WO2006103646A2 - Solution de securite de reseautage domestique - Google Patents

Solution de securite de reseautage domestique Download PDF

Info

Publication number
WO2006103646A2
WO2006103646A2 PCT/IL2006/000002 IL2006000002W WO2006103646A2 WO 2006103646 A2 WO2006103646 A2 WO 2006103646A2 IL 2006000002 W IL2006000002 W IL 2006000002W WO 2006103646 A2 WO2006103646 A2 WO 2006103646A2
Authority
WO
WIPO (PCT)
Prior art keywords
network
certificate
authentication
home
physical address
Prior art date
Application number
PCT/IL2006/000002
Other languages
English (en)
Other versions
WO2006103646A3 (fr
Inventor
Leonid Sandler
Yaron Sella
Original Assignee
Nds Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nds Limited filed Critical Nds Limited
Publication of WO2006103646A2 publication Critical patent/WO2006103646A2/fr
Publication of WO2006103646A3 publication Critical patent/WO2006103646A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/283Processing of data at an internetworking point of a home automation network
    • H04L12/2834Switching of information between an external network and a home network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/603Digital right managament [DRM]

Definitions

  • the present invention relates to home networking technology, and more specifically, to ways of ensuring that a device is legitimately a member of a home network.
  • a Media Access Control address is a unique identifier attached to most forms of networking equipment. MAC addresses are permanently attached to a device, and are often referred to as "burned-in addresses”. Although technically MAC addresses are used specifically in network hardware and EUI-48 (48 bit Extended Unique Identifier) addresses are used to identify other hardware and devices, the two types of address are syntactically indistinguishable. MAC addresses are often referred to as "physical addresses”.
  • X.509 is a well known standard for public key infrastructure. X.509 specifies, among other things, standard formats for public key certificates and a certification path validation algorithm.
  • X.509 v3 certificate and X.509 v2 Certificate Revocation List (CRL) for use in the Internet are specified in RFC 3280.
  • Paragraph 4.2 of IETF RFC 3280 specifies extensions to X.509 v3 certificates.
  • European Patent EP 1326365 to Samsung Electronics Co., Ltd. describes a communication gateway and method that is able to execute a function of a security protocol for home devices that lack the ability to process a security protocol.
  • the communication connecting apparatus comprises a protocol detector for detecting a key exchange protocol in a packet received from an external device, a list storage unit for storing a list of devices for executing a certification procedure, and an agent unit for executing a certification procedure by transmitting a certification signal to the external device when a device corresponding to the key exchange unit exists in a device list.
  • European Patent Application EP 1519258 of Electronics Co., Ltd. describes a method of establishing a home domain capable of reproducing multimedia content, and a smart card therefor.
  • the method includes creating a domain certificate for a reproducing device by inserting the smart card into the reproducing device, creating a session key by inserting the smart card into a home server, and verifying the domain certificate of the reproducing device and transmitting the created session key to the reproducing device if the device is a legitimate device.
  • the method includes using an external certificate authority to determine whether the reproducing device is a legitimate device.
  • the smart card includes a certificate- creating module for creating a domain certificate for a reproducing device when the smart card is inserted into the reproducing device, a session key-creating module for creating a session key when the smart card is inserted into the home server, and a certificate- verifying module for verifying the domain certificate of the reproducing device before transmission of the created session key to the reproducing device.
  • PCT Patent Application WO 01/22661 of Thomson Multimedia describes a method for registering a device in a wireless network comprising a central access point.
  • the method comprises the steps of: sending an identification code from the device to the access point; checking by said access point whether the received identification code corresponds to the identification code sent by said device and if such checking is positive, sending an authentication key from said access point to said device; storage of said authentication key by said device for use in authentication procedures between said device and said access point.
  • a receiving apparatus comprising a receiving unit which receives a contents signal from a broadcast station in accordance with the result of authentication processing executed with the broadcast station, a registration unit which executes communication with an external communication device, and sets and registers an ID in a range of a predetermined number, and a communication unit which executes authentication processing with an external device using the ID and transmits the contents of the contents signal to the external device in accordance with the result of the authentication.
  • a communication apparatus connected to the receiving apparatus through a network in a home is managed using a family ID thereby to protect the copyright of the contents of a fee-charging broadcast service or the like.
  • the home device authentication system includes one or more home devices each having device information including coding information for authentication and information on a service provider providing authentication services; and a home gateway including decoding information corresponding to the coding information of the home devices, and for authenticating the home devices by using the decoding information.
  • US Patent 6,856,800 to Henry, et al. describes a fast authentication and access control method of authenticating a network access device to a communications network having an access point communicating with a remote authentication server for the network access device.
  • the method includes the step of receiving an access request having an authentication credential from the network access device at the access point.
  • the authentication credential includes a security certificate having a public key for the network access device and an expiration time.
  • the security certificate is signed with a private key for the remote authentication server.
  • the access point locally validates the authentication credential by accessing the public key of the remote authentication server from a local database, and checking the signature and expiration time of the security certificate.
  • the access point grants the network access device conditional access to the network by sending an access granted message to the network access device.
  • the access granted message includes a session key encrypted with a public key for the network access device.
  • the session key is stored in a database associated with the access point.
  • the access point contacts the remote authentication server to check a revocation status of the security certificate for the network access device. If the access point receives a message from the remote authentication server that the authentication credential for the network access device has been revoked, it suspends network access for the network access device.
  • the present invention in preferred embodiments thereof, seeks to provide an improved method and system for ensuring that a device is certified by a network operator as being part of a home network.
  • a network comprising an authentication granting unit, a first device, and a second device
  • the authentication granting unit granting a first certificate to the first device at at least one of when the first device joins the network, and at a later time, the first certificate including a physical address corresponding to a physical address of the first device, the first certificate representing proof that the first device is included in the network
  • the authentication granting unit granting a second certificate to the second device at at least one of when the second device joins the network, and at a later time
  • the second certificate including a physical address corresponding to a physical address of the second device, the second certificate representing proof that the second device is included in the network
  • the first device requesting authentication from the second device
  • the authentication including at least a certification that the second device is included in the network
  • the second device providing the certification to the first device, the certification including at least a portion of the second certificate.
  • the first certificate and the second certificate each further includes a network ID.
  • the network ID is unique to the network.
  • the first certificate and the second certificate each includes an X.509 certificate.
  • the network is a home network.
  • the first device also includes an authentication granting unit. Still further in accordance with a preferred embodiment of the present invention content is transferred between the first device and the second device only after the second device has provided the first device with the certification that the second device is included in the network.
  • the first device is additionally connected to a second network.
  • the second device is additionally connected to a second network.
  • the second network includes the Internet. Still further in accordance with a preferred embodiment of the present invention at least on of the first certificate and the second certificate are cached at a network switch / hub.
  • the content includes a digital rights management (DRM) descriptor.
  • DRM digital rights management
  • the DRM descriptor includes one of the following restrictions / limitations no transfer at all, even within the home network, free transfer within the home network , and no transfer outside of the home network, and free transfer both inside and outside the home network. Further in accordance with a preferred embodiment of the present invention and wherein the content is only transferred between the first device and the second device if in accordance with the DRM descriptor.
  • a network including an authentication granting unit, a first device, and a second device, the authentication granting device operative to grant a first certificate to the first device at at least one of when the first device joins the network, and at a later time, the first certificate including a physical address corresponding to a physical address of the first device, the first certificate representing proof that the first device is included in the network, the authentication granting device operative to grant a second certificate to the second device at at least one of when the second device joins the network, and at a later time, the second certificate including a physical address corresponding to a physical address of the second device, the second certificate representing proof that the second device is included in the network, the first device operative to request authentication from the second device, the authentication including at least a certification that the second device is included in the network, and the second device operative to provide the certification to the first device, the certification including at least a portion of the second certificate.
  • FIG. 1 is a simplified block diagram illustration of an exemplary home entertainment network constructed and operative in accordance with a preferred embodiment of the present invention
  • Fig. 2 is a simplified partly pictorial, partly block diagram illustration of the home entertainment network of Fig. 1, after an unauthorized device has been added;
  • Fig. 3 is a simplified partly pictorial, partly block diagram illustration of the home entertainment network of Fig. 1 , depicting an exemplary network operation;
  • Fig. 4 is a simplified partly pictorial, partly block diagram illustration of the home entertainment network of Fig. 1 , depicting an exemplary invalid network operation;
  • Fig. 5 is a simplified flow chart of a preferred method of operation of the present invention according to the preferred embodiment described with reference to Figs. 2 - 4.
  • the following Appendix may be helpful in understanding certain preferred embodiments of the present invention:
  • Appendix A is a basic syntax for X.509 v3 certificates, as per RFC 3280.
  • Fig. I 5 is a simplified block diagram illustration of an exemplary home entertainment network 100 constructed and operative in accordance with a preferred embodiment of the present invention.
  • Fig. 1 is depicted in a typical so-called star architecture.
  • the system and method of the present invention does not depend on network architecture, and thus, any appropriate network architecture may be used in conjunction with the present invention.
  • the exemplary home network depicted in Fig. 1 comprises various devices which are used for home entertainment. Specifically, the network in Fig.
  • the home network 100 comprises a set top box 110, a personal video recorder (PVR) 120, a digital versatile disk (DVD) device 130, ahome computer 140, a portable device 150, a video player 160, and digital music system 170.
  • the home network 100 may comprise any or all of these devices, may comprise other appropriate devices, and may comprise multiple devices of the same kind.
  • the home network may comprise a set top box, two PVRs, two computers and four digital music systems.
  • the home network further comprises a home network switch / hub 180.
  • Digital content may be passed around freely between appropriate devices. For example, and without limiting the generality of the foregoing, a movie viewed on the set top box 110 may be transferred to storage on the PVR 120, thereby ensuring that a digital quality copy of the movie is stored.
  • a broadcaster or owner of the content may, however, want to ensure that revenue for viewing the movie continues, and thus the broadcaster or owner of the content may wish to control rights over the content.
  • the content owner may wish to allow copying the content to any device in a subscriber' s home network 100, but not to a device outside of the subscriber's home network.
  • Each authorized device on the network receives a digital certificate from a certificate authority.
  • the certificate certifies the device as a member of a particular home network.
  • a device which comprises a certificate identifying the device as part of a particular network may transfer content to a second device also comprising a certificate identifying the device as part of the same particular network.
  • Appendix A is a basic syntax for X.509 v3 certificates, as per RFC 3280.
  • the certificate identifying the device as part of the particular network would either be an X.509 compliant certificate, or a proprietary certificate which comprises the same relevant information as an X.509 compliant certificate.
  • X.509 v3 allows for extensions to certificates (refer to paragraph 4.2 of RFC 3280).
  • the extensions defined for X.509 v3 certificates provide methods for associating additional attributes with users or public keys and for managing a certification hierarchy.
  • the X.509 v3 certificate format also allows communities to define private extensions to carry information unique to those communities.
  • the present invention in preferred embodiment thereof, requires that at least two extensions be added to the X.509 v3 certificate. Any certificate lacking the two extensions would be invalid, and thus, a device comprising a certificate lacking the two extensions would not be accepted as a valid member of the home network.
  • a first extension comprises a home network identifier, which is an identifier for each network administered by the broadcaster or content owner. The home network identifier distinguishes between different home networks. Thus, for example, the Smith family home network with its home network identifier is distinguished from the Jones family network with its different home network identifier.
  • the home network identifier may preferably be either unique, where one identifier uniquely identifies a specific network s or not unique. If the network is not unique, the identifier can preferably be used as at least part of a method to identify a second device with which a first device may preferably perform certain network actions, as described below. For example, and without limiting the generality of the foregoing, if the network identifier of two devices comprise the same three most significant bits, then the first and second devices may perform certain network actions as described below.
  • a second extension comprises a device physical address.
  • a device in order to function as a member of a network, where layer two networking protocols are effected, a device must have a protocol compliant address. Level two addresses are frequently referred to as Media Access Control (MAC) addresses.
  • MAC addresses are typically unique addresses which are burned into hardware comprised in a device. Thus, for example, a network enabled music system 170 will typically comprise a unique MAC address. Since MAC addresses are generally associated with hardware comprised in the device, and cannot be changed without physically changing the hardware, MAC addresses are also referred to as physical addresses. Those skilled in the art will appreciate that any other appropriate physical address may comprise the second extension.
  • references to X.509 v3 certificates are by way of example only.
  • a proprietary certificate format may be used instead of the X.509 v3 certificate format.
  • the device will preferably be required to provide its physical address to home networking software.
  • the home networking software preferably only allows certain networking operations if communicating devices are part of the same home network. Proof that the communicating devices are part of the same home network is preferably adduced by the presence of the certificate described above.
  • Typical operations subject to limitation by the home networking software include, but are not limited to content transfer or entitlement transfer. Those skilled in the art will appreciate that the transfer of the content or the transfer of the entitlement may preferably be performed either as a push transfer or as a pull transfer.
  • Each content provider or broadcaster preferably provides an appropriate list of restricted actions to home networking software of its subscriber base.
  • a networked device preferably may comprise more than one certificate. For example, and without limiting the generality of the foregoing, the network owner may opt to bring the PVR from his home to his vacation home. If the PVR has an appropriate certificate for both a network comprised in the home and a second network comprised in the vacation home, then network operations are allowed between the PVR 120 and other networked devices on both the home network and the vacation home network.
  • Fig.2 is a simplified partly pictorial, partly block diagram illustration of the home entertainment network 100 of Fig. 1, after an unauthorized device 200 has been added.
  • each authorized device on the network comprises a valid certificate 210, 220, 230, 240, 250, 260, 270, depicted as an illustration of a certificate.
  • certain network operations between the unauthorized device and authorized devices on the network are prohibited.
  • the prohibition of the certain network operations is depicted in Fig.2 with a "No" symbol - Q. For example, and without limiting the generality of the foregoing, transfer of content from the DVD 130 to the unauthorized device 200 would be prohibited.
  • the home network switch / hub 180 preferably caches device certificates 210, 220, 230, 240, 250, 260, 270, rather than passing the certificates to the devices 120, 130, 140, 150, 160, 170 (Fig. 1).
  • Fig.3 is a simplified partly pictorial, partly block diagram illustration of the home entertainment network 100 of Fig. 1, depicting an exemplary valid network operation 300.
  • the exemplary valid network operation depicts a transfer of content or an entitlement from the PVR 120 to the DVD 130. Because the transfer occurs between devices both comprising the valid certificate 220, 230, the transfer of the content or entitlement is permitted.
  • Fig.4 is a simplified partly pictorial, partly block diagram illustration of the home entertainment network 100 of Fig. 1, depicting an exemplary invalid network operation 400.
  • the exemplary invalid network operation 400 depicts a transfer of content or an entitlement from the PVR 120 to the unauthorized device 200. Because the transfer occurs between a device comprising the valid certificate 220 and a device 200 not comprising the valid certificate, the transfer of the content or entitlement is not permitted. The prohibition of the transfer is depicted in Fig. 4 with the "No" symbol - 0.
  • Prohibiting the transfer between the device comprising the valid certificate 220 and the device 200 not comprising the valid certificate may preferably be enforced by at least one of the following: the device comprising the valid certificate 220; and the home network switch / hub 180.
  • a combination of the device comprising the valid certificate 220 and the home network switch / hub 180 may prevent the transfer between the device comprising the valid certificate 220 and the device 200 not comprising the valid certificate.
  • the broadcaster or content owner preferably maintains two databases.
  • a first database preferably comprises information about the home networks, including the home network identifier mentioned above.
  • a second database comprises device type, serial number, and physical address.
  • the network owner who wishes to add a device to his home network would preferably provide the broadcaster or content owner the device type and serial number.
  • the network owner would issue the certificate with the first and second additional fields described above, comprising the home network identifier and the device physical address.
  • Methods known in the art for delivering digital certificates to devices are preferably employed to deliver the certificate to the device.
  • content may preferably comprise a copy security policy.
  • content may comprise a digital rights management (DRM) descriptor, as is well known in the art.
  • DRM digital rights management
  • the DRM descriptor preferably specifies any restrictions and / or limitations for the content, with respect to the home network 100.
  • the DRM descriptor may comprise one of the following restrictions / limitations: no transfer at all, even within the home network 100; free transfer within the home network 100, and no transfer outside of the home network 100; and free transfer both inside and outside the home network 100.
  • the home networking software preferably is additionally operative to enforce the copy security policy as defined in the DRM descriptor.
  • Fig. 5 is a simplified flow chart of a preferred method of operation of the present invention according to the preferred embodiment described with reference to Figs.2 - 4.
  • the method of Fig. 5 is believed to be self explanatory with reference to the above discussion. It is appreciated that various features of the invention which are, for clarity, described in the contexts of separate embodiments may also be provided in combination in a single embodiment. Conversely, various features of the invention which are, for brevity, described in the context of a single embodiment may also be provided separately or in any suitable subcombination.
  • the X.509 v3 certificate basic syntax is as follows.
  • the data that is to be signed is encoded using the ASN.1 distinguished encoding rules (DER) [X.690] .
  • ASN.1 DER encoding is a tag, length, value encoding system for each element.
  • Certificate SEQUENCE ⁇ tbsCertificate TB S Certificate, signatureAlgorithm Algorithmldentifier, signatureValue BIT STRING ⁇
  • TBSCertificate SEQUENCE ⁇ version [0] EXPLICIT Version DEFAULT vl, serialNumber Certificates erialNumber, signature Algorithmldentifier, issuer Name, validity Validity, subject Name, subj ectPublicKeylnfo Subj ectPublicKeylnfo, issuerUniquelD [1] IMPLICIT Uniqueldentifier OPTIONAL,
  • version MUST be v2 or v3 subjectUniquelD [2] IMPLICIT Uniqueldentifier OPTIONAL, ⁇ If present, version MUST be v2 or v3 extensions [3] EXPLICIT Extensions OPTIONAL ⁇ If present, version MUST be v3
  • Subj ectPublicKeylnfo SEQUENCE ⁇ algorithm Algorithmldentifier, subjectPublicKey BIT STRING ⁇

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

La présente invention concerne un procédé d'authentification d'un dispositif dans un réseau, lequel procédé consiste à utiliser un réseau, ledit réseau comprenant une unité d'octroi d'authentification, un premier dispositif et un second dispositif. Selon ce procédé: le dispositif d'octroi d'authentification octroie un premier certificat au premier dispositif lorsque le premier dispositif rejoint le réseau et/ou à un instant ultérieur, lequel premier certificat comprend une adresse physique correspondant à une adresse physique du premier dispositif, ledit premier certificat constituant la preuve que le premier dispositif est compris dans le réseau; le dispositif d'octroi d'authentification octroie un second certificat au second dispositif lorsque le dispositif rejoint le réseau et/ou à un instant ultérieur, lequel second certificat comprend une adresse physique correspondant à une adresse physique du second dispositif, ledit second certificat constituant la preuve que le second dispositif est compris dans le réseau; le premier dispositif demande l'authentification auprès du second dispositif, l'authentification comprenant au moins une attestation que le second dispositif est compris dans le réseau; et le second dispositif fournit l'attestation au premier dispositif, l'attestation comprenant au moins une partie du second certificat.
PCT/IL2006/000002 2005-03-30 2006-01-01 Solution de securite de reseautage domestique WO2006103646A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US66641805P 2005-03-30 2005-03-30
US60/666,418 2005-03-30

Publications (2)

Publication Number Publication Date
WO2006103646A2 true WO2006103646A2 (fr) 2006-10-05
WO2006103646A3 WO2006103646A3 (fr) 2006-11-30

Family

ID=37053771

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2006/000002 WO2006103646A2 (fr) 2005-03-30 2006-01-01 Solution de securite de reseautage domestique

Country Status (1)

Country Link
WO (1) WO2006103646A2 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101854626A (zh) * 2009-03-31 2010-10-06 兄弟工业株式会社 数据处理器、中继发射机、以及数据传送系统
US9237021B2 (en) 2013-03-15 2016-01-12 Hewlett Packard Enterprise Development Lp Certificate grant list at network device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030128695A1 (en) * 2002-01-04 2003-07-10 Samsung Electronics Co., Ltd. Home gateway for executing a function of a security protocol and a method thereof
US20040010687A1 (en) * 2002-06-11 2004-01-15 Yuichi Futa Content distributing system and data-communication controlling device
US6826690B1 (en) * 1999-11-08 2004-11-30 International Business Machines Corporation Using device certificates for automated authentication of communicating devices
US20040250077A1 (en) * 2003-06-04 2004-12-09 Samsung Electronics Co., Ltd. Method of establishing home domain through device authentication using smart card, and smart card for the same

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6826690B1 (en) * 1999-11-08 2004-11-30 International Business Machines Corporation Using device certificates for automated authentication of communicating devices
US20030128695A1 (en) * 2002-01-04 2003-07-10 Samsung Electronics Co., Ltd. Home gateway for executing a function of a security protocol and a method thereof
US20040010687A1 (en) * 2002-06-11 2004-01-15 Yuichi Futa Content distributing system and data-communication controlling device
US20040250077A1 (en) * 2003-06-04 2004-12-09 Samsung Electronics Co., Ltd. Method of establishing home domain through device authentication using smart card, and smart card for the same

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
'5C Digital Transmission Content Projection White Paper, Revision 1.0' HITACHI, LTD., INTEL CORPORATION, MATSUSHI ELECTRIC INDUSTRIAL CO., LTD., SONY CORPORATION, TOSHIBA CORPORATION 14 July 1998, pages 1 - 13, XP002134182 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101854626A (zh) * 2009-03-31 2010-10-06 兄弟工业株式会社 数据处理器、中继发射机、以及数据传送系统
US9237021B2 (en) 2013-03-15 2016-01-12 Hewlett Packard Enterprise Development Lp Certificate grant list at network device

Also Published As

Publication number Publication date
WO2006103646A3 (fr) 2006-11-30

Similar Documents

Publication Publication Date Title
US8230087B2 (en) Enforcing geographic constraints in content distribution
US8983071B2 (en) Key management method using hierarchical node topology, and method of registering and deregistering user using the same
US8321673B2 (en) Method and terminal for authenticating between DRM agents for moving RO
US7188245B2 (en) Contents transmission/reception scheme with function for limiting recipients
US20040139312A1 (en) Categorization of host security levels based on functionality implemented inside secure hardware
US7574602B2 (en) Information-processing device, information-processing method, and information-processing program product
US20060135209A1 (en) Wireless communication scheme with communication quality guarantee and copyright protection
KR20060043022A (ko) 정보 처리 방법, 및 정보 처리 장치, 및 컴퓨터 프로그램
US20070168293A1 (en) Method and apparatus for authorizing rights issuers in a content distribution system
US20050197965A1 (en) Information processing apparatus, information processing method, and computer program
US20070242821A1 (en) Method and apparatus for acquiring domain information and domain-related data
US20050204037A1 (en) Method and apparatus for content identification/control
JP2007528658A (ja) 改良されたドメインマネージャ及びドメイン装置
KR101452708B1 (ko) Ce 장치 관리 서버, ce 장치 관리 서버를 이용한drm 키 발급 방법, 및 그 방법을 실행하기 위한프로그램 기록매체
CN101467156A (zh) 对授权域的改进的访问
WO2009088758A1 (fr) Procédé et appareil pour une protection de gestion des droits numériques pour un support amovible
US8918508B2 (en) Method for transferring resource and method for providing information
US20100161974A1 (en) Master terminal capable of registering and managing terminals of personal use scope, and method and system using the same
WO2006083141A1 (fr) Procede de gestion de cles dans lequel est utilisee une topologie nodale hierarchisee, et procede d'enregistrement et de retrait d'enregistrement d'un utilisateur dans lequel est utilise ledit procede de gestion de cles
WO2006051494A1 (fr) Amelioration de revocation dans domaine autorise
JP2004048493A (ja) 送信装置、受信装置及び無線基地局
WO2006103646A2 (fr) Solution de securite de reseautage domestique
JP2006099415A (ja) コンテンツ配信システム、コンテンツ配信方法、機器認証サーバおよび機器認証サーバの制御方法
KR20080022490A (ko) 디바이스 인증 방법, 시스템 및 서비스 제공 방법
US20020023222A1 (en) Method and arrangement for managing data transmission in a data network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

NENP Non-entry into the national phase in:

Ref country code: RU

WWW Wipo information: withdrawn in national office

Country of ref document: RU

122 Ep: pct application non-entry in european phase

Ref document number: 06700862

Country of ref document: EP

Kind code of ref document: A2

WWW Wipo information: withdrawn in national office

Ref document number: 6700862

Country of ref document: EP