WO2007108619A1 - Method for moving and sharing digital contents and rights object and device thereof - Google Patents

Method for moving and sharing digital contents and rights object and device thereof Download PDF

Info

Publication number
WO2007108619A1
WO2007108619A1 PCT/KR2007/001315 KR2007001315W WO2007108619A1 WO 2007108619 A1 WO2007108619 A1 WO 2007108619A1 KR 2007001315 W KR2007001315 W KR 2007001315W WO 2007108619 A1 WO2007108619 A1 WO 2007108619A1
Authority
WO
WIPO (PCT)
Prior art keywords
domain
moving
user
contents
drm
Prior art date
Application number
PCT/KR2007/001315
Other languages
French (fr)
Inventor
Seung-Jae Lee
Te-Hyun Kim
Youn-Sung Chu
Kiran Kumar Keshavamurthy
Original Assignee
Lg Electronics Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020060025471A external-priority patent/KR100872430B1/en
Application filed by Lg Electronics Inc. filed Critical Lg Electronics Inc.
Priority to CN2007800092656A priority Critical patent/CN101405719B/en
Priority claimed from KR1020070026232A external-priority patent/KR101356493B1/en
Publication of WO2007108619A1 publication Critical patent/WO2007108619A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/101Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
    • G06F21/1012Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to domains

Definitions

  • the present invention relates to a digital rights management (DRM), and more particularly, to a method for moving and sharing DRM contents and a rights object (RO) and a device thereof.
  • DRM digital rights management
  • RO rights object
  • DRM digital rights management
  • RO for digital contents and systematically manage it, and provides a protecting and managing scheme for preventing an illegal copy of the contents, obtaining the RO, generating/moving the contents, and consuming the RO and the contents.
  • FlG. 1 is a configuration view showing a DRM system in accordance with the related art.
  • the DRM system controls contents issued to a user by a contents provider to be consumed only in a right-limit of RO.
  • the contents provider is an entity corresponding to a Contents Issuer (CI) or a Rights Issuer (RI).
  • the CI issues contents protected by a specific encryption method (hereinafter, will be referred to as DRM contents) so as to protect contents from a user having no access right, and the RI issues a Rights Object (RO) necessary to consume the DRM contents.
  • DRM contents contents protected by a specific encryption method
  • RO Rights Object
  • a DRM agent is mounted at a device thus to receive the DRM contents and RO from the CI or the RI, and controls a consumption of the DRM contents at a corresponding device by analyzing a 'License' contained in the RO.
  • the License consists of a 'Permission' and a 'Constraint'.
  • a user having a plurality of devices wants to share DRM contents at each of the plurality of devices.
  • the user having a plurality of devices wants to constitute a certain group or domain to share DRM contents and an RO for the DRM contents in the domain.
  • the DRM contents and the RO have to be moved (transferred) through a wire/wireless physical media so as to be shared between each device.
  • a method for moving an RO in a DRM system comprising: joining a first device and one or more second devices to a specific domain by a user; receiving first information about a domain RO from a rights issuer (RI) by the first device; sending the first information to a third device by the first device; and sending the first information to the second device by the third device.
  • RI rights issuer
  • the method further comprises receiving one or more domain contents and a domain RO from the RI by the first device.
  • the step of sending the first information to a third device includes authenticating the first device by the third device before the first device moves the first information to the third device.
  • the step of sending the first information to the second device includes authenticating the third device by the first device before the third device moves the first information to the second device.
  • the step of joining a first device and one or more second devices to a specific domain includes registering the first device and the one or more second devices owned by the user to the RI by the user; receiving a domain list provided from the RI by the first device; selecting the specific domain from the domain list by the first device; and joining the first device and the one or more second devices to the specific domain.
  • a method for sharing an RO in a DRM system comprising: sending first information about its own domain RO to a third device by a first device; detaching the third device from the first device then fitting the third device to a second device by a user; receiving the first information from the third device by the second device; and decoding a domain RO by using the first information by the second device, and consuming DRM contents by using the decoded domain RO.
  • an apparatus for moving an RO in a DRM system comprising: a socket for fitting into and detaching from a multimedia entity; a transceiver for transceiving a signal to perform a registration by accessing to a Rights Issuer (RI), and for receiving a domain list provided from the RI; a display for displaying the domain list; a DRM agent for processing signals to join a user's one or more devices to a specific domain selected from the domain list by the user; a memory for storing a domain context and a domain RO provided from the RI; and a processor for processing signals to consume DRM contents by using the domain context and the domain RO, and for moving(transferring or sending) the domain context and the domain RO to a multimedia mounted at the socket.
  • RI Rights Issuer
  • the method for moving an RO in a DRM system comprises: moving (transferring or sending) an encryption key to decode an RO for digital contents to one or more second devices by a first device; and moving the RO for digital contents to another second device according to a user's request by the one or more second devices.
  • the method for moving an RO in a DRM system comprises: moving an RO for digital contents to one or more second devices by a first device; and moving (transferring or sending) an encryption key to decode the RO for digital contents between the first device and the second devices.
  • the device for moving an RO in a DRM system comprises a DRM agent for receiving an RO for digital contents from an RI (Rights Issuer) thereby moving (transferring or sending) an encryption key to decode the RO for digital contents or a corresponding RO to another device.
  • RI Lights Issuer
  • FlG. 3 is a view showing a process for moving an RO for digital contents in a DRM system according to a second embodiment of the present invention
  • FlG. 4 is a view showing update and authentication processes for moving an RO for digital contents in a DRM system according to a third embodiment of the present invention
  • FlG. 5 is a view showing a process for moving an RO for digital contents in a DRM system according to a fourth embodiment of the present invention
  • FlG. 6 is a view showing a process for moving a rights object (RO) for digital contents in a DRM system according to a fifth embodiment of the present invention
  • FIG. 7 is a view showing a process for moving an RO for digital contents in a DRM system according to a sixth embodiment of the present invention
  • FlG. 8 is a flowchart showing a method for moving a domain RO by using a smart card according to a seventh embodiment of the present invention
  • FlG. 9 is a view showing an XML schema of a Join Domain Request message and a parameter contained in the message according to the present invention
  • FlG. 10 is a view showing an XML schema of a Join Domain Request message and a parameter contained in the message according to the present invention
  • [32] FlG. 11 is a block diagram showing a process for moving an RO in a DRM system according to an eighth embodiment of the present invention
  • FIG. 12 is a block diagram schematically showing a device for moving digital contents or an RO according to the present invention.
  • DRM digital rights management
  • DRM device using digital rights may be also applied to all kinds of communications field including wire/wireless communications which are dedicated to DRM.
  • a first concept of the present invention may be that a user joins a plurality of devices
  • a second concept of the present invention may be that the plurality of devices render (consume or use or play) DRM contents for the domain RO by using the domain RO.
  • the present invention may also provide an instant authentication method for moving an RO for digital contents or a domain key between/among devices (e.g., terminals).
  • the terminal of the present invention is referred to as a device, and includes all kinds of terminals consuming digital contents. That is, the device of the present invention includes a mobile communication terminal using digital contents such as a user equipment UE, a mobile phone, a cellular phone, a DMB phone, a DVB-H phone, a PDA, and a PTT, a digital TV, a GPS navigator, a portable game player, an MP3 , and other home electric appliances. Accordingly, the term of 'terminal' is same as the term of 'device' in the present invention.
  • the device of the present invention includes a communication module, a Web/WAP browser, a DRM agent, a media reproducer & library, and a memory.
  • a domain indicates a collection of device or a group having one or more devices.
  • the domain is an object managed by a right issuer (RI) or a domain authority (DA), and has a corresponding domain key.
  • the domain key is used to encode and/or decode a domain RO.
  • the domain RO is issued by the RI, and includes an RO for DRM contents encoded by the domain key.
  • the DRM contents are configured to be decoded by an encryption key contained in the domain RO so that a user having the domain key can use the DRM contents. Therefore, only devices joining a specific domain (i.e., each DRM agent of the devices) can decode a domain RO by using a domain key, and can render DRM contents by using the decoded domain RO.
  • the DRM agent is mounted on a specific device thus to join and/or leave the domain.
  • the DRM agent also moves the domain RO to another DRM agent inside the domain through a wire/ wireless media.
  • the RO for DRM contents is divided into a Stateful RO and a Stateless RO.
  • Stateless RO is an RO that a device does not manage State Information.
  • the Stateful RO is an RO that a device manages State Information so as to precisely utilize a Permission and a Constraint inside the RO.
  • the Constraint managed by the State Information includes 'interval', 'count', 'timed-count', 'accumulated', etc.
  • the State Information indicates a usable amount of RO, and one State Information is managed by one Stateful RO.
  • the State Information may be managed in a manner of a 'count', 'timed-count', etc., or in a manner of a 'remaining count', a 'remaining interval', etc.
  • the DRM contents may be issued from a contents issuer (CI) or the RI.
  • a connected device indicates a device that can be directly connected to the RI by wire or wirelessly.
  • an unconnected device indicates a device having no communication function that can not be directly connected to the RI.
  • a smart card indicates a media or a device such as a security memory card (e.g., SIM or MMC) on which a physical memory and/or an agent is mounted.
  • a security memory card e.g., SIM or MMC
  • FlG. 2 is a block diagram showing a DRM system according to a first embodiment of the present invention.
  • the DRM system comprises a rights issuer (RI) 40 which issues an RO for DRM contents, a contents issuer (CI) 50 which issues substantial DRM contents, and one or more devices (terminal) which respectively receive an RO and DRM contents from the RI 40 and the CI 50, e.g., a first device 10 and a second device 30 of FlG. 2.
  • RI rights issuer
  • CI contents issuer
  • devices terminal
  • the first device 10 and the second device 30 include a communication module, a
  • Web/WAP browser Web/WAP browser, a DRM agent, a media reproducer & library, and a memory therein.
  • Each DRM agent mounted in the first device 10 and the second device 30 receives an
  • RO and DRM contents from the RI (40) or the CI (50), and controls a consumption of the DRM contents or updates or moves the RO by analyzing the Permission and/or the Constraint inside the RO.
  • the DRM contents and/or the RO are stored in a DRM agent inside the first device
  • a user of the first device 10 can move a key (e.g., a domain key) by which an RO for DRM contents or the RO is decoded through a physical media to the second device 30.
  • a key e.g., a domain key
  • the RO for DRM contents is not necessarily movable.
  • the user of the first device 10 has to obtain a Permission such as a permission for moving RO from the RI 40 or the CI 50 so as to move the RO to a user of the second device 20.
  • the user of the first device 10 may purchase a new RO from the RI 40 or the CI 50 when the RO for DRM contents is completely consumed, or may request an update for the RO to the RI 40.
  • FIG. 3 is a view showing a process for moving an RO for digital contents in a DRM system according to a second embodiment of the present invention.
  • the device having received the request checks whether or not the user A has a permission to move the RO to another user (Sl 1).
  • the device moves the RO for specific DRM contents to the user B via a contents provider (indicated by the dotted line), or moves the RO to the user B directly (S 12).
  • FlG. 4 is a view showing update and authentication processes for moving an RO for digital contents in a DRM system according to a third embodiment of the present invention.
  • the user A requests a DRM agent of a device of a moving of the RO (S20).
  • the device having received the request checks whether or not the user A has a permission to move the RO (S21).
  • the device asks the user A whether he or she wants to obtain the permission (not shown). If the user A wants to obtain the permission, the device accesses to a portal of the RI so as to obtain the permission (S22).
  • the accessing process is performed by a Web/WAP browser according to a request of the DRM agent.
  • the device accesses to the portal of the RI by using a DCF RL URL or an RL URL stored in an RI context.
  • the RI provides a link to download a trigger for updating the RO on the portal (S23).
  • the user A has a permission to move the RO by the updated RO, the device moves the RO of the user A to a user B via a contents provider, or directly moves the RO of the user A to the user B (S28).
  • moving of the RO for digital contents does not mean a mere moving of the RO for digital contents. That is, when the user device moves digital contents after generating a domain, the moving of the RO between/among domain members includes not only a mere moving of the RO but also a moving(transferring or sending) of a key used to decode the RO.
  • FlG. 5 is a view showing a process for moving an RO for digital contents in a DRM system according to a fourth embodiment of the present invention.
  • the process of FlG. 5 is the same as the process of FlG. 3 in which an encryption key is firstly transferred to domain members for sharing and then an RO is moved thereto through a wire/ wireless physical media.
  • the user device A serves as a domain authority, and manages a user device B and a user device C as domain members.
  • the device A may be the RI of FlG. 2, and the device B and the device C may be a terminal, respectively.
  • the Domain Authority the device A moves a domain key to the device B and the device C for sharing.
  • the domain key is used to decode a domain RO.
  • each device reads a corresponding domain RO by using its domain key thus to consume desired digital contents.
  • each device does not store the received domain RO.
  • the physical storage media(entity) is a multimedia card, and includes a smart card, a User Identity Module (UIM) card (or a Subscriber Identity Module (SIM) card in case of a GSM), a Secure MMC card and each kind of memory card.
  • the physical storage media includes a microprocessor and a memory device thus to process commands and to store a certain amount of data.
  • FlG. 6 is a view showing a process for moving an RO for digital contents in a DRM system according to a fifth embodiment of the present invention.
  • an RO is firstly moved to each device so as to be shared, and then an encryption key is moved thereto through a wire/wireless physical media.
  • a device A a domain authority moves a domain RO to a device B and a device C for sharing.
  • the domain RO is encrypted by a domain key.
  • each device When the device A moves the domain key to the device B or the device C through a wire/wireless physical media, each device reads the domain RO by using the domain key thus to consume desired digital contents. Herein, each device does not store the received domain key. When the domain key is transferred between/among the devices, one device having transferred the domain key to another device non-activates or deletes the domain key.
  • FlG. 7 is a view showing a process for moving an RO for digital contents in a DRM system according to a sixth embodiment of the present invention.
  • the sixth embodiment of FlG. 7 is more concretely implemented than the fifth embodiment of FIG. 6.
  • a specific user (hereinafter, will be referred to as a user A) has two DRM devices, that is, a first device 10 and a second device 30.
  • the first device 10 is a connected device having a communication function such as a mobile communications terminal
  • the second device 30 is an unconnected device having no communication function such as an MP3 player.
  • the user A has a multimedia entity (e.g., a smart card ) 20, which is a physical media that can be consumed by being inserted into the first device 10 or the second device 30.
  • the first device 10 receives a domain key from the RI.
  • the domain key may be moved to the first device 10 from the RI 40 through a domain context.
  • the domain context includes information necessary to install a domain RO at the smart card 20 (e.g., a domain key, a domain identifier, an expire time, etc.).
  • the user A accesses to the RI and/or a CI through the first device 10 thus to receive
  • the user A tries to share DRM contents and/or a domain RO owned by the first device 10 with the second device 30 that have joined the domain A 60.
  • the user A can share the DRM contents and/or the domain RO with the first device 10 (a mobile communication terminal) and the second device (an MP3 player) by using the smart card 20. That is, the user A moves a domain context for installing the domain RO that exists on the first device 10 to the smart card 20 (S3), and mounts the smart card 20 to the second device 30 (S4).
  • the DRM contents and /or the domain RO may be directly moved to the second device 30 from the first device 10 through a wire/wireless channel.
  • the DRM contents and/or the domain RO may be moved to the smart card 20 from the first device 10 thus to be stored in a memory of the smart card 20, and then is moved to the second device 30 from the smart card 20.
  • the user A may install the domain RO by using the domain context stored in the smart card 20 through the second device 30, and then render the DRM contents by using the domain RO.
  • FlG. 8 is a flowchart showing a method for moving a domain RO by using a smart card according to a seventh embodiment of the present invention.
  • a contents provider (CP) may be an RI or a CI, and the RI may be a portal of the CP.
  • a user A has two DRM devices, that is, a first device 10 and a second device 30.
  • the first device 10 is a connected device having a communication function such as a mobile communication terminal
  • the second device 30 is an unconnected device having no communication function such as an MP3 player.
  • the user A is a physical media that can be consumed by being inserted into the first device 10 and the second device 30, and has a multimedia entity (e.g., a smart card ) 20.
  • the user A accesses to the RI 40 by using the first device 10 (S31), and registers the first device 10 and the second device 30 to the RI 40 (S32).
  • the user A registers the first device 10 to the RI 40 firstly, and additionally registers the second device (unconnected device) to the RI 40.
  • the user A joins the first device 10 to a specific domain (e.g., Domain A) (S33).
  • the specific domain is one of a plurality of domains generated and managed by the RI 40.
  • the user A joins the second device (unconnected device) to the domain A. That is, the user A informs the RI 30 that the second device is his or her another device, and browses domain contents to be downloaded through the first device 10 (S34).
  • the RI 40 moves a domain list generated and managed by itself to the first device 10 (S35). Then, the user selects a specific domain (e.g., a domain A) to join the second device from the domain list (S36).
  • the RI 40 moves a trigger message (e.g., a Join Domain Trigger message) to the first device 10 so that the user A can join the second device 30 to the selected domain A through the first device 10 (S37).
  • the first device 10 receives the Join Domain Trigger message, and then moves a request message to join the second device 30 to the domain A (e.g., a Join Domain Request message) to the RI 40 (S38).
  • An XML schema of the Join Domain Request message and a parameter contained in the message are shown in FlG. 9.
  • the Join Domain Request message includes one or more parameters.
  • the Join Domain Request message includes parameters of one or more device IDs (e.g., an ID of the first device 10 which moves a Join Domain Request message and an ID of the second device 30 which is to join the domain A).
  • the RI 40 moves a response message (e.g., a Join Domain Response message) as a response of the Join Domain Request message (S39).
  • the Join Domain Response message includes a domain context for the second device 30.
  • the domain context includes information necessary to install a domain RO at the smart card 20 (e.g., a domain key, a domain identifier, an expire time, etc.).
  • the Join Domain Response message includes one or more parameters (elements).
  • a 'domainlnfo' element of the parameters is an identifier, and is generated whenever the RI 40 issues a domain key for devices that have joined the Domain A (i.e., the first device 10 or the second device 30).
  • the domain key is encoded by each public key of the first device 10 and the second device.
  • a 'devicelD' parameter of the 'domainlnfo' element is a device identifier using a domain key.
  • the 'devicelD' parameter does not indicate an ID of the smart card 20.
  • Moving the 'devicelD' parameter inside the 'domainlnfo' element by the RI 40 means that the RI 40 knows a list of the device ID, each device having the same devicelD can exclusively use the domain key, and any other devices can not use domain contents.
  • the fact that the device ID parameter is not contained in the 'domainlnfo' element means that the all devices that belong to the user A can not use the domain contents.
  • an 'SRMStore' parameter is an attribute inside the 'domainlnfo' element. The 'SRMStore' parameter instructs a DRM agent that performs a JoinDomain protocol to store a domain key in the smart card 20.
  • the first device stores the received domain context in the smart card 20 (S40).
  • the smart card 20 is configured to be separated (detached) from the first device 10, and is in a mounted state to a corresponding fitting (mounting) portion (e.g., a slot) of the first device 10.
  • the smart card 20 includes a storage space and an agent only therefor that can perform an authentication process.
  • the smart card 20 is a media that can fit into and detache from the first device 10 and the second device 30, and is called as a Secure Removable Media (SRM).
  • SRM Secure Removable Media
  • the agent for the smart card 20 only is called as an SRM Agent.
  • the smart card 20 is a physical media, and includes a User Identity Module (UIM) card (or a Subscriber Identity Module (SIM) card in case of a GSM), a Secure MMC card and each kind of memory card.
  • UIM User Identity Module
  • SIM Subscriber Identity Module
  • step S40 an authentication process is performed between the first device 10 and the smart card 20 (S41). More concretely, an authentication process is performed between the DRM agent of the first device 10 and the SRM Agent of the smart card 20. In the authentication process, information indicated by the parameters contained in the domain context of step S39 is used. The SRM Agent of the smart card 20 moves the domain context to the smart card 20 from the first device 10 after the authentication process. Through the authentication process (S41), the SRM Agent of the smart card 20 can determine whether or not the DRM agent of the first device 10 is a genuine DRM agent. If it is determined that the DRM agent of the first device 10 is not a genuine DRM agent in the authentication process (S41), the authentication process is revoked. The genuine DRM agent may be one which entitle to communicate and give domain contents and related to the SRM agent.
  • the user A accesses to the RI 40 by using the first device 10 thus to select his desired domain contents (e.g., a specific music file) (S42), and downloads the domain contents (S43).
  • his desired domain contents e.g., a specific music file
  • the user A may move the domain contents to the second device 30 from the first device 10 through a wire/wireless media.
  • the domain contents e.g., a specific music file
  • the domain contents may be moved in a super-distribution manner.
  • the user A may move the domain contents and/or a corresponding domain key to the smart card 20 (S44).
  • the user A mounts the smart card 20 to the second device 30 (i.e., an MP3 player)
  • the second device 30 i.e., an MP3 player
  • the SRM Agent of the smart card 20 performs an authentication process so as to check whether the second device is a genuine device that has joined the Domain A (S46). If it is determined that the second device 30 is a genuine device that have joined the Domain A in step S46, the second device 30 searches the domain context and the domain contents stored in the smart card 20 (S47). While the smart card 20 is mounted on (equipped with) the second device 30 (i.e., an MP3 player), the user A can consume the domain contents through the second device 30 (S48). However, when the smart card 20 is separated from the second device 30, the user A can not consume the domain contents through the second device 30 any longer.
  • FlG. 11 is a block diagram showing a process for moving an RO in a DRM system according to an eighth embodiment of the present invention.
  • a specific domain of a plurality of domains defined and managed by the RI 40 e.g., a domain A 60 includes N devices (a first device 10 ⁇ an N device).
  • the N device 70 moves a domain RO to an external device 80 that does not belong to the domain A 60, and leaves from the domain A 60.
  • the N* device 70 moves its domain context and domain RO to the external device 80 via the smart card 20 (e.g., Secure Removable Media (SRM)). That is, the N device 70 moves the domain context and the domain RO to the smart card 20, and then the smart card 20 moves the domain context and the domain RO to the external device 80.
  • the domain context and the domain RO are moved through a security channel after an authentication process is performed and a security channel is formed.
  • the authentication process is performed in the same manner as the authentication process of FlG. 8 (S41 and S46), and requires a Certificate Revocation List (CRL) management.
  • CTL Certificate Revocation List
  • the Nth device 70 can not consume the domain contents any longer.
  • the external device 80 having received the domain context and the domain RO has to register the domain context and the domain RO to the RI 40 by using information contained in the domain context and the domain RO.
  • the domain A 60 may be a domain defined by an OMA DRM 2.0, or a User Domain defined in a Home Entertainment Network field.
  • the domain context and the domain RO stored in the smart card 20 is not moved to the external device 80, but is mounted at the external device 80 (e.g., insertion into a mounting portion such as a socket) with a stored state into the smart card 20.
  • the domain context and the domain RO mounted at the external device 80 may be directly rendered through the external device 80. Since the smart card 20 has the domain RO, it serves as a subject of consuming the contents.
  • a device (terminal) of the present invention includes a hardware to move a domain context, a domain RO or DRM contents to another device through a multimedia for sharing between each device.
  • the device 100 of the present invention includes a socket 101 for detachably mounting a multimedia (e.g., a smart card).
  • the multimedia includes a smart card, a User Identity Module (UIM) card or a Subscriber Identity Module (SIM) card, a Secure MMC card and each kind of memory card.
  • a form of the socket 101 is determined according to a form of the multimedia.
  • the device 100 of the present invention includes a transceiver 102 for transceiving a signal to perform a registration by accessing to an RI, and receiving a domain list provided from the RI.
  • the device 100 of the present invention includes a display 103 for displaying the domain list moved to the transceiver 102 after processing by a processor 106.
  • the device 100 of the present invention includes a DRM agent 104 for processing signals to join a user's one or more devices to a specific domain selected by the user from the domain list displayed on the display 103 so that a domain RO may be shared at the specific domain.
  • a DRM agent 104 for processing signals to join a user's one or more devices to a specific domain selected by the user from the domain list displayed on the display 103 so that a domain RO may be shared at the specific domain.
  • the device 100 of the present invention includes a memory 105 for storing the
  • the device 100 of the present invention includes a processor 106 for processing signals to consume the DRM contents by using the domain context and the domain RO, and for processing the domain context and the domain RO to be moved to a multimedia mounted at the socket 101.
  • the processor 106 may be called as a controller.
  • Detailed operation and construction of the device 100 of the present invention are applied to the aforementioned components in FIGS. 2 to 11.
  • the device 100 includes components necessary to consume the DRM contents as well as the components of FlG. 12, and thus its detailed explanation will be omitted.
  • the smart card indicates a physical or logical media or a device for moving a domain key and/or domain contents among the plurality of devices, which is not limited to a literal meaning.
  • a plurality of devices (terminals) registered to a specific domain can share DRM contents.
  • a domain key and domain contents can be shared among a plurality of devices through a physical media called as an SRM (Secure Removable Media) such as a smart card.
  • SRM Secure Removable Media
  • a smart card such as a smart card.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

Device and method for moving digital rights management (DRM) contents and rights object (RO). The method comprises joining a plurality of devices to a specific domain (group) by a user, and moving a domain RO through a multimedia card such as a wire/wireless physical media (e.g., a secure memory card) such that the domain RO may be shared therebetween; and reproducing DRM contents for the domain RO by the devices that have joined the domain by using the domain RO.

Description

Description
METHOD FOR MOVING AND SHARING DIGITAL CONTENTS AND RIGHTS OBJECT AND DEVICE THEREOF
Disclosure of Invention Technical Solution
[I] The present invention relates to a digital rights management (DRM), and more particularly, to a method for moving and sharing DRM contents and a rights object (RO) and a device thereof.
[2] Generally, a digital rights management (DRM) is technique to protect a rights object
(RO) for digital contents and systematically manage it, and provides a protecting and managing scheme for preventing an illegal copy of the contents, obtaining the RO, generating/moving the contents, and consuming the RO and the contents.
[3] FlG. 1 is a configuration view showing a DRM system in accordance with the related art.
[4] As shown, the DRM system controls contents issued to a user by a contents provider to be consumed only in a right-limit of RO. The contents provider is an entity corresponding to a Contents Issuer (CI) or a Rights Issuer (RI).
[5] The CI issues contents protected by a specific encryption method (hereinafter, will be referred to as DRM contents) so as to protect contents from a user having no access right, and the RI issues a Rights Object (RO) necessary to consume the DRM contents.
[6] A DRM agent is mounted at a device thus to receive the DRM contents and RO from the CI or the RI, and controls a consumption of the DRM contents at a corresponding device by analyzing a 'License' contained in the RO. The License consists of a 'Permission' and a 'Constraint'.
[7] However, the related art DRM technique requires the followings.
[8] A user having a plurality of devices wants to share DRM contents at each of the plurality of devices.
[9] In addition, the user having a plurality of devices wants to constitute a certain group or domain to share DRM contents and an RO for the DRM contents in the domain.
[10] Furthermore, the DRM contents and the RO have to be moved (transferred) through a wire/wireless physical media so as to be shared between each device.
[II] Therefore, it is an object of the present invention to provide a method for moving (transferring) digital rights management (DRM) contents and a rights object (RO) for the DRM contents among a plurality of devices through a physical media.
[12] To achieve these objects, there is provided a method for moving an RO in a DRM system, comprising: joining a first device and one or more second devices to a specific domain by a user; receiving first information about a domain RO from a rights issuer (RI) by the first device; sending the first information to a third device by the first device; and sending the first information to the second device by the third device.
[13] Preferably, the method further comprises receiving one or more domain contents and a domain RO from the RI by the first device.
[14] The step of sending the first information to a third device includes authenticating the first device by the third device before the first device moves the first information to the third device.
[15] The step of sending the first information to the second device includes authenticating the third device by the first device before the third device moves the first information to the second device.
[16] The step of joining a first device and one or more second devices to a specific domain includes registering the first device and the one or more second devices owned by the user to the RI by the user; receiving a domain list provided from the RI by the first device; selecting the specific domain from the domain list by the first device; and joining the first device and the one or more second devices to the specific domain.
[17] To achieve these objects, there is provided a method for sharing an RO in a DRM system, comprising: sending first information about its own domain RO to a third device by a first device; detaching the third device from the first device then fitting the third device to a second device by a user; receiving the first information from the third device by the second device; and decoding a domain RO by using the first information by the second device, and consuming DRM contents by using the decoded domain RO.
[18] To achieve these objects, there is still also provided an apparatus for moving an RO in a DRM system, comprising: a socket for fitting into and detaching from a multimedia entity; a transceiver for transceiving a signal to perform a registration by accessing to a Rights Issuer (RI), and for receiving a domain list provided from the RI; a display for displaying the domain list; a DRM agent for processing signals to join a user's one or more devices to a specific domain selected from the domain list by the user; a memory for storing a domain context and a domain RO provided from the RI; and a processor for processing signals to consume DRM contents by using the domain context and the domain RO, and for moving(transferring or sending) the domain context and the domain RO to a multimedia mounted at the socket.
[19] According to another aspect of the present invention, the method for moving an RO in a DRM system comprises: moving (transferring or sending) an encryption key to decode an RO for digital contents to one or more second devices by a first device; and moving the RO for digital contents to another second device according to a user's request by the one or more second devices.
[20] According to still another aspect of the present invention, the method for moving an RO in a DRM system comprises: moving an RO for digital contents to one or more second devices by a first device; and moving (transferring or sending) an encryption key to decode the RO for digital contents between the first device and the second devices. [21] According to another aspect of the present invention, the device for moving an RO in a DRM system comprises a DRM agent for receiving an RO for digital contents from an RI (Rights Issuer) thereby moving (transferring or sending) an encryption key to decode the RO for digital contents or a corresponding RO to another device. [22] FlG. 1 is a configuration view showing a DRM (Digital Rights Management) system in accordance with the related art; [23] FlG. 2 is a block diagram showing a DRM system according to a first embodiment of the present invention; [24] FlG. 3 is a view showing a process for moving an RO for digital contents in a DRM system according to a second embodiment of the present invention; [25] FlG. 4 is a view showing update and authentication processes for moving an RO for digital contents in a DRM system according to a third embodiment of the present invention; [26] FlG. 5 is a view showing a process for moving an RO for digital contents in a DRM system according to a fourth embodiment of the present invention; [27] FlG. 6 is a view showing a process for moving a rights object (RO) for digital contents in a DRM system according to a fifth embodiment of the present invention; [28] FlG. 7 is a view showing a process for moving an RO for digital contents in a DRM system according to a sixth embodiment of the present invention; [29] FlG. 8 is a flowchart showing a method for moving a domain RO by using a smart card according to a seventh embodiment of the present invention; [30] FlG. 9 is a view showing an XML schema of a Join Domain Request message and a parameter contained in the message according to the present invention; [31] FlG. 10 is a view showing an XML schema of a Join Domain Request message and a parameter contained in the message according to the present invention; [32] FlG. 11 is a block diagram showing a process for moving an RO in a DRM system according to an eighth embodiment of the present invention; and [33] FlG. 12 is a block diagram schematically showing a device for moving digital contents or an RO according to the present invention. [34] Reference will now be made in detail to the preferred embodiments of the present invention, examples of which are illustrated in the accompanying drawings. [35] The present invention is applied to a digital rights management (DRM) system and a
DRM device using digital rights. However, the present invention may be also applied to all kinds of communications field including wire/wireless communications which are dedicated to DRM.
[36] A first concept of the present invention may be that a user joins a plurality of devices
(terminals) to a specific domain (group), and the plurality of devices move a domain rights object (RO) through a multimedia card such as a wire/wireless physical media (e.g., a secure memory card) so that the domain RO can be shared among the devices. A second concept of the present invention may be that the plurality of devices render (consume or use or play) DRM contents for the domain RO by using the domain RO. The present invention may also provide an instant authentication method for moving an RO for digital contents or a domain key between/among devices (e.g., terminals).
[37] Technical terms used in the present invention will be explained as follows.
[38] The terminal of the present invention is referred to as a device, and includes all kinds of terminals consuming digital contents. That is, the device of the present invention includes a mobile communication terminal using digital contents such as a user equipment UE, a mobile phone, a cellular phone, a DMB phone, a DVB-H phone, a PDA, and a PTT, a digital TV, a GPS navigator, a portable game player, an MP3 , and other home electric appliances. Accordingly, the term of 'terminal' is same as the term of 'device' in the present invention. The device of the present invention includes a communication module, a Web/WAP browser, a DRM agent, a media reproducer & library, and a memory.
[39] A domain indicates a collection of device or a group having one or more devices.
The domain is an object managed by a right issuer (RI) or a domain authority (DA), and has a corresponding domain key. The domain key is used to encode and/or decode a domain RO. The domain RO is issued by the RI, and includes an RO for DRM contents encoded by the domain key. The DRM contents are configured to be decoded by an encryption key contained in the domain RO so that a user having the domain key can use the DRM contents. Therefore, only devices joining a specific domain (i.e., each DRM agent of the devices) can decode a domain RO by using a domain key, and can render DRM contents by using the decoded domain RO. The DRM agent is mounted on a specific device thus to join and/or leave the domain. The DRM agent also moves the domain RO to another DRM agent inside the domain through a wire/ wireless media.
[40] The RO for DRM contents is divided into a Stateful RO and a Stateless RO. The
Stateless RO is an RO that a device does not manage State Information. The Stateful RO is an RO that a device manages State Information so as to precisely utilize a Permission and a Constraint inside the RO. The Constraint managed by the State Information includes 'interval', 'count', 'timed-count', 'accumulated', etc.
[41] The State Information indicates a usable amount of RO, and one State Information is managed by one Stateful RO. The State Information may be managed in a manner of a 'count', 'timed-count', etc., or in a manner of a 'remaining count', a 'remaining interval', etc.
[42] The DRM contents may be issued from a contents issuer (CI) or the RI.
[43] A connected device indicates a device that can be directly connected to the RI by wire or wirelessly. On the contrary, an unconnected device indicates a device having no communication function that can not be directly connected to the RI.
[44] A smart card indicates a media or a device such as a security memory card (e.g., SIM or MMC) on which a physical memory and/or an agent is mounted.
[45] Hereinafter, the method and apparatus for moving RO in a DRM system according to the present invention will be explained in more detail.
[46] FlG. 2 is a block diagram showing a DRM system according to a first embodiment of the present invention.
[47] As shown, the DRM system according to the present invention comprises a rights issuer (RI) 40 which issues an RO for DRM contents, a contents issuer (CI) 50 which issues substantial DRM contents, and one or more devices (terminal) which respectively receive an RO and DRM contents from the RI 40 and the CI 50, e.g., a first device 10 and a second device 30 of FlG. 2.
[48] The first device 10 and the second device 30 include a communication module, a
Web/WAP browser, a DRM agent, a media reproducer & library, and a memory therein.
[49] Each DRM agent mounted in the first device 10 and the second device 30 receives an
RO and DRM contents from the RI (40) or the CI (50), and controls a consumption of the DRM contents or updates or moves the RO by analyzing the Permission and/or the Constraint inside the RO.
[50] The DRM contents and/or the RO are stored in a DRM agent inside the first device
10 or in a DRM agent of a physical media (not shown) such as a smart card. Accordingly, a user of the first device 10 can move a key (e.g., a domain key) by which an RO for DRM contents or the RO is decoded through a physical media to the second device 30.
[51] However, the RO for DRM contents is not necessarily movable. The user of the first device 10 has to obtain a Permission such as a permission for moving RO from the RI 40 or the CI 50 so as to move the RO to a user of the second device 20. Also, the user of the first device 10 may purchase a new RO from the RI 40 or the CI 50 when the RO for DRM contents is completely consumed, or may request an update for the RO to the RI 40.
[52] Once obtaining a permission to move the DRM contents through the purchase or update of the RO, the user of the first device 10 can move his RO to the user of the second device 30. [53] FlG. 3 is a view showing a process for moving an RO for digital contents in a DRM system according to a second embodiment of the present invention.
[54] Referring to FlG. 3, a user A purchases an RO for specific DRM contents.
[55] Then, when the user A is to move the RO for specific DRM contents to a user B, the user A requests the device of a moving of the RO (S 10).
[56] The device having received the request checks whether or not the user A has a permission to move the RO to another user (Sl 1).
[57] If the user A has the permission as a result of the check, the device moves the RO for specific DRM contents to the user B via a contents provider (indicated by the dotted line), or moves the RO to the user B directly (S 12).
[58] FlG. 4 is a view showing update and authentication processes for moving an RO for digital contents in a DRM system according to a third embodiment of the present invention.
[59] As shown in FlG. 4, when the user A is to move an RO for DRM contents to a user
B, the user A requests a DRM agent of a device of a moving of the RO (S20).
[60] The device having received the request checks whether or not the user A has a permission to move the RO (S21).
[61] If the user A doesn't have the permission as a result of the check, the device asks the user A whether he or she wants to obtain the permission (not shown). If the user A wants to obtain the permission, the device accesses to a portal of the RI so as to obtain the permission (S22). The accessing process is performed by a Web/WAP browser according to a request of the DRM agent. Herein, the device accesses to the portal of the RI by using a DCF RL URL or an RL URL stored in an RI context. The RI provides a link to download a trigger for updating the RO on the portal (S23).
[62] When the device moves an RO update request message to the RI (S24), the RI moves an RO response message to the device at the time of granting a moving permission of the user A (S25). However, when the RI does not grant the moving permission of the user A, the RI moves an error message to the device.
[63] When the RI grants a moving permission of the user A, the user A pays his desired cost to a portal of the RI and selects an additional permission right thus to update RO (S26).
[64] The user A has a permission to move the RO by the updated RO, the device moves the RO of the user A to a user B via a contents provider, or directly moves the RO of the user A to the user B (S28).
[65] As shown in FIGS. 2 to 4, moving of the RO for digital contents does not mean a mere moving of the RO for digital contents. That is, when the user device moves digital contents after generating a domain, the moving of the RO between/among domain members includes not only a mere moving of the RO but also a moving(transferring or sending) of a key used to decode the RO.
[66] FlG. 5 is a view showing a process for moving an RO for digital contents in a DRM system according to a fourth embodiment of the present invention. The process of FlG. 5 is the same as the process of FlG. 3 in which an encryption key is firstly transferred to domain members for sharing and then an RO is moved thereto through a wire/ wireless physical media.
[67] Referring to FlG. 5, the user device A serves as a domain authority, and manages a user device B and a user device C as domain members. The device A may be the RI of FlG. 2, and the device B and the device C may be a terminal, respectively.
[68] The Domain Authority, the device A moves a domain key to the device B and the device C for sharing. Herein, the domain key is used to decode a domain RO.
[69] Then, when the device A moves the domain RO to the device B or the device C through a wire/wireless physical media(entity), each device reads a corresponding domain RO by using its domain key thus to consume desired digital contents. Herein, each device does not store the received domain RO.
[70] Preferably, the physical storage media(entity) is a multimedia card, and includes a smart card, a User Identity Module (UIM) card (or a Subscriber Identity Module (SIM) card in case of a GSM), a Secure MMC card and each kind of memory card. The physical storage media includes a microprocessor and a memory device thus to process commands and to store a certain amount of data.
[71] FlG. 6 is a view showing a process for moving an RO for digital contents in a DRM system according to a fifth embodiment of the present invention.
[72] Referring to FlG. 6, an RO is firstly moved to each device so as to be shared, and then an encryption key is moved thereto through a wire/wireless physical media.
[73] A device A, a domain authority moves a domain RO to a device B and a device C for sharing. The domain RO is encrypted by a domain key.
[74] When the device A moves the domain key to the device B or the device C through a wire/wireless physical media, each device reads the domain RO by using the domain key thus to consume desired digital contents. Herein, each device does not store the received domain key. When the domain key is transferred between/among the devices, one device having transferred the domain key to another device non-activates or deletes the domain key.
[75] FlG. 7 is a view showing a process for moving an RO for digital contents in a DRM system according to a sixth embodiment of the present invention. The sixth embodiment of FlG. 7 is more concretely implemented than the fifth embodiment of FIG. 6.
[76] Referring to FIG. 7, it is assumed that a specific user (hereinafter, will be referred to as a user A) has two DRM devices, that is, a first device 10 and a second device 30. The first device 10 is a connected device having a communication function such as a mobile communications terminal, and the second device 30 is an unconnected device having no communication function such as an MP3 player. It is assumed that the user A has a multimedia entity (e.g., a smart card ) 20, which is a physical media that can be consumed by being inserted into the first device 10 or the second device 30.
[77] As shown in FlG. 7, the user A (not shown in FlG. 2) joins his or her own devices
(i.e., a mobile phone 10 or an MP3 player 30) to a specific domain generated and managed by an RI 40 (i.e., a domain A 60) (Sl). Herein, the first device 10 receives a domain key from the RI. The domain key may be moved to the first device 10 from the RI 40 through a domain context. The domain context includes information necessary to install a domain RO at the smart card 20 (e.g., a domain key, a domain identifier, an expire time, etc.).
[78] The user A accesses to the RI and/or a CI through the first device 10 thus to receive
DRM contents and a domain RO for the DRM contents (S2).
[79] The user A tries to share DRM contents and/or a domain RO owned by the first device 10 with the second device 30 that have joined the domain A 60. The user A can share the DRM contents and/or the domain RO with the first device 10 (a mobile communication terminal) and the second device (an MP3 player) by using the smart card 20. That is, the user A moves a domain context for installing the domain RO that exists on the first device 10 to the smart card 20 (S3), and mounts the smart card 20 to the second device 30 (S4). The DRM contents and /or the domain RO may be directly moved to the second device 30 from the first device 10 through a wire/wireless channel. The DRM contents and/or the domain RO may be moved to the smart card 20 from the first device 10 thus to be stored in a memory of the smart card 20, and then is moved to the second device 30 from the smart card 20.
[80] The user A may install the domain RO by using the domain context stored in the smart card 20 through the second device 30, and then render the DRM contents by using the domain RO.
[81] When the domain context is moved between the first device 10 and the smart card 20 and between the smart card 20 and the second device 30, an authentication process is respectively performed.
[82] Hereinafter, a signal flow between devices in the DRM system of FlG. 7 will be explained in more detail with reference to FlG. 8.
[83] FlG. 8 is a flowchart showing a method for moving a domain RO by using a smart card according to a seventh embodiment of the present invention. A contents provider (CP) may be an RI or a CI, and the RI may be a portal of the CP.
[84] It is assumed that a user A has two DRM devices, that is, a first device 10 and a second device 30. The first device 10 is a connected device having a communication function such as a mobile communication terminal, and the second device 30 is an unconnected device having no communication function such as an MP3 player. It is assumed that the user A is a physical media that can be consumed by being inserted into the first device 10 and the second device 30, and has a multimedia entity (e.g., a smart card ) 20.
[85] The user A accesses to the RI 40 by using the first device 10 (S31), and registers the first device 10 and the second device 30 to the RI 40 (S32). The user A registers the first device 10 to the RI 40 firstly, and additionally registers the second device (unconnected device) to the RI 40.
[86] The user A joins the first device 10 to a specific domain (e.g., Domain A) (S33). The specific domain is one of a plurality of domains generated and managed by the RI 40.
[87] When the RI 40 asks whether to join the second device 30 as well as the first device
10 to the domain A to which the user A has been registered, the user A joins the second device (unconnected device) to the domain A. That is, the user A informs the RI 30 that the second device is his or her another device, and browses domain contents to be downloaded through the first device 10 (S34). The RI 40 moves a domain list generated and managed by itself to the first device 10 (S35). Then, the user selects a specific domain (e.g., a domain A) to join the second device from the domain list (S36).
[88] The RI 40 moves a trigger message (e.g., a Join Domain Trigger message) to the first device 10 so that the user A can join the second device 30 to the selected domain A through the first device 10 (S37). The first device 10 receives the Join Domain Trigger message, and then moves a request message to join the second device 30 to the domain A (e.g., a Join Domain Request message) to the RI 40 (S38). An XML schema of the Join Domain Request message and a parameter contained in the message are shown in FlG. 9. As shown in FlG. 9, the Join Domain Request message includes one or more parameters. The Join Domain Request message includes parameters of one or more device IDs (e.g., an ID of the first device 10 which moves a Join Domain Request message and an ID of the second device 30 which is to join the domain A).
[89] The RI 40 moves a response message (e.g., a Join Domain Response message) as a response of the Join Domain Request message (S39). Herein, the Join Domain Response message includes a domain context for the second device 30. The domain context includes information necessary to install a domain RO at the smart card 20 (e.g., a domain key, a domain identifier, an expire time, etc.).
[90] An XML schema of the Join Domain Response message and a parameter contained in the message are shown in FlG. 10. As shown in FlG. 10, the Join Domain Response message includes one or more parameters (elements). First, a 'domainlnfo' element of the parameters is an identifier, and is generated whenever the RI 40 issues a domain key for devices that have joined the Domain A (i.e., the first device 10 or the second device 30). Herein, the domain key is encoded by each public key of the first device 10 and the second device. Second, a 'devicelD' parameter of the 'domainlnfo' element is a device identifier using a domain key. However, the 'devicelD' parameter does not indicate an ID of the smart card 20. Moving the 'devicelD' parameter inside the 'domainlnfo' element by the RI 40 means that the RI 40 knows a list of the device ID, each device having the same devicelD can exclusively use the domain key, and any other devices can not use domain contents. The fact that the device ID parameter is not contained in the 'domainlnfo' element means that the all devices that belong to the user A can not use the domain contents. Third, an 'SRMStore' parameter is an attribute inside the 'domainlnfo' element. The 'SRMStore' parameter instructs a DRM agent that performs a JoinDomain protocol to store a domain key in the smart card 20.
[91] The first device stores the received domain context in the smart card 20 (S40). The smart card 20 is configured to be separated (detached) from the first device 10, and is in a mounted state to a corresponding fitting (mounting) portion (e.g., a slot) of the first device 10. The smart card 20 includes a storage space and an agent only therefor that can perform an authentication process. The smart card 20 is a media that can fit into and detache from the first device 10 and the second device 30, and is called as a Secure Removable Media (SRM). The agent for the smart card 20 only is called as an SRM Agent. The smart card 20 is a physical media, and includes a User Identity Module (UIM) card (or a Subscriber Identity Module (SIM) card in case of a GSM), a Secure MMC card and each kind of memory card.
[92] In step S40, an authentication process is performed between the first device 10 and the smart card 20 (S41). More concretely, an authentication process is performed between the DRM agent of the first device 10 and the SRM Agent of the smart card 20. In the authentication process, information indicated by the parameters contained in the domain context of step S39 is used. The SRM Agent of the smart card 20 moves the domain context to the smart card 20 from the first device 10 after the authentication process. Through the authentication process (S41), the SRM Agent of the smart card 20 can determine whether or not the DRM agent of the first device 10 is a genuine DRM agent. If it is determined that the DRM agent of the first device 10 is not a genuine DRM agent in the authentication process (S41), the authentication process is revoked. The genuine DRM agent may be one which entitle to communicate and give domain contents and related to the SRM agent.
[93] After completing the authentication process, the user A accesses to the RI 40 by using the first device 10 thus to select his desired domain contents (e.g., a specific music file) (S42), and downloads the domain contents (S43).
[94] Then, if the user A wants to consume the domain contents (e.g., a specific music file), it may move the domain contents to the second device 30 from the first device 10 through a wire/wireless media. Herein, the domain contents (e.g., a specific music file) may be moved in a super-distribution manner. The user A may move the domain contents and/or a corresponding domain key to the smart card 20 (S44).
[95] The user A mounts the smart card 20 to the second device 30 (i.e., an MP3 player)
(S45). Then, the SRM Agent of the smart card 20 performs an authentication process so as to check whether the second device is a genuine device that has joined the Domain A (S46). If it is determined that the second device 30 is a genuine device that have joined the Domain A in step S46, the second device 30 searches the domain context and the domain contents stored in the smart card 20 (S47). While the smart card 20 is mounted on (equipped with) the second device 30 (i.e., an MP3 player), the user A can consume the domain contents through the second device 30 (S48). However, when the smart card 20 is separated from the second device 30, the user A can not consume the domain contents through the second device 30 any longer.
[96] FlG. 11 is a block diagram showing a process for moving an RO in a DRM system according to an eighth embodiment of the present invention.
[97] Referring to FlG. 11, it is assumed that a specific domain of a plurality of domains defined and managed by the RI 40, e.g., a domain A 60 includes N devices (a first device 10~an N device). The N device 70 moves a domain RO to an external device 80 that does not belong to the domain A 60, and leaves from the domain A 60.
[98] The N* device 70 moves its domain context and domain RO to the external device 80 via the smart card 20 (e.g., Secure Removable Media (SRM)). That is, the N device 70 moves the domain context and the domain RO to the smart card 20, and then the smart card 20 moves the domain context and the domain RO to the external device 80. The domain context and the domain RO are moved through a security channel after an authentication process is performed and a security channel is formed. The authentication process is performed in the same manner as the authentication process of FlG. 8 (S41 and S46), and requires a Certificate Revocation List (CRL) management. After being successfully moved, the domain context and the domain RO are deleted from the moving device, i.e., the Nth device 70. As the domain RO is deleted from the Nth device 70, the Nth device 70 can not consume the domain contents any longer. The external device 80 having received the domain context and the domain RO has to register the domain context and the domain RO to the RI 40 by using information contained in the domain context and the domain RO. Herein, the domain A 60 may be a domain defined by an OMA DRM 2.0, or a User Domain defined in a Home Entertainment Network field.
[99] The domain context and the domain RO stored in the smart card 20 is not moved to the external device 80, but is mounted at the external device 80 (e.g., insertion into a mounting portion such as a socket) with a stored state into the smart card 20. The domain context and the domain RO mounted at the external device 80 may be directly rendered through the external device 80. Since the smart card 20 has the domain RO, it serves as a subject of consuming the contents.
[100] Hereinafter, a construction and an operation of the device for moving digital contents and RO according to the present invention will be explained with reference to FlG. 12.
[101] A device (terminal) of the present invention includes a hardware to move a domain context, a domain RO or DRM contents to another device through a multimedia for sharing between each device. The device 100 of the present invention includes a socket 101 for detachably mounting a multimedia (e.g., a smart card). The multimedia includes a smart card, a User Identity Module (UIM) card or a Subscriber Identity Module (SIM) card, a Secure MMC card and each kind of memory card. A form of the socket 101 is determined according to a form of the multimedia.
[102] The device 100 of the present invention includes a transceiver 102 for transceiving a signal to perform a registration by accessing to an RI, and receiving a domain list provided from the RI.
[103] The device 100 of the present invention includes a display 103 for displaying the domain list moved to the transceiver 102 after processing by a processor 106.
[104] The device 100 of the present invention includes a DRM agent 104 for processing signals to join a user's one or more devices to a specific domain selected by the user from the domain list displayed on the display 103 so that a domain RO may be shared at the specific domain.
[105] The device 100 of the present invention includes a memory 105 for storing the
Domain context and the domain RO received from the RI, and another DRM contents.
[106] The device 100 of the present invention includes a processor 106 for processing signals to consume the DRM contents by using the domain context and the domain RO, and for processing the domain context and the domain RO to be moved to a multimedia mounted at the socket 101. The processor 106 may be called as a controller. Detailed operation and construction of the device 100 of the present invention are applied to the aforementioned components in FIGS. 2 to 11.
[107] It is obvious to those skilled in the art of the present invention that the device 100 includes components necessary to consume the DRM contents as well as the components of FlG. 12, and thus its detailed explanation will be omitted.
[108] It will also be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention cover modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents. [109] For instance, the smart card indicates a physical or logical media or a device for moving a domain key and/or domain contents among the plurality of devices, which is not limited to a literal meaning. [110] A plurality of devices (terminals) registered to a specific domain can share DRM contents. [Ill] Also, a domain key and domain contents can be shared among a plurality of devices through a physical media called as an SRM (Secure Removable Media) such as a smart card. [112] Furthermore, since a user having a plurality of devices can share DRM contents and an RO of the DRM contents among the plurality of devices, consuming a digital RO can be enhanced.

Claims

Claims
[I] A method for moving a rights object (RO) in a digital rights management (DRM) system, comprising: joining a first device and one or more second devices to a specific domain by a user; receiving first information about a domain RO from a rights issuer (RI) by the first device; moving the first information to a third device by the first device; and moving the first information to the second device by the third device.
[2] The method of claim 1, further comprising receiving at least one of domain contents and a domain RO from the RI by the first device.
[3] The method of claim 1, wherein the step of receiving the first information includes authenticating the first device by the third device before the first device moves the first information to the third device.
[4] The method of claim 1, wherein the step of moving the first information to the second device includes authenticating the third device by the first device before the third device moves the first information to the second device.
[5] The method of claim 1, wherein the first information is a domain context.
[6] The method of claim 1, wherein the first information at least includes a domain key to decode a domain RO.
[7] The method of claim 1, wherein the first device is a connected device, and the second device is an unconnected device or a connected device.
[8] The method of claim 1, wherein the third device is a multimedia entity.
[9] The method of claim 8, wherein the third device is a secure removable media
(SRM) or a smart card. [10] The method of claim 1, further comprising moving the first information to a fourth device by the second device, and leaving from the specific domain.
[II] The method of claim 10, further comprising moving at least one of domain contents and a domain RO to the fourth device by the second device.
[12] The method of claim 1, wherein the step of joining the first device and the one or more second devices to the specific domain includes: registering the first device and the one or more second devices to the RI by the user; receiving a domain list provided from the RI by the first device; selecting the specific domain from the domain list by the first device; and joining the first device and the one or more second devices to the specific domain.
[13] The method of claim 12, wherein the step of joining the first device and the one or more second devices to the specific domain includes: sending a Join Domain Trigger message to the first device by the RI; sending a Join Domain Request message to the RI by the first device; and sending a Join Domain Response message to the first device by the RI in response to the Join Domain Request message.
[14] The method of claim 13, wherein the Join Domain Request message includes a devicelD of the first device and devicelDs of the one or more second devices.
[15] The method of claim 13, wherein the Join Domain Response message includes first information about the domain RO.
[16] The method of claim 15, wherein the first information includes a 'domainlnfo element', and the 'domainlnfo element' is information about issuing a domain key to the first device and the one or more second devices that have joined the specific domain.
[17] The method of claim 16, wherein the 'domainlnfo' element includes: each devicelD of the first device and the one or more second devices, the first device and the one or more second devices having joined the specific domain and therefore capable of using the domain key; and an SRMStore parameter.
[ 18] The method of claim 1 , wherein the third device is a device that may be detachably equipped with the first device or the second device.
[19] A method for sharing an RO in a DRM system, comprising: sending by a first device first information about a domain RO owned by the first device to a third device; detaching the third device from the first device and then fitting into a second device by a user; receiving the first information from the third device by the second device; and decoding a domain RO by using the first information by the second device, and consuming DRM contents by using the decoded domain RO.
[20] The method of claim 19, wherein the first device and the second device are joined to a specific domain managed by a rights issuer (RI).
[21] The method of claim 19, wherein the third device is a multimedia entity including a memory and a processor.
[22] The method of claim 19, wherein the first information is issued from the RI, and includes a domain key.
[23] The method of claim 19, wherein the first device further moves the domain RO and the DRM contents together with the first information.
[24] The method of claim 19, wherein the second device further receives the domain RO and the DRM contents together with the first information from the third device.
[25] An apparatus for moving an RO in a DRM system, comprising: a socket for fitting into and detaching from a multimedia entity; a transceiver for transceiving one or more signal to perform a registration by accessing to a rights issuer (RI), and for receiving a domain list provided from the RI; a display for displaying the domain list; a DRM agent for processing signals to join a user's one or more devices to a specific domain selected from the domain list by the user such that a domain RO may be shared in the specific domain; a memory for storing a domain context and a domain RO provided from the RI; and a processor for processing signals to consume DRM contents by using the domain context and the domain RO, and for transferring the domain context and the domain RO to a multimedia mounted at the socket.
[26] A method for moving an RO in a DRM system, comprising: moving an encryption key to decode an RO for digital contents to one or more second devices by a first device; and moving the RO for digital contents to another second device according to a user's request by the one or more second devices.
[27] The method of claim 26, wherein the RO is moved through a wire/wireless physical media.
[28] The method of claim 27, wherein the physical media is a multimedia card.
[29] The method of claim 28, wherein the multimedia card includes a User Identity
Module (UIM) card or a Subscriber Identity Module (SIM) card, a Secure MMC card and each kind of memory card.
[30] The method of claim 26, wherein the first device is a right issuer (RI).
[31] The method of claim 26, wherein the second devices are mobile communications terminals. [32] The method of claim 26, wherein the moving the RO includes: checking whether the user has a 'Permission' to move the RO by the second device, if the user requests a moving of an RO for contents; accessing to the first device and then obtaining a 'Permission' of the RO, if the user does not have the 'Permission' ; and moving the RO to another second device, if the user has the 'Permission' or obtains the 'Permission' from the first device. [33] The method of claim 32, wherein the 'Permission' of the RO is obtained by selecting an additional 'Permission' from a portal of the first device by the second device, and then updating the RO. [34] A method for moving an RO in a DRM system, comprising: moving an RO for digital contents to one or more second devices by a first device; and moving an encryption key to decode the RO for digital contents between the first device and the second devices. [35] The method of claim 34, wherein the encryption key is moved through a wire/ wireless physical media. [36] The method of claim 35, wherein the RO is moved through a wire/wireless physical media. [37] The method of claim 36, wherein the physical media is a multimedia card, and includes a User Identity Module (UIM) card or a Subscriber Identity Module
(SIM) card, a Secure MMC card and each kind of memory card. [38] A device for moving an RO in a DRM system, comprising: a DRM agent for receiving an RO for digital contents from a rights Issuer (RI) thereby moving an encryption key to decode the RO for digital contents or a corresponding RO to another device. [39] The device of claim 38, wherein the RO or the encryption key is moved through a wire/wireless physical media.
PCT/KR2007/001315 2006-03-17 2007-03-16 Method for moving and sharing digital contents and rights object and device thereof WO2007108619A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2007800092656A CN101405719B (en) 2006-03-17 2007-03-16 Method for moving and sharing digital contents and rights object and device thereof

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US78307506P 2006-03-17 2006-03-17
US60/783,075 2006-03-17
KR1020060025471A KR100872430B1 (en) 2006-03-20 2006-03-20 Digital rights managementdrm system and method for moving rights object
KR10-2006-0025471 2006-03-20
KR1020070026232A KR101356493B1 (en) 2006-03-17 2007-03-16 Method for moving digital contents and rights object thereto and device thereof
KR10-2007-0026232 2007-03-16

Publications (1)

Publication Number Publication Date
WO2007108619A1 true WO2007108619A1 (en) 2007-09-27

Family

ID=38522624

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2007/001315 WO2007108619A1 (en) 2006-03-17 2007-03-16 Method for moving and sharing digital contents and rights object and device thereof

Country Status (1)

Country Link
WO (1) WO2007108619A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009078775A1 (en) * 2007-12-19 2009-06-25 Telefonaktiebolaget Lm Ericsson (Publ) Method for digital rights management in a mobile communications network
EP2088530A2 (en) * 2008-01-31 2009-08-12 Pantech&Curitel Communications, Inc. Method for joining user domain and method for exchanging information in user domain
EP2299378A1 (en) * 2008-07-07 2011-03-23 Huawei Technologies Co., Ltd. Processing method and device of rights object
US20120060225A1 (en) * 2009-06-17 2012-03-08 Chu Younsung Method and device for upgrading rights object that was stored in memory card
US8688841B2 (en) 2008-06-05 2014-04-01 Modena Enterprises, Llc System and method for content rights based on existence of a voice session

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040088530A (en) * 2002-02-25 2004-10-16 톰슨 라이센싱 에스.에이. Device for processing and method for transmitting data encrypted for a first domain in a network belonging to a second domain
KR20050096796A (en) * 2004-03-29 2005-10-06 삼성전자주식회사 Method and apparatus for acquiring and removing informations of digital right objects
KR20050114187A (en) * 2004-05-31 2005-12-05 삼성전자주식회사 Apparatus and method for sending and receiving digital right objects in a transfomred format between device and portable storage
KR20060005285A (en) * 2004-07-12 2006-01-17 삼성전자주식회사 Apparatus and method for processing digital right objects

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040088530A (en) * 2002-02-25 2004-10-16 톰슨 라이센싱 에스.에이. Device for processing and method for transmitting data encrypted for a first domain in a network belonging to a second domain
KR20050096796A (en) * 2004-03-29 2005-10-06 삼성전자주식회사 Method and apparatus for acquiring and removing informations of digital right objects
KR20050114187A (en) * 2004-05-31 2005-12-05 삼성전자주식회사 Apparatus and method for sending and receiving digital right objects in a transfomred format between device and portable storage
KR20060005285A (en) * 2004-07-12 2006-01-17 삼성전자주식회사 Apparatus and method for processing digital right objects

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009078775A1 (en) * 2007-12-19 2009-06-25 Telefonaktiebolaget Lm Ericsson (Publ) Method for digital rights management in a mobile communications network
US8417952B2 (en) 2007-12-19 2013-04-09 Telefonaktiebolaget L M Ericsson (Publ) Method for Digital Rights Management in a mobile communications network
EP2088530A2 (en) * 2008-01-31 2009-08-12 Pantech&Curitel Communications, Inc. Method for joining user domain and method for exchanging information in user domain
US8688841B2 (en) 2008-06-05 2014-04-01 Modena Enterprises, Llc System and method for content rights based on existence of a voice session
EP2299378A1 (en) * 2008-07-07 2011-03-23 Huawei Technologies Co., Ltd. Processing method and device of rights object
US20110091041A1 (en) * 2008-07-07 2011-04-21 Zhang Renzhou Method and apparatus for processing rights object
EP2299378A4 (en) * 2008-07-07 2012-02-29 Huawei Tech Co Ltd Processing method and device of rights object
US8336109B2 (en) 2008-07-07 2012-12-18 Huawei Technologies Co., Ltd. Method and apparatus for processing rights object
US8353055B2 (en) 2008-07-07 2013-01-08 Huawei Technologies Co., Ltd. Method and apparatus for processing rights object
US20120060225A1 (en) * 2009-06-17 2012-03-08 Chu Younsung Method and device for upgrading rights object that was stored in memory card
US8667601B2 (en) * 2009-06-17 2014-03-04 Lg Electronics Inc. Method and device for upgrading rights object that was stored in memory card

Similar Documents

Publication Publication Date Title
CN102934118B (en) Subscriber equipment and control method thereof
US8656156B2 (en) Method and terminal for authenticating between DRM agents for moving RO
KR100552984B1 (en) Device and method for restricting content access and storage
RU2395166C2 (en) Method for provision of access to coded content of one of multiple subscriber systems, device for access provision to coded content and method for generation of protected content packets
CN101321168B (en) Right object acquisition method and system
US20090217036A1 (en) Digital rights management
US20100192232A1 (en) Method for moving rights object in digital rights management
JP2008052735A (en) Method for registering right issuer and domain authority in digital right management, and method for implementing secure content exchange function using the same
KR20060048948A (en) Method of providing rights data objects
CN103703469A (en) Apparatus and method of managing a licensable item
US20090044008A1 (en) Drm system and method of managing drm content
EP2013766B1 (en) Method for sharing rights object in digital rights management and device thereof
US20100250388A1 (en) Method and apparatus for protecting drm contents
WO2006065633A2 (en) Method and device for digital rights management
WO2007108619A1 (en) Method for moving and sharing digital contents and rights object and device thereof
CN101405719B (en) Method for moving and sharing digital contents and rights object and device thereof
US20090125718A1 (en) Domain upgrade method in digital rights management
US20070300058A1 (en) Credential Provisioning For Mobile Devices
KR101586682B1 (en) Apparatus and method of layered licensing
CN101375543B (en) Via server by right objects the apparatus and method from an equipment moving to another equipment
US20090228960A1 (en) Method and device for managing authorization of right object in digital rights managment
CN102812470A (en) Content Binding At First Access
Feng et al. An efficient contents sharing method for DRM
KR101120688B1 (en) Method and device for delivering drm content between two drm-enabled device
CN103023640A (en) Apparatus and method for moving rights object from one device to another device via server

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07715698

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 200780009265.6

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07715698

Country of ref document: EP

Kind code of ref document: A1