WO2006115364A1 - Procede et appareil permettant de gerer un contenu numerique - Google Patents

Procede et appareil permettant de gerer un contenu numerique Download PDF

Info

Publication number
WO2006115364A1
WO2006115364A1 PCT/KR2006/001546 KR2006001546W WO2006115364A1 WO 2006115364 A1 WO2006115364 A1 WO 2006115364A1 KR 2006001546 W KR2006001546 W KR 2006001546W WO 2006115364 A1 WO2006115364 A1 WO 2006115364A1
Authority
WO
WIPO (PCT)
Prior art keywords
digital content
domain
key
decrypted
module
Prior art date
Application number
PCT/KR2006/001546
Other languages
English (en)
Inventor
Myung-Sun Kim
Young-Sun Yoon
Sun-Nam Lee
Bong-Seon Kim
Jae-Heung Lee
Sung-Hyu Han
Original Assignee
Samsung Electronics Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020050065669A external-priority patent/KR100708162B1/ko
Priority claimed from KR1020050128708A external-priority patent/KR100739779B1/ko
Application filed by Samsung Electronics Co., Ltd. filed Critical Samsung Electronics Co., Ltd.
Priority to EP06757524.1A priority Critical patent/EP1875378A4/fr
Priority to JP2008507561A priority patent/JP2009505448A/ja
Publication of WO2006115364A1 publication Critical patent/WO2006115364A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing

Definitions

  • Methods and apparatuses consistent with the present invention relate to managing digital content, and more particularly, to managing digital content to prevent the digital content from being further leaked when an encryption key of the digital content is leaked.
  • FIG 1 is a view for illustrating a method of managing digital content in a general domain
  • a domain X includes a device A, a device B, and a device C as domain members
  • a domain managing apparatus manages these devices A, B, and C.
  • the domain managing ap paratus encrypts the digital content C using a specific encryption key K and transmits encrypted digital content E(K, C) to the devices A, B, and C according to the requests of the devices A, B, and C
  • the devices A, B, and C previously receive a domain key from the domain managing apparatus.
  • the encryption key K used for encrypting the digital content C can be decrypted only by the domain key.
  • the domain key is identical to the encryption key
  • the digital content C can be shared among the members of the domain X
  • the device cannot decrypt the received E(K, C) because the device does not have the domain key.
  • the present invention provides a method and apparatus for managing digital content, which can detect the leakage of an encryption key when the encryption key used for encrypting the digital content is leaked
  • FIG. 1 is a view for illustrating a method of managing digital content in a general domain
  • FIG 2 is a flowchart schematically illustrating a method of managing digital content in a domain managing apparatus according to an exemplary embodiment of the present invention
  • FIG 3 is a flowchart illustrating in detail a method of managing digital contents in a domain managing apparatus according to an exemplary embodiment of the present invention
  • FIG 4 illustrates a configuration of a domain managing apparatus according to an exemplary embodiment of the present invention
  • FIG 5 is a flowchart illustrating an operation of a key leakage detecting module according to an exemplary embodiment of the present invention
  • FIG. 6 is a flowchart illustrating a process of detecting that a digital content encryption key has been leaked, according to an exemplary embodiment of the present invention
  • FIG. 7 is a flowchart illustrating a method of managing digital content according to another exemplary embodiment of the present invention.
  • FIG. 8 illustrates a configuration of a digital content managing apparatus according to another exemplary embodiment of the present invention.
  • a method of managing digital content including: determining whether encrypted digital content, which can be decrypted by a first domain key shared by devices which are members of a domain, has been decrypted by a device which is not a member of the domain; generating a second domain key if it is determined that the encrypted digital content has been decrypted by a device which is not a member of the domain; and providing the second domain key to the members of the domain.
  • a method of managing digital content shared in a domain including encrypting the digital content such that the digital content is decrypted only by a domain key shared by members of the domain; generating a module which determines whether the encrypted digital content has been decrypted by a device which is not a member of the domain and notifies the domain of the determined result; and linking the encrypted digital content with the module such that the module is automatically driven when the encrypted digital content is decrypted.
  • the method may further include generating another domain key when the module notifies that the encrypted digital content has been decrypted by a device which is not a member of the domain; and notifying the members of the domain of the generated domain key
  • a computer- readable medium having embodied thereon a computer program for performing the method of managing the digital content.
  • an apparatus for managing digital content shared in a domain including an encryption unit which encrypts the digital content such that the digital content is decrypted only by a domain key shared by members of the domain; a module generating unit which generates a module for determining whether the encrypted digital content has been decrypted by a device which is not a member of the domain and notifying the domain of the determined result; and a link unit which links the encrypted digital content with the module such that the module is automatically driven when the encrypted digital content is decrypted.
  • the apparatus may further include a domain key generating unit which generates another domain key when the module notifies that the encrypted digital content has been decrypted by a device which is not a member of the domain, and a notification unit which notifies the members of the domain of the generated domain key.
  • a method of managing digital content in a first device including encrypting the digital content using an encryption key corresponding to a unique decryption key of the first device; generating a module which determines whether the encrypted digital content has been decrypted by a second device and notifies the first device of the determined result; and linking the encrypted digital content with the module such that the module is automatically driven when the encrypted digital content is decrypted.
  • a computer- readable medium having embodied thereon a computer program for performing the method of managing the digital content.
  • an apparatus for managing digital content including an encryption unit which encrypts the digital content using an encryption key corresponding to a unique decryption key of a first device; a module generating unit which generates a module for determining whether the encrypted digital content has been decrypted by a second device and notifying the first device of the determined result, and a link unit which links the encrypted digital content with the module such that the module is automatically driven when the encrypted digital content is decrypted
  • a computer- readable medium having embodied thereon a computer program for performing a method of managing digital content encrypted using an encryption key corresponding to a domain key shared by members of a domain, the method including recognizing that the encrypted digital content is decrypted, determining whether a device, which decrypts the encrypted digital content, is a member of the domain using a predetermined characteristic value of using a predetermined characteristic value of the device; and notifying the domain that the domain key has been externally leaked, based on the determined result.
  • a computer- readable medium having embodied thereon a computer program for performing a method of managing digital content encrypted using an encryption key corresponding to a unique decryption key of a first device, the method including recognizing that the encrypted digital content is decrypted; determining whether a second device, which decrypts the encrypted digital content, corresponds to the first device using a predetermined characteristic value of each of the first and second devices; and notifying the first device that the domain key has been externally leaked, based on the determined result.
  • FIG. 2 is a flowchart schematically illustrating a method of managing digital content in a domain managing apparatus according to an exemplary embodiment of the present invention.
  • the domain managing apparatus when digital content is input to a domain, the domain managing apparatus according to the present exemplary embodiment encrypts the digital content using a domain key (operation 210).
  • the domain key is a symmetric key.
  • devices registered m the domain and having the domain key can decrypt the encrypted content.
  • the key leakage detecting module detects whether a device which decrypts the digital content is a member of the domain and notifies the domain managing apparatus of the detected result such that the domain managing apparatus can change the domain key if the domain key is leaked.
  • the key leakage detecting module will be described later.
  • the domain managing apparatus stores information linking the key leakage detecting module to the encrypted digital content (operation 230) such that the key leakage detecting module is automatically driven to determine whether a device which decrypts the digital content is a member of the domain when the encrypted digital content is decrypted.
  • FIG. 3 is a flowchart illustrating in detail a method of managing digital content in a domain managing apparatus according to an exemplary embodiment of the present invention.
  • the domain managing apparatus encrypts digital content C using an encryption key
  • DAV which can be decrypted only by a domain key (operation 310).
  • key leakage detecting data a and a key leakage detecting program b are generated (operation 320) and packaged to generate a key leakage detecting module y (operation 330).
  • the key leakage detecting data a includes information on the members of the domain and used for determining whether devices are members of the domain.
  • the key leakage detecting program b extracts a characteristic value d from a device which decrypts the digital content and determines whether the device is a member of the domain based on the key leakage detecting data a and the characteristic value d .
  • the key leakage detecting data a and the characteristic value d are not limited to specific data.
  • the key leakage detecting data a may be a set of public keys of devices registered in the domain and the characteristic value d may be a public key of a device which decrypts the content
  • the key leakage detecting program b determines whether the characteristic value d is included in the key leakage detecting data a .
  • the domain managing apparatus links the encrypted content x with the key leakage detecting module y (operation 340).
  • the encrypted content x is linked with the key leakage detecting module y in order to automatically drive the key leakage detecting module when the encrypted digital content is decrypted.
  • the encrypted content x and the key leakage detecting module y are then packaged to generate g (operation 350) which is then distributed to the members of the domain (operation 360).
  • g is generated by packaging the encrypted content x and the key leakage detecting module y and g is distributed to the domain
  • the encrypted content x does not necessarily need to be packaged and distributed with the key leakage detecting module y. Since the encrypted content x is already linked with the key leakage detecting module y, only the encrypted content x may be distributed without the key leakage detecting module y since the key leakage detecting module y is driven when the digital content is decrypted.
  • FIG 4 illustrates a configuration of a domain managing apparatus 400 according to an exemplary embodiment of the present invention.
  • the domain managing apparatus 400 includes a transmission/reception unit 410, an encryption unit 420, a module generating unit 430, an information generating unit 440, an information updating unit 450, a database 460, a link unit 470, a domain key generating unit 480, and a notification unit 490
  • the transmission/reception unit 410 is a communication interface for allowing the domain managing apparatus 400 to transmit data to and receive data from an external device.
  • the encryption unit 420 encrypts digital content using an encryption key corresponding to a domain key, when the digital content is received from the external device through the transmission/reception unit 410.
  • the module generating unit 430 generates a key leakage detecting module of the received digital content
  • the information generating unit 440 generates key leakage detecting data a which is information on devices registered in the domain, stores the key leakage detecting data a in the database 460, and provides the key leakage detecting data a to the module generating unit 430 for generating the key leakage detecting module.
  • the information updating unit 450 updates the key leakage detecting data a when one of the members of the domain is changed, that is, when a device is newly registered in the domain or a registered device is deleted from the domain.
  • the link unit 470 links the encrypted digital content with the key leakage detecting module, packages the encrypted digital content and the key leakage detecting module, and distributes the encrypted digital content and the key leakage detecting module to the members of the domain through the transmission/reception unit 410.
  • the key leakage detecting module of the distributed digital content When the key leakage detecting module of the distributed digital content operates and detects that the digital content is decrypted by a device which is not a valid member of the domain, the key leakage detecting module notifies the domain managing apparatus 400 that the encryption key has been leaked. In response, the domain key generating unit 480 discards the existing domain key and generates a new domain key, and the notification unit 490 notifies the members of the domain of the new domain key through the transmission/reception unit 410. In this case, the encryption unit 420 encrypts digital content which will be received later using an encryption key corresponding to the new domain key.
  • FIG. 5 is a flowchart illustrating an operation of a key leakage detecting module y according to an exemplary embodiment of the present invention
  • the key leakage detecting module y includes a key leakage detecting program b and key leakage detecting data a .
  • the key leakage detecting program b detects that linked digital content is decrypted (operation 510) and extracts a characteristic value d from a device which decrypts the digital content (operation 520)
  • the domain managing apparatus is notified that the encryption key is leaked (operation 550) Since the key leakage detecting module performs the above process, the domain managing apparatus 400 can be notified that the encryption key is leaked.
  • FIG. 6 is a flowchart illustrating a process of detecting that an encryption key DAV of digital content C has been leaked, according to an exemplary embodiment of the present invention.
  • a domain managing apparatus When the digital content C is input to a domain (operation 610), a domain managing apparatus generates data x obtained by encrypting the digital content C using the encryption key DAV corresponding to a domain key (operation 615). In response to a request of a device A registered in the domain, the domain managing apparatus transmits the data x to the device A (operation 620), and the device A then transmits the data x to a device B through any path (operation 630). Here, it is assumed that a device B is not registered in the same domain as that of the device A.
  • the device B must follow compliance rules of the DRM system in order to decrypt the digital content C. That is, if the device B has a DRM module in it, the device B has to check the module when it decrypts content. On the other hand, if there is no module in it, the device B will ask the domain managing apparatus according to the compliance rule
  • the key leakage module operates by using link information generated when the key leakage detecting module is linked with the data x (operations 640 and 645).
  • a key leakage detecting program b which detects that the digital content C has been decrypted, extracts a characteristic value d of the device B (operations 650 and 655), and determines whether the device B is a valid member of the domain using the key leakage detecting data a and the characteristic value d (operation 660). If it is determined that the device B is not a valid member of the domain (operation 670), the key leakage detecting program b notifies the domain managing apparatus of the determined result.
  • the domain managing apparatus which knows that the digital content C is decrypted by a device which is not a valid member of the domain, updates the domain key (operation 675) and notifies the device A of the updated domain key (operation 680). Accordingly, the domain managing apparatus encrypts digital content which will be distributed to the domain later using an encryption key corresponding to the updated domain key.
  • FIG. 7 is a flowchart illustrating a method of managing digital content according to another exemplary embodiment of the present invention.
  • a general digital content managing apparatus manages digital content which must not be decrypted by another device regardless of a domain.
  • the digital content managing apparatus encrypts digital content using a device key
  • the device key is a unique encryption key of an encryption device and is used for encrypting the digital content such that only the encryption device can decrypt the digital content.
  • the device key is a public key of the device.
  • the device key may be a symmetric key.
  • the key leakage detecting module includes key leakage detecting data and a key leakage detecting program, extracts a characteristic value of a device for decryption the encrypted content, and determines whether the device is an authorized device, i.e., a member of the domain.
  • the characteristic value of the device is not specified and may be, for example, a public key of the device.
  • the digital content managing apparatus has link information on the encrypted digital content (operation 730) such that the module is automatically driven to determine whether a device which decrypts the content is a member of the domain when the encrypted digital content is decrypted.
  • FIG. 8 illustrates a configuration of a digital content managing apparatus 800 according to another exemplary embodiment of the present invention.
  • the digital content managing apparatus 800 is an individual device which does not belong to a domain
  • the digital content managing apparatus 800 includes a transmission/reception unit 810, an encryption unit 820, a module generating unit 830, a key changing unit 840, and a link unit 850.
  • the transmission/reception unit 810 is a communication interface through which the digital content managing apparatus 800 transmits data to and receives data from an external device.
  • the encryption unit 820 encrypts digital content using a device key when the digital content is received from the external device through the transmission/ reception unit 810.
  • the module generating unit 830 generates a key leakage detecting module of the received digital content, and the link unit 850 links the encrypted digital content with the key leakage detecting module.
  • the key changing unit 840 discards the existing device key and generates a new device key.
  • the encryption unit 820 can encrypt digital content to be received later using the new device key.
  • the exemplary embodiments of the present invention can be written as computer programs and can be implemented in general-use digital computers that execute the programs using a computer readable recording medium.
  • Examples of the computer readable recording medium include magnetic storage media (e.g., ROM, floppy disks, hard disks, etc ), optical recording media (e g , CD-ROMs, or DVDs), and storage media such as carrier waves (e.g., transmission through the Internet).

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé et un appareil permettant de gérer un contenu numérique et pouvant détecter la fuite d'une clé de chiffrement quand ladite clé utilisée pour chiffrer le contenu numérique présente une fuite ou est craquelée. Quand le contenu numérique chiffré est déchiffré au moyen d'un dispositif illégal, un module lié au contenu numérique chiffré est automatiquement activé et un appareil de gestion de contenu numérique reçoit ensuite une notification indiquant que le contenu numérique chiffré a été déchiffré par le dispositif illégal, de manière que l'appareil de gestion de contenu numérique puisse changer la clé de chiffrement. Par conséquent, il est possible d'empêcher le contenu numérique de présenter une fuite de manière continue en raison de l'utilisation de la même clé de chiffrement pour le chiffrement de contenu numérique subséquent.
PCT/KR2006/001546 2005-04-25 2006-04-25 Procede et appareil permettant de gerer un contenu numerique WO2006115364A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP06757524.1A EP1875378A4 (fr) 2005-04-25 2006-04-25 Procede et appareil permettant de gerer un contenu numerique
JP2008507561A JP2009505448A (ja) 2005-04-25 2006-04-25 デジタルコンテンツの管理方法及びこのための装置

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
US67433305P 2005-04-25 2005-04-25
US60/674,333 2005-04-25
KR1020050065669A KR100708162B1 (ko) 2005-04-25 2005-07-20 도메인 관리 방법 및 그를 위한 장치
KR10-2005-0065669 2005-07-20
US73943905P 2005-11-25 2005-11-25
US60/739,439 2005-11-25
KR10-2005-0128708 2005-12-23
KR1020050128708A KR100739779B1 (ko) 2005-12-23 2005-12-23 디지털 컨텐츠의 관리 방법 및 이를 위한 장치

Publications (1)

Publication Number Publication Date
WO2006115364A1 true WO2006115364A1 (fr) 2006-11-02

Family

ID=37214965

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2006/001546 WO2006115364A1 (fr) 2005-04-25 2006-04-25 Procede et appareil permettant de gerer un contenu numerique

Country Status (2)

Country Link
EP (1) EP1875378A4 (fr)
WO (1) WO2006115364A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001095206A1 (fr) * 2000-06-02 2001-12-13 Matsushita Electric Industrial Company, Limited Support d'enregistrement, dispositif de gestion de licences et dispositif d'enregistrement et de lecture
WO2002086725A1 (fr) * 2001-04-18 2002-10-31 Motorola, Inc., A Corporation Of The State Of Delaware Systeme et procede de gestion securisee et appropriee d'un contenu electronique numerique
WO2004070612A1 (fr) * 2003-02-07 2004-08-19 Matsushita Electric Industrial Co., Ltd. Dispositif terminal et systeme de protection des donnees dans lequel il est utilise
WO2004077301A1 (fr) * 2003-02-28 2004-09-10 Matsushita Electric Industrial Co., Ltd. Dispositif de terminal, dispositif de serveur, systeme de distribution de licence utilisant ceux-ci
KR20050007830A (ko) * 2003-07-11 2005-01-21 삼성전자주식회사 기기간 컨텐츠 교환을 위한 도메인 인증 방법

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5825883A (en) * 1995-10-31 1998-10-20 Interval Systems, Inc. Method and apparatus that accounts for usage of digital applications
US7068789B2 (en) * 2001-09-19 2006-06-27 Microsoft Corporation Peer-to-peer name resolution protocol (PNRP) group security infrastructure and method
US7899187B2 (en) * 2002-11-27 2011-03-01 Motorola Mobility, Inc. Domain-based digital-rights management system with easy and secure device enrollment
KR20050119133A (ko) * 2003-03-21 2005-12-20 코닌클리케 필립스 일렉트로닉스 엔.브이. 허가 증명서들내의 사용자 신분 프라이버시

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001095206A1 (fr) * 2000-06-02 2001-12-13 Matsushita Electric Industrial Company, Limited Support d'enregistrement, dispositif de gestion de licences et dispositif d'enregistrement et de lecture
WO2002086725A1 (fr) * 2001-04-18 2002-10-31 Motorola, Inc., A Corporation Of The State Of Delaware Systeme et procede de gestion securisee et appropriee d'un contenu electronique numerique
WO2004070612A1 (fr) * 2003-02-07 2004-08-19 Matsushita Electric Industrial Co., Ltd. Dispositif terminal et systeme de protection des donnees dans lequel il est utilise
WO2004077301A1 (fr) * 2003-02-28 2004-09-10 Matsushita Electric Industrial Co., Ltd. Dispositif de terminal, dispositif de serveur, systeme de distribution de licence utilisant ceux-ci
KR20050007830A (ko) * 2003-07-11 2005-01-21 삼성전자주식회사 기기간 컨텐츠 교환을 위한 도메인 인증 방법

Also Published As

Publication number Publication date
EP1875378A4 (fr) 2014-12-10
EP1875378A1 (fr) 2008-01-09

Similar Documents

Publication Publication Date Title
US8161296B2 (en) Method and apparatus for managing digital content
CN100550005C (zh) 管理数字内容的方法和设备
KR100749867B1 (ko) 보안장치상에 암호화시스템을 보안가능하게 설치하는시스템 및 방법
US8639928B2 (en) System and method for mounting encrypted data based on availability of a key on a network
EP1985057B1 (fr) Procédé de transfert de droits numériques
US20080209231A1 (en) Contents Encryption Method, System and Method for Providing Contents Through Network Using the Encryption Method
EP3453135A2 (fr) Système et procédé de chiffrement et de déchiffrement sur la base d'une distribution de clés quantiques
US20070169203A1 (en) Method and apparatus for transmitting content to device which does not join domain
US7995766B2 (en) Group subordinate terminal, group managing terminal, server, key updating system, and key updating method therefor
CA2619161A1 (fr) Administration de cryptage de donnees dans un systeme informatique d'entreprise
US9172683B2 (en) Method and apparatus for key distribution with implicit offline authorization
US8538890B2 (en) Encrypting a unique cryptographic entity
CN101140610B (zh) 使用drm卡的内容解密方法
WO2008048712A2 (fr) Gestion des informations cryptographiques indépendante du dispositif
WO2018017168A2 (fr) Système et procédé de chiffrement et de déchiffrement sur la base d'une distribution de clés quantiques
US20070239617A1 (en) Method and apparatus for temporarily accessing content using temporary license
US8706635B2 (en) Use of licensed content without identification thereof
US9015077B2 (en) Method and apparatus for efficiently encrypting/decrypting digital content according to broadcast encryption scheme
WO2006115364A1 (fr) Procede et appareil permettant de gerer un contenu numerique
JP2002247021A (ja) アクセス制限付コンテンツ表示方法およびその装置
KR100739779B1 (ko) 디지털 컨텐츠의 관리 방법 및 이를 위한 장치
JP2008306685A (ja) セキュリティ情報設定システム、そのマスタ端末、一般端末、プログラム
KR101287367B1 (ko) Drm 시스템의 콘텐츠 공유방법
JP2009505448A (ja) デジタルコンテンツの管理方法及びこのための装置
KR100708133B1 (ko) 브로드캐스트 암호화 방식에 따라 효율적으로암호화/복호화하는 방법 및 장치

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200680013222.0

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application
ENP Entry into the national phase

Ref document number: 2008507561

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 2006757524

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 1808/MUMNP/2007

Country of ref document: IN

NENP Non-entry into the national phase

Ref country code: RU

WWP Wipo information: published in national office

Ref document number: 2006757524

Country of ref document: EP