WO2007026276A2 - Method and apparatus for authorizing to use a content - Google Patents
Method and apparatus for authorizing to use a content Download PDFInfo
- Publication number
- WO2007026276A2 WO2007026276A2 PCT/IB2006/052890 IB2006052890W WO2007026276A2 WO 2007026276 A2 WO2007026276 A2 WO 2007026276A2 IB 2006052890 W IB2006052890 W IB 2006052890W WO 2007026276 A2 WO2007026276 A2 WO 2007026276A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- content
- user
- short distance
- information
- authorizing
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000004891 communication Methods 0.000 claims abstract description 55
- 238000013475 authorization Methods 0.000 claims abstract description 35
- 230000008569 process Effects 0.000 abstract description 12
- 230000005540 biological transmission Effects 0.000 description 9
- 238000013459 approach Methods 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 5
- 239000003795 chemical substances by application Substances 0.000 description 4
- 239000003999 initiator Substances 0.000 description 3
- 230000001413 cellular effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000004438 eyesight Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 125000004122 cyclic group Chemical group 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
Definitions
- the present invention relates to a DMA (Digital Right Management) method and apparatus, and more particularly, to a method and apparatus for authorizing to use a content.
- DMA Digital Right Management
- the existing digital content right management adopts two types of basic approaches: for the first type, the digital content right management is performed by transmitting decryption key through secure transmission path; for the second type, the digital content right management is performed in a central controlled manner.
- the digital content is encrypted with predetermined encryption key; then, the encrypted digital content is distributed through common transmission path. And the decryption key corresponding to the predetermined encryption key is distributed to the user of the digital content through secure transmission path.
- a disadvantage of this approach is that both the provider and user of the digital content have to remember complex passwords, however, this kind of complex passwords are often difficult to be remembered and the operation is troublesome.
- Another disadvantage of this approach is that complex arrangement and high cost are required to setup a secure transmission path.
- the central controlled mechanism is such a digital content right management scheme that is provided to large enterprises (e.g. content provider).
- digital contents are provided in a central server, users or terminal equipments requesting to use the digital contents have to register via the digital content right management system, and all the requests for using the digital contents will be handled by a central server. All the usage rules of the digital content right are constituted and maintained by the administrator of the digital content right management system according to the demand of the digital content owner.
- an authorization domain system for example, the international patent application WO2004/038568, filed on Oct 15 th , 2003, by the same applicant of the present application, has disclosed a method and apparatus for authorizing to use contents.
- the entire contents of this patent application document are hereby incorporated as reference.
- the authorization of digital contents can only be performed through authorization domain digital right manage system.
- the constitution and maintenance of authorization domain digital right manage system are complex, and therefore, a high cost is needed.
- a further disadvantage of this approach is that a complex system is needed to determine the credible level of the authorized object (the authorized user or user's device of contents).
- the OMA Open Mobile Alliance
- DRAM agent digital content right management agent
- DRAM agent registered digital content right management agent
- DRAM agent users, or terminal equipments
- the present invention is an improvement with respect to the existing technical solutions.
- a content provider authorize, within a short distance of which the provider feels secure, the content to the device of the user, so as to implement a secure and convenient authorization process.
- One object of the present invention is to provide a method for authorizing to use a content, enabling a device of a content provider to authorize a device of a user to use the content, wherein both the device of the content provider and the device of the user are capable of performing short distance communication, comprising the steps of: establishing a short distance communication with the device of the user when the device of the content provider and the device of the user are located within a predetermined short distance; authorizing the device of the user to use the content within the predetermined short distance.
- the short distance communication is NFC (Near Field Communication), and the predetermined short distance is a distance within which the NFC is able to perform communication.
- the short distance authorization step comprises: acquiring means for acquiring an ID information of the device of the user; generating means for generating a corresponding right for using the content according to the ID information; and transmitting means for transmitting the right for using the content directly to the device of the user within the predetermined short distance.
- the present invention further provides an authorization apparatus for authorizing to use a content, enabling a device of a content provider to authorize a device of a user to use the content, wherein both the device of the content provider and the device of the user are capable of performing short distance communication, comprising: establishing means for establishing a short distance communication with the device of the user when the device of the content provider and the device of the user are located within a predetermined short distance; authorizing means for authorizing the device of the user to use the content within the predetermined short distance.
- a provider's device of a content fulfils the authorization for the device of the user, for example, within a scope that the content provider's eyesight can reach, such that the security of the authorization process is enhanced greatly.
- the content provider since the device of the user is located within a predetermined short distance scope, the content provider may in some extent have more knowledge about the reliability of the user and user' s device of the content.
- the authorization for the device of the user is performed directly by the device of the content provider without any intermediate, this reduces the complexity of the authorization process, and also enhances the security of the authorization process.
- Fig.l shows a schematic flow chart for authorizing to use an encrypted content according to an embodiment of the present invention
- Fig.2 shows a schematic block diagram of an apparatus for authorizing to use an encrypted content according to an embodiment of the present invention.
- Fig.l shows a schematic flow chart for authorizing to use an encrypted content according to an embodiment of the present invention.
- the authorization process is used for a provider's device of a content authorizing, within a short distance in Peer-to-Peer way, the device of the user to use the content, wherein the device of the content provider and the device of the user are capable of performing short distance communication.
- a content may be a document, a digital photograph, or a section of digital video recording.
- a content may be encrypted by means of various encryption methods. More suitably, a user's device ID of a content is used to encrypt the content. Of course, the content may also be unencrypted.
- the authorized device is a reliable device, which cannot play a content without acquiring a right for using the content.
- a content may be transmitted to the device of the user from a provider' s device of the content, and a content may also be stored in a certain server, of course, a content may also have been stored in the device of the user.
- a content may be performed in many existing ways.
- step SIlO establish a short distance communication
- a short distance communication with the device of the user is established when the device of the content provider and the device of the user are located within a predetermined distance.
- the predetermined value is a short distance within which the content provider could trust the user of the content or the device of the user.
- the predetermined value is within the scope that the content provider's eyesight could reach, thus, the content provider could get to know and trust the user of the content and the device of the user.
- the predetermined value is a distance within which Near Field Communication (NFC) is able to perform communication.
- NFC Near Field Communication
- both the device of the content provider and the device of the user are capable of performing NFC communication.
- the NFC is a short distance communication technology, which is developed on the basis of Contactless IC Card technology. It has inherent security and lower power consumption just due to the short distance communication. Operating when approached, without the necessity to establish a communication connection manually, makes it very suitable to use in consumption electronic product field.
- NFCIP Near Field Communication - Interface and Protocol -1 there defined two communication modes of NFC: Active Communication Mode and
- NFCIP-I device supports the transmission rate of 106kbps, 212kbps, and 424kbps.
- the active communication mode both an initiator device and a target device use the RF field generated by themselves to perform the communication.
- the active communication mode is a standard mode of peer-to-peer communication.
- the initiator device In the passive communication mode, the initiator device is responsible to generate the RF field, and the target device responds to the request from the initiator device in the RF field.
- the passive communication mode is an extended mode of peer-to-peer communication. In this mode, the target device does not generate a RF field so as to save power.
- the passive communication mode is compatible with ISO 14443A communication mode.
- the secure communication connection could be established as long as they are close to each other within a predetermined value, without other arrangements.
- Other short distance communication technologies such as IrDA (Infrared Data
- Bluetooth may also be used to establish a short distance communication, when the distance between a provider's device of a content and the device of the user is within a predetermined value of which the content provider feels secure.
- WIFI Wireless Fidelity, also referred to as 802.11b standard
- Zigbee Zigbee
- a request which demands to authorize a right for using the content, is sent to the device of the user.
- An example of the ID information of the device of the user is the ID number of the device of the user.
- the ID information may also be the ID number of the user of the content.
- the ID number of the device of the user is extracted from the reply of the device of the user.
- Step S120, S130, and S140 are used to acquire an ID information of a user's device of a content.
- acquiring an ID information of a user's device of a content could also be implemented by the following steps of: firstly, receiving a request, which demands to use the content and in which the ID information of the device of the user is contained, from the device of the user; then, extracting the ID information of the device of the user from the request.
- step S150 generate a corresponding right for using the content
- the generated right for using the content contains the ID number of the device of the user.
- the right for using the content may take the form of a right for using the content certificate of a content.
- Table 1 shows an example of the right for using the content certificate of a content.
- the key is a decryption key for the encrypted content.
- the decryption key for the content is the user' s device ID of the content.
- a right for using the content of a content could be set in a flexible manner.
- the right for using the content may be one or more of the following: a content could be used when a user's application device of the content coincides with a specific CPU type; the content could be used when a operation system of a user's application content of the content is in accordance with a specific type; the content could be used when a user of the content is at a specific IP address; a user of the content may use the content at a specific time, for example, a certain timing in a certain day, or a certain day in a certain week; a user of the content could use the content when the user belongs to a certain type, for example, sex, age, career, nationality, and so on of the user.
- the right for using the content of a content may also be one or more of the following: the time for viewing the content is limited; the given times for which the content could be viewed is limited; it is prescribed that the content cannot be copied; it is prescribed that the content cannot be saved; it is prescribed that the content cannot be edited; it is prescribed that only the video section or the audio section of the content can be used; and so on.
- the right for using the content comprises authorizing a set of subscriber equipments to use the content, wherein the set of subscriber equipments include the device of the user.
- all the other equipments of the set of subscriber equipments can acquire an authorization to use the content from the device of the user.
- step S 160 the right for using the content is encrypted.
- the right for using the content is encrypted, such that only the authorized user of the content can use the content according to the right for using the content, while other users cannot be authorized to use the content. Of course, it may be not necessary to encrypt the right for using the content.
- One right for using the content is encrypted with the ID number of the device of the user.
- the encryption process may be implemented by using One-Way Hash Algorithm such as MD (Message Digest), SHA (Secure Hash Algorithm), CRC (Cyclic Redundancy Check), and so on.
- MD Message Digest
- SHA Secure Hash Algorithm
- CRC Cyclic Redundancy Check
- Encrypting a right for using the content may also be performed by using a public key algorithm.
- the encryption algorithm may be implemented by large integer factorization system (RSA) algorithm, discrete logarithm system (DSA, ElGamal) algorithm, and elliptic curve discrete logarithm system (ECC) algorithm.
- RSA large integer factorization system
- DSA discrete logarithm system
- ECC elliptic curve discrete logarithm system
- the encrypted right for using the content is transmitted directly to the device of the user by a short distance communication device. Since the authorization process is performed within a predetermined short distance scope within which the provider of the content can feel reliable, the security of the authorization process can be enhanced greatly.
- the content provider may in some extent have more knowledge about the reliability of the user and user' s device of the content. Furthermore, since the authorization for the device of the user is performed directly by the device of the content provider without any intermediate, this reduces the complexity of the authorization process, and decreases the cost of devices and systems related during the authorization process.
- Fig.2 shows a schematic block diagram of an apparatus for authorizing to use an encrypted content according to an embodiment of the present invention.
- Authorization apparatus 200 is a part of a provider's device of the content.
- the device of the content provider may be a mobile electronic apparatus, such as cellular phone, PDA (Personal
- the authorization apparatus 200 is used for a provider's device of a content authorizing a device of the user content (not shown in the fig.) to use one content, wherein both the device of the content provider and the device of the user are capable of performing short distance communication, the apparatus 200 comprising: a short distance communication unit 210 and a short distance authorization unit 220.
- the short distance communication unit 210 is used to establish a short distance communication with the device of the user when the device of the content provider and the device of the user are located within a predetermined short distance.
- An example of the short distance communication unit 210 is NFC communication unit. Secure communication connection will be established as long as two devices provided with NFC communication unit approach to each other within a predetermined value, without any other arrangements.
- WiFI Wireless Fidelity, also referred to as 802.11b standard
- Zigbee unit may also be used to establish a short distance communication when the distance between a provider' s device of a content and the device of the user is within a predetermined value of which the content provider feel secure.
- the short distance authorization unit 220 is used to perform, within the predetermined short distance, the authorization of using the content for the device of the user.
- the short distance authorization unit 220 may comprise an acquisition unit 222, a generation unit 224, and a transmission unit 228.
- the short distance authorization unit 220 may also optionally comprise an encryption unit 226.
- the acquisition unit 222 is used to acquire an ID information of the device of the user.
- the acquisition unit may comprise a request transmitting unit 2221, for transmitting a request, which demands to authorize a right for using the content, to the device of the user; a request receiving unit 2222, for receiving a reply, in which the ID information of the device of the user is contained, from the device of the user; and an extracting unit 2223, for extracting the ID information of the device of the user from the reply.
- the acquisition unit 222 may also only comprises a request receiving unit 2222 and an extracting unit 2223. Wherein, the request receiving unit 2222 may also be used to receive a request, which demands to use the content and in which the ID information of the device of the user is contained, from the device of the user.
- the generation unit 224 is used to generate a corresponding right for using the content from the ID information.
- the generation unit 224 receives the ID information of a content user transmitted from the acquisition unit 222, and generates a corresponding right for using the content.
- the right for using the content may be a right for using the content certificate of a content, in which the ID information of the content user is contained.
- the encryption unit 226 is used to encrypt the right for using the content.
- the encryption unit 226 may also be used to encrypt the content.
- the transmission unit 228 is used to transmit the right for using the content directly to the device of the user within the predetermined short distance.
- Transmission unit 228 transmits a transmission control signal, so as to transmit, via the short distance communication unit 210, the right for using the content of the encrypted content from the encryption unit 226 to the device of the user.
- An application scene is that: while a number of companies are in conference, the representatives of two companies need to exchange some very confidential files. Since the provider and user of the files are in the same conference room, the mutual trust has been setup between them. Meanwhile, the provider of files can catch sight of the user's device of the files, such as computer, cellular phone, PDS, and so on, such that the provider can determine whether the user's device of the files is trusty.
- the provider of files may use the authorization apparatus of the present invention to perform, in a short distance, the authorization of using the content for the user's device of the files, without being afraid that the files are captured by representatives of other companies.
- the provider of files can set the right for using the content to be read only, meanwhile, the files will be automatically destroyed when thirty minutes lapse after the files being opened.
- the provider of files can authorize, in a short distance, the user of the files to use the content, and the authorization process is secure and convenient in operation.
Abstract
The present invention relates to a DRM (Digital Right Management) method and apparatus, and particularly to a method and apparatus for authorizing to use a content. Provided is a method for authorizing to use a content, enabling a device of a content provider to authorize a device of a user to use the content, wherein both the device of the content provider and the device of the user are capable of performing short distance communication, comprising the steps of: establishing a short distance communication with the device of the user when the device of the content provider and the device of the user are located within a predetermined short distance; authorizing the device of the user to use the content within the predetermined short distance. According to the present invention, the authorization process is secure and convenient in operation.
Description
METHOD AND APPARATUS FOR AUTHORIZING TO USE A CONTENT
FIELD OF THE INVENTION
The present invention relates to a DMA (Digital Right Management) method and apparatus, and more particularly, to a method and apparatus for authorizing to use a content.
BACKGROUND OF THE INVENTION
The amount of digital contents becomes larger and larger along with the rapid development of the network and digital technologies. With the widespread distribution of the digital contents via electronic devices or internet, the digital contents owners wish that their intellectual property right for the digital contents should be protected while the contents are being distributed and used by users.
The existing digital content right management adopts two types of basic approaches: for the first type, the digital content right management is performed by transmitting decryption key through secure transmission path; for the second type, the digital content right management is performed in a central controlled manner.
In the first approach of the digital content right management, firstly the digital content is encrypted with predetermined encryption key; then, the encrypted digital content is distributed through common transmission path. And the decryption key corresponding to the predetermined encryption key is distributed to the user of the digital content through secure transmission path. A disadvantage of this approach is that both the provider and user of the digital content have to remember complex passwords, however, this kind of complex passwords are often difficult to be remembered and the operation is troublesome. Another disadvantage of this approach is that complex arrangement and high cost are required to setup a secure transmission path.
In the second approach of the digital content right management, the central controlled mechanism is such a digital content right management scheme that is provided to large enterprises (e.g. content provider). In such a scenario, digital contents are provided in a central server, users or terminal equipments requesting to use the digital contents have to register via the digital content right management system, and all the requests for using the
digital contents will be handled by a central server. All the usage rules of the digital content right are constituted and maintained by the administrator of the digital content right management system according to the demand of the digital content owner. At present, there are a number of technologies to implement an authorization domain system, for example, the international patent application WO2004/038568, filed on Oct 15th, 2003, by the same applicant of the present application, has disclosed a method and apparatus for authorizing to use contents. The entire contents of this patent application document are hereby incorporated as reference. In the digital content right management approaches, the authorization of digital contents can only be performed through authorization domain digital right manage system. The constitution and maintenance of authorization domain digital right manage system are complex, and therefore, a high cost is needed. A further disadvantage of this approach is that a complex system is needed to determine the credible level of the authorized object (the authorized user or user's device of contents).
The OMA (Open Mobile Alliance) also proposed a solution to enable the digital content protection. The OMA digital content right management system firstly must register users or terminal equipments requesting to use the digital contents through digital content right management agent (DRM agent), and the users can receive and use the right for using the content defined by the digital content owner through the authorized terminal equipments. In this solution, the registered digital content right management agent (DRAM agent), users, or terminal equipments must be included when the issuer of the digital content right defines the Right Object.
Along with the popularity of digital electronic devices and multimedia editing tools, more and more individuals and mid-and-small scale enterprises possess considerable amount of digital contents, and they would like to share the digital contents with their families, friends and commercial partners. Needless to say, they wish that the procedure to authorize their families, friends or commercial partner to use contents be safe. Furthermore, the procedure of share is simple and convenient, without the necessity of remembering complex keys, performing complex operation, and authorizing the others, through a central controlled authorization system, to use digital contents.
OBJECT AND SUMMARY OF THE INVENTION
The present invention is an improvement with respect to the existing technical
solutions. In the present invention, a content provider authorize, within a short distance of which the provider feels secure, the content to the device of the user, so as to implement a secure and convenient authorization process.
One object of the present invention is to provide a method for authorizing to use a content, enabling a device of a content provider to authorize a device of a user to use the content, wherein both the device of the content provider and the device of the user are capable of performing short distance communication, comprising the steps of: establishing a short distance communication with the device of the user when the device of the content provider and the device of the user are located within a predetermined short distance; authorizing the device of the user to use the content within the predetermined short distance.
According to an embodiment of the invention, the short distance communication is NFC (Near Field Communication), and the predetermined short distance is a distance within which the NFC is able to perform communication. According to another embodiment of the invention, the short distance authorization step comprises: acquiring means for acquiring an ID information of the device of the user; generating means for generating a corresponding right for using the content according to the ID information; and transmitting means for transmitting the right for using the content directly to the device of the user within the predetermined short distance.
The present invention further provides an authorization apparatus for authorizing to use a content, enabling a device of a content provider to authorize a device of a user to use the content, wherein both the device of the content provider and the device of the user are capable of performing short distance communication, comprising: establishing means for establishing a short distance communication with the device of the user when the device of the content provider and the device of the user are located within a predetermined short distance; authorizing means for authorizing the device of the user to use the content within the predetermined short distance.
According to the present invention, it is within a predetermined short distance that a provider's device of a content fulfils the authorization for the device of the user, for example, within a scope that the content provider's eyesight can reach, such that the security of the authorization process is enhanced greatly. Meanwhile, since the device of
the user is located within a predetermined short distance scope, the content provider may in some extent have more knowledge about the reliability of the user and user' s device of the content.
Furthermore, according to the present invention, since the authorization for the device of the user is performed directly by the device of the content provider without any intermediate, this reduces the complexity of the authorization process, and also enhances the security of the authorization process.
Other objects and advantages of the present invention will be apparent and the present invention will be more fully understood from the following description taken in conjunction with the accompanying drawings and the appended claims.
BRIEF DESCRIPTION OF THE DRAWINGS
The present invention and related advantages thereof will be further elaborated by means of the following exemplary embodiments and the appended drawings, wherein: Fig.l shows a schematic flow chart for authorizing to use an encrypted content according to an embodiment of the present invention;
Fig.2 shows a schematic block diagram of an apparatus for authorizing to use an encrypted content according to an embodiment of the present invention.
Throughout the drawings, the same or similar elements are denoted by the same reference numerals.
DETAILED DESCRIPTION OF THE INVENTION
Fig.l shows a schematic flow chart for authorizing to use an encrypted content according to an embodiment of the present invention. The authorization process is used for a provider's device of a content authorizing, within a short distance in Peer-to-Peer way, the device of the user to use the content, wherein the device of the content provider and the device of the user are capable of performing short distance communication.
A content may be a document, a digital photograph, or a section of digital video recording. A content may be encrypted by means of various encryption methods. More suitably, a user's device ID of a content is used to encrypt the content.
Of course, the content may also be unencrypted. For example, the authorized device is a reliable device, which cannot play a content without acquiring a right for using the content.
A content may be transmitted to the device of the user from a provider' s device of the content, and a content may also be stored in a certain server, of course, a content may also have been stored in the device of the user. As for how to acquire a content itself, it may be performed in many existing ways.
Firstly, establish a short distance communication (step SIlO).
A short distance communication with the device of the user is established when the device of the content provider and the device of the user are located within a predetermined distance. The predetermined value is a short distance within which the content provider could trust the user of the content or the device of the user. For example, the predetermined value is within the scope that the content provider's eyesight could reach, thus, the content provider could get to know and trust the user of the content and the device of the user.
Another example of the predetermined value is a distance within which Near Field Communication (NFC) is able to perform communication. Here, both the device of the content provider and the device of the user are capable of performing NFC communication. The NFC is a short distance communication technology, which is developed on the basis of Contactless IC Card technology. It has inherent security and lower power consumption just due to the short distance communication. Operating when approached, without the necessity to establish a communication connection manually, makes it very suitable to use in consumption electronic product field.
In the ECMA340 (NFCIP Near Field Communication - Interface and Protocol -1), there defined two communication modes of NFC: Active Communication Mode and
Passive Communication Mode. NFCIP-I device supports the transmission rate of 106kbps, 212kbps, and 424kbps.
In the active communication mode, both an initiator device and a target device use the RF field generated by themselves to perform the communication. The active communication mode is a standard mode of peer-to-peer communication.
In the passive communication mode, the initiator device is responsible to generate
the RF field, and the target device responds to the request from the initiator device in the RF field. The passive communication mode is an extended mode of peer-to-peer communication. In this mode, the target device does not generate a RF field so as to save power. The passive communication mode is compatible with ISO 14443A communication mode.
In order to establish an NFC connection between a provider's device of a content and the device of the user, the secure communication connection could be established as long as they are close to each other within a predetermined value, without other arrangements. Other short distance communication technologies, such as IrDA (Infrared Data
Association), Bluetooth, WIFI (Wireless Fidelity, also referred to as 802.11b standard), Zigbee, and so on, may also be used to establish a short distance communication, when the distance between a provider's device of a content and the device of the user is within a predetermined value of which the content provider feels secure. Secondly, send a request to the device of the user (step S 120).
A request, which demands to authorize a right for using the content, is sent to the device of the user.
Thirdly, receive a reply (step S130).
A reply, in which an ID information (identification information) of the device of the user is contained, is received from the device of the user. An example of the ID information of the device of the user is the ID number of the device of the user. The ID information may also be the ID number of the user of the content.
Then, extracted the ID information of the device of the user (step S 140).
The ID number of the device of the user is extracted from the reply of the device of the user.
Step S120, S130, and S140 are used to acquire an ID information of a user's device of a content. Similarly, acquiring an ID information of a user's device of a content could also be implemented by the following steps of: firstly, receiving a request, which demands to use the content and in which the ID information of the device of the user is contained, from the device of the user; then, extracting the ID information of the device of the user
from the request.
Next, generate a corresponding right for using the content (step S150).
The generated right for using the content contains the ID number of the device of the user. The right for using the content may take the form of a right for using the content certificate of a content. Table 1 shows an example of the right for using the content certificate of a content.
Content right for using the content certificate
ID number of a content
Key
ID number of a user' s device of a content
Right for using the content
Digital signature
Tablel
The key is a decryption key for the encrypted content. For example, when the content is encrypted with the user's device ID of the content, the decryption key for the content is the user' s device ID of the content.
A right for using the content of a content could be set in a flexible manner. The right for using the content may be one or more of the following: a content could be used when a user's application device of the content coincides with a specific CPU type; the content could be used when a operation system of a user's application content of the content is in accordance with a specific type; the content could be used when a user of the content is at a specific IP address; a user of the content may use the content at a specific time, for example, a certain timing in a certain day, or a certain day in a certain week; a user of the content could use the content when the user belongs to a certain type, for example, sex, age, career, nationality, and so on of the user.
The right for using the content of a content may also be one or more of the following: the time for viewing the content is limited; the given times for which the content could be viewed is limited; it is prescribed that the content cannot be copied; it is prescribed that the content cannot be saved; it is prescribed that the content cannot be edited; it is prescribed
that only the video section or the audio section of the content can be used; and so on.
The right for using the content comprises authorizing a set of subscriber equipments to use the content, wherein the set of subscriber equipments include the device of the user.
According to the right for using the content, after a user' s device of a content among the set of subscriber equipments is authorized, all the other equipments of the set of subscriber equipments can acquire an authorization to use the content from the device of the user.
Next, the right for using the content is encrypted (step S 160).
The right for using the content is encrypted, such that only the authorized user of the content can use the content according to the right for using the content, while other users cannot be authorized to use the content. Of course, it may be not necessary to encrypt the right for using the content.
One right for using the content is encrypted with the ID number of the device of the user. The encryption process may be implemented by using One-Way Hash Algorithm such as MD (Message Digest), SHA (Secure Hash Algorithm), CRC (Cyclic Redundancy Check), and so on.
Encrypting a right for using the content may also be performed by using a public key algorithm. The encryption algorithm may be implemented by large integer factorization system (RSA) algorithm, discrete logarithm system (DSA, ElGamal) algorithm, and elliptic curve discrete logarithm system (ECC) algorithm. Lastly, the right for using the content is transmitted directly to the device of the user
(step S 170).
The encrypted right for using the content is transmitted directly to the device of the user by a short distance communication device. Since the authorization process is performed within a predetermined short distance scope within which the provider of the content can feel reliable, the security of the authorization process can be enhanced greatly.
Meanwhile, since the device of the user is located within the predetermined short distance scope, for example, a scope within which NFC is capable of performing communication, generally several centimeters, the content provider may in some extent have more knowledge about the reliability of the user and user' s device of the content. Furthermore, since the authorization for the device of the user is performed directly by the device of the content provider without any intermediate, this reduces the complexity
of the authorization process, and decreases the cost of devices and systems related during the authorization process.
Fig.2 shows a schematic block diagram of an apparatus for authorizing to use an encrypted content according to an embodiment of the present invention. Authorization apparatus 200 is a part of a provider's device of the content. The device of the content provider may be a mobile electronic apparatus, such as cellular phone, PDA (Personal
Digital Assistant), MP3 player, lap top, and so on.
The authorization apparatus 200 according to the present invention is used for a provider's device of a content authorizing a device of the user content (not shown in the fig.) to use one content, wherein both the device of the content provider and the device of the user are capable of performing short distance communication, the apparatus 200 comprising: a short distance communication unit 210 and a short distance authorization unit 220.
The short distance communication unit 210 is used to establish a short distance communication with the device of the user when the device of the content provider and the device of the user are located within a predetermined short distance. An example of the short distance communication unit 210 is NFC communication unit. Secure communication connection will be established as long as two devices provided with NFC communication unit approach to each other within a predetermined value, without any other arrangements.
Other short distance communication unit, such as IrDA (Infrared Data Association) unit, Bluetooth unit, WIFI (Wireless Fidelity, also referred to as 802.11b standard) unit,
Zigbee unit, and so on, may also be used to establish a short distance communication when the distance between a provider' s device of a content and the device of the user is within a predetermined value of which the content provider feel secure.
The short distance authorization unit 220 is used to perform, within the predetermined short distance, the authorization of using the content for the device of the user. The short distance authorization unit 220 may comprise an acquisition unit 222, a generation unit 224, and a transmission unit 228. The short distance authorization unit 220 may also optionally comprise an encryption unit 226.
The acquisition unit 222 is used to acquire an ID information of the device of the user. The acquisition unit may comprise a request transmitting unit 2221, for transmitting a
request, which demands to authorize a right for using the content, to the device of the user; a request receiving unit 2222, for receiving a reply, in which the ID information of the device of the user is contained, from the device of the user; and an extracting unit 2223, for extracting the ID information of the device of the user from the reply. The acquisition unit 222 may also only comprises a request receiving unit 2222 and an extracting unit 2223. Wherein, the request receiving unit 2222 may also be used to receive a request, which demands to use the content and in which the ID information of the device of the user is contained, from the device of the user.
The generation unit 224 is used to generate a corresponding right for using the content from the ID information. The generation unit 224 receives the ID information of a content user transmitted from the acquisition unit 222, and generates a corresponding right for using the content. The right for using the content may be a right for using the content certificate of a content, in which the ID information of the content user is contained.
The encryption unit 226 is used to encrypt the right for using the content. The encryption unit 226 may also be used to encrypt the content.
The transmission unit 228 is used to transmit the right for using the content directly to the device of the user within the predetermined short distance. Transmission unit 228 transmits a transmission control signal, so as to transmit, via the short distance communication unit 210, the right for using the content of the encrypted content from the encryption unit 226 to the device of the user.
An application scene is that: while a number of companies are in conference, the representatives of two companies need to exchange some very confidential files. Since the provider and user of the files are in the same conference room, the mutual trust has been setup between them. Meanwhile, the provider of files can catch sight of the user's device of the files, such as computer, cellular phone, PDS, and so on, such that the provider can determine whether the user's device of the files is trusty. The provider of files may use the authorization apparatus of the present invention to perform, in a short distance, the authorization of using the content for the user's device of the files, without being afraid that the files are captured by representatives of other companies. Further, the provider of files can set the right for using the content to be read only, meanwhile, the files will be automatically destroyed when thirty minutes lapse after the files being opened. In this case, the provider of files can authorize, in a short distance, the user of the files to use the content, and the authorization process is secure and convenient in operation.
Although the present invention has been described in conjunction with given embodiments, it will be apparent for the skilled persons in the art that many alternatives, modifications, and changes can be made according to the above description. Therefore, such alternatives, modifications, and changes fall into the spirit and scope of the appended claims, and should be included in the present invention.
Claims
1. A method for authorizing to use a content, enabling a device of a content provider to authorize a device of a user to use the content, wherein both the device of the content provider and the device of the user are capable of performing short distance communication, comprising the steps of:
(a) establishing a short distance communication with the device of the user when the device of the content provider and the device of the user are located within a predetermined short distance; (b) authorizing the device of the user to use the content within the predetermined short distance.
2. The method according to claim 1, wherein the short distance communication is NFC, and the predetermined short distance is a distance within which the NFC is able to perform communication.
3. The method according to claim 1, wherein the step (b) comprises:
(bl) acquiring an ID information of the device of the user;
(b2) generating a corresponding right for using the content according to the ID information;
(b3) transmitting the right for using the content directly to the device of the user within the predetermined short distance.
4. The method according to claim 3, wherein the step (bl) comprises the steps of: sending a request for authorizing the user for using the content to the device of the user; receiving a reply from the device of the user, the reply includes the ID information of the user; extracting the ID information from the reply.
5. The method according to claim 3, wherein the step (bl) comprises: receiving a request for getting authorization to use the content from the device of the user, the request includes the ID information of the user; extracting the ID information from the request.
6. The method according to claim 3, further comprising the step of: encrypting the right for using the content, wherein the transmitting step further comprises the step of: transmitting the encrypted right for using the content directly to the device of the user.
7. The method according to claim 6, wherein the encrypting step further comprises the step of: encrypting the right for using the content with the ID information.
8. An authorization apparatus for authorizing to use a content, enabling a device of a content provider to authorize a device of a user to use the content, wherein both the device of the content provider and the device of the user are capable of performing short distance communication, comprising: establishing means for establishing a short distance communication with the device of the user when the device of the content provider and the device of the user are located within a predetermined short distance; authorizing means for authorizing the device of the user to use the content within the predetermined short distance.
9. The apparatus according to claim 8, wherein the apparatus is capable of performing NFC communication, and the predetermined short distance is a distance within which the NFC is able to perform communication.
10. The apparatus according to claim 8, wherein the short distance authorization apparatus comprises: acquiring means for acquiring an ID information of the device of the user; generating means for generating a corresponding right for using the content according to the ID information; and transmitting means for transmitting the right for using the content directly to the device of the user within the predetermined short distance.
11. The apparatus according to claim 10, wherein the acquisition apparatus comprises: sending means for sending a request for authorizing the user for using the content to the device of the user; receiving means for receiving a reply from the device of the user, the reply includes the ID information of the user; extracting means for extracting the ID information from the reply.
12. The apparatus according to claim 10, wherein the short distance authorization apparatus comprises: encrypting means for encrypting the right for using the content, wherein the transmitting means is arranged to transmitting the encrypted right for using the content directly to the device of the user.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200510099453 | 2005-08-29 | ||
| CN200510099453.5 | 2005-08-29 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| WO2007026276A2 true WO2007026276A2 (en) | 2007-03-08 |
| WO2007026276A3 WO2007026276A3 (en) | 2007-07-05 |
Family
ID=37769369
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/IB2006/052890 WO2007026276A2 (en) | 2005-08-29 | 2006-08-22 | Method and apparatus for authorizing to use a content |
Country Status (1)
| Country | Link |
|---|---|
| WO (1) | WO2007026276A2 (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1217497A2 (en) * | 2000-12-20 | 2002-06-26 | Sega Corporation | Security system for game devices connected with a server |
| EP1231532A2 (en) * | 2001-02-09 | 2002-08-14 | Sony Corporation | Information processing system for licensing content |
| WO2003036441A2 (en) * | 2001-10-18 | 2003-05-01 | International Business Machines Corporation | Method and system for digital rights management in content distribution applications |
| US20050125221A1 (en) * | 2003-12-04 | 2005-06-09 | International Business Machines Corporation | Controlling access to wirelessly broadcast electronic works during playback |
-
2006
- 2006-08-22 WO PCT/IB2006/052890 patent/WO2007026276A2/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1217497A2 (en) * | 2000-12-20 | 2002-06-26 | Sega Corporation | Security system for game devices connected with a server |
| EP1231532A2 (en) * | 2001-02-09 | 2002-08-14 | Sony Corporation | Information processing system for licensing content |
| WO2003036441A2 (en) * | 2001-10-18 | 2003-05-01 | International Business Machines Corporation | Method and system for digital rights management in content distribution applications |
| US20050125221A1 (en) * | 2003-12-04 | 2005-06-09 | International Business Machines Corporation | Controlling access to wirelessly broadcast electronic works during playback |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2007026276A3 (en) | 2007-07-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9525668B2 (en) | Face based secure messaging | |
| CN1714529B (en) | Domain-based digital-rights management system with easy and secure device enrollment | |
| KR101641809B1 (en) | Method and system for distributed off-line logon using one-time passwords | |
| CN110291754A (en) | It is accessed using the system of mobile device | |
| KR101508360B1 (en) | Apparatus and method for transmitting data, and recording medium storing program for executing method of the same in computer | |
| US8347407B2 (en) | Authority management method, system therefor, and server and information equipment terminal used in the system | |
| CN104756441A (en) | Methods and apparatus for data access control | |
| CN103763319A (en) | Method for safely sharing mobile cloud storage light-level data | |
| CN102427442A (en) | Combining request-dependent metadata with media content | |
| KR20150094548A (en) | System and method for remote access, remote digital signature | |
| BRPI0313404B1 (en) | "METHOD AND SYSTEM FOR MONITORING THE CUSTOMER'S USE OF DIGITAL CONTENT LOADED OR TRANSFERRED IN CONTINUOUS PROVIDED BY A CONTENT PROVIDER TO A CUSTOMER SYSTEM THROUGH A NETWORK" | |
| CN115668867A (en) | Method and system for secure data sharing through granular access control | |
| JP2022542095A (en) | Hardened secure encryption and decryption system | |
| CN102404337A (en) | Data encryption method and device | |
| JP2011028522A (en) | Host device, authentication method, and content processing method content processing system | |
| EP2658297A1 (en) | Method and system for accessing a service | |
| CN107919958B (en) | Data encryption processing method, device and equipment | |
| JP3940283B2 (en) | Service reservation and provision method for mutual authentication using a ticket, program thereof, and recording medium recording the program | |
| CA2701736C (en) | Content distribution with inherent user-oriented authorization verification | |
| WO2007026276A2 (en) | Method and apparatus for authorizing to use a content | |
| KR101605766B1 (en) | Secret key generation method and deduplication method | |
| CN110476432A (en) | Monitor the protection of media | |
| CN116709325B (en) | Mobile equipment security authentication method based on high-speed encryption algorithm | |
| US11876797B2 (en) | Multi-factor geofencing system for secure encryption and decryption system | |
| KR20130053132A (en) | Memory card and portable terminal and encrypted message exchanging method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 06795722 Country of ref document: EP Kind code of ref document: A2 |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 06795722 Country of ref document: EP Kind code of ref document: A2 |