WO2006075260A1 - A method and apparatus for authorized domain management - Google Patents

A method and apparatus for authorized domain management Download PDF

Info

Publication number
WO2006075260A1
WO2006075260A1 PCT/IB2006/050034 IB2006050034W WO2006075260A1 WO 2006075260 A1 WO2006075260 A1 WO 2006075260A1 IB 2006050034 W IB2006050034 W IB 2006050034W WO 2006075260 A1 WO2006075260 A1 WO 2006075260A1
Authority
WO
WIPO (PCT)
Prior art keywords
content
authorized domain
request
authorized
sending
Prior art date
Application number
PCT/IB2006/050034
Other languages
French (fr)
Inventor
Fulong Ma
Jin Qu
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Priority to CNA2006800021073A priority Critical patent/CN101103359A/en
Priority to JP2007549992A priority patent/JP2008527526A/en
Publication of WO2006075260A1 publication Critical patent/WO2006075260A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/436Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
    • H04N21/43615Interfacing a Home Network, e.g. for connecting the client to a plurality of peripherals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • H04N21/8355Generation of protective data, e.g. certificates involving usage data, e.g. number of copies or viewings allowed

Definitions

  • DRM Dynamic Domain Management
  • Authorized Domain To give consideration to both the interests of the content providers and the interests of the content consumers, the concept of Authorized Domain (AD) is brought forward.
  • the basic idea of Authorized Domain is to provide a controlled network environment where the contents can be used relatively freely as long as the boundary of the Authorized Domain is not transgressed.
  • the Authorized Domain can be divided into device-based Authorized
  • the Authorized Domain is formed of a set of devices and users connected with each other. These devices and users may belong to one family.
  • a user is usually embodied in a device associated with the user (i.e. user's device).
  • the contents may be moved and/or copied freely between the various user devices in the Authorized Domain, but the contents are restricted and shall not be moved outside the Authorized Domain.
  • the contents can be transferred from a content provider to an Authorized Domain by means of standard issuing channels (e.g. video broadcast, Local Area Network, Internet, telephone line, satellite download and the like).
  • the contents can also be inputted to the Authorized Domain via conventional mail.
  • One of the object of the present invention is to provide a method for method for authorizing to use a content, comprising the steps of: firstly, receiving a request for using the content, the request comprises information associated with an Authorized Domain; and secondly authorizing the Authorized Domain a corresponding right for using the content according to the request, the right is directed to the Authorized Domain.
  • the content provider could, when granting the right, know the Authorized Domain well, thus could better control the spread of the content.
  • the above method further comprises the step: verifying whether said request is a valid request according to the information associated with the Authorized
  • the verifying step could comprise the steps of: firstly, sending a verification request to a verification authority to verify if the request in the receiving step is valid; secondly, receiving a corresponding verification result from the verification authority.
  • the above method further comprises the step of: acquiring identification information of said Authorized Domain according to said information.
  • the above method further comprises the step of: calculating expense to be paid by said Authorized Domain according to the right for using the content.
  • the above method further comprises the step of: sending said right of use to said Authorized Domain.
  • Another object of the present invention is to provide a method for requiring using a content, comprising the steps of: firstly, sending a request for using the content, the request comprises information associated with an Authorized Domain; and secondly receiving a corresponding right for using the content, the right is directed to the Authorized Domain.
  • Another object of the present invention is to provide a method for using a content, comprising steps of: firstly, sending a request for using the content; secondly, acquiring a right associated with the content, the right for using the content is directed to an
  • Another object of the present invention is to provide a an apparatus for apparatus for authorizing using a content, comprising: receiving means for receiving a request for using the content, the request comprises information associated with an Authorized Domain; and authorizing means for authorizing the Authorized Domain a corresponding right for using the content according to the request, the right is directed to the Authorized Domain.
  • the authorizing apparatus further comprises: verifying means for verifying if the request is a valid request according to the information.
  • the verifying means could further comprise: verification request means for sending a verification request to a verification authority to verify if the request received by the receiving means is valid; verification receiving means, for receiving a corresponding verification result from the verification authority.
  • the authorizing apparatus further comprises: acquiring means for acquiring identification information of the Authorized Domain according to the information.
  • the authorizing apparatus further comprises: charging means for calculating an expense to be paid by the Authorized Domain according to the right.
  • the authorizing apparatus further comprises: sending the right for using the content to the Authorized Domain.
  • the sending means could also send the content to the Authorized Domain.
  • Another object of the present invention is to provide A right acquiring apparatus for requiring using a content, comprising: right requesting means for sending a request for using the content, the request comprises information associated with an Authorized
  • Another object of the present invention is to provide An apparatus for using a content, comprising: use requesting means for sending a request for using the content; obtaining means for obtaining a right for using the content associated with the content, the right for using the content is directed to an Authorized Domain; confirming means for confirming if the request comes from the Authorized Domain; and using means for using the content if the request is from the Authorized Domain.
  • Fig 1 is a flow chart of a method for authorizing to use a content according to the present invention
  • Fig. 2 illustratively shows a functional block diagram of a content authorizing apparatus according to the present invention
  • Fig. 3 is a flow chart of a method for requiring using a content according to the present invention.
  • Fig. 4 illustratively shows a functional block diagram of a right acquiring apparatus according to the present invention
  • Fig. 5 is a flow chart of a method for using a content according to the present invention.
  • Fig. 6 illustratively shows a functional block diagram of a right using apparatus according to the present invention.
  • the same reference sign represents similar or identical feature or function.
  • Fig 1 is a flow chart of the method for authorizing to use a content according to the present invention.
  • step SIlO receiving a request for using a content
  • the content provider receives a request from an Authorized Domain.
  • the request is submitted through a device by a user in the Authorized Domain.
  • the request requires using a content, and at the same time, the request comprises information associated with an Authorized Domain.
  • the information associated with an Authorized Domain could be the identification information of the Authorized Domain or the identification information of a member of the Authorized Domain.
  • the identification information of the Authorized Domain is the information distinguishing the Authorized Domain from other Authorized Domains, e.g. Authorized Domain name and identification number of the Authorized Domain.
  • the identification information of the member could be the identification information of a member of the Authorized Domain or the identification information of a device of the Authorized Domain.
  • the request received by the content provider comprises a user certificate.
  • the user certificate comprises identification information of the user, which could comprise user-ID, or comprise the user-ID and Authorized Domain name.
  • the user certificate comprising the user- ID and Authorized Domain name has two embodiments: one is that each user has a user certificate to identify him/her to be a user of an Authorized Domain; the other is that all the users of an Authorized Domain are listed in one user certificate. In the latter embodiment, when the number of users in an Authorized Domain increases or decreases, the modification of the user certificate is simpler, thus being a more preferable embodiment.
  • the structure of the user certificate is shown in Table 1, comprising the user-ID, the Authorized Domain (optional) where the user stays, the domain authority (optional) issuing the user certificate and digital signature.
  • the user certificate has the digital signature of the domain authority.
  • the domain authorized certificate generally includes the time of issue and date of expiry.
  • the algorithm of the digital signature could be standard digital signature algorithm.
  • the user certificate could also include the age of the user. As certain content is suitable only for people above 18, the user certificate can add an item, i.e. the age of the user, to protect the interests of the minor. Only when the user reaches the legal age can he or she use the corresponding content.
  • verifying if the request is a valid request has two meanings: (1) verifying if the user is an authorized one: (2) verifying if the requested content is within the specified scope.
  • Verifying if the user is an authorized one e.g. verifying if the user is a member of the Authorized Domain could prevent the access of unauthorized user.
  • the verifying steps may comprise: firstly, sending a verification request to a verification authority, e.g.
  • Verifying whether the requested content is within the specified scope is to verify if the manner requested to use the content is within the scope of right specified by the content provider, also could verify if the user who requesting for using the content is a qualified user for the content, e.g. if the user is above 18 years old.
  • the identification information of the Authorized Domain to which the user belongs could be acquired by deciphering the digital signature through proper keys.
  • a user-ID could be acquired by deciphering the digital signature through proper keys. Then searching in the database of the Authorized Domain according to the user-ID to acquire the identification information of the Authorized Domain where the user stays, e.g. the Authorized Domain name.
  • the right is directed to the Authorized Domain (step S 140).
  • Generating a use right certificate according to the request received in step SIlO the use right certificate comprises an Authorized Domain name.
  • Table 2 shows the right of said content, comprising the content-ID, content keys, Authorized Domain name, right expression of the content and the digital signature of the content provider.
  • the content-ID confirms the content bound to the right; the content keys are used to decipher the content; and the right expression describes the manners for the user to use the content, comprising: playing the content, recording the content, transmitting the content and create a copy of the content.
  • the use right certificate generated according to the request received in step SIlO may be directed simultaneously to both the Authorized Domain and the user.
  • table 3 shows another right of use of the content, which comprises content-ID, content keys, user- ID, Authorized Domain name, right expression of the content and the digital signature of the content provider. In this way, when a user leaves the Authorized Domain where he stayed, the user still can use the content because the use right certificate of the content also directs to him.
  • step S 150 calculating expense to be paid by the Authorized Domain according to the right (step S 150).
  • the expense to be paid by the Authorized Domain can be calculated according to the characteristic of the Authorized Domain. For example, different charging standards are adopted for profit- making Authorized Domain and non-profit-making Authorized Domain, or the expense to be paid by the Authorized Domain is calculated according to the number of users in the Authorized Domain. The expense could be paid collectively by the Authorized Domain, or by a representative of the Authorized Domain, e.g. by the designated user filing the request.
  • the content provider sends the right of the content to the Authorized Domain that files the application for the content. At the same time, the content provider can send the content to the Authorized Domain that files the application for the content. Of course, if the content has been stored in the Authorized Domain, there will be no need to send the content.
  • Fig. 2 illustratively shows a functional block diagram of a content authorizing apparatus 200 according to the present invention.
  • the content authorizing apparatus 200 can be a part of the server of the content provider.
  • the content authorizing apparatus 200 is an apparatus for authorizing to use a content, comprising a receiving unit 210 and an authorizing unit 240.
  • the receiving unit 210 is used for receiving a request for using the content, the request comprises information associated with an Authorized Domain;
  • the authorizing unit 240 is used for authorizing the Authorized Domain a corresponding right for using the content according to the request, the right is directed to the Authorized Domain.
  • the authorizing unit 240 may comprise a generating unit 242 for generating a use right certificate according to the request, the use right certificate comprises said identification information.
  • the content authorizing apparatus 200 further comprises: a verifying unit
  • the verifying unit 220 for verifying if the request is a valid request according to the information associated with the Authorized Domain in the request received by the receiving unit 210.
  • the verifying unit 220 may further comprise a verification request sending unit 222 and a verification result receiving unit 224, wherein the verification request sending unit 222 is used for sending a verification request to a verification authority, requiring to verify if the request received by the receiving unit 210 is valid, and the verification result receiving unit 224 is used for receiving a corresponding verification result from the verification authority.
  • the content authorizing apparatus 200 further comprises: an acquiring unit 230 for acquiring the identification information of the Authorized Domain according to the information associated with the Authorized Domain in the request received by the receiving unit 210.
  • the content authorizing apparatus 200 further comprises: a charging unit
  • the Authorized Domain 250 for calculating the expense to be paid by the Authorized Domain according to the information associated with the Authorized Domain in the use right certificate generated by the authorizing unit 242. For example, different charging standards are adopted for profit-making Authorized Domain and non-profit-making Authorized Domain, or the expense to be paid by the Authorized Domain is calculated according to the number of users in the Authorized Domain.
  • the content authorizing apparatus 200 further comprises: a sending unit
  • the sending unit 260 for sending the right granted by the authorizing unit 240 to the Authorized Domain directed by the right.
  • the sending unit 260 could also send the content to the Authorized Domain.
  • the sending unit 260 could also send the charging information from the charging unit 250 to the Authorized Domain.
  • Fig. 3 is a flow chart of a method for requiring using a content according to the present invention.
  • the request comprises information associated with an Authorized Domain (step S310).
  • a user of the Authorized Domain sends a request to the content provider for using the content, the request comprises information associated with an Authorized Domain.
  • the information associated with an Authorized Domain can be the identification information of the Authorized Domain or the identification information of a member of the Authorized Domain.
  • the identification information of the Authorized Domain is the information distinguishing the Authorized Domain from other Authorized Domains, e.g. Authorized Domain name and identification number of the Authorized Domain.
  • the identification information of the member could be the identification information of a member of the
  • Fig. 4 illustratively shows a functional block diagram of a right acquiring apparatus
  • the right acquiring apparatus 400 can be a part of a device in the Authorized Domain.
  • the right acquiring apparatus 400 is used for requesting for authorizing to use a content, comprising: a right requesting unit 410 and a right receiving unit 420.
  • the right requesting unit 410 is used for sending a request to the content provider for using the content, the request comprises information associated with an Authorized Domain.
  • the right receiving unit 420 is used for receiving a corresponding right for using the content from the content provider, the right is directed to the Authorized Domain.
  • Fig. 5 is a flow chart of the method for using a content according to the present invention.
  • step S510 sending a request for requiring using the content
  • the content and the right of the content can be stored on a smart card of the Authorized Domain user or any place on the network.
  • a user of the Authorized Domain needs to use a content, he sends a request, requiring using the content.
  • the Authorized Domain user obtains a right of use directed at an Authorized Domain.
  • the Authorized Domain user uses a device to confirm if the user is the user of the Authorized Domain.
  • the contents to be confirmed includes: (1) the identification number of the content; (2) if the user requesting for using the content is the user in the Authorized
  • the apparatus may express the content according to the right expression confirmed in the right of the content.
  • Fig. 6 illustratively shows the components of a right using apparatus 600 according to the present invention.
  • the right using apparatus 600 is for using a content, comprising: a use requesting unit 610, an obtaining unit 620, a confirming unit 630, and a using unit 640.
  • the use requesting unit 610 is used for receiving a request, which requires to use the content;
  • the obtaining unit 620 is used for obtaining a right of use associated with the content, the right is directed to an Authorized Domain;
  • the confirming unit 630 is used for confirming if the request is from the Authorized Domain;
  • the using unit 640 is for operating the content if the request is from the Authorized Domain.

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Technology Law (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

This invention discloses a method for authorizing to use a content. According to this method, receiving a request for using the content, the request comprises information associated with an Authorized Domain; authorizing the Authorized Domain a corresponding right for using the content according to the request, the right is directed to the Authorized Domain. As the right for using the content is directed to the Authorized Domain, the content provider has more control over the content. This invention also discloses an apparatus for authorizing to use a content. Adopting the present invention's method and apparatus could provide a method for Authorized Domain management, and at the same time enable the user or device in the Authorized Domain to use the content in the Authorized Domain more conveniently.

Description

A METHOD AND APPARATUS FOR AUTHORIZED DOMAIN MANAGEMENT
FIELD OF THE INVENTION This invention relates to a method and apparatus for Digital Right Management
(DRM), and particularly to a method and apparatus for Authorized Domain management.
BACKGROUND OF THE INVENTION
Along with the rapid development of the network technology and digital technology, the use of digital contents becomes increasingly easier, and the number of content protection system is growing at a fast pace accordingly. Viewing from the perspective of the content providers, they hope to protect the copyright of their contents. Unrestrained use of the source digital contents will bring great damage to the interests of the content providers. On the other hand, viewing from the perspective of the content consumers, they always hope to use whatever contents conveniently.
To give consideration to both the interests of the content providers and the interests of the content consumers, the concept of Authorized Domain (AD) is brought forward. The basic idea of Authorized Domain is to provide a controlled network environment where the contents can be used relatively freely as long as the boundary of the Authorized Domain is not transgressed. The Authorized Domain can be divided into device-based Authorized
Domain, user-based Authorized Domain, and hybrid Authorized Domain comprising device and user. Generally, the Authorized Domain is formed of a set of devices and users connected with each other. These devices and users may belong to one family. In an Authorized Domain, a user is usually embodied in a device associated with the user (i.e. user's device). The contents may be moved and/or copied freely between the various user devices in the Authorized Domain, but the contents are restricted and shall not be moved outside the Authorized Domain. In general, the contents can be transferred from a content provider to an Authorized Domain by means of standard issuing channels (e.g. video broadcast, Local Area Network, Internet, telephone line, satellite download and the like). Besides, the contents can also be inputted to the Authorized Domain via conventional mail.
At present, there are a plurality of techniques for implementing Authorized Domain system. For example, the international patent application WO2004/038568 filed on
October 15, 2003 by the same applicant as the present application discloses a method and system for authorizing using contents. The full contents of this patent application document are incorporated herein as a reference document.
In the prior art, when a user of the Authorized Domain purchases a content from a content provider, the content provider grants the user the right to use the content. However, the content provider knows little about the Authorized Domain to which the user belongs, e.g. how many members in the Authorized Domain are likely to use this content and whether said Authorized Domain is of public good or not, thus rendering the content provider incapable of better protecting the copyright of the content. Therefore, a new method and apparatus for authorizing to use the content is needed to enable the content provider to have more control over the content.
OBJECT AND SUMMARY OF THE INVENTION
One of the object of the present invention is to provide a method for method for authorizing to use a content, comprising the steps of: firstly, receiving a request for using the content, the request comprises information associated with an Authorized Domain; and secondly authorizing the Authorized Domain a corresponding right for using the content according to the request, the right is directed to the Authorized Domain. As the right for using the content authorized by the content provider is directed to the Authorized Domain, the content provider could, when granting the right, know the Authorized Domain well, thus could better control the spread of the content.
Preferably, the above method further comprises the step: verifying whether said request is a valid request according to the information associated with the Authorized
Domain. The verifying step could comprise the steps of: firstly, sending a verification request to a verification authority to verify if the request in the receiving step is valid; secondly, receiving a corresponding verification result from the verification authority.
Preferably, the above method further comprises the step of: acquiring identification information of said Authorized Domain according to said information.
Preferably, the above method further comprises the step of: calculating expense to be paid by said Authorized Domain according to the right for using the content. Preferably, the above method further comprises the step of: sending said right of use to said Authorized Domain.
Another object of the present invention is to provide a method for requiring using a content, comprising the steps of: firstly, sending a request for using the content, the request comprises information associated with an Authorized Domain; and secondly receiving a corresponding right for using the content, the right is directed to the Authorized Domain.
Another object of the present invention is to provide a method for using a content, comprising steps of: firstly, sending a request for using the content; secondly, acquiring a right associated with the content, the right for using the content is directed to an
Authorized Domain; thirdly, confirming if the request is from the Authorized Domain; and finally using the content if the request is from the Authorized Domain.
Another object of the present invention is to provide a an apparatus for apparatus for authorizing using a content, comprising: receiving means for receiving a request for using the content, the request comprises information associated with an Authorized Domain; and authorizing means for authorizing the Authorized Domain a corresponding right for using the content according to the request, the right is directed to the Authorized Domain.
Preferably, the authorizing apparatus further comprises: verifying means for verifying if the request is a valid request according to the information. The verifying means could further comprise: verification request means for sending a verification request to a verification authority to verify if the request received by the receiving means is valid; verification receiving means, for receiving a corresponding verification result from the verification authority.
Preferably, the authorizing apparatus further comprises: acquiring means for acquiring identification information of the Authorized Domain according to the information.
Preferably, the authorizing apparatus further comprises: charging means for calculating an expense to be paid by the Authorized Domain according to the right.
Preferably, the authorizing apparatus further comprises: sending the right for using the content to the Authorized Domain. The sending means could also send the content to the Authorized Domain.
Another object of the present invention is to provide A right acquiring apparatus for requiring using a content, comprising: right requesting means for sending a request for using the content, the request comprises information associated with an Authorized
Domain; and right receiving means for receiving a corresponding right for using the content, the right is directed to the Authorized Domain.
Another object of the present invention is to provide An apparatus for using a content, comprising: use requesting means for sending a request for using the content; obtaining means for obtaining a right for using the content associated with the content, the right for using the content is directed to an Authorized Domain; confirming means for confirming if the request comes from the Authorized Domain; and using means for using the content if the request is from the Authorized Domain.
BRIEF DESCRIPTION OF THE DRAWINGS
By means of the illustrative embodiments and schematic diagrams attached thereto, the present invention and its related merits will be further expounded. In the drawings:
Fig 1 is a flow chart of a method for authorizing to use a content according to the present invention; Fig. 2 illustratively shows a functional block diagram of a content authorizing apparatus according to the present invention;
Fig. 3 is a flow chart of a method for requiring using a content according to the present invention;
Fig. 4 illustratively shows a functional block diagram of a right acquiring apparatus according to the present invention;
Fig. 5 is a flow chart of a method for using a content according to the present invention;
Fig. 6 illustratively shows a functional block diagram of a right using apparatus according to the present invention. Throughout the drawings, the same reference sign represents similar or identical feature or function.
DETAILED DESCRIPTION OF THE INVENTION
Fig 1 is a flow chart of the method for authorizing to use a content according to the present invention.
First, receiving a request for using a content (step SIlO).
The content provider receives a request from an Authorized Domain. The request is submitted through a device by a user in the Authorized Domain. The request requires using a content, and at the same time, the request comprises information associated with an Authorized Domain. The information associated with an Authorized Domain could be the identification information of the Authorized Domain or the identification information of a member of the Authorized Domain. The identification information of the Authorized Domain is the information distinguishing the Authorized Domain from other Authorized Domains, e.g. Authorized Domain name and identification number of the Authorized Domain. The identification information of the member could be the identification information of a member of the Authorized Domain or the identification information of a device of the Authorized Domain. In this embodiment, the request received by the content provider comprises a user certificate. The user certificate comprises identification information of the user, which could comprise user-ID, or comprise the user-ID and Authorized Domain name. The user certificate comprising the user- ID and Authorized Domain name has two embodiments: one is that each user has a user certificate to identify him/her to be a user of an Authorized Domain; the other is that all the users of an Authorized Domain are listed in one user certificate. In the latter embodiment, when the number of users in an Authorized Domain increases or decreases, the modification of the user certificate is simpler, thus being a more preferable embodiment.
The structure of the user certificate is shown in Table 1, comprising the user-ID, the Authorized Domain (optional) where the user stays, the domain authority (optional) issuing the user certificate and digital signature.
User Certificate
User-ID
Authorized Domain
Domain Authority
Digital Signature
Tablel
Following is an example of the user certificate. The user certificate has the digital signature of the domain authority. Besides, the domain authorized certificate generally includes the time of issue and date of expiry. In this example, the algorithm of the digital signature could be standard digital signature algorithm.
# bytes format value
Domain_User_Certificate() AttributeCertificate
1 r User_Id_Length 2 Uintlό
Userjd var char
Domain_Id_Length 2 Uintlό
Domain Id var char User Domain Authority 20 Bit String
Signature_Algorithm Algorithm_Identifier
Signature_Value Bit String
} The user certificate could also include the age of the user. As certain content is suitable only for people above 18, the user certificate can add an item, i.e. the age of the user, to protect the interests of the minor. Only when the user reaches the legal age can he or she use the corresponding content.
Second, verifying if the request is a valid request (step S120). Verifying if the request is a valid request has two meanings: (1) verifying if the user is an authorized one: (2) verifying if the requested content is within the specified scope.
Verifying if the user is an authorized one, e.g. verifying if the user is a member of the Authorized Domain could prevent the access of unauthorized user. There are two methods for verifying the user's validity: the first one, the content provider can directly verify if the user is an authorized one. The content provider determines whether the user is an authorized one by comparing the information in the database about the Authorized Domain stored in the content provider's server. The database about the Authorized Domain could come from an authoritative domain authority, which could be a governmental department or a non-governmental organization. The second one, the content provider could also verify if the user is an authorized one through a verification authority. The verifying steps may comprise: firstly, sending a verification request to a verification authority, e.g. a domain authority, requiring to verify if the request in the receiving step SIlO is valid; secondly, receiving a corresponding verification result from the verification authority. Verifying whether the requested content is within the specified scope is to verify if the manner requested to use the content is within the scope of right specified by the content provider, also could verify if the user who requesting for using the content is a qualified user for the content, e.g. if the user is above 18 years old.
Third, acquiring the identification information of the Authorized Domain (step S130). If the verification result is positive, acquiring the identification information of the
Authorized Domain according to the user certificate shown in Table 1.
If the user certificate comprises user-ID, Authorized Domain to which the user belongs and digital signature, the identification information of the Authorized Domain to which the user belongs could be acquired by deciphering the digital signature through proper keys.
If the user certificate comprises user-ID and digital signature, a user-ID could be acquired by deciphering the digital signature through proper keys. Then searching in the database of the Authorized Domain according to the user-ID to acquire the identification information of the Authorized Domain where the user stays, e.g. the Authorized Domain name.
Fourth, authorizing the Authorized Domain a corresponding right for using the content according to the request, the right is directed to the Authorized Domain (step S 140). Generating a use right certificate according to the request received in step SIlO, the use right certificate comprises an Authorized Domain name. Table 2 shows the right of said content, comprising the content-ID, content keys, Authorized Domain name, right expression of the content and the digital signature of the content provider. Wherein the content-ID confirms the content bound to the right; the content keys are used to decipher the content; and the right expression describes the manners for the user to use the content, comprising: playing the content, recording the content, transmitting the content and create a copy of the content.
Use Right Certificate of the Content
Content-ID
Authorized Domain Name
Domain Authority (optional)
Right Expression
Digital Signature Table 2
The use right certificate generated according to the request received in step SIlO may be directed simultaneously to both the Authorized Domain and the user. For example, table 3 shows another right of use of the content, which comprises content-ID, content keys, user- ID, Authorized Domain name, right expression of the content and the digital signature of the content provider. In this way, when a user leaves the Authorized Domain where he stayed, the user still can use the content because the use right certificate of the content also directs to him. Use Right Certificate of the Content
Content-ID
User-ID
Authorized Domain Name
Domain Authority (optional)
Right Expression
Digital Signature
Table 3
Fifth, calculating expense to be paid by the Authorized Domain according to the right (step S 150). As the right of the content directs to the Authorized Domain, the expense to be paid by the Authorized Domain can be calculated according to the characteristic of the Authorized Domain. For example, different charging standards are adopted for profit- making Authorized Domain and non-profit-making Authorized Domain, or the expense to be paid by the Authorized Domain is calculated according to the number of users in the Authorized Domain. The expense could be paid collectively by the Authorized Domain, or by a representative of the Authorized Domain, e.g. by the designated user filing the request. Sixth, sending the right of the content (step S160).
The content provider sends the right of the content to the Authorized Domain that files the application for the content. At the same time, the content provider can send the content to the Authorized Domain that files the application for the content. Of course, if the content has been stored in the Authorized Domain, there will be no need to send the content.
Fig. 2 illustratively shows a functional block diagram of a content authorizing apparatus 200 according to the present invention. The content authorizing apparatus 200 can be a part of the server of the content provider.
The content authorizing apparatus 200 is an apparatus for authorizing to use a content, comprising a receiving unit 210 and an authorizing unit 240. Wherein, the receiving unit 210 is used for receiving a request for using the content, the request comprises information associated with an Authorized Domain; the authorizing unit 240 is used for authorizing the Authorized Domain a corresponding right for using the content according to the request, the right is directed to the Authorized Domain. The authorizing unit 240 may comprise a generating unit 242 for generating a use right certificate according to the request, the use right certificate comprises said identification information.
Preferably, the content authorizing apparatus 200 further comprises: a verifying unit
220 for verifying if the request is a valid request according to the information associated with the Authorized Domain in the request received by the receiving unit 210. The verifying unit 220 may further comprise a verification request sending unit 222 and a verification result receiving unit 224, wherein the verification request sending unit 222 is used for sending a verification request to a verification authority, requiring to verify if the request received by the receiving unit 210 is valid, and the verification result receiving unit 224 is used for receiving a corresponding verification result from the verification authority.
Preferably, the content authorizing apparatus 200 further comprises: an acquiring unit 230 for acquiring the identification information of the Authorized Domain according to the information associated with the Authorized Domain in the request received by the receiving unit 210. Preferably, the content authorizing apparatus 200 further comprises: a charging unit
250 for calculating the expense to be paid by the Authorized Domain according to the information associated with the Authorized Domain in the use right certificate generated by the authorizing unit 242. For example, different charging standards are adopted for profit-making Authorized Domain and non-profit-making Authorized Domain, or the expense to be paid by the Authorized Domain is calculated according to the number of users in the Authorized Domain.
Preferably, the content authorizing apparatus 200 further comprises: a sending unit
260 for sending the right granted by the authorizing unit 240 to the Authorized Domain directed by the right. The sending unit 260 could also send the content to the Authorized Domain. At the same time, the sending unit 260 could also send the charging information from the charging unit 250 to the Authorized Domain.
Fig. 3 is a flow chart of a method for requiring using a content according to the present invention.
First, sending a request for using the content, the request comprises information associated with an Authorized Domain (step S310).
A user of the Authorized Domain sends a request to the content provider for using the content, the request comprises information associated with an Authorized Domain. The information associated with an Authorized Domain can be the identification information of the Authorized Domain or the identification information of a member of the Authorized Domain. The identification information of the Authorized Domain is the information distinguishing the Authorized Domain from other Authorized Domains, e.g. Authorized Domain name and identification number of the Authorized Domain. The identification information of the member could be the identification information of a member of the
Authorized Domain or the identification information of a device of the Authorized Domain.
Second, receiving a corresponding right for using the content, the right is directed to the Authorized Domain (step S320). After receiving a corresponding right for using the content, the Authorized Domain can store it in a secure memory. Fig. 4 illustratively shows a functional block diagram of a right acquiring apparatus
400 according to the present invention. The right acquiring apparatus 400 can be a part of a device in the Authorized Domain.
The right acquiring apparatus 400 is used for requesting for authorizing to use a content, comprising: a right requesting unit 410 and a right receiving unit 420. The right requesting unit 410 is used for sending a request to the content provider for using the content, the request comprises information associated with an Authorized Domain. The right receiving unit 420 is used for receiving a corresponding right for using the content from the content provider, the right is directed to the Authorized Domain.
Fig. 5 is a flow chart of the method for using a content according to the present invention.
Firstly, sending a request for requiring using the content (step S510).
The content and the right of the content can be stored on a smart card of the Authorized Domain user or any place on the network. When a user of the Authorized Domain needs to use a content, he sends a request, requiring using the content. Second, acquiring a right of use associated with the content, the right is directed to an
Authorized Domain (step S520). The Authorized Domain user obtains a right of use directed at an Authorized Domain.
Furthermore, confirming if the request is from the Authorized Domain (step S530).
The Authorized Domain user uses a device to confirm if the user is the user of the Authorized Domain. The contents to be confirmed includes: (1) the identification number of the content; (2) if the user requesting for using the content is the user in the Authorized
Domain confirmed in the right of the content, or if the device requesting for using the content is the device in the Authorized Domain confirmed in the right of the content; (3) right expression of the content.
In the end, using the content if the request is from the Authorized Domain (step S540).
If all the confirmed results are positive, the apparatus may express the content according to the right expression confirmed in the right of the content.
In this way, all the users or devices of the Authorized Domain could quickly and conveniently use the purchased content in the Authorized Domain at any time and anywhere.
Fig. 6 illustratively shows the components of a right using apparatus 600 according to the present invention.
The right using apparatus 600 is for using a content, comprising: a use requesting unit 610, an obtaining unit 620, a confirming unit 630, and a using unit 640. The use requesting unit 610 is used for receiving a request, which requires to use the content; the obtaining unit 620 is used for obtaining a right of use associated with the content, the right is directed to an Authorized Domain; the confirming unit 630 is used for confirming if the request is from the Authorized Domain; and the using unit 640 is for operating the content if the request is from the Authorized Domain.
Although the present invention has been described in combination with specific embodiments, it is obvious that those skilled in the art could, according to the above illustrations, easily substitute, amend and modify the present invention in many aspects.
Therefore, all such substitution, amendment and modification, when falling within the spirit and scope of the attached claims, shall be included in the present invention.

Claims

CLAIMS:
1. A method for authorizing to use a content, comprising the steps of:
(a) receiving a request for using the content, the request comprises information associated with an Authorized Domain; and
(b) authorizing the Authorized Domain a corresponding right for using the content according to the request, the right is directed to the Authorized Domain.
2. The method of claim 1, further comprising the step of: verifying if the request is a valid request according to the information.
3. The method of claim 2, wherein the verifying step comprises the steps of: sending a verification request to a verification authority to verify if the request in step (a) is valid; receiving a corresponding verification result from the verification authority.
4. The method of claim 1, further comprising the step of: acquiring identification information of the Authorized Domain according to the information.
5. The method of claim 4, wherein step (b) comprises the step of: generating a use right certificate according to the request, the use right certificate comprises the identification information.
6. The method of claim 1, further comprising the step of: calculating an expense to be paid by the Authorized Domain according to the right.
7. The method of claim 1, further comprising the step of: sending the right to the Authorized Domain.
8. The method of claim 1 or 7, further comprising the step of: sending the content to the
Authorized Domain.
9. The method of claim 1, wherein the information is identification information of the Authorized Domain or identification information of a member of the Authorized Domain.
10. The method of claim 9, wherein the identification information of the member is identification information of a user of the Authorized Domain or identification information of a device of the Authorized Domain.
11. The method of claim 1, wherein the request is from a user of the Authorized Domain, the right is directed to the Authorized Domain and the user.
12. A method for requiring to use a content, comprising the steps of: sending a request for using the content, the request comprises information associated with an Authorized Domain; and receiving a corresponding right for using the content, the right is directed to the
Authorized Domain.
13. A method for using a content, comprising the steps of: sending a request for using the content; acquiring a right associated with the content, the right for using the content is directed to an Authorized Domain; confirming if the request is from the Authorized Domain; and using the content if the request is from the Authorized Domain.
14. An apparatus for authorizing using a content, comprising: receiving means for receiving a request for using the content, the request comprises information associated with an Authorized Domain; and authorizing means for authorizing the Authorized Domain a corresponding right for using the content according to the request, the right is directed to the Authorized Domain.
15. The apparatus of claim 14, further comprising: verifying means for verifying if the request is a valid request according to the information.
16. The apparatus of claim 15, wherein the verifying means comprises: verification request means for sending a verification request to a verification authority to verify if the request received by the receiving means is valid; verification receiving means, for receiving a corresponding verification result from the verification authority.
17. The apparatus of claim 14, further comprising: acquiring means for acquiring identification information of the Authorized Domain according to the information.
18. The apparatus of claim 17, wherein the authorizing means comprises generating means for generating a use right certificate according to the request, the use right certificate comprises the identification information.
19. The apparatus of claim 14, further comprising: charging means for calculating an expense to be paid by the Authorized Domain according to the right.
20. The apparatus of claim 14, further comprising: sending means for sending the right for using the content to the Authorized Domain.
21. The apparatus of claim 20, the sending means is used for sending the content to the Authorized Domain.
22. A right acquiring apparatus for requiring to use a content, comprising: right requesting means for sending a request for using the content, the request comprises information associated with an Authorized Domain; and right receiving means for receiving a corresponding right for using the content, the right is directed to the Authorized Domain.
23. An apparatus for using a content, comprising: use requesting means for sending a request for using the content; obtaining means for obtaining a right for using the content associated with the content, the right for using the content is directed to an Authorized Domain; confirming means for confirming if the request comes from the Authorized Domain; and using means for using the content if the request is from the Authorized Domain.
PCT/IB2006/050034 2005-01-11 2006-01-05 A method and apparatus for authorized domain management WO2006075260A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CNA2006800021073A CN101103359A (en) 2005-01-11 2006-01-05 Method and device for authorized domain management
JP2007549992A JP2008527526A (en) 2005-01-11 2006-01-05 Method and apparatus for licensed domain management

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200510006802.4 2005-01-11
CN200510006802 2005-01-11

Publications (1)

Publication Number Publication Date
WO2006075260A1 true WO2006075260A1 (en) 2006-07-20

Family

ID=36390241

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2006/050034 WO2006075260A1 (en) 2005-01-11 2006-01-05 A method and apparatus for authorized domain management

Country Status (3)

Country Link
JP (1) JP2008527526A (en)
CN (1) CN101103359A (en)
WO (1) WO2006075260A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021150213A1 (en) 2020-01-22 2021-07-29 Google Llc User consent framework

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004038568A2 (en) * 2002-10-22 2004-05-06 Koninklijke Philips Electronics N.V. Method and device for authorizing content operations

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004038568A2 (en) * 2002-10-22 2004-05-06 Koninklijke Philips Electronics N.V. Method and device for authorizing content operations

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
HEUVEL VAN DEN S A F A ET AL: "Secure Content Management in Authorised Domains", 15 September 2002, INTERNATIONAL BROADCASTING CONVENTION, PAGE(S) 467-474, XP002273504 *
JONKER W ET AL: "Digital Rights Management in Consumer Electronics Products", April 2004, IEEE SIGNAL PROCESSING MAGAZINE, IEEE SERVICE CENTER, PISCATAWAY, NJ, US, PAGE(S) 82-91, ISSN: 1053-5888, XP002312068 *
MATSUSHITA ELECTRIC INDUSTRIAL CO ET AL: "RESPONSE TO DVB CALL FOR PROPOSALS FOR CONTENT PROTECTION & COPY MANAGEMENT TECHNOLOGIES", 19 October 2001, NETDRM TECHNOLOGY, XX, XX, PAGE(S) 1-44, XP002349078 *

Also Published As

Publication number Publication date
JP2008527526A (en) 2008-07-24
CN101103359A (en) 2008-01-09

Similar Documents

Publication Publication Date Title
CN1521980B (en) Publishing digital content within a defined universe such as an organization in accordance with a digital rights management (drm) system
CN100566242C (en) In defined field such as tissue, announce digital content according to digital rights management (DRM) system
CA2457291C (en) Issuing a publisher use license off-line in a digital rights management (drm) system
RU2352985C2 (en) Method and device for authorisation of operations with content
CN1327373C (en) Method of protecting and managing digital contents and system for using thereof
CN1550995B (en) Issuing a digital rights management (DRM) license for content based on cross-forest directory information
JP4739000B2 (en) Electronic document management program, electronic document management system, and electronic document management method
US7287158B2 (en) Person authentication system, person authentication method, information processing apparatus, and program providing medium
US20040196981A1 (en) Information processing device and method, information processing system, recording medium, and program
US20040139312A1 (en) Categorization of host security levels based on functionality implemented inside secure hardware
JP4548441B2 (en) Content utilization system and content utilization method
US20020027992A1 (en) Content distribution system, content distribution method, information processing apparatus, and program providing medium
CN101206696A (en) Apparatus, method and system for protecting personal information
JP4168679B2 (en) Content usage management system, information processing apparatus or method for using or providing content, and computer program
CN101189633B (en) Method and equipment for carrying out authorizing rights issuers in content delivering system
CN101682501A (en) With binding content licenses to portable memory apparatus
WO2004061623A1 (en) Content rights management system
CN1708941A (en) Digital-rights management system
AU2004200454A1 (en) Enrolling/sub-enrolling a digital rights management (DRM) server into a DRM architecture
KR20050119133A (en) User identity privacy in authorization certificates
CN105743903A (en) Audio digital rights management method and system, intelligent terminal and authentication server
JP4664107B2 (en) Company-side device, user-side device, personal information browsing / updating system, and personal information browsing / updating method
US8166525B2 (en) Document management system with public key infrastructure
CN101546366A (en) Digital copyright management system and management method
US20030188150A1 (en) System and method for media authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2006701568

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2007549992

Country of ref document: JP

Ref document number: 3066/CHENP/2007

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 200680002107.3

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Ref document number: 2006701568

Country of ref document: EP

122 Ep: pct application non-entry in european phase

Ref document number: 06701568

Country of ref document: EP

Kind code of ref document: A1

WWW Wipo information: withdrawn in national office

Ref document number: 6701568

Country of ref document: EP