple URCs.
  • Persons PI, P2, ..., PNi and Domain devices Dl, D2, ..., DM are then grouped into forming the authorized domain (100).
  • the binding i.e.
  • DDC Domain Devices Certificate or Domain Devices List
  • DUC Domain Users Certificate or Domain Users List
  • URC User Right Certificate or User Right List
  • the DDC lists the device(s), which are part of the domain (100), e.g. by comprising for each device a unique identifier.
  • the DUC lists the user(s), which are part of the domain, e.g. by comprising a unique identifier or a (e.g.
  • the URC preferably exist for each content item (so in the exemplary embodiment of Figure 1 there are N 2 URCs) and indicates which rights the user (that the URC is linked to) has (and/or does not have) within the domain (100), and optionally a cross domain (X-AD rights), for the given content item linked to the URC.
  • N 2 URCs indicates which rights the user (that the URC is linked to) has (and/or does not have) within the domain (100), and optionally a cross domain (X-AD rights), for the given content item linked to the URC.
  • an URC coupled to a given user e.g. lists each content item that is coupled to the given user and what rights the given user has in relation to each coupled content item.
  • only a single URC is used specifying the rights for every user, i.e.
  • the DDC and DUC are associated with each other by means of a Domain Identifier (DomainJ-D) contained in both certificates.
  • DomainJ-D Domain Identifier
  • a very simple way of linking the user(s) (and thereby the content item(s)) and the device(s) of a given domain together (and thereby forming the domain) is obtained.
  • a specific device e.g. device D3 wants to access a certain piece of content (e.g. content Cl) it has to be proved or checked, etc. (using the certificates) that the certain piece of content is coupled to a specific person (e.g.
  • the Domain ID may instead of being a random number be a reference to a data object e.g. a domain certificate.
  • a data object e.g. a domain certificate.
  • the domain may comprise zero persons and/or zero devices and/or zero content items during some points.
  • the domain may comprise zero content items or zero devices bound to the domain, etc.
  • a user that has been verified as belonging to the same domain as the content item being accessed may access the specific content using any device.
  • a user that is using a device that has been verified as belonging to the same domain as the content item being accessed may access the specific content using that specific device. Further all users may access the specific content item on that specific device.
  • the content may be bound to the devices of the domain instead of to the persons of the domain.
  • a Device Right Certificate (DevRC) (not shown) is used.
  • the Device Right Certificate (DevRC) would then have the same content as the URC with the exception of a Device ID instead of a Person ID. The rest is un-changed.
  • both devices and users could be comprised in a single list/certificate. Further, several lists/certificates comprising devices and/or several lists/certificates comprising users and/or combinations thereof may be used just as well.
  • FIG. 2 schematically illustrates binding of persons, devices, user rights and content in an authorized domain (AD) according to an alternative embodiment of the present invention.
  • This shown embodiment corresponds to the one shown in Figure 1 with the only exception that instead of coupling content items Cl, C2, ..., CN 2 to persons PI, P2, ...., PNi via user right certificates URCl, URC2, ..., URC N 2 , the content items are coupled to the domain (100) via one or more Domain Rights (DRC).
  • DRC Domain Rights
  • one content item is coupled to one DRC.
  • the DRC is implemented as a certificate. If a specific device (e.g. device D3), in this embodiment, wants to access a certain piece of content (e.g.
  • the certain piece of content is coupled to the same domain (100) as the specific device or that a specific person (e.g. person PI) operating the device is a member of the domain.
  • This may in this embodiment e.g. be done by checking that an (unique) identifier of the specific device is part of the DDC or that an (unique) identifier of the specific person is part of the DUC.
  • the certain piece of content is coupled to a DRC that is part of the domain and that the DDC or the DUC comprises the same Domain Identifier, and that the DRC for the specific content specifies that a person of the domain has the right to access the certain piece of content (e.g.
  • FIG. 3 schematically illustrate the elements of a Domain Devices Certificate (DDC) and of a Domain Users Certificate (DUC).
  • the Domain Devices Certificate comprises a listing of unique identifiers (Dev.IDl, Dev.ID2, ...) for one or more devices belonging to a given domain, i.e. being authorized devices in the domain.
  • the device identifier for a given device e.g.
  • Dev.IDl is an (unchangeable at least by users) serial or ID number, etc.
  • the given domain is specified by the value of the Domain ID, which e.g. may be an 8 byte random identifier.
  • Certificates according to the present invention could e.g. be implemented by the well-known SPKI authorization certificate. Additionally, one useful option is to put a DomainJ-D in a holder field of such a SPKI certificate implementing the DDC, the DUC and/or the DRC.
  • the Domain Users Certificate (DUC) comprises a listing of unique identifiers (PersJ-Dl, Pers_ID2, ...) for one or more users/persons belonging to the given domain, i.e. being authorized users in the domain.
  • FIG. 4a illustrates an exemplary (partial) data structure of a content container, a content right (CR) and a user right certificate (URC) according to the embodiment of the present invention shown in Figure 1.
  • a content container 501
  • the content container further comprises a content identifier (Cont_ID) unique for the particular content item embedded in the content container.
  • the content identifier (ContJ-D) is used to locate a given content item of the domain, e.g. by searching every content container belonging to the specific domain for a matching ContJ-D.
  • a content right (CR) (502) comprising a content identifier (Cont_ID) and a content encryption key (Cont Encr K).
  • the content identifier is used to establish a link to the encrypted content item (in a content container) that the content encryption key is for, i.e. the content that the key is needed to de-crypt and thereby enable access to.
  • the encryption key is a symmetrical key, i.e. the same key is used to both encrypt and decrypt data. Alternatively, other secure schemes may be used.
  • UR user right
  • URC User Right Certificate
  • URC comprises a content identifier (ContJ-D) used for linking a specific content item (and content right) with a specific URC.
  • the URC also comprises a person/user identifier (Pers_ID) that indicates which person the specific content is bound to.
  • the person/user identifier could e.g. be an ID or serial number for a given person, a name, a hash value of a public key of the user or in general any unique identifier of a person.
  • the URC comprises rights data (Rghts Dat) that define what the given user (as identified by the Pers_ID) is allowed to do in relation with the specific content item (contained in the content container comprising the same Cont_ID). These rights data may e.g.
  • the rights data may also define what all users are allowed to do in relation with the specific content item (which may be the same or different than the rights of the person identified by Pers_ID).
  • the well-known SPKI authorization certificate could be used to implement such a URC.
  • content is linked via devices to the domain in stead of via persons, no URC would be needed, but a Device Right Certificate, that would be the same as the URC except that it contains a Device ID instead of a Person ID.
  • a content right (CR) and a user right certificate (URC) according to this embodiment of the present invention consider the following simple example illustrating access to a content item by a user.
  • the content identifier (ContJ-D) for the given content item that the user wants to access and the person identifier (PersJ-D) of the user are obtained.
  • the person identifier may e.g. be obtained on the basis of a personalized identification device (e.g. a smart card, mobile phone, a mobile phone containing a smartcard, a biometric sensor, etc. or in another way).
  • the content identifier may e.g.
  • the rights data (Rghts Dat) of the URC may also specify a restricted access to the content item.
  • the rights data may specify rules, rights, conditions for the person identified with Pers_ID and/or rules, rights, conditions in general. For example, it could specify that that every user in the domain has play rights while the user linked via PersJ-D in addition has exclusive first generation copy rights. Usually, the user will obtain access to the content item using a specific device.
  • the user is not part of the domain or no valid user ID can be obtained (e.g. because it is a friend accessing the content)
  • This Domain D is used to determine a Domain Devices Certificate (DDC) (shown in Figures 1, 2 and 3) comprising the same Domain_ID and checking if the DDC comprises a Dev.
  • DDC Domain Devices Certificate
  • the DDC comprises a Dev. ID for the specific device then the user (and all other users) may use the specific device to access the specific content (and all other content of that domain).
  • the obtained content identifier is used to locate the content right (CR) of the specific content item being accessed in order to obtain the cryptographic key that has to be used to decrypt the encrypted content item.
  • the content container comprising the encrypted content item is also located using the content identifier.
  • the key in the content right is used to decrypt the content item which is now accessible, e.g. for rendering, copying on an optical disk, editing, etc.
  • the content item may also be decrypted using the content right before sending it to the device for access, whereby only the content item needs to be transmitted.
  • this requires special measures in order to protect the content item during transfer so that it is not possible to 'leak' the unprotected content. This process is illustrated in Figure 4a by the arrows linking the Cont_ID of the various structures.
  • Figure 4b illustrates an exemplary (partial) data structure of a content container, a content right (CR) and a Domain Rights Certificate (DRC) according to the embodiment of the present invention shown in Figure 2.
  • content items are bound to the domain via a DRC and not to users (via a URC) of the domain.
  • a content container 501
  • a content right CR
  • 502 a content right
  • a Domain Rights Certificate 504
  • Cont_ID content identifier
  • the DRC also comprises a domain identifier (DomainJ-D) that indicates which domain the specific content is bound to.
  • the domain identifier corresponds to the one in the Domain Devices Certificate (DDC) and the Domain Users Certificate (DUC) explained in connection with Figures 1, 2 and 3.
  • the DRC (504) comprises rights data (Rghts Dat) that define what a or more users are allowed to do in relation with the specific content item (contained in the content container comprising the same ContJ-D). These rights data correspond to the rights data of the URC explained in connection with Figure 4a.
  • a content right and a domain rights certificate according to this embodiment of the present invention consider the following simple example illustrating access on a specific device to a content item by a user.
  • the content identifier (Cont_ID) for the given content item that the user wants to access, the person identifier (Pers_ID) of the user and the domain identifier (Domain_ID) of the domain containing the content item are obtained.
  • the content identifier and the person identifier may be obtained as described in connection with Figure 4a.
  • the domain identifier (Domain_ID) is obtained from the DomainJ-D of the DRC that the content is bound to. It is checked if the content item and the user belong to the (same) Authorized Domain. Checking whether a user belongs to a domain is done by checking if the person identifier (Pers_ID) is comprised in a Domain Users Certificate (DUC) (as shown in Figures 1, 2 and 3) having the specific domain identifier. If so, then it has been verified that the user is part of the domain and is allowed to access content also being a part of the same domain.
  • DUC Domain Users Certificate
  • the given content item also belongs to the same domain, by checking if the content identifier of the content item is bound to the same domain, i.e. by checking whether there exist a DRC bound to the domain that comprises the same content identifier. If so, then the content item belongs to the same domain and the user (given that the user and/or the device that is used have been verified) therefore has the right to access it. Further, the rights data (Rghts Dat) of the DRC may also specify a restricted access to the content item, as described in connection with Figure 4a. Usually, the user will obtain access to the content item using a specific device.
  • the user is not part of the domain or no valid user ID can be obtained (e.g. because it is a friend accessing the content)
  • This is done by obtaining the DomainJ-D of the DRC that the content was bound to.
  • This Domain l-D is used to determine a Domain Devices Certificate (DDC) (shown in Figures 1, 2 and 3) comprising the same DomainJ-D and checking if the DDC comprises a Dev. ID for the specific device that the user is trying to use to access the content item.
  • DDC Domain Devices Certificate
  • the DDC comprises a Dev. ID for the specific device
  • the user and all other users may use the specific device to access the specific content (and all other content of that domain).
  • These three steps of validating access to the content item, the user and the device may alternatively be done in another order than the one described and e.g. also in parallel at least to a certain extent.
  • the content item is accessed as described in connection with Figure 4a, i.e. obtaining the content right and decrypting the content, etc.
  • Figure 4b schematically illustrate an exemplary system comprising devices and persons forming an authorized domain (AD).
  • Devices in the example is a television set (504), a digital video system (503), a music set (502) and a portable device (507) that is in wireless communication with the network (101) via a wireless access point (506).
  • a user/person (505) Further shown is a user/person (505).
  • an Authorized Domain (100) has the television set (504), the digital video (503), the music set (502) and the user (505) bound to it in addition to a number of content items (not shown) (bound according to Fig.l via persons/users or via devices or bound according to Fig. 1 via Domain Rights Certificate).
  • the user wants to access a given content item on the portable device (507). He may be located the same place as the devices or at another place (e.g. in a hotel room). For a user to obtain access to the content item according to the invention, it has to be checked that the person (505) belongs to the domain (100) since the portable device (507) does not. This may be done by uniquely identifying the user e.g. using a smart card reader, e.g. in the portable device (507), which then may transfer the User ID to the network (101). The content right and the content item is assumed to be on the portable device (507) (otherwise it may be transmitted there). The user is then checked as described in connection with Figures 4a or 4b.
  • an Authorized Domain 100
  • the user (505) is in this scenario not bound to the Authorized Domain (100) as he e.g. may be a neighbor or friend visiting.
  • the user also wants to access a given content item on the portable device (507).
  • the portable device (507) belongs to the domain (100) since the person (505) does not. This may be done by checking if the portable device (507) is bound to the same domain as the content item as described in connection with Figures 4a or 4b. After validation of the device, then the content item may be accessed by the user on the portable device (507).
  • any reference signs placed between parentheses shall not be constructed as limiting the claim.
  • the word “comprising” does not exclude the presence of elements or steps other than those listed in a claim.
  • the word “a” or “an” preceding an element does not exclude the presence of a plurality of such elements.
  • the invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer.
  • the device claim enumerating several means several of these means can be embodied by one and the same item of hardware.
  • the mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)
  • Peptides Or Proteins (AREA)
  • Preparation Of Compounds By Using Micro-Organisms (AREA)
PCT/IB2004/051226 2003-07-24 2004-07-14 Hybrid device and person based authorized domain architecture Ceased WO2005010879A2 (en)

Priority Applications (13)

Application Number Priority Date Filing Date Title
NZ544910A NZ544910A (en) 2003-07-24 2004-07-14 Hybrid device and person based authorized domain architecture
MXPA06000880A MXPA06000880A (es) 2003-07-24 2004-07-14 Dispositivo hibrido y arquitectura de dominio autorizado basado en una persona.
KR1020067001648A KR101060482B1 (ko) 2003-07-24 2004-07-14 하이브리드 디바이스 및 개인 기반 허가된 도메인 아키텍쳐
CA2550768A CA2550768C (en) 2003-07-24 2004-07-14 Hybrid device and person based authorized domain architecture
AU2004260247A AU2004260247B2 (en) 2003-07-24 2004-07-14 Hybrid device and person based authorized domain architecture
US10/565,663 US9009308B2 (en) 2003-07-24 2004-07-14 Hybrid device and person based authorized domain architecture
ES04744585T ES2428320T3 (es) 2003-07-24 2004-07-14 Arquitectura de dominio autorizado híbrido basado en personas y dispositivos
EP20040744585 EP1652025B1 (en) 2003-07-24 2004-07-14 Hybrid device and person based authorized domain architecture
BRPI0412787A BRPI0412787B1 (pt) 2003-07-24 2004-07-14 método e sistema para gerar um domínio autorizado
JP2006520958A JP4694482B2 (ja) 2003-07-24 2004-07-14 複合型の装置及び個人に基づく認可されたドメインのアーキテクチャ
IL173293A IL173293A (en) 2003-07-24 2006-01-23 Hybrid device and person based authorized domain architecture
NO20060905A NO337782B1 (no) 2003-07-24 2006-02-24 Fremgangsmåte og anordning for frembringelse av et godkjent domene
US14/633,574 US10038686B2 (en) 2003-07-24 2015-02-27 Hybrid device and person based authorization domain architecture

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP03102281 2003-07-24
EP03102281.7 2003-07-24

Related Child Applications (2)

Application Number Title Priority Date Filing Date
US10/565,663 A-371-Of-International US9009308B2 (en) 2003-07-24 2004-07-14 Hybrid device and person based authorized domain architecture
US14/633,574 Continuation US10038686B2 (en) 2003-07-24 2015-02-27 Hybrid device and person based authorization domain architecture

Publications (2)

Publication Number Publication Date
WO2005010879A2 true WO2005010879A2 (en) 2005-02-03
WO2005010879A3 WO2005010879A3 (en) 2005-05-12

Family

ID=34089689

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2004/051226 Ceased WO2005010879A2 (en) 2003-07-24 2004-07-14 Hybrid device and person based authorized domain architecture

Country Status (16)

Country Link
US (2) US9009308B2 (enExample)
EP (1) EP1652025B1 (enExample)
JP (1) JP4694482B2 (enExample)
KR (1) KR101060482B1 (enExample)
CN (1) CN100419618C (enExample)
BR (1) BRPI0412787B1 (enExample)
CA (1) CA2550768C (enExample)
ES (1) ES2428320T3 (enExample)
IL (1) IL173293A (enExample)
MX (1) MXPA06000880A (enExample)
NO (1) NO337782B1 (enExample)
NZ (1) NZ544910A (enExample)
RU (1) RU2372651C2 (enExample)
UA (1) UA95220C2 (enExample)
WO (1) WO2005010879A2 (enExample)
ZA (1) ZA200600659B (enExample)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005055022A1 (en) * 2003-12-04 2005-06-16 Koninklijke Philips Electronics N.V. Connection linked rights protection
WO2006129225A3 (en) * 2005-05-31 2007-02-08 Koninkl Philips Electronics Nv Flexible domain policy distribution
WO2007018623A1 (en) * 2005-08-02 2007-02-15 Sony Ericsson Mobile Communications Ab Methods, systems, and computer program products for sharing digital rights management-protected multimedia content using biometric data
WO2007036831A3 (en) * 2005-09-30 2007-11-01 Koninkl Philips Electronics Nv Improved drm system
EP1860586A1 (en) * 2006-05-18 2007-11-28 Vodafone Holding GmbH Method and managing unit for managing the usage of digital content, rendering device
WO2008044210A3 (en) * 2006-10-12 2008-10-30 Koninkl Philips Electronics Nv License specific authorized domains
JP2008546050A (ja) * 2005-05-19 2008-12-18 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ 許可ドメインポリシの方法
EP1866821A4 (en) * 2005-04-08 2011-03-09 Korea Electronics Telecomm METHOD OF DOMAIN MANAGEMENT AND DOMAIN CONTEXT FOR DOMAIN SYSTEM BASED ON USERS AND DEVICES
GB2476487A (en) * 2009-12-23 2011-06-29 Key Criteria Technology Ltd A multi-device multimedia system
US8239962B2 (en) 2004-05-17 2012-08-07 Koninlijke Philips Electronics N.V. Processing rights in DRM systems
US8689346B2 (en) 2004-06-04 2014-04-01 Koninklijke Philips N.V. Authentication method for authenticating a first party to a second party
US8761398B2 (en) 2006-05-02 2014-06-24 Koninkljijke Philips N.V. Access to authorized domains
US8863239B2 (en) 2004-03-26 2014-10-14 Adrea, LLC Method of and system for generating an authorized domain
US9356938B2 (en) 2005-02-04 2016-05-31 Koninklijke Philips N.V. Method, device, system, token creating authorized domains
US9673992B2 (en) 2007-03-02 2017-06-06 Thomson Licensing Dtv Method for operating a network as well as a local network and network component
EP3428817A1 (en) * 2005-04-13 2019-01-16 Samsung Electronics Co., Ltd. Encryption/decryption method and apparatus for controlling content use based on license information

Families Citing this family (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1619898A1 (en) * 2004-07-19 2006-01-25 Sony Deutschland GmbH Method for operating in a home network
US8402283B1 (en) 2004-08-02 2013-03-19 Nvidia Corporation Secure content enabled drive system and method
US8359332B1 (en) 2004-08-02 2013-01-22 Nvidia Corporation Secure content enabled drive digital rights management system and method
US8751825B1 (en) * 2004-12-15 2014-06-10 Nvidia Corporation Content server and method of storing content
US8788425B1 (en) 2004-12-15 2014-07-22 Nvidia Corporation Method and system for accessing content on demand
US8875309B1 (en) 2004-12-15 2014-10-28 Nvidia Corporation Content server and method of providing content therefrom
US8346807B1 (en) 2004-12-15 2013-01-01 Nvidia Corporation Method and system for registering and activating content
US7500269B2 (en) * 2005-01-07 2009-03-03 Cisco Technology, Inc. Remote access to local content using transcryption of digital rights management schemes
JP4613627B2 (ja) * 2005-02-08 2011-01-19 株式会社日立製作所 コンテンツ配信システム
US8893299B1 (en) 2005-04-22 2014-11-18 Nvidia Corporation Content keys for authorizing access to content
FR2892222A1 (fr) * 2005-10-17 2007-04-20 Thomson Licensing Sa Methode de gravure, de mise a disposition et de distribution securisee de donnees numeriques, dispositif d'acces et graveur.
US8452961B2 (en) * 2006-03-07 2013-05-28 Samsung Electronics Co., Ltd. Method and system for authentication between electronic devices with minimal user intervention
US7730181B2 (en) 2006-04-25 2010-06-01 Cisco Technology, Inc. System and method for providing security backup services to a home network
KR100941535B1 (ko) * 2006-06-09 2010-02-10 엘지전자 주식회사 디지털 저작권 관리에서 장치의 도메인 탈퇴 방법, 그 장치및 그 시스템
JP2008015622A (ja) * 2006-07-03 2008-01-24 Sony Corp 著作権保護記憶媒体、情報記録装置及び情報記録方法、並びに情報再生装置及び情報再生方法
KR20080084481A (ko) * 2007-03-16 2008-09-19 삼성전자주식회사 디바이스간의 콘텐츠 전송 방법 및 그 시스템
KR20090067551A (ko) * 2007-12-21 2009-06-25 삼성전자주식회사 클러스터 기반의 컨텐츠 사용 제한 및 컨텐츠 사용 방법,컨텐츠 접근 권한 인증 방법, 장치, 및 기록매체
US8407483B2 (en) * 2008-12-18 2013-03-26 Electronics And Telecommunications Research Institute Apparatus and method for authenticating personal use of contents by using portable storage
US8925096B2 (en) 2009-06-02 2014-12-30 Google Technology Holdings LLC System and method for securing the life-cycle of user domain rights objects
US20130074158A1 (en) * 2011-09-20 2013-03-21 Nokia Corporation Method and apparatus for domain-based data security
US9166976B2 (en) * 2011-10-17 2015-10-20 Stephen Villoria Creation and management of digital content and workflow automation via a portable identification key
CN104160653B (zh) * 2012-03-08 2018-02-23 英特尔公司 用于提供多因素数字安全证书的方法、装置、介质和设备
DE102014201234A1 (de) * 2014-01-23 2015-07-23 Siemens Aktiengesellschaft Verfahren, Verwaltungsvorrichtung und Gerät zur Zertifikat-basierten Authentifizierung von Kommunikationspartnern in einem Gerät
US10540511B2 (en) * 2016-03-31 2020-01-21 Intralinks, Inc. Information rights management offline file access facility

Family Cites Families (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU725933C (en) * 1996-11-18 2001-07-26 Mci Worldcom, Inc. A communication system architecture
US20080010365A1 (en) * 1997-07-25 2008-01-10 Eric Schneider Methods, products, systems, and devices for processing reusable information
US6324645B1 (en) * 1998-08-11 2001-11-27 Verisign, Inc. Risk management for public key management infrastructure using digital certificates
US20020062451A1 (en) * 1998-09-01 2002-05-23 Scheidt Edward M. System and method of providing communication security
US20020040439A1 (en) * 1998-11-24 2002-04-04 Kellum Charles W. Processes systems and networks for secure exchange of information and quality of service maintenance using computer hardware
US20010039624A1 (en) * 1998-11-24 2001-11-08 Kellum Charles W. Processes systems and networks for secured information exchange using computer hardware
US6223291B1 (en) * 1999-03-26 2001-04-24 Motorola, Inc. Secure wireless electronic-commerce system with digital product certificates and digital license certificates
US6463534B1 (en) * 1999-03-26 2002-10-08 Motorola, Inc. Secure wireless electronic-commerce system with wireless network domain
US6880007B1 (en) * 1999-06-07 2005-04-12 Register Com, Inc. Domain manager and method of use
US6460023B1 (en) * 1999-06-16 2002-10-01 Pulse Entertainment, Inc. Software authorization system and method
US20020031230A1 (en) * 2000-08-15 2002-03-14 Sweet William B. Method and apparatus for a web-based application service model for security management
US7356690B2 (en) * 2000-12-11 2008-04-08 International Business Machines Corporation Method and system for managing a distributed trust path locator for public key certificates relating to the trust path of an X.509 attribute certificate
US20020103811A1 (en) * 2001-01-26 2002-08-01 Fankhauser Karl Erich Method and apparatus for locating and exchanging clinical information
AU2002255568B8 (en) 2001-02-20 2014-01-09 Adidas Ag Modular personal network systems and methods
US20020144108A1 (en) * 2001-03-29 2002-10-03 International Business Machines Corporation Method and system for public-key-based secure authentication to distributed legacy applications
US8185938B2 (en) * 2001-03-29 2012-05-22 International Business Machines Corporation Method and system for network single-sign-on using a public key certificate and an associated attribute certificate
US20020146237A1 (en) * 2001-04-06 2002-10-10 General Instrument Corporation Portable content by way of a set-top device/home-gateway
US20020157002A1 (en) * 2001-04-18 2002-10-24 Messerges Thomas S. System and method for secure and convenient management of digital electronic content
CN1389836A (zh) * 2001-05-31 2003-01-08 东莞市天浪网络技术有限公司 身份认证方法和公民档案系统
JP4294266B2 (ja) * 2001-06-11 2009-07-08 パナソニック株式会社 ライセンス管理サーバ、ライセンス管理システム及び利用制限制御方法
US7047560B2 (en) * 2001-06-28 2006-05-16 Microsoft Corporation Credential authentication for mobile users
KR20040015714A (ko) 2001-07-17 2004-02-19 마쯔시다덴기산교 가부시키가이샤 컨텐츠 이용장치와 네트워크 시스템, 및 라이센스 정보취득방법
JP4177040B2 (ja) * 2001-07-17 2008-11-05 松下電器産業株式会社 コンテンツ利用装置及びネットワークシステム並びにライセンス情報取得方法
JP2003178163A (ja) 2001-08-06 2003-06-27 Matsushita Electric Ind Co Ltd ライセンス管理サーバ、端末装置、ライセンス管理システム及び利用制限制御方法
WO2003032572A1 (en) * 2001-10-12 2003-04-17 Geo Trust, Inc. Methods and systems for automated authentication, processing and issuance of digital certificates
US7487363B2 (en) 2001-10-18 2009-02-03 Nokia Corporation System and method for controlled copying and moving of content between devices and domains based on conditional encryption of content key depending on usage
CN1579095A (zh) * 2001-10-29 2005-02-09 松下电器产业株式会社 基线内容保护和复制管理数字视频广播的装置
WO2003050648A2 (en) * 2001-11-12 2003-06-19 Worldcom, Inc. System and method for implementing frictionless micropayments for consumable services
CN100490439C (zh) 2001-11-27 2009-05-20 皇家飞利浦电子股份有限公司 条件访问系统
AU2003208940A1 (en) * 2002-01-30 2003-09-02 Core Sdi, Inc. Framework for maintaining information security in computer networks
KR100982166B1 (ko) 2002-05-22 2010-09-14 코닌클리케 필립스 일렉트로닉스 엔.브이. 디지털 권한 관리 방법 및 시스템
JP2004062870A (ja) * 2002-06-04 2004-02-26 Matsushita Electric Ind Co Ltd データ配信システム
JP3791464B2 (ja) * 2002-06-07 2006-06-28 ソニー株式会社 アクセス権限管理システム、中継サーバ、および方法、並びにコンピュータ・プログラム
US20060106836A1 (en) * 2002-06-07 2006-05-18 Madoka Masugi Data processing system, data processing device, data processing method, and computer program
JP4129783B2 (ja) * 2002-07-10 2008-08-06 ソニー株式会社 リモートアクセスシステム及びリモートアクセス方法
JP4389145B2 (ja) * 2002-07-30 2009-12-24 富士ゼロックス株式会社 クライアントサーバシステムおよびその装置
US8374958B2 (en) * 2002-08-29 2013-02-12 Alcatel Lucent Method and apparatus for the payment of internet content
US20040059941A1 (en) * 2002-09-19 2004-03-25 Myfamily.Com, Inc. Systems and methods for identifying users and providing access to information in a network environment
JP2004139473A (ja) * 2002-10-18 2004-05-13 Toshiba Corp コンテンツ記録装置、再生装置及び記録再生装置、並びに記憶媒体
US20060021065A1 (en) 2002-10-22 2006-01-26 Kamperman Franciscus Lucas A J Method and device for authorizing content operations
US7734745B2 (en) * 2002-10-24 2010-06-08 International Business Machines Corporation Method and apparatus for maintaining internet domain name data
US7568218B2 (en) * 2002-10-31 2009-07-28 Microsoft Corporation Selective cross-realm authentication
US20040098615A1 (en) * 2002-11-16 2004-05-20 Mowers David R. Mapping from a single sign-in service to a directory service
JP4469631B2 (ja) * 2003-02-28 2010-05-26 パナソニック株式会社 端末装置、サーバ装置、ライセンス流通システム、ライセンス情報の取り扱い方法、およびプログラム
JP4033090B2 (ja) 2003-09-12 2008-01-16 日立電線株式会社 半導体装置用テープキャリアの製造方法
BRPI0509181A (pt) 2004-03-26 2007-09-18 Koninkl Philips Electronics Nv método e sistema para gerar um domìnio autorizado, meio legìvel por computador, domìnio autorizado, e, estrutura de domìnio autorizado

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005055022A1 (en) * 2003-12-04 2005-06-16 Koninklijke Philips Electronics N.V. Connection linked rights protection
US7627903B2 (en) 2003-12-04 2009-12-01 Koninklijke Philips Electronics N.V. Connection linked rights protection
US8863239B2 (en) 2004-03-26 2014-10-14 Adrea, LLC Method of and system for generating an authorized domain
US8239962B2 (en) 2004-05-17 2012-08-07 Koninlijke Philips Electronics N.V. Processing rights in DRM systems
US9898591B2 (en) 2004-06-04 2018-02-20 Koninklijke Philips N.V. Authentication method for authenticating a first party to a second party
US9411943B2 (en) 2004-06-04 2016-08-09 Koninklijke Philips N.V. Authentication method for authenticating a first party to a second party
US8689346B2 (en) 2004-06-04 2014-04-01 Koninklijke Philips N.V. Authentication method for authenticating a first party to a second party
US9356938B2 (en) 2005-02-04 2016-05-31 Koninklijke Philips N.V. Method, device, system, token creating authorized domains
EP1866821A4 (en) * 2005-04-08 2011-03-09 Korea Electronics Telecomm METHOD OF DOMAIN MANAGEMENT AND DOMAIN CONTEXT FOR DOMAIN SYSTEM BASED ON USERS AND DEVICES
JP4856169B2 (ja) * 2005-04-08 2012-01-18 エレクトロニクス アンド テレコミュニケーションズ リサーチ インスチチュート ユーザ及びデバイス基盤のドメインシステムを示すドメインコンテキスト及びその管理方法
US8533858B2 (en) 2005-04-08 2013-09-10 Electronics And Telecommunications Research Institute Domain management method and domain context of users and devices based domain system
EP3428817A1 (en) * 2005-04-13 2019-01-16 Samsung Electronics Co., Ltd. Encryption/decryption method and apparatus for controlling content use based on license information
JP2008546050A (ja) * 2005-05-19 2008-12-18 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ 許可ドメインポリシの方法
US8752190B2 (en) 2005-05-19 2014-06-10 Adrea Llc Authorized domain policy method
WO2006129225A3 (en) * 2005-05-31 2007-02-08 Koninkl Philips Electronics Nv Flexible domain policy distribution
WO2007018623A1 (en) * 2005-08-02 2007-02-15 Sony Ericsson Mobile Communications Ab Methods, systems, and computer program products for sharing digital rights management-protected multimedia content using biometric data
JP2009510583A (ja) * 2005-09-30 2009-03-12 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ 改善されたdrmシステム
US8595853B2 (en) 2005-09-30 2013-11-26 Koninklijke Philips N.V. DRM system
US8776259B2 (en) 2005-09-30 2014-07-08 Koninklike Philips N.V. DRM system
RU2419867C2 (ru) * 2005-09-30 2011-05-27 Конинклейке Филипс Электроникс Н.В. Улучшенная система цифрового управления правами (drm)
US9460271B2 (en) 2005-09-30 2016-10-04 Koninklijke Philips N.V. DRM system
EP1938237B1 (en) 2005-09-30 2018-12-12 Koninklijke Philips N.V. Improved drm system
WO2007036831A3 (en) * 2005-09-30 2007-11-01 Koninkl Philips Electronics Nv Improved drm system
US8761398B2 (en) 2006-05-02 2014-06-24 Koninkljijke Philips N.V. Access to authorized domains
EP1860586A1 (en) * 2006-05-18 2007-11-28 Vodafone Holding GmbH Method and managing unit for managing the usage of digital content, rendering device
US8886568B2 (en) 2006-10-12 2014-11-11 Koninklijke Philips N.V. License specific authorized domains
WO2008044210A3 (en) * 2006-10-12 2008-10-30 Koninkl Philips Electronics Nv License specific authorized domains
US9673992B2 (en) 2007-03-02 2017-06-06 Thomson Licensing Dtv Method for operating a network as well as a local network and network component
GB2476487A (en) * 2009-12-23 2011-06-29 Key Criteria Technology Ltd A multi-device multimedia system

Also Published As

Publication number Publication date
AU2004260247A1 (en) 2005-02-03
JP4694482B2 (ja) 2011-06-08
NZ544910A (en) 2007-06-29
ES2428320T3 (es) 2013-11-07
BRPI0412787A (pt) 2006-09-26
US20060190621A1 (en) 2006-08-24
JP2007501967A (ja) 2007-02-01
RU2372651C2 (ru) 2009-11-10
CA2550768A1 (en) 2005-02-03
EP1652025A2 (en) 2006-05-03
WO2005010879A3 (en) 2005-05-12
RU2006105621A (ru) 2006-06-27
KR101060482B1 (ko) 2011-08-31
IL173293A0 (en) 2006-06-11
IL173293A (en) 2012-02-29
CN100419618C (zh) 2008-09-17
ZA200600659B (en) 2007-05-30
US20150172279A1 (en) 2015-06-18
NO337782B1 (no) 2016-06-20
US9009308B2 (en) 2015-04-14
EP1652025B1 (en) 2013-07-03
NO20060905L (no) 2006-04-21
KR20060061802A (ko) 2006-06-08
MXPA06000880A (es) 2006-04-19
CA2550768C (en) 2015-09-22
UA95220C2 (ru) 2011-07-25
CN1826570A (zh) 2006-08-30
BRPI0412787B1 (pt) 2016-12-27
US10038686B2 (en) 2018-07-31

Similar Documents

Publication Publication Date Title
EP1652025B1 (en) Hybrid device and person based authorized domain architecture
US8863239B2 (en) Method of and system for generating an authorized domain
JP4734257B2 (ja) 接続リンクされた権利保護
US8761398B2 (en) Access to authorized domains
JP4098742B2 (ja) 公開鍵基盤構造を用いたドメイン形成方法
KR20040111681A (ko) 디지털 권한 관리 방법 및 시스템
AU2004260247B2 (en) Hybrid device and person based authorized domain architecture
WO2007085989A2 (en) Improved certificate chain validation

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200480021121.9

Country of ref document: CN

AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2004744585

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2006520958

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 2550768

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 544910

Country of ref document: NZ

WWE Wipo information: entry into national phase

Ref document number: 2006190621

Country of ref document: US

Ref document number: 2006/00659

Country of ref document: ZA

Ref document number: 200600659

Country of ref document: ZA

Ref document number: PA/a/2006/000880

Country of ref document: MX

Ref document number: 10565663

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 1020067001648

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 2004260247

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: 676/CHENP/2006

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 1200600287

Country of ref document: VN

WWE Wipo information: entry into national phase

Ref document number: 2006105621

Country of ref document: RU

ENP Entry into the national phase

Ref document number: 2004260247

Country of ref document: AU

Date of ref document: 20040714

Kind code of ref document: A

WWP Wipo information: published in national office

Ref document number: 2004260247

Country of ref document: AU

WWP Wipo information: published in national office

Ref document number: 2004744585

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1020067001648

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 10565663

Country of ref document: US

ENP Entry into the national phase

Ref document number: PI0412787

Country of ref document: BR