WO2006103646A2 - Solution de securite de reseautage domestique - Google Patents
Solution de securite de reseautage domestique Download PDFInfo
- Publication number
- WO2006103646A2 WO2006103646A2 PCT/IL2006/000002 IL2006000002W WO2006103646A2 WO 2006103646 A2 WO2006103646 A2 WO 2006103646A2 IL 2006000002 W IL2006000002 W IL 2006000002W WO 2006103646 A2 WO2006103646 A2 WO 2006103646A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- network
- certificate
- authentication
- home
- physical address
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/283—Processing of data at an internetworking point of a home automation network
- H04L12/2834—Switching of information between an external network and a home network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/603—Digital right managament [DRM]
Definitions
- the present invention relates to home networking technology, and more specifically, to ways of ensuring that a device is legitimately a member of a home network.
- a Media Access Control address is a unique identifier attached to most forms of networking equipment. MAC addresses are permanently attached to a device, and are often referred to as "burned-in addresses”. Although technically MAC addresses are used specifically in network hardware and EUI-48 (48 bit Extended Unique Identifier) addresses are used to identify other hardware and devices, the two types of address are syntactically indistinguishable. MAC addresses are often referred to as "physical addresses”.
- X.509 is a well known standard for public key infrastructure. X.509 specifies, among other things, standard formats for public key certificates and a certification path validation algorithm.
- X.509 v3 certificate and X.509 v2 Certificate Revocation List (CRL) for use in the Internet are specified in RFC 3280.
- Paragraph 4.2 of IETF RFC 3280 specifies extensions to X.509 v3 certificates.
- European Patent EP 1326365 to Samsung Electronics Co., Ltd. describes a communication gateway and method that is able to execute a function of a security protocol for home devices that lack the ability to process a security protocol.
- the communication connecting apparatus comprises a protocol detector for detecting a key exchange protocol in a packet received from an external device, a list storage unit for storing a list of devices for executing a certification procedure, and an agent unit for executing a certification procedure by transmitting a certification signal to the external device when a device corresponding to the key exchange unit exists in a device list.
- European Patent Application EP 1519258 of Electronics Co., Ltd. describes a method of establishing a home domain capable of reproducing multimedia content, and a smart card therefor.
- the method includes creating a domain certificate for a reproducing device by inserting the smart card into the reproducing device, creating a session key by inserting the smart card into a home server, and verifying the domain certificate of the reproducing device and transmitting the created session key to the reproducing device if the device is a legitimate device.
- the method includes using an external certificate authority to determine whether the reproducing device is a legitimate device.
- the smart card includes a certificate- creating module for creating a domain certificate for a reproducing device when the smart card is inserted into the reproducing device, a session key-creating module for creating a session key when the smart card is inserted into the home server, and a certificate- verifying module for verifying the domain certificate of the reproducing device before transmission of the created session key to the reproducing device.
- PCT Patent Application WO 01/22661 of Thomson Multimedia describes a method for registering a device in a wireless network comprising a central access point.
- the method comprises the steps of: sending an identification code from the device to the access point; checking by said access point whether the received identification code corresponds to the identification code sent by said device and if such checking is positive, sending an authentication key from said access point to said device; storage of said authentication key by said device for use in authentication procedures between said device and said access point.
- a receiving apparatus comprising a receiving unit which receives a contents signal from a broadcast station in accordance with the result of authentication processing executed with the broadcast station, a registration unit which executes communication with an external communication device, and sets and registers an ID in a range of a predetermined number, and a communication unit which executes authentication processing with an external device using the ID and transmits the contents of the contents signal to the external device in accordance with the result of the authentication.
- a communication apparatus connected to the receiving apparatus through a network in a home is managed using a family ID thereby to protect the copyright of the contents of a fee-charging broadcast service or the like.
- the home device authentication system includes one or more home devices each having device information including coding information for authentication and information on a service provider providing authentication services; and a home gateway including decoding information corresponding to the coding information of the home devices, and for authenticating the home devices by using the decoding information.
- US Patent 6,856,800 to Henry, et al. describes a fast authentication and access control method of authenticating a network access device to a communications network having an access point communicating with a remote authentication server for the network access device.
- the method includes the step of receiving an access request having an authentication credential from the network access device at the access point.
- the authentication credential includes a security certificate having a public key for the network access device and an expiration time.
- the security certificate is signed with a private key for the remote authentication server.
- the access point locally validates the authentication credential by accessing the public key of the remote authentication server from a local database, and checking the signature and expiration time of the security certificate.
- the access point grants the network access device conditional access to the network by sending an access granted message to the network access device.
- the access granted message includes a session key encrypted with a public key for the network access device.
- the session key is stored in a database associated with the access point.
- the access point contacts the remote authentication server to check a revocation status of the security certificate for the network access device. If the access point receives a message from the remote authentication server that the authentication credential for the network access device has been revoked, it suspends network access for the network access device.
- the present invention in preferred embodiments thereof, seeks to provide an improved method and system for ensuring that a device is certified by a network operator as being part of a home network.
- a network comprising an authentication granting unit, a first device, and a second device
- the authentication granting unit granting a first certificate to the first device at at least one of when the first device joins the network, and at a later time, the first certificate including a physical address corresponding to a physical address of the first device, the first certificate representing proof that the first device is included in the network
- the authentication granting unit granting a second certificate to the second device at at least one of when the second device joins the network, and at a later time
- the second certificate including a physical address corresponding to a physical address of the second device, the second certificate representing proof that the second device is included in the network
- the first device requesting authentication from the second device
- the authentication including at least a certification that the second device is included in the network
- the second device providing the certification to the first device, the certification including at least a portion of the second certificate.
- the first certificate and the second certificate each further includes a network ID.
- the network ID is unique to the network.
- the first certificate and the second certificate each includes an X.509 certificate.
- the network is a home network.
- the first device also includes an authentication granting unit. Still further in accordance with a preferred embodiment of the present invention content is transferred between the first device and the second device only after the second device has provided the first device with the certification that the second device is included in the network.
- the first device is additionally connected to a second network.
- the second device is additionally connected to a second network.
- the second network includes the Internet. Still further in accordance with a preferred embodiment of the present invention at least on of the first certificate and the second certificate are cached at a network switch / hub.
- the content includes a digital rights management (DRM) descriptor.
- DRM digital rights management
- the DRM descriptor includes one of the following restrictions / limitations no transfer at all, even within the home network, free transfer within the home network , and no transfer outside of the home network, and free transfer both inside and outside the home network. Further in accordance with a preferred embodiment of the present invention and wherein the content is only transferred between the first device and the second device if in accordance with the DRM descriptor.
- a network including an authentication granting unit, a first device, and a second device, the authentication granting device operative to grant a first certificate to the first device at at least one of when the first device joins the network, and at a later time, the first certificate including a physical address corresponding to a physical address of the first device, the first certificate representing proof that the first device is included in the network, the authentication granting device operative to grant a second certificate to the second device at at least one of when the second device joins the network, and at a later time, the second certificate including a physical address corresponding to a physical address of the second device, the second certificate representing proof that the second device is included in the network, the first device operative to request authentication from the second device, the authentication including at least a certification that the second device is included in the network, and the second device operative to provide the certification to the first device, the certification including at least a portion of the second certificate.
- FIG. 1 is a simplified block diagram illustration of an exemplary home entertainment network constructed and operative in accordance with a preferred embodiment of the present invention
- Fig. 2 is a simplified partly pictorial, partly block diagram illustration of the home entertainment network of Fig. 1, after an unauthorized device has been added;
- Fig. 3 is a simplified partly pictorial, partly block diagram illustration of the home entertainment network of Fig. 1 , depicting an exemplary network operation;
- Fig. 4 is a simplified partly pictorial, partly block diagram illustration of the home entertainment network of Fig. 1 , depicting an exemplary invalid network operation;
- Fig. 5 is a simplified flow chart of a preferred method of operation of the present invention according to the preferred embodiment described with reference to Figs. 2 - 4.
- the following Appendix may be helpful in understanding certain preferred embodiments of the present invention:
- Appendix A is a basic syntax for X.509 v3 certificates, as per RFC 3280.
- Fig. I 5 is a simplified block diagram illustration of an exemplary home entertainment network 100 constructed and operative in accordance with a preferred embodiment of the present invention.
- Fig. 1 is depicted in a typical so-called star architecture.
- the system and method of the present invention does not depend on network architecture, and thus, any appropriate network architecture may be used in conjunction with the present invention.
- the exemplary home network depicted in Fig. 1 comprises various devices which are used for home entertainment. Specifically, the network in Fig.
- the home network 100 comprises a set top box 110, a personal video recorder (PVR) 120, a digital versatile disk (DVD) device 130, ahome computer 140, a portable device 150, a video player 160, and digital music system 170.
- the home network 100 may comprise any or all of these devices, may comprise other appropriate devices, and may comprise multiple devices of the same kind.
- the home network may comprise a set top box, two PVRs, two computers and four digital music systems.
- the home network further comprises a home network switch / hub 180.
- Digital content may be passed around freely between appropriate devices. For example, and without limiting the generality of the foregoing, a movie viewed on the set top box 110 may be transferred to storage on the PVR 120, thereby ensuring that a digital quality copy of the movie is stored.
- a broadcaster or owner of the content may, however, want to ensure that revenue for viewing the movie continues, and thus the broadcaster or owner of the content may wish to control rights over the content.
- the content owner may wish to allow copying the content to any device in a subscriber' s home network 100, but not to a device outside of the subscriber's home network.
- Each authorized device on the network receives a digital certificate from a certificate authority.
- the certificate certifies the device as a member of a particular home network.
- a device which comprises a certificate identifying the device as part of a particular network may transfer content to a second device also comprising a certificate identifying the device as part of the same particular network.
- Appendix A is a basic syntax for X.509 v3 certificates, as per RFC 3280.
- the certificate identifying the device as part of the particular network would either be an X.509 compliant certificate, or a proprietary certificate which comprises the same relevant information as an X.509 compliant certificate.
- X.509 v3 allows for extensions to certificates (refer to paragraph 4.2 of RFC 3280).
- the extensions defined for X.509 v3 certificates provide methods for associating additional attributes with users or public keys and for managing a certification hierarchy.
- the X.509 v3 certificate format also allows communities to define private extensions to carry information unique to those communities.
- the present invention in preferred embodiment thereof, requires that at least two extensions be added to the X.509 v3 certificate. Any certificate lacking the two extensions would be invalid, and thus, a device comprising a certificate lacking the two extensions would not be accepted as a valid member of the home network.
- a first extension comprises a home network identifier, which is an identifier for each network administered by the broadcaster or content owner. The home network identifier distinguishes between different home networks. Thus, for example, the Smith family home network with its home network identifier is distinguished from the Jones family network with its different home network identifier.
- the home network identifier may preferably be either unique, where one identifier uniquely identifies a specific network s or not unique. If the network is not unique, the identifier can preferably be used as at least part of a method to identify a second device with which a first device may preferably perform certain network actions, as described below. For example, and without limiting the generality of the foregoing, if the network identifier of two devices comprise the same three most significant bits, then the first and second devices may perform certain network actions as described below.
- a second extension comprises a device physical address.
- a device in order to function as a member of a network, where layer two networking protocols are effected, a device must have a protocol compliant address. Level two addresses are frequently referred to as Media Access Control (MAC) addresses.
- MAC addresses are typically unique addresses which are burned into hardware comprised in a device. Thus, for example, a network enabled music system 170 will typically comprise a unique MAC address. Since MAC addresses are generally associated with hardware comprised in the device, and cannot be changed without physically changing the hardware, MAC addresses are also referred to as physical addresses. Those skilled in the art will appreciate that any other appropriate physical address may comprise the second extension.
- references to X.509 v3 certificates are by way of example only.
- a proprietary certificate format may be used instead of the X.509 v3 certificate format.
- the device will preferably be required to provide its physical address to home networking software.
- the home networking software preferably only allows certain networking operations if communicating devices are part of the same home network. Proof that the communicating devices are part of the same home network is preferably adduced by the presence of the certificate described above.
- Typical operations subject to limitation by the home networking software include, but are not limited to content transfer or entitlement transfer. Those skilled in the art will appreciate that the transfer of the content or the transfer of the entitlement may preferably be performed either as a push transfer or as a pull transfer.
- Each content provider or broadcaster preferably provides an appropriate list of restricted actions to home networking software of its subscriber base.
- a networked device preferably may comprise more than one certificate. For example, and without limiting the generality of the foregoing, the network owner may opt to bring the PVR from his home to his vacation home. If the PVR has an appropriate certificate for both a network comprised in the home and a second network comprised in the vacation home, then network operations are allowed between the PVR 120 and other networked devices on both the home network and the vacation home network.
- Fig.2 is a simplified partly pictorial, partly block diagram illustration of the home entertainment network 100 of Fig. 1, after an unauthorized device 200 has been added.
- each authorized device on the network comprises a valid certificate 210, 220, 230, 240, 250, 260, 270, depicted as an illustration of a certificate.
- certain network operations between the unauthorized device and authorized devices on the network are prohibited.
- the prohibition of the certain network operations is depicted in Fig.2 with a "No" symbol - Q. For example, and without limiting the generality of the foregoing, transfer of content from the DVD 130 to the unauthorized device 200 would be prohibited.
- the home network switch / hub 180 preferably caches device certificates 210, 220, 230, 240, 250, 260, 270, rather than passing the certificates to the devices 120, 130, 140, 150, 160, 170 (Fig. 1).
- Fig.3 is a simplified partly pictorial, partly block diagram illustration of the home entertainment network 100 of Fig. 1, depicting an exemplary valid network operation 300.
- the exemplary valid network operation depicts a transfer of content or an entitlement from the PVR 120 to the DVD 130. Because the transfer occurs between devices both comprising the valid certificate 220, 230, the transfer of the content or entitlement is permitted.
- Fig.4 is a simplified partly pictorial, partly block diagram illustration of the home entertainment network 100 of Fig. 1, depicting an exemplary invalid network operation 400.
- the exemplary invalid network operation 400 depicts a transfer of content or an entitlement from the PVR 120 to the unauthorized device 200. Because the transfer occurs between a device comprising the valid certificate 220 and a device 200 not comprising the valid certificate, the transfer of the content or entitlement is not permitted. The prohibition of the transfer is depicted in Fig. 4 with the "No" symbol - 0.
- Prohibiting the transfer between the device comprising the valid certificate 220 and the device 200 not comprising the valid certificate may preferably be enforced by at least one of the following: the device comprising the valid certificate 220; and the home network switch / hub 180.
- a combination of the device comprising the valid certificate 220 and the home network switch / hub 180 may prevent the transfer between the device comprising the valid certificate 220 and the device 200 not comprising the valid certificate.
- the broadcaster or content owner preferably maintains two databases.
- a first database preferably comprises information about the home networks, including the home network identifier mentioned above.
- a second database comprises device type, serial number, and physical address.
- the network owner who wishes to add a device to his home network would preferably provide the broadcaster or content owner the device type and serial number.
- the network owner would issue the certificate with the first and second additional fields described above, comprising the home network identifier and the device physical address.
- Methods known in the art for delivering digital certificates to devices are preferably employed to deliver the certificate to the device.
- content may preferably comprise a copy security policy.
- content may comprise a digital rights management (DRM) descriptor, as is well known in the art.
- DRM digital rights management
- the DRM descriptor preferably specifies any restrictions and / or limitations for the content, with respect to the home network 100.
- the DRM descriptor may comprise one of the following restrictions / limitations: no transfer at all, even within the home network 100; free transfer within the home network 100, and no transfer outside of the home network 100; and free transfer both inside and outside the home network 100.
- the home networking software preferably is additionally operative to enforce the copy security policy as defined in the DRM descriptor.
- Fig. 5 is a simplified flow chart of a preferred method of operation of the present invention according to the preferred embodiment described with reference to Figs.2 - 4.
- the method of Fig. 5 is believed to be self explanatory with reference to the above discussion. It is appreciated that various features of the invention which are, for clarity, described in the contexts of separate embodiments may also be provided in combination in a single embodiment. Conversely, various features of the invention which are, for brevity, described in the context of a single embodiment may also be provided separately or in any suitable subcombination.
- the X.509 v3 certificate basic syntax is as follows.
- the data that is to be signed is encoded using the ASN.1 distinguished encoding rules (DER) [X.690] .
- ASN.1 DER encoding is a tag, length, value encoding system for each element.
- Certificate SEQUENCE ⁇ tbsCertificate TB S Certificate, signatureAlgorithm Algorithmldentifier, signatureValue BIT STRING ⁇
- TBSCertificate SEQUENCE ⁇ version [0] EXPLICIT Version DEFAULT vl, serialNumber Certificates erialNumber, signature Algorithmldentifier, issuer Name, validity Validity, subject Name, subj ectPublicKeylnfo Subj ectPublicKeylnfo, issuerUniquelD [1] IMPLICIT Uniqueldentifier OPTIONAL,
- version MUST be v2 or v3 subjectUniquelD [2] IMPLICIT Uniqueldentifier OPTIONAL, ⁇ If present, version MUST be v2 or v3 extensions [3] EXPLICIT Extensions OPTIONAL ⁇ If present, version MUST be v3
- Subj ectPublicKeylnfo SEQUENCE ⁇ algorithm Algorithmldentifier, subjectPublicKey BIT STRING ⁇
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
La présente invention concerne un procédé d'authentification d'un dispositif dans un réseau, lequel procédé consiste à utiliser un réseau, ledit réseau comprenant une unité d'octroi d'authentification, un premier dispositif et un second dispositif. Selon ce procédé: le dispositif d'octroi d'authentification octroie un premier certificat au premier dispositif lorsque le premier dispositif rejoint le réseau et/ou à un instant ultérieur, lequel premier certificat comprend une adresse physique correspondant à une adresse physique du premier dispositif, ledit premier certificat constituant la preuve que le premier dispositif est compris dans le réseau; le dispositif d'octroi d'authentification octroie un second certificat au second dispositif lorsque le dispositif rejoint le réseau et/ou à un instant ultérieur, lequel second certificat comprend une adresse physique correspondant à une adresse physique du second dispositif, ledit second certificat constituant la preuve que le second dispositif est compris dans le réseau; le premier dispositif demande l'authentification auprès du second dispositif, l'authentification comprenant au moins une attestation que le second dispositif est compris dans le réseau; et le second dispositif fournit l'attestation au premier dispositif, l'attestation comprenant au moins une partie du second certificat.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US66641805P | 2005-03-30 | 2005-03-30 | |
US60/666,418 | 2005-03-30 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2006103646A2 true WO2006103646A2 (fr) | 2006-10-05 |
WO2006103646A3 WO2006103646A3 (fr) | 2006-11-30 |
Family
ID=37053771
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IL2006/000002 WO2006103646A2 (fr) | 2005-03-30 | 2006-01-01 | Solution de securite de reseautage domestique |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2006103646A2 (fr) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101854626A (zh) * | 2009-03-31 | 2010-10-06 | 兄弟工业株式会社 | 数据处理器、中继发射机、以及数据传送系统 |
US9237021B2 (en) | 2013-03-15 | 2016-01-12 | Hewlett Packard Enterprise Development Lp | Certificate grant list at network device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030128695A1 (en) * | 2002-01-04 | 2003-07-10 | Samsung Electronics Co., Ltd. | Home gateway for executing a function of a security protocol and a method thereof |
US20040010687A1 (en) * | 2002-06-11 | 2004-01-15 | Yuichi Futa | Content distributing system and data-communication controlling device |
US6826690B1 (en) * | 1999-11-08 | 2004-11-30 | International Business Machines Corporation | Using device certificates for automated authentication of communicating devices |
US20040250077A1 (en) * | 2003-06-04 | 2004-12-09 | Samsung Electronics Co., Ltd. | Method of establishing home domain through device authentication using smart card, and smart card for the same |
-
2006
- 2006-01-01 WO PCT/IL2006/000002 patent/WO2006103646A2/fr not_active Application Discontinuation
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6826690B1 (en) * | 1999-11-08 | 2004-11-30 | International Business Machines Corporation | Using device certificates for automated authentication of communicating devices |
US20030128695A1 (en) * | 2002-01-04 | 2003-07-10 | Samsung Electronics Co., Ltd. | Home gateway for executing a function of a security protocol and a method thereof |
US20040010687A1 (en) * | 2002-06-11 | 2004-01-15 | Yuichi Futa | Content distributing system and data-communication controlling device |
US20040250077A1 (en) * | 2003-06-04 | 2004-12-09 | Samsung Electronics Co., Ltd. | Method of establishing home domain through device authentication using smart card, and smart card for the same |
Non-Patent Citations (1)
Title |
---|
'5C Digital Transmission Content Projection White Paper, Revision 1.0' HITACHI, LTD., INTEL CORPORATION, MATSUSHI ELECTRIC INDUSTRIAL CO., LTD., SONY CORPORATION, TOSHIBA CORPORATION 14 July 1998, pages 1 - 13, XP002134182 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101854626A (zh) * | 2009-03-31 | 2010-10-06 | 兄弟工业株式会社 | 数据处理器、中继发射机、以及数据传送系统 |
US9237021B2 (en) | 2013-03-15 | 2016-01-12 | Hewlett Packard Enterprise Development Lp | Certificate grant list at network device |
Also Published As
Publication number | Publication date |
---|---|
WO2006103646A3 (fr) | 2006-11-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8230087B2 (en) | Enforcing geographic constraints in content distribution | |
US8983071B2 (en) | Key management method using hierarchical node topology, and method of registering and deregistering user using the same | |
US8321673B2 (en) | Method and terminal for authenticating between DRM agents for moving RO | |
US7188245B2 (en) | Contents transmission/reception scheme with function for limiting recipients | |
US20040139312A1 (en) | Categorization of host security levels based on functionality implemented inside secure hardware | |
US7574602B2 (en) | Information-processing device, information-processing method, and information-processing program product | |
US20060135209A1 (en) | Wireless communication scheme with communication quality guarantee and copyright protection | |
KR20060043022A (ko) | 정보 처리 방법, 및 정보 처리 장치, 및 컴퓨터 프로그램 | |
US20070168293A1 (en) | Method and apparatus for authorizing rights issuers in a content distribution system | |
US20050197965A1 (en) | Information processing apparatus, information processing method, and computer program | |
US20070242821A1 (en) | Method and apparatus for acquiring domain information and domain-related data | |
US20050204037A1 (en) | Method and apparatus for content identification/control | |
JP2007528658A (ja) | 改良されたドメインマネージャ及びドメイン装置 | |
KR101452708B1 (ko) | Ce 장치 관리 서버, ce 장치 관리 서버를 이용한drm 키 발급 방법, 및 그 방법을 실행하기 위한프로그램 기록매체 | |
CN101467156A (zh) | 对授权域的改进的访问 | |
WO2009088758A1 (fr) | Procédé et appareil pour une protection de gestion des droits numériques pour un support amovible | |
US8918508B2 (en) | Method for transferring resource and method for providing information | |
US20100161974A1 (en) | Master terminal capable of registering and managing terminals of personal use scope, and method and system using the same | |
WO2006083141A1 (fr) | Procede de gestion de cles dans lequel est utilisee une topologie nodale hierarchisee, et procede d'enregistrement et de retrait d'enregistrement d'un utilisateur dans lequel est utilise ledit procede de gestion de cles | |
WO2006051494A1 (fr) | Amelioration de revocation dans domaine autorise | |
JP2004048493A (ja) | 送信装置、受信装置及び無線基地局 | |
WO2006103646A2 (fr) | Solution de securite de reseautage domestique | |
JP2006099415A (ja) | コンテンツ配信システム、コンテンツ配信方法、機器認証サーバおよび機器認証サーバの制御方法 | |
KR20080022490A (ko) | 디바이스 인증 방법, 시스템 및 서비스 제공 방법 | |
US20020023222A1 (en) | Method and arrangement for managing data transmission in a data network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase in: |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
NENP | Non-entry into the national phase in: |
Ref country code: RU |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: RU |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 06700862 Country of ref document: EP Kind code of ref document: A2 |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 6700862 Country of ref document: EP |