WO2006075260A1 - A method and apparatus for authorized domain management - Google Patents
A method and apparatus for authorized domain management Download PDFInfo
- Publication number
- WO2006075260A1 WO2006075260A1 PCT/IB2006/050034 IB2006050034W WO2006075260A1 WO 2006075260 A1 WO2006075260 A1 WO 2006075260A1 IB 2006050034 W IB2006050034 W IB 2006050034W WO 2006075260 A1 WO2006075260 A1 WO 2006075260A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- content
- authorized domain
- request
- authorized
- sending
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000012795 verification Methods 0.000 claims description 34
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000007423 decrease Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/43615—Interfacing a Home Network, e.g. for connecting the client to a plurality of peripherals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
- H04N21/835—Generation of protective data, e.g. certificates
- H04N21/8355—Generation of protective data, e.g. certificates involving usage data, e.g. number of copies or viewings allowed
Definitions
- DRM Dynamic Domain Management
- Authorized Domain To give consideration to both the interests of the content providers and the interests of the content consumers, the concept of Authorized Domain (AD) is brought forward.
- the basic idea of Authorized Domain is to provide a controlled network environment where the contents can be used relatively freely as long as the boundary of the Authorized Domain is not transgressed.
- the Authorized Domain can be divided into device-based Authorized
- the Authorized Domain is formed of a set of devices and users connected with each other. These devices and users may belong to one family.
- a user is usually embodied in a device associated with the user (i.e. user's device).
- the contents may be moved and/or copied freely between the various user devices in the Authorized Domain, but the contents are restricted and shall not be moved outside the Authorized Domain.
- the contents can be transferred from a content provider to an Authorized Domain by means of standard issuing channels (e.g. video broadcast, Local Area Network, Internet, telephone line, satellite download and the like).
- the contents can also be inputted to the Authorized Domain via conventional mail.
- One of the object of the present invention is to provide a method for method for authorizing to use a content, comprising the steps of: firstly, receiving a request for using the content, the request comprises information associated with an Authorized Domain; and secondly authorizing the Authorized Domain a corresponding right for using the content according to the request, the right is directed to the Authorized Domain.
- the content provider could, when granting the right, know the Authorized Domain well, thus could better control the spread of the content.
- the above method further comprises the step: verifying whether said request is a valid request according to the information associated with the Authorized
- the verifying step could comprise the steps of: firstly, sending a verification request to a verification authority to verify if the request in the receiving step is valid; secondly, receiving a corresponding verification result from the verification authority.
- the above method further comprises the step of: acquiring identification information of said Authorized Domain according to said information.
- the above method further comprises the step of: calculating expense to be paid by said Authorized Domain according to the right for using the content.
- the above method further comprises the step of: sending said right of use to said Authorized Domain.
- Another object of the present invention is to provide a method for requiring using a content, comprising the steps of: firstly, sending a request for using the content, the request comprises information associated with an Authorized Domain; and secondly receiving a corresponding right for using the content, the right is directed to the Authorized Domain.
- Another object of the present invention is to provide a method for using a content, comprising steps of: firstly, sending a request for using the content; secondly, acquiring a right associated with the content, the right for using the content is directed to an
- Another object of the present invention is to provide a an apparatus for apparatus for authorizing using a content, comprising: receiving means for receiving a request for using the content, the request comprises information associated with an Authorized Domain; and authorizing means for authorizing the Authorized Domain a corresponding right for using the content according to the request, the right is directed to the Authorized Domain.
- the authorizing apparatus further comprises: verifying means for verifying if the request is a valid request according to the information.
- the verifying means could further comprise: verification request means for sending a verification request to a verification authority to verify if the request received by the receiving means is valid; verification receiving means, for receiving a corresponding verification result from the verification authority.
- the authorizing apparatus further comprises: acquiring means for acquiring identification information of the Authorized Domain according to the information.
- the authorizing apparatus further comprises: charging means for calculating an expense to be paid by the Authorized Domain according to the right.
- the authorizing apparatus further comprises: sending the right for using the content to the Authorized Domain.
- the sending means could also send the content to the Authorized Domain.
- Another object of the present invention is to provide A right acquiring apparatus for requiring using a content, comprising: right requesting means for sending a request for using the content, the request comprises information associated with an Authorized
- Another object of the present invention is to provide An apparatus for using a content, comprising: use requesting means for sending a request for using the content; obtaining means for obtaining a right for using the content associated with the content, the right for using the content is directed to an Authorized Domain; confirming means for confirming if the request comes from the Authorized Domain; and using means for using the content if the request is from the Authorized Domain.
- Fig 1 is a flow chart of a method for authorizing to use a content according to the present invention
- Fig. 2 illustratively shows a functional block diagram of a content authorizing apparatus according to the present invention
- Fig. 3 is a flow chart of a method for requiring using a content according to the present invention.
- Fig. 4 illustratively shows a functional block diagram of a right acquiring apparatus according to the present invention
- Fig. 5 is a flow chart of a method for using a content according to the present invention.
- Fig. 6 illustratively shows a functional block diagram of a right using apparatus according to the present invention.
- the same reference sign represents similar or identical feature or function.
- Fig 1 is a flow chart of the method for authorizing to use a content according to the present invention.
- step SIlO receiving a request for using a content
- the content provider receives a request from an Authorized Domain.
- the request is submitted through a device by a user in the Authorized Domain.
- the request requires using a content, and at the same time, the request comprises information associated with an Authorized Domain.
- the information associated with an Authorized Domain could be the identification information of the Authorized Domain or the identification information of a member of the Authorized Domain.
- the identification information of the Authorized Domain is the information distinguishing the Authorized Domain from other Authorized Domains, e.g. Authorized Domain name and identification number of the Authorized Domain.
- the identification information of the member could be the identification information of a member of the Authorized Domain or the identification information of a device of the Authorized Domain.
- the request received by the content provider comprises a user certificate.
- the user certificate comprises identification information of the user, which could comprise user-ID, or comprise the user-ID and Authorized Domain name.
- the user certificate comprising the user- ID and Authorized Domain name has two embodiments: one is that each user has a user certificate to identify him/her to be a user of an Authorized Domain; the other is that all the users of an Authorized Domain are listed in one user certificate. In the latter embodiment, when the number of users in an Authorized Domain increases or decreases, the modification of the user certificate is simpler, thus being a more preferable embodiment.
- the structure of the user certificate is shown in Table 1, comprising the user-ID, the Authorized Domain (optional) where the user stays, the domain authority (optional) issuing the user certificate and digital signature.
- the user certificate has the digital signature of the domain authority.
- the domain authorized certificate generally includes the time of issue and date of expiry.
- the algorithm of the digital signature could be standard digital signature algorithm.
- the user certificate could also include the age of the user. As certain content is suitable only for people above 18, the user certificate can add an item, i.e. the age of the user, to protect the interests of the minor. Only when the user reaches the legal age can he or she use the corresponding content.
- verifying if the request is a valid request has two meanings: (1) verifying if the user is an authorized one: (2) verifying if the requested content is within the specified scope.
- Verifying if the user is an authorized one e.g. verifying if the user is a member of the Authorized Domain could prevent the access of unauthorized user.
- the verifying steps may comprise: firstly, sending a verification request to a verification authority, e.g.
- Verifying whether the requested content is within the specified scope is to verify if the manner requested to use the content is within the scope of right specified by the content provider, also could verify if the user who requesting for using the content is a qualified user for the content, e.g. if the user is above 18 years old.
- the identification information of the Authorized Domain to which the user belongs could be acquired by deciphering the digital signature through proper keys.
- a user-ID could be acquired by deciphering the digital signature through proper keys. Then searching in the database of the Authorized Domain according to the user-ID to acquire the identification information of the Authorized Domain where the user stays, e.g. the Authorized Domain name.
- the right is directed to the Authorized Domain (step S 140).
- Generating a use right certificate according to the request received in step SIlO the use right certificate comprises an Authorized Domain name.
- Table 2 shows the right of said content, comprising the content-ID, content keys, Authorized Domain name, right expression of the content and the digital signature of the content provider.
- the content-ID confirms the content bound to the right; the content keys are used to decipher the content; and the right expression describes the manners for the user to use the content, comprising: playing the content, recording the content, transmitting the content and create a copy of the content.
- the use right certificate generated according to the request received in step SIlO may be directed simultaneously to both the Authorized Domain and the user.
- table 3 shows another right of use of the content, which comprises content-ID, content keys, user- ID, Authorized Domain name, right expression of the content and the digital signature of the content provider. In this way, when a user leaves the Authorized Domain where he stayed, the user still can use the content because the use right certificate of the content also directs to him.
- step S 150 calculating expense to be paid by the Authorized Domain according to the right (step S 150).
- the expense to be paid by the Authorized Domain can be calculated according to the characteristic of the Authorized Domain. For example, different charging standards are adopted for profit- making Authorized Domain and non-profit-making Authorized Domain, or the expense to be paid by the Authorized Domain is calculated according to the number of users in the Authorized Domain. The expense could be paid collectively by the Authorized Domain, or by a representative of the Authorized Domain, e.g. by the designated user filing the request.
- the content provider sends the right of the content to the Authorized Domain that files the application for the content. At the same time, the content provider can send the content to the Authorized Domain that files the application for the content. Of course, if the content has been stored in the Authorized Domain, there will be no need to send the content.
- Fig. 2 illustratively shows a functional block diagram of a content authorizing apparatus 200 according to the present invention.
- the content authorizing apparatus 200 can be a part of the server of the content provider.
- the content authorizing apparatus 200 is an apparatus for authorizing to use a content, comprising a receiving unit 210 and an authorizing unit 240.
- the receiving unit 210 is used for receiving a request for using the content, the request comprises information associated with an Authorized Domain;
- the authorizing unit 240 is used for authorizing the Authorized Domain a corresponding right for using the content according to the request, the right is directed to the Authorized Domain.
- the authorizing unit 240 may comprise a generating unit 242 for generating a use right certificate according to the request, the use right certificate comprises said identification information.
- the content authorizing apparatus 200 further comprises: a verifying unit
- the verifying unit 220 for verifying if the request is a valid request according to the information associated with the Authorized Domain in the request received by the receiving unit 210.
- the verifying unit 220 may further comprise a verification request sending unit 222 and a verification result receiving unit 224, wherein the verification request sending unit 222 is used for sending a verification request to a verification authority, requiring to verify if the request received by the receiving unit 210 is valid, and the verification result receiving unit 224 is used for receiving a corresponding verification result from the verification authority.
- the content authorizing apparatus 200 further comprises: an acquiring unit 230 for acquiring the identification information of the Authorized Domain according to the information associated with the Authorized Domain in the request received by the receiving unit 210.
- the content authorizing apparatus 200 further comprises: a charging unit
- the Authorized Domain 250 for calculating the expense to be paid by the Authorized Domain according to the information associated with the Authorized Domain in the use right certificate generated by the authorizing unit 242. For example, different charging standards are adopted for profit-making Authorized Domain and non-profit-making Authorized Domain, or the expense to be paid by the Authorized Domain is calculated according to the number of users in the Authorized Domain.
- the content authorizing apparatus 200 further comprises: a sending unit
- the sending unit 260 for sending the right granted by the authorizing unit 240 to the Authorized Domain directed by the right.
- the sending unit 260 could also send the content to the Authorized Domain.
- the sending unit 260 could also send the charging information from the charging unit 250 to the Authorized Domain.
- Fig. 3 is a flow chart of a method for requiring using a content according to the present invention.
- the request comprises information associated with an Authorized Domain (step S310).
- a user of the Authorized Domain sends a request to the content provider for using the content, the request comprises information associated with an Authorized Domain.
- the information associated with an Authorized Domain can be the identification information of the Authorized Domain or the identification information of a member of the Authorized Domain.
- the identification information of the Authorized Domain is the information distinguishing the Authorized Domain from other Authorized Domains, e.g. Authorized Domain name and identification number of the Authorized Domain.
- the identification information of the member could be the identification information of a member of the
- Fig. 4 illustratively shows a functional block diagram of a right acquiring apparatus
- the right acquiring apparatus 400 can be a part of a device in the Authorized Domain.
- the right acquiring apparatus 400 is used for requesting for authorizing to use a content, comprising: a right requesting unit 410 and a right receiving unit 420.
- the right requesting unit 410 is used for sending a request to the content provider for using the content, the request comprises information associated with an Authorized Domain.
- the right receiving unit 420 is used for receiving a corresponding right for using the content from the content provider, the right is directed to the Authorized Domain.
- Fig. 5 is a flow chart of the method for using a content according to the present invention.
- step S510 sending a request for requiring using the content
- the content and the right of the content can be stored on a smart card of the Authorized Domain user or any place on the network.
- a user of the Authorized Domain needs to use a content, he sends a request, requiring using the content.
- the Authorized Domain user obtains a right of use directed at an Authorized Domain.
- the Authorized Domain user uses a device to confirm if the user is the user of the Authorized Domain.
- the contents to be confirmed includes: (1) the identification number of the content; (2) if the user requesting for using the content is the user in the Authorized
- the apparatus may express the content according to the right expression confirmed in the right of the content.
- Fig. 6 illustratively shows the components of a right using apparatus 600 according to the present invention.
- the right using apparatus 600 is for using a content, comprising: a use requesting unit 610, an obtaining unit 620, a confirming unit 630, and a using unit 640.
- the use requesting unit 610 is used for receiving a request, which requires to use the content;
- the obtaining unit 620 is used for obtaining a right of use associated with the content, the right is directed to an Authorized Domain;
- the confirming unit 630 is used for confirming if the request is from the Authorized Domain;
- the using unit 640 is for operating the content if the request is from the Authorized Domain.
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Technology Law (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2006800021073A CN101103359A (en) | 2005-01-11 | 2006-01-05 | Method and device for authorized domain management |
JP2007549992A JP2008527526A (en) | 2005-01-11 | 2006-01-05 | Method and apparatus for licensed domain management |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200510006802.4 | 2005-01-11 | ||
CN200510006802 | 2005-01-11 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006075260A1 true WO2006075260A1 (en) | 2006-07-20 |
Family
ID=36390241
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2006/050034 WO2006075260A1 (en) | 2005-01-11 | 2006-01-05 | A method and apparatus for authorized domain management |
Country Status (3)
Country | Link |
---|---|
JP (1) | JP2008527526A (en) |
CN (1) | CN101103359A (en) |
WO (1) | WO2006075260A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021150213A1 (en) | 2020-01-22 | 2021-07-29 | Google Llc | User consent framework |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004038568A2 (en) * | 2002-10-22 | 2004-05-06 | Koninklijke Philips Electronics N.V. | Method and device for authorizing content operations |
-
2006
- 2006-01-05 CN CNA2006800021073A patent/CN101103359A/en active Pending
- 2006-01-05 WO PCT/IB2006/050034 patent/WO2006075260A1/en not_active Application Discontinuation
- 2006-01-05 JP JP2007549992A patent/JP2008527526A/en active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004038568A2 (en) * | 2002-10-22 | 2004-05-06 | Koninklijke Philips Electronics N.V. | Method and device for authorizing content operations |
Non-Patent Citations (3)
Title |
---|
HEUVEL VAN DEN S A F A ET AL: "Secure Content Management in Authorised Domains", 15 September 2002, INTERNATIONAL BROADCASTING CONVENTION, PAGE(S) 467-474, XP002273504 * |
JONKER W ET AL: "Digital Rights Management in Consumer Electronics Products", April 2004, IEEE SIGNAL PROCESSING MAGAZINE, IEEE SERVICE CENTER, PISCATAWAY, NJ, US, PAGE(S) 82-91, ISSN: 1053-5888, XP002312068 * |
MATSUSHITA ELECTRIC INDUSTRIAL CO ET AL: "RESPONSE TO DVB CALL FOR PROPOSALS FOR CONTENT PROTECTION & COPY MANAGEMENT TECHNOLOGIES", 19 October 2001, NETDRM TECHNOLOGY, XX, XX, PAGE(S) 1-44, XP002349078 * |
Also Published As
Publication number | Publication date |
---|---|
JP2008527526A (en) | 2008-07-24 |
CN101103359A (en) | 2008-01-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1521980B (en) | Publishing digital content within a defined universe such as an organization in accordance with a digital rights management (drm) system | |
CN100566242C (en) | In defined field such as tissue, announce digital content according to digital rights management (DRM) system | |
CA2457291C (en) | Issuing a publisher use license off-line in a digital rights management (drm) system | |
RU2352985C2 (en) | Method and device for authorisation of operations with content | |
CN1327373C (en) | Method of protecting and managing digital contents and system for using thereof | |
CN1550995B (en) | Issuing a digital rights management (DRM) license for content based on cross-forest directory information | |
JP4739000B2 (en) | Electronic document management program, electronic document management system, and electronic document management method | |
US7287158B2 (en) | Person authentication system, person authentication method, information processing apparatus, and program providing medium | |
US20040196981A1 (en) | Information processing device and method, information processing system, recording medium, and program | |
US20040139312A1 (en) | Categorization of host security levels based on functionality implemented inside secure hardware | |
JP4548441B2 (en) | Content utilization system and content utilization method | |
US20020027992A1 (en) | Content distribution system, content distribution method, information processing apparatus, and program providing medium | |
CN101206696A (en) | Apparatus, method and system for protecting personal information | |
JP4168679B2 (en) | Content usage management system, information processing apparatus or method for using or providing content, and computer program | |
CN101189633B (en) | Method and equipment for carrying out authorizing rights issuers in content delivering system | |
CN101682501A (en) | With binding content licenses to portable memory apparatus | |
WO2004061623A1 (en) | Content rights management system | |
CN1708941A (en) | Digital-rights management system | |
AU2004200454A1 (en) | Enrolling/sub-enrolling a digital rights management (DRM) server into a DRM architecture | |
KR20050119133A (en) | User identity privacy in authorization certificates | |
CN105743903A (en) | Audio digital rights management method and system, intelligent terminal and authentication server | |
JP4664107B2 (en) | Company-side device, user-side device, personal information browsing / updating system, and personal information browsing / updating method | |
US8166525B2 (en) | Document management system with public key infrastructure | |
CN101546366A (en) | Digital copyright management system and management method | |
US20030188150A1 (en) | System and method for media authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2006701568 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2007549992 Country of ref document: JP Ref document number: 3066/CHENP/2007 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 200680002107.3 Country of ref document: CN |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2006701568 Country of ref document: EP |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 06701568 Country of ref document: EP Kind code of ref document: A1 |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 6701568 Country of ref document: EP |