WO2008108564A1 - Method and system for transferring resource - Google Patents

Method and system for transferring resource Download PDF

Info

Publication number
WO2008108564A1
WO2008108564A1 PCT/KR2008/001207 KR2008001207W WO2008108564A1 WO 2008108564 A1 WO2008108564 A1 WO 2008108564A1 KR 2008001207 W KR2008001207 W KR 2008001207W WO 2008108564 A1 WO2008108564 A1 WO 2008108564A1
Authority
WO
WIPO (PCT)
Prior art keywords
resource
transfer
resources
identification information
session identification
Prior art date
Application number
PCT/KR2008/001207
Other languages
French (fr)
Inventor
Il Gon Park
Sung Hyun Cho
Min Gyu Chung
Soo Jung Kim
Man Soo Jeong
Koo Yong Pak
Seung Jae Lee
Original Assignee
Lg Electronics Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lg Electronics Inc. filed Critical Lg Electronics Inc.
Publication of WO2008108564A1 publication Critical patent/WO2008108564A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]

Definitions

  • the present invention relates to a method and system for transferring resources and, more particularly, to a resource transfer technique for effectively transferring resources by generating and using a transfer chain and transfer session identification information, etc.
  • the DRM provides a comprehensive protection framework over the length and breadth of distribution of digital contents.
  • the DRM converts digital contents into ciphered data in the form of a package by using a ciphering technique and prevents the corresponding contents from being used unless a proper authentication procedure is performed.
  • the DRM provides a basis for a stable and legitimate contents service as the DRM is associated with diverse contents service models. Actually, contents service providers currently adopt their own unique DRM to protect contents provided by them.
  • the DRM is very closed technically or in policy in terms of its characteristics, so in order for a user to use DRM-applied contents, there are some restrictions, which may be noticed as something inconvenient for the user.
  • the DRM domain system uses the concept of domain as a basic unit of a DRM-trusted framework.
  • the domain may refer to a set of authenticated devices or software systems.
  • Authenticated devices that have been registered to the domain may freely share and use DRM contents within an allowed range.
  • the DRM domain system can be constructed by defining functions of entities for constituting a domain based on a physical interworking environment and properly connecting the entities.
  • One of the most important factors in constructing the DRM domain system would be effectively transferring resources or a license between nodes in the domain.
  • data management technique and data transfer technique related to the resource transfer are urgently required. Disclosure of Invention Technical Problem
  • an object of the present invention is to provide a method and system for tran sferring resources capable of generating transfer session identification information to transfer resources, and effectively transferring the resources using the transfer session identification information.
  • the resource transfer method includes: configuring a transfer chain including a plurality of resource handlers to transfer resources to at least one destination; generating transfer session identification information corresponding to the transfer chain; transferring a control message including the transfer session identification information to the resource handlers; and transferring the resources by using the resource handlers.
  • the configuring of the transfer chains may include: configuring a primary transfer chain including a resource exporter that exports the resources and a resource transformer that receives the resources transferred from the resource exporter and transforms the received resources into such a format as demanded by the destination; and configuring a secondary transfer chain including the resource exporter and a resource importer that imports the resources to the destination.
  • the generating of the transfer session identification information may include: generating primary transfer session identification information corresponding to the primary transfer chain; and generating secondary transfer session identification information corresponding to the secondary transfer chain.
  • the transferring of the control message to the resource handlers may include: transferring a resource exporter control message including the primary transfer session identification information to the resource exporter; transferring a resource transformer control message including the primary transfer session identification information and the secondary transfer session identification information to the resource transformer; and transferring a resource importer control message including the secondary transfer session identification information to the resource importer.
  • the transferring of the resources may include: exporting, by the resource exporter, the resources and transferring the resources to the resource transformer in a transfer session corresponding to the primary transfer session identification information; and transforming, by the resource transformer, the resources into such a format as demanded by the destination and transferring the same to the resource importer in a transfer session corresponding to the secondary transfer session identification information.
  • the resource transfer method may further include: receiving a message requesting transfer of the resources to at least one destination; collecting information about the plurality of resource handlers included in a system; and analyzing the collected information and determining whether to perform the requested transfer.
  • the resource transfer system includes: a plurality of resource handlers; and a controller that provides control to receive a message requesting a resource transfer from a client, generate a plurality of transfer session identification information to perform resource transferring, and transfer a control message including the transfer session identification information to the resource handlers to thus perform the resource transferring.
  • the plurality of resource handlers may include a resource exporter that exports resources, a resource transformer that transforms the format of the resources received from the resource exporter into a target format, and at least one resource importer that imports the resources received from the resource transformer to a destination.
  • the plurality of transfer session identification information may include primary transfer session identification information that identifies a primary transfer session in which the resources are transferred from the resource exporter to the resource transformer and at least one secondary transfer session identification information that identifies at least one primary transfer session in which the resources are transferred from the resource transformer to the at least one resource importer.
  • a resource processing controller effectively generates transfer session identification information to transfer resources requested by a client, and resource handlers can be controlled according to the transfer session identification information. Therefore, the non-efficiency such as repeatedly transferring the same resources can be resolved.
  • FIG. 1 is a schematic block diagram showing the construction of a DRM (Digital
  • FIG. 2 is an exemplary schematic block diagram showing entities for constituting a domain and the relationship among the entities.
  • FIG. 3 is a schematic block diagram showing a detailed configuration of a processing control part and a resource processing part for transferring resources.
  • FIG. 4 is an exemplary view showing the configuration of a resource processing controller and resource handlers to realize the resource transfer method according to a preferred embodiment of the present invention.
  • FIG. 5 is a flow chart illustrating the process of transferring resources by using the resource processing controller and the resource handlers.
  • FIGs. 6 and 7 are exemplary views showing transfer chains configured by the resource processing controller.
  • FIG. 8 is a view showing an example of transfer of resources via a primary transfer chain.
  • FIG. 9 is a view showing an example of transfer of the resources via the secondary transfer chains C21 and C22.
  • FIG. 10 is a view showing the process of providing policy information by a policy provider to a domain manager according to a requesting/responding method.
  • FIG. 11 is a view showing the process of providing policy information by the policy provider in the format of event subscription/issuance. Mode for the Invention
  • FIG. 1 is a schematic block diagram showing the construction of a DRM (Digital
  • the DRM domain system may include a client part 10, an authentication and management part 20, a processing control part 30, a resource processing part 40, and a license processing part 50.
  • the respective parts 10 to 50 may include one or more entities.
  • the entity may refer to a module or a device implemented by software or hardware that performs certain unique functions.
  • Such entity may be a set of one or more unit function modules that perform a particular unit function.
  • Each entity may be installed or implemented in a particular device and communicates with another entity via a predetermined interface.
  • entities belonging to the same part may be installed or implemented in each different device, and an installation device may vary depending on embodiment environments.
  • the client part 10 may include a client.
  • the client is an entity that provides various functions to allow a user to use a DRM service by interworking with the authentication and management part 20 and the processing control part 30, etc.
  • Such client may be included in a device, and the device including such client is called 'client device'.
  • the client may request authentication of the client device from the authentication and management part 20. After the authentication is successfully performed, the client may call a particular entity of the processing control part 30 to request transfer of data, e.g., resources or a license, to a desired destination. In addition, the client may have a function of using resources, a user interface function, and the like.
  • the authentication and management part 20 may mainly perform a function of authenticating the client and managing its information. To perform such function, the authentication and management part 20 may form and manage a domain.
  • the domain a range within which the DRM domain service is applied, may refer to a set of authorized devices or systems.
  • the domain may include a set of authorized client devices.
  • the client devices within the domain may interchange and use the same DRM- applied resources or different DRM- applied resources.
  • FIG. 2 is an exemplary schematic block diagram showing entities for constituting a domain and the relationship among the entities, especially for illustrating entities related to client authentication and management of the DRM domain system.
  • the DRM domain system may include a domain 3 including a plurality of client devices 12.
  • the domain may be formed in consideration of a physical location of the client device 12 having a client 14.
  • the domain 3 may be formed with authenticated client devices 12 existing in a particular physical area.
  • the domain 3 may include logically authenticated devices without considering physical locations of the client devices 12.
  • the domain 3 is formed with the client devices 12 located in a particular local area in consideration of physical locations of the client devices 12, and client devices existing in a network area other than the local area are allowed to subscribe to the domain 3.
  • client devices 12 located in a particular local area in consideration of physical locations of the client devices 12, and client devices existing in a network area other than the local area are allowed to subscribe to the domain 3.
  • this is merely an example and the present invention is not limited thereto.
  • the local environment refers to an environment in which a physical network is established to allow devices existing in a particular local area to interwork with each other and the physical network interworks with an external network.
  • the local environment may include a home network system, etc.
  • the local area mentioned hereinafter is an area where the local environment is established (e.g., the house of the user including a home network system, an area where at least two or more devices are available for local networking, etc.), and the network area is a area of a wide area network such as a wired or wireless Internet.
  • the authentication and management part 20 for authenticating or managing the client 14 may include a domain manager 22 and a license manager 24.
  • the domain manager 22 is an entity that performs a function of managing the domain 3.
  • the domain manager 22 may perform functions of registering the client device 12 to the domain 3, managing information about the registered client device 12, and removing the client device 12 from the domain 3.
  • the domain manager 22 may exist anywhere in the local area or in the network area.
  • FIG. 2 shows a case where the domain manager 22 exists within the network area.
  • the domain manager 22 may interwork with the client 14 via a communication network.
  • the domain manager 22 may also exist in a local area, and in this case, the domain manager 22 may be provided in a device within the local area.
  • the license manager 24 may perform a function of managing license information of the user.
  • the licenser manager 24 may be a typical online manager that stores and manages license information of the user.
  • the license manager 24 may generate or delete the name of the user, associate the name of the user with the license information, or generate or delete the license information.
  • the license manager 24 may exist in the network area (e.g., a service provider system, etc.) or may exist in a local area.
  • the processing control part 30 performs a function of receiving a request for transfer of data, namely, the resources or a license, from the client 14 authenticated for the domain 3, and controlling the resource processing part 40 or the license processing part 50 to allow the requested data to be transferred.
  • FIG. 3 is a schematic block diagram showing a detailed configuration of the processing control part 40 and the resource processing part 50 for transferring resources, namely, showing the entities participating in the resource transfer process.
  • the processing control part 30 includes a resource processing controller 32 and a license processing controller 34.
  • the license processing controller 34 does not participating in the resource transfer, so its detailed description will be omitted.
  • the resource processing controller 32 may receive a resource transfer request that requests transfer of resources to at least one destination from the client 14.
  • the resource processing controller 32 performs a function of controlling the resource processing part 40 so that the resources can be transferred according to content of the received resource transfer request.
  • the resource processing controller 32 may exist anywhere in the local area or in the network area, and in the present embodiment, it is assumed that the resource processing controller 32 is provided in the client device in the local area.
  • the resource processing part 40 performs a function of transferring the resources from a source to a destination under the control of the resource processing controller 32.
  • the resource processing part 40 may include a plurality of resource handlers 42 to 46. In this case, the resource handlers 42 to 46 may refer to entities for performing a function related to transferring and processing of the resources.
  • the resource handlers 42 to 46 may include a resource exporter 42, a resource transformer 44 and a resource importer 46.
  • the resource exporter 42 may perform a function of exporting the resources which have been requested to be transferred by the resource processing controller 32 and transferring the resources to the resource transformer 44 or to the resource importer 46.
  • the resource transformer 44 may perform a function of receiving the resources transferred from the resource exporter 42, transforming the resources into a requested target format, and transferring the same to the resource importer 46.
  • the target format may refer to a resource format (e.g., MPEG2, MPEG4, h.264, etc.) demanded by the destination(s).
  • the resource transformer 44 takes part in transferring when the format of the resources needs to be transformed.
  • FIG. 4 is an exemplary view showing the configuration of the resource processing controller and the resource handlers to realize the resource transfer method according to a preferred embodiment of the present invention, which specifically shows an example of the configuration of a system for transferring resources to two destinations, namely, first and second target devices.
  • the resource exporter RE may be provided in a requesting device RV.
  • the requesting device RV refers to a device that requests transfer of resources, and may include a requesting client RC that transfers a resource transfer request message to the resource processing controller CL.
  • the first target device DVl may include a first resource importer Rl 1
  • the second target device DV2 may include a second resource importer R 12.
  • the resource processing controller CL and the resource transformer RT may be provided in a device within a domain, respectively.
  • a DRM may have been installed in the requesting device RV or the target devices DVl and DV2.
  • the resource processing controller and the resource handlers may be provided in the same device, and some entities may be provided in the same device or in different devices, according to circumstances.
  • the resource exporter may be provided in a device, not in the requesting device.
  • the resource transformer or the resource processing controller may be provided in the requesting device.
  • the resource transformer and the resource processing controller may be provided in the same device or in each different device.
  • FIG. 5 is a flow chart illustrating the process of transferring resources by using the resource processing controller and the resource handlers.
  • the requesting client RC transfers a resource transfer request message to the resource processing controller CL, for resource transfer.
  • the resource processing controller CL receives the resource transfer request message transferred by the requesting client RC (Sl).
  • the resource transfer request message may refer to a message requesting transfer of particular resources to a plurality of destinations, e.g., to the first and second target devices DVl and DV2.
  • the particular resources may be at least one resource or may be a plurality of resources. If there are a plurality of resources, the resources transferred to the first target device and the resources transferred to the second target device may be the same or different.
  • the resource transfer request message may include resource identification information, resource information, destination information, etc.
  • the resource transfer request message may include DRM system information of the destinations that receive the resources.
  • the resource identification information may refer to information that identifies the transfer-requested resources. If a plurality of resources have been requested to be transferred, there can be a plurality of resource identification information that correspond to the plurality of resources.
  • the source information may refer to information that identifies from where the transfer-requested resources are transferred.
  • the source information may include identification information that identifies a source device or system (e.g., the requesting device in the present embodiment) and file format information of the transfer- requested source.
  • the destination information may refer to information related to a destination to which a plurality of transfer-requested resources are transferred. At least one destination information may exist to correspond to the number of destinations. For example, in the present embodiment, there may be information of the first target device DVl, the first destination, and the second target device DV2, the second destination.
  • the destination information may include destination identification information that identifies a destination and file format information requested by the destination, the file format information included in the destination information may be utilized when a file format is transformed by the resource transformer RT.
  • the resource processing controller CL collects information of the resource handlers provided in the system (S2). For example, the resource processing controller CL inquires of one or more resource exporters, resource imports and resource transformers about capabilities, and receives a response from the corresponding entities. This is to obtain capability information regarding the source, intermediate and destination devices, systems, and DRMs.
  • the resource processing controller CL determines whether to transfer the requested resources based on the collected information (S3). In this case, the resource processing controller CL may check whether or not the requested resources can be transferred in consideration of the format of the requested resources, the policy of the system, information about a security authentication channel algorithm that can be executed between entities, and the like.
  • the resource processing controller CL configures a transfer chain including resource handlers that facilitates performing of the requested processing (S4).
  • the resource processing controller CL may configure a transfer chain including the resource exporter RE included in the requesting device, the resource transformer RT, the first resource importer RIl included in the first target device DVl, and the second resource importer RI2 included in the second target device DV2.
  • FIGs. 6 and 7 are exemplary views showing transfer chains configured by the resource processing controller CL.
  • the transfer chains ClO, C21, and C22 include the resource exporter RE, the resource transformer RT, the first resource importer RIl, and the second resource importer RI2.
  • the transfer chains ClO, C21, and C22 may be divided into a primary transfer chain ClO and secondary transfer chains C21 and C22.
  • the primary transfer chain ClO which is to transfer the resources from the resource exporter RE to the resource transformer RT, may include the resource exporter RE and the resource transformer RT.
  • the secondary transfer chains C21 and C22 which are to transfer the resources from the resource transformer RT to the first and second resource importers RIl and RI2, may include the secondary first transfer chain C21 and the secondary second transfer chain C22.
  • the secondary first transfer chain C21 may include the resource transformer RT and the first resource importer RIl
  • the secondary second transfer chain C22 may include the resource transformer RT and the second resource importer RI2.
  • the resource processing controller CL generates transfer session identification information in order to instruct the resource handlers RE, RT, RIl, and RI2 to transfer the resources by using the transfer chains ClO, C21, and C22 (S5).
  • the transfer session identification information may be divided into primary transfer session identification information and secondary transfer session identification information.
  • the primary transfer session identification information is session identification information for identifying a transfer session in which the resources are transferred from the resource exporter RE to the resource transformer RT.
  • the primary transfer session identification information may refer to information for identifying transfer of resources using the primary transfer chain ClO.
  • the secondary transfer session identification information is session identification information for identifying a transfer session in which the resources are transferred from the resource transformer RT to the first and second resource importers RIl and RI2.
  • the secondary transfer session identification information may refer to information for identifying transfer of the resources using the secondary transfer chains C21 and C22.
  • the secondary transfer session identification information may include secondary first transfer session identification information and secondary second transfer session identification information.
  • the secondary first transfer session identification information may be information for identifying transfer of the resources using the secondary first transfer chain C21
  • the secondary second transfer session identification information may be information for identifying transfer of the resources via the secondary second transfer chain C22.
  • the resource processing controller CL transfers a control message to the resource handlers RE, RT, RIl, and RI2 in order to perform transferring using the transfer chains ClO, C21, and C22 (S6).
  • the resource processing controller CL may transfer a resource exporter control message, a resource transformer control message, a first resource importer control message, and a second resource importer control message to the resource exporter RE, the resource transformer RT, the first resource importer RIl, and the second resource importer RI2.
  • the resource exporter control message may be a message instructing to export the requested resources and transfer them to the resource transformer RT.
  • the resource exporter control message may include the primary transfer session identification information, the resource identification information, the source information, recipient information, and the like.
  • the source information may refer to information for identifying a source of the resources
  • the recipient information may refer to identification information for identifying a target to which the exported resources are to be transferred, namely, the resource transformer RT.
  • the resource transformer control message may be a message instructing to receive the resources transferred from the resource exporter RE, transform the resources into such a format as demanded by the first and second destination devices DVl and DV2, and transfer the same to the first and second resource importers RIl and RI2.
  • the resource transformer control message may include the primary transfer session identification information, namely, reception session identification information, the secondary first transfer session identification information and the secondary second transfer session identification, namely, transfer session identification information, resource identification information, sender information, recipient information, format of transfer resources and target format information, etc.
  • the sender information and the recipient information may refer to identification information of the target which is to transfer the resources, namely, the resource exporter RE, and the recipient information may refer to information about the targets to which the resources are to be transferred, namely, the first resource importer RIl and the second resource importer RI2.
  • the first resource importer control message may be a control message instructing to receive the resources transferred from the resource transformer RT and import the same to the first target device DVl.
  • the first resource importer control message may include the secondary first transfer session identification information, the resource identification information, the sender information, etc.
  • the sender information may refer to information about the resource transformer RT.
  • the second resource importer control message may be a control message instructing to receive the resources transferred from the resource transformer RT and import the same to the second target device DVl.
  • the second resource importer control message may include the secondary first transfer session identification information, the resource identification information, and the sender information, etc.
  • the sender information may refer to information about the resource transformer RT.
  • the resource handlers Upon receiving the control message, the resource handlers transfer the resources according to content included in the control messages (S7).
  • the transfer of the resources starts from the primary transfer session in which the primary transfer chain ClO is formed to export the resources and then transfer them to the resource transformer, and then the secondary transfer session in which the secondary transfer chains C21 and C22 are formed to transfer the resources to the target devices may sequentially proceed.
  • FIG. 8 is a view showing an example of the transfer of the resources via the primary transfer chain ClO.
  • the primary transfer session starts to transfer the resources.
  • the resource export RE and the resource transformer RT form the primary transfer chain ClO and transfer the resources according to the resource exporter control message and the resource transformer control message.
  • the resource exporter RE and the resource transformer RT may establish a security authentication channel and transfer the resources via the security authentication channel.
  • Such transfer via the primary transfer chain ClO may be performed in the primary transfer session and may be identified by the primary transfer session.
  • the resource transformer RT may receive the resources. Upon receiving the resources, the resource transformer RT may perform format transformation so as to fit to the format requested by the first and second target devices DVl and DV2 by using the resource format and target format information included in the resource transformer control message.
  • the format-transformed resources are transferred to the first and second resource importers RIl and RI2 through the secondary first transfer chain C21 and the secondary second transfer chain C22. Namely, the secondary first transfer session and the secondary second transfer session are performed.
  • FIG. 9 is a view showing an example of transfer of the resources via the secondary transfer chains C21 and C22.
  • the resource transformer RT and the first resource importer RIl form the secondary first transfer chain C21 in the secondary first transfer session and transfer the resources.
  • the resource transformer RT and the first resource importer RIl may establish a security authentication channel and transfer the resources via the security authentication channel. Such transfer using the secondary first transfer chain C21 is performed in the secondary first transfer session and may be identified by the secondary first transfer session identification information.
  • the resource transformer RT and the second resource importer RI2 form the secondary second transfer chain C22 and transfer the resources.
  • the resource transformer RT and the second resource importer RI2 may establish a security authentication channel and transfer the resources via the security authentication channel. Such transfer through the secondary second transfer chain C22 is performed in the secondary second transfer session and may be identified by the secondary second transfer session identification information.
  • the resource processing controller CL may control the resource handlers RE, RT, RIl, and RI2 to transfer the requested resources to the first and second target devices DVl and DV2.
  • the resource processing controller when the resources are transferred between devices in the DRM domain, the resource processing controller effectively generates the transfer session identification information according to the request from the client. For example, a single session, namely, the primary transfer session, is performed to export the resources and transfer them to the resource transformer, and then, a plurality of transfer sessions, namely, the secondary transfer sessions, corresponding to the destinations, are performed to transfer the resources to the plurality of destinations. Accordingly, repeated transfer of the resources can be prevented, and the efficiency in terms of the promptness of transfer and resource saving can be improved.
  • a particular entity may receive policy information from a different entity.
  • the domain manager of the authentication and management part exists in a local area, the domain manager should receive policy information from a policy provider installed at the side of the service provider.
  • the policy provider may refer to an entity that provides the policy information of the service provider or a resource protecting system to the entities of the DRM domain system.
  • the policy provider may be provided in the form of a unit function module in the license manager.
  • FIG. 10 is a view showing the process of providing policy information by the policy provider to the domain manager according to a requesting/responding method.
  • a policy provider 70 recognizes it and requests configuration information from the domain manager 22 in order to check elements provided in the domain manager 22 (S 12).
  • the domain manager 22 may include a plurality of unit function modules, e.g., an authenticator 22b, a principal manager 22a, etc.
  • the domain manager 22 transfers its configuration information, e.g., information about the authenticator 22b, the principal manager 22a, etc., to the policy provider 70 (SI l).
  • the policy provider 70 Upon receiving the configuration information, the policy provider 70 checks the received configuration information, selects a unit function module required for setting a policy information value, and transfers corresponding policy information to the unit function module (e.g., to the authenticator 22b in FIG. 10) according to a corresponding request from the selected unit function module (S 13). In addition, when there is a request for a policy from the domain manager 22 (S 14), the policy provider transfers policy information in response to the corresponding request (S 15).
  • the policy provider 70 may provide the policy information through an event subscription/issuance format.
  • FIG. 11 is a view showing the process of providing policy information by the policy provider 70 in the format of event subscription/ issuance.
  • the domain manager 22 when the domain manager 22 is disposed in a local area, the domain manager 22 requests subscription to a policy update change event to the policy provider 70.
  • the policy update change event may refer to an event that if policy information is changed, the changed policy information is transferred through an event message.
  • the policy provider 70 determines whether or not the subscription request is a valid event sub- scription request and allows subscription. Then, the domain manager 22 is admitted to the policy update change event (S21). In this case, the domain manager 22 may be a subscription entity of the policy update change event, and the policy provider 70 may be an issuance entity of the event.
  • the policy provider 70 may request subscription to a configuration change event to the domain manager 22.
  • the configuration change event may refer to an event that if configuration information of an event issuance entity, e.g., information of a unit function module, etc., is changed, the corresponding information is transferred as an event message to an event subscribed entity.
  • the domain manager 22 determines whether the subscription request of the policy provider 70 is a proper event subscription request, and then allows subscription. Then, the policy provider 70 is admitted to the configuration change event (S22). In this case, the policy provider 70 becomes a subscription entity of the configuration change event, and the domain manager 22 becomes an issuance entity of the configuration change event.
  • the domain manager 22 transfers its configuration information to the policy provider 70 through an event message (S23). Then, the policy provider 70 may analyze the received event message, determine policy information corresponding to the changed configuration information, and transfer an event message including the corresponding policy information to the domain manager 22 or to a unit function module (e.g., the authenticator 22b in FIG. 11) that requires the policy information (S24, S25).
  • a unit function module e.g., the authenticator 22b in FIG. 11

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

A resource transfer method and system are disclosed. According to the resource transfer method, a transfer chain including a plurality of resource handlers is configured to transfer resources to at least one destination, transfer session identification information corresponding to the transfer chain is generated, a control message including the transfer session identification information to the resource handlers, and the resources are transferred by using the resource handlers. Thus, the resources can be effectively transferred to a requested destination.

Description

Description METHOD AND SYSTEM FOR TRANSFERRING RESOURCE
Technical Field
[1] The present invention relates to a method and system for transferring resources and, more particularly, to a resource transfer technique for effectively transferring resources by generating and using a transfer chain and transfer session identification information, etc. Background Art
[2] Recently, as digital resources are widely and commonly used, DRM (Digital Rights
Management)-related techniques are being actively studied to protect digital resources against illegal duplication or use. In general, the DRM provides a comprehensive protection framework over the length and breadth of distribution of digital contents. For example, the DRM converts digital contents into ciphered data in the form of a package by using a ciphering technique and prevents the corresponding contents from being used unless a proper authentication procedure is performed.
[3] The DRM provides a basis for a stable and legitimate contents service as the DRM is associated with diverse contents service models. Actually, contents service providers currently adopt their own unique DRM to protect contents provided by them.
[4] Meanwhile, the DRM is very closed technically or in policy in terms of its characteristics, so in order for a user to use DRM-applied contents, there are some restrictions, which may be noticed as something inconvenient for the user.
[5] Thus, recently, systems that may support free use of DRM contents while maintaining their security have been proposed, and a DRM domain system is one of the typical examples. The DRM domain system uses the concept of domain as a basic unit of a DRM-trusted framework. Here, the domain may refer to a set of authenticated devices or software systems. Authenticated devices that have been registered to the domain may freely share and use DRM contents within an allowed range.
[6] The DRM domain system can be constructed by defining functions of entities for constituting a domain based on a physical interworking environment and properly connecting the entities. One of the most important factors in constructing the DRM domain system would be effectively transferring resources or a license between nodes in the domain. Thus, data management technique and data transfer technique related to the resource transfer are urgently required. Disclosure of Invention Technical Problem
[7] Thus, an object of the present invention is to provide a method and system for tran sferring resources capable of generating transfer session identification information to transfer resources, and effectively transferring the resources using the transfer session identification information. Technical Solution
[8] To achieve the above object, there is provided a resource transfer method in one aspect. The resource transfer method includes: configuring a transfer chain including a plurality of resource handlers to transfer resources to at least one destination; generating transfer session identification information corresponding to the transfer chain; transferring a control message including the transfer session identification information to the resource handlers; and transferring the resources by using the resource handlers.
[9] There can be a plurality of transfer chains, and in this case, the configuring of the transfer chains may include: configuring a primary transfer chain including a resource exporter that exports the resources and a resource transformer that receives the resources transferred from the resource exporter and transforms the received resources into such a format as demanded by the destination; and configuring a secondary transfer chain including the resource exporter and a resource importer that imports the resources to the destination.
[10] The generating of the transfer session identification information may include: generating primary transfer session identification information corresponding to the primary transfer chain; and generating secondary transfer session identification information corresponding to the secondary transfer chain.
[11] The transferring of the control message to the resource handlers may include: transferring a resource exporter control message including the primary transfer session identification information to the resource exporter; transferring a resource transformer control message including the primary transfer session identification information and the secondary transfer session identification information to the resource transformer; and transferring a resource importer control message including the secondary transfer session identification information to the resource importer.
[12] The transferring of the resources may include: exporting, by the resource exporter, the resources and transferring the resources to the resource transformer in a transfer session corresponding to the primary transfer session identification information; and transforming, by the resource transformer, the resources into such a format as demanded by the destination and transferring the same to the resource importer in a transfer session corresponding to the secondary transfer session identification information.
[13] The resource transfer method may further include: receiving a message requesting transfer of the resources to at least one destination; collecting information about the plurality of resource handlers included in a system; and analyzing the collected information and determining whether to perform the requested transfer.
[14] To achieve the object, there is also provided a resource transfer system in another aspect. The resource transfer system includes: a plurality of resource handlers; and a controller that provides control to receive a message requesting a resource transfer from a client, generate a plurality of transfer session identification information to perform resource transferring, and transfer a control message including the transfer session identification information to the resource handlers to thus perform the resource transferring.
[15] The plurality of resource handlers may include a resource exporter that exports resources, a resource transformer that transforms the format of the resources received from the resource exporter into a target format, and at least one resource importer that imports the resources received from the resource transformer to a destination.
[16] The plurality of transfer session identification information may include primary transfer session identification information that identifies a primary transfer session in which the resources are transferred from the resource exporter to the resource transformer and at least one secondary transfer session identification information that identifies at least one primary transfer session in which the resources are transferred from the resource transformer to the at least one resource importer.
Advantageous Effects
[17] As described above, in the present invention, a resource processing controller effectively generates transfer session identification information to transfer resources requested by a client, and resource handlers can be controlled according to the transfer session identification information. Therefore, the non-efficiency such as repeatedly transferring the same resources can be resolved. Brief Description of the Drawings
[18] FIG. 1 is a schematic block diagram showing the construction of a DRM (Digital
Rights Management) domain system for realizing a resource transfer method according to a preferred embodiment of the present invention.
[19] FIG. 2 is an exemplary schematic block diagram showing entities for constituting a domain and the relationship among the entities.
[20] FIG. 3 is a schematic block diagram showing a detailed configuration of a processing control part and a resource processing part for transferring resources.
[21] FIG. 4 is an exemplary view showing the configuration of a resource processing controller and resource handlers to realize the resource transfer method according to a preferred embodiment of the present invention. [22] FIG. 5 is a flow chart illustrating the process of transferring resources by using the resource processing controller and the resource handlers.
[23] FIGs. 6 and 7 are exemplary views showing transfer chains configured by the resource processing controller.
[24] FIG. 8 is a view showing an example of transfer of resources via a primary transfer chain.
[25] FIG. 9 is a view showing an example of transfer of the resources via the secondary transfer chains C21 and C22.
[26] FIG. 10 is a view showing the process of providing policy information by a policy provider to a domain manager according to a requesting/responding method.
[27] FIG. 11 is a view showing the process of providing policy information by the policy provider in the format of event subscription/issuance. Mode for the Invention
[28] The preferred embodiments of the present invention will now be described in detail with reference to the accompanying drawings such that an ordinary person skilled in the art to which the present invention pertains can easily carry out the present invention. In the preferred embodiments of the present invention to be described hereinafter, particular technical terms are used to clarify the content. However, the present invention is not limited to such selected particular terms and should include any technical equivalent of the particular terms operating in a similar manner to obtain the similar objects.
[29] FIG. 1 is a schematic block diagram showing the construction of a DRM (Digital
Rights Management) domain system for realizing a resource transfer method according to a preferred embodiment of the present invention.
[30] As shown in FIG. 1, the DRM domain system may include a client part 10, an authentication and management part 20, a processing control part 30, a resource processing part 40, and a license processing part 50.
[31] The respective parts 10 to 50 may include one or more entities. In this case, the entity may refer to a module or a device implemented by software or hardware that performs certain unique functions. Such entity may be a set of one or more unit function modules that perform a particular unit function. Each entity may be installed or implemented in a particular device and communicates with another entity via a predetermined interface. In addition, entities belonging to the same part may be installed or implemented in each different device, and an installation device may vary depending on embodiment environments.
[32] The client part 10 may include a client. The client is an entity that provides various functions to allow a user to use a DRM service by interworking with the authentication and management part 20 and the processing control part 30, etc. Such client may be included in a device, and the device including such client is called 'client device'.
[33] The client may request authentication of the client device from the authentication and management part 20. After the authentication is successfully performed, the client may call a particular entity of the processing control part 30 to request transfer of data, e.g., resources or a license, to a desired destination. In addition, the client may have a function of using resources, a user interface function, and the like.
[34] The authentication and management part 20 may mainly perform a function of authenticating the client and managing its information. To perform such function, the authentication and management part 20 may form and manage a domain. The domain, a range within which the DRM domain service is applied, may refer to a set of authorized devices or systems. For example, the domain may include a set of authorized client devices. In this case, the client devices within the domain may interchange and use the same DRM- applied resources or different DRM- applied resources.
[35] FIG. 2 is an exemplary schematic block diagram showing entities for constituting a domain and the relationship among the entities, especially for illustrating entities related to client authentication and management of the DRM domain system.
[36] As shown in FIG. 2, the DRM domain system may include a domain 3 including a plurality of client devices 12. The domain may be formed in consideration of a physical location of the client device 12 having a client 14. For example, the domain 3 may be formed with authenticated client devices 12 existing in a particular physical area. Meanwhile, the domain 3 may include logically authenticated devices without considering physical locations of the client devices 12.
[37] In the present embodiment, the domain 3 is formed with the client devices 12 located in a particular local area in consideration of physical locations of the client devices 12, and client devices existing in a network area other than the local area are allowed to subscribe to the domain 3. However, this is merely an example and the present invention is not limited thereto.
[38] To form the domain 3, a local environment is required, The local environment refers to an environment in which a physical network is established to allow devices existing in a particular local area to interwork with each other and the physical network interworks with an external network. For example, the local environment may include a home network system, etc.
[39] It is assumed that the local area mentioned hereinafter is an area where the local environment is established (e.g., the house of the user including a home network system, an area where at least two or more devices are available for local networking, etc.), and the network area is a area of a wide area network such as a wired or wireless Internet. [40] In the DRM domain system, the authentication and management part 20 for authenticating or managing the client 14 may include a domain manager 22 and a license manager 24. The domain manager 22 is an entity that performs a function of managing the domain 3. For example, the domain manager 22 may perform functions of registering the client device 12 to the domain 3, managing information about the registered client device 12, and removing the client device 12 from the domain 3.
[41] The domain manager 22 may exist anywhere in the local area or in the network area. For example, FIG. 2 shows a case where the domain manager 22 exists within the network area. In this case, the domain manager 22 may interwork with the client 14 via a communication network. Meanwhile, the domain manager 22 may also exist in a local area, and in this case, the domain manager 22 may be provided in a device within the local area.
[42] The license manager 24 may perform a function of managing license information of the user. For example, the licenser manager 24 may be a typical online manager that stores and manages license information of the user. The license manager 24 may generate or delete the name of the user, associate the name of the user with the license information, or generate or delete the license information. Like the domain manager 22, the license manager 24 may exist in the network area (e.g., a service provider system, etc.) or may exist in a local area.
[43] The processing control part 30 performs a function of receiving a request for transfer of data, namely, the resources or a license, from the client 14 authenticated for the domain 3, and controlling the resource processing part 40 or the license processing part 50 to allow the requested data to be transferred.
[44] FIG. 3 is a schematic block diagram showing a detailed configuration of the processing control part 40 and the resource processing part 50 for transferring resources, namely, showing the entities participating in the resource transfer process.
[45] As shown in FIG. 3, the processing control part 30 includes a resource processing controller 32 and a license processing controller 34. The license processing controller 34 does not participating in the resource transfer, so its detailed description will be omitted.
[46] The resource processing controller 32 may receive a resource transfer request that requests transfer of resources to at least one destination from the client 14. The resource processing controller 32 performs a function of controlling the resource processing part 40 so that the resources can be transferred according to content of the received resource transfer request. The resource processing controller 32 may exist anywhere in the local area or in the network area, and in the present embodiment, it is assumed that the resource processing controller 32 is provided in the client device in the local area. [47] The resource processing part 40 performs a function of transferring the resources from a source to a destination under the control of the resource processing controller 32. The resource processing part 40 may include a plurality of resource handlers 42 to 46. In this case, the resource handlers 42 to 46 may refer to entities for performing a function related to transferring and processing of the resources. The resource handlers 42 to 46 may include a resource exporter 42, a resource transformer 44 and a resource importer 46.
[48] The resource exporter 42 may perform a function of exporting the resources which have been requested to be transferred by the resource processing controller 32 and transferring the resources to the resource transformer 44 or to the resource importer 46. The resource transformer 44 may perform a function of receiving the resources transferred from the resource exporter 42, transforming the resources into a requested target format, and transferring the same to the resource importer 46. In this case, the target format may refer to a resource format (e.g., MPEG2, MPEG4, h.264, etc.) demanded by the destination(s). The resource transformer 44 takes part in transferring when the format of the resources needs to be transformed.
[49] An example that the resources are transferred to a plurality of destinations by using the resource processing controller 32 and the resource handlers 42 to 44 will be described as follows.
[50] FIG. 4 is an exemplary view showing the configuration of the resource processing controller and the resource handlers to realize the resource transfer method according to a preferred embodiment of the present invention, which specifically shows an example of the configuration of a system for transferring resources to two destinations, namely, first and second target devices.
[51] As shown in FIG. 4, the resource exporter RE may be provided in a requesting device RV. In this case, the requesting device RV refers to a device that requests transfer of resources, and may include a requesting client RC that transfers a resource transfer request message to the resource processing controller CL.
[52] The first target device DVl may include a first resource importer Rl 1, and the second target device DV2 may include a second resource importer R 12. The resource processing controller CL and the resource transformer RT may be provided in a device within a domain, respectively. A DRM may have been installed in the requesting device RV or the target devices DVl and DV2.
[53] The above-described construction is merely an example of the embodiment of the present invention, and the locations of the entities may vary depending on environments of embodiments. Namely, the resource processing controller and the resource handlers may be provided in the same device, and some entities may be provided in the same device or in different devices, according to circumstances. For example, the resource exporter may be provided in a device, not in the requesting device. The resource transformer or the resource processing controller may be provided in the requesting device. The resource transformer and the resource processing controller may be provided in the same device or in each different device.
[54] FIG. 5 is a flow chart illustrating the process of transferring resources by using the resource processing controller and the resource handlers.
[55] With reference to FIGs. 4 and 5, first, the requesting client RC transfers a resource transfer request message to the resource processing controller CL, for resource transfer. Then, the resource processing controller CL receives the resource transfer request message transferred by the requesting client RC (Sl). The resource transfer request message may refer to a message requesting transfer of particular resources to a plurality of destinations, e.g., to the first and second target devices DVl and DV2. The particular resources may be at least one resource or may be a plurality of resources. If there are a plurality of resources, the resources transferred to the first target device and the resources transferred to the second target device may be the same or different.
[56] The resource transfer request message may include resource identification information, resource information, destination information, etc. In addition, the resource transfer request message may include DRM system information of the destinations that receive the resources.
[57] The resource identification information may refer to information that identifies the transfer-requested resources. If a plurality of resources have been requested to be transferred, there can be a plurality of resource identification information that correspond to the plurality of resources.
[58] The source information may refer to information that identifies from where the transfer-requested resources are transferred. The source information may include identification information that identifies a source device or system (e.g., the requesting device in the present embodiment) and file format information of the transfer- requested source.
[59] The destination information may refer to information related to a destination to which a plurality of transfer-requested resources are transferred. At least one destination information may exist to correspond to the number of destinations. For example, in the present embodiment, there may be information of the first target device DVl, the first destination, and the second target device DV2, the second destination. The destination information may include destination identification information that identifies a destination and file format information requested by the destination, the file format information included in the destination information may be utilized when a file format is transformed by the resource transformer RT.
[60] After receiving the resource transfer request message, the resource processing controller CL collects information of the resource handlers provided in the system (S2). For example, the resource processing controller CL inquires of one or more resource exporters, resource imports and resource transformers about capabilities, and receives a response from the corresponding entities. This is to obtain capability information regarding the source, intermediate and destination devices, systems, and DRMs.
[61] When the information is collected, the resource processing controller CL determines whether to transfer the requested resources based on the collected information (S3). In this case, the resource processing controller CL may check whether or not the requested resources can be transferred in consideration of the format of the requested resources, the policy of the system, information about a security authentication channel algorithm that can be executed between entities, and the like.
[62] When the resources are determined to be transferred, the resource processing controller CL configures a transfer chain including resource handlers that facilitates performing of the requested processing (S4). For example, the resource processing controller CL may configure a transfer chain including the resource exporter RE included in the requesting device, the resource transformer RT, the first resource importer RIl included in the first target device DVl, and the second resource importer RI2 included in the second target device DV2.
[63] FIGs. 6 and 7 are exemplary views showing transfer chains configured by the resource processing controller CL.
[64] As shown in FIGs. 6 and 7, the transfer chains ClO, C21, and C22 include the resource exporter RE, the resource transformer RT, the first resource importer RIl, and the second resource importer RI2. The transfer chains ClO, C21, and C22 may be divided into a primary transfer chain ClO and secondary transfer chains C21 and C22.
[65] With reference to FIG. 6, The primary transfer chain ClO, which is to transfer the resources from the resource exporter RE to the resource transformer RT, may include the resource exporter RE and the resource transformer RT.
[66] With reference to FIG. 7, the secondary transfer chains C21 and C22, which are to transfer the resources from the resource transformer RT to the first and second resource importers RIl and RI2, may include the secondary first transfer chain C21 and the secondary second transfer chain C22. The secondary first transfer chain C21 may include the resource transformer RT and the first resource importer RIl, and the secondary second transfer chain C22 may include the resource transformer RT and the second resource importer RI2.
[67] The resource processing controller CL generates transfer session identification information in order to instruct the resource handlers RE, RT, RIl, and RI2 to transfer the resources by using the transfer chains ClO, C21, and C22 (S5). In this case, the transfer session identification information may be divided into primary transfer session identification information and secondary transfer session identification information.
[68] The primary transfer session identification information is session identification information for identifying a transfer session in which the resources are transferred from the resource exporter RE to the resource transformer RT. Namely, the primary transfer session identification information may refer to information for identifying transfer of resources using the primary transfer chain ClO.
[69] The secondary transfer session identification information is session identification information for identifying a transfer session in which the resources are transferred from the resource transformer RT to the first and second resource importers RIl and RI2. Namely, the secondary transfer session identification information may refer to information for identifying transfer of the resources using the secondary transfer chains C21 and C22.
[70] The secondary transfer session identification information may include secondary first transfer session identification information and secondary second transfer session identification information. The secondary first transfer session identification information may be information for identifying transfer of the resources using the secondary first transfer chain C21, and the secondary second transfer session identification information may be information for identifying transfer of the resources via the secondary second transfer chain C22.
[71] Subsequently, the resource processing controller CL transfers a control message to the resource handlers RE, RT, RIl, and RI2 in order to perform transferring using the transfer chains ClO, C21, and C22 (S6). For example, the resource processing controller CL may transfer a resource exporter control message, a resource transformer control message, a first resource importer control message, and a second resource importer control message to the resource exporter RE, the resource transformer RT, the first resource importer RIl, and the second resource importer RI2.
[72] The resource exporter control message may be a message instructing to export the requested resources and transfer them to the resource transformer RT. The resource exporter control message may include the primary transfer session identification information, the resource identification information, the source information, recipient information, and the like. In this case, the source information may refer to information for identifying a source of the resources, and the recipient information may refer to identification information for identifying a target to which the exported resources are to be transferred, namely, the resource transformer RT.
[73] The resource transformer control message may be a message instructing to receive the resources transferred from the resource exporter RE, transform the resources into such a format as demanded by the first and second destination devices DVl and DV2, and transfer the same to the first and second resource importers RIl and RI2. The resource transformer control message may include the primary transfer session identification information, namely, reception session identification information, the secondary first transfer session identification information and the secondary second transfer session identification, namely, transfer session identification information, resource identification information, sender information, recipient information, format of transfer resources and target format information, etc. The sender information and the recipient information may refer to identification information of the target which is to transfer the resources, namely, the resource exporter RE, and the recipient information may refer to information about the targets to which the resources are to be transferred, namely, the first resource importer RIl and the second resource importer RI2.
[74] The first resource importer control message may be a control message instructing to receive the resources transferred from the resource transformer RT and import the same to the first target device DVl. The first resource importer control message may include the secondary first transfer session identification information, the resource identification information, the sender information, etc. In this case, the sender information may refer to information about the resource transformer RT.
[75] The second resource importer control message may be a control message instructing to receive the resources transferred from the resource transformer RT and import the same to the second target device DVl. The second resource importer control message may include the secondary first transfer session identification information, the resource identification information, and the sender information, etc. In this case, the sender information may refer to information about the resource transformer RT.
[76] Upon receiving the control message, the resource handlers transfer the resources according to content included in the control messages (S7). The transfer of the resources starts from the primary transfer session in which the primary transfer chain ClO is formed to export the resources and then transfer them to the resource transformer, and then the secondary transfer session in which the secondary transfer chains C21 and C22 are formed to transfer the resources to the target devices may sequentially proceed.
[77] FIG. 8 is a view showing an example of the transfer of the resources via the primary transfer chain ClO.
[78] As shown in FIGs. 6 and 8, the primary transfer session starts to transfer the resources. The resource export RE and the resource transformer RT form the primary transfer chain ClO and transfer the resources according to the resource exporter control message and the resource transformer control message. In this case, the resource exporter RE and the resource transformer RT may establish a security authentication channel and transfer the resources via the security authentication channel. Such transfer via the primary transfer chain ClO may be performed in the primary transfer session and may be identified by the primary transfer session.
[79] Through such transfer operation, the resource transformer RT may receive the resources. Upon receiving the resources, the resource transformer RT may perform format transformation so as to fit to the format requested by the first and second target devices DVl and DV2 by using the resource format and target format information included in the resource transformer control message. The format-transformed resources are transferred to the first and second resource importers RIl and RI2 through the secondary first transfer chain C21 and the secondary second transfer chain C22. Namely, the secondary first transfer session and the secondary second transfer session are performed.
[80] FIG. 9 is a view showing an example of transfer of the resources via the secondary transfer chains C21 and C22.
[81] As shown in FIGs. 7 and 9, the resource transformer RT and the first resource importer RIl form the secondary first transfer chain C21 in the secondary first transfer session and transfer the resources. In this case, the resource transformer RT and the first resource importer RIl may establish a security authentication channel and transfer the resources via the security authentication channel. Such transfer using the secondary first transfer chain C21 is performed in the secondary first transfer session and may be identified by the secondary first transfer session identification information.
[82] Meanwhile, the resource transformer RT and the second resource importer RI2 form the secondary second transfer chain C22 and transfer the resources. In this case, the resource transformer RT and the second resource importer RI2 may establish a security authentication channel and transfer the resources via the security authentication channel. Such transfer through the secondary second transfer chain C22 is performed in the secondary second transfer session and may be identified by the secondary second transfer session identification information.
[83] In this manner, the resource processing controller CL may control the resource handlers RE, RT, RIl, and RI2 to transfer the requested resources to the first and second target devices DVl and DV2.
[84] As described above, in the present invention, when the resources are transferred between devices in the DRM domain, the resource processing controller effectively generates the transfer session identification information according to the request from the client. For example, a single session, namely, the primary transfer session, is performed to export the resources and transfer them to the resource transformer, and then, a plurality of transfer sessions, namely, the secondary transfer sessions, corresponding to the destinations, are performed to transfer the resources to the plurality of destinations. Accordingly, repeated transfer of the resources can be prevented, and the efficiency in terms of the promptness of transfer and resource saving can be improved.
[85] Meanwhile, at the initial constructing of the DRM domain system, a particular entity may receive policy information from a different entity. For example, if the domain manager of the authentication and management part exists in a local area, the domain manager should receive policy information from a policy provider installed at the side of the service provider. In this case, the policy provider may refer to an entity that provides the policy information of the service provider or a resource protecting system to the entities of the DRM domain system. The policy provider may be provided in the form of a unit function module in the license manager.
[86] FIG. 10 is a view showing the process of providing policy information by the policy provider to the domain manager according to a requesting/responding method.
[87] As shown in FIG. 10, when the domain manager 22 is disposed in a local area, a policy provider 70 recognizes it and requests configuration information from the domain manager 22 in order to check elements provided in the domain manager 22 (S 12). In this case, the domain manager 22 may include a plurality of unit function modules, e.g., an authenticator 22b, a principal manager 22a, etc. In response to the request, the domain manager 22 transfers its configuration information, e.g., information about the authenticator 22b, the principal manager 22a, etc., to the policy provider 70 (SI l).
[88] Upon receiving the configuration information, the policy provider 70 checks the received configuration information, selects a unit function module required for setting a policy information value, and transfers corresponding policy information to the unit function module (e.g., to the authenticator 22b in FIG. 10) according to a corresponding request from the selected unit function module (S 13). In addition, when there is a request for a policy from the domain manager 22 (S 14), the policy provider transfers policy information in response to the corresponding request (S 15).
[89] Meanwhile, the policy provider 70 may provide the policy information through an event subscription/issuance format. FIG. 11 is a view showing the process of providing policy information by the policy provider 70 in the format of event subscription/ issuance.
[90] As shown in FIG. 11, when the domain manager 22 is disposed in a local area, the domain manager 22 requests subscription to a policy update change event to the policy provider 70. In this case, the policy update change event may refer to an event that if policy information is changed, the changed policy information is transferred through an event message.
[91] In response to the subscription request from the domain manager 22, the policy provider 70 determines whether or not the subscription request is a valid event sub- scription request and allows subscription. Then, the domain manager 22 is admitted to the policy update change event (S21). In this case, the domain manager 22 may be a subscription entity of the policy update change event, and the policy provider 70 may be an issuance entity of the event.
[92] Meanwhile, the policy provider 70 may request subscription to a configuration change event to the domain manager 22. The configuration change event may refer to an event that if configuration information of an event issuance entity, e.g., information of a unit function module, etc., is changed, the corresponding information is transferred as an event message to an event subscribed entity.
[93] According to the subscription request from the policy provider 70, the domain manager 22 determines whether the subscription request of the policy provider 70 is a proper event subscription request, and then allows subscription. Then, the policy provider 70 is admitted to the configuration change event (S22). In this case, the policy provider 70 becomes a subscription entity of the configuration change event, and the domain manager 22 becomes an issuance entity of the configuration change event.
[94] Next, the domain manager 22 transfers its configuration information to the policy provider 70 through an event message (S23). Then, the policy provider 70 may analyze the received event message, determine policy information corresponding to the changed configuration information, and transfer an event message including the corresponding policy information to the domain manager 22 or to a unit function module (e.g., the authenticator 22b in FIG. 11) that requires the policy information (S24, S25).
[95] The preferred embodiments of the present invention have been described with reference to the accompanying drawings, and it will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the scope of the invention. Thus, it is intended that any future modifications of the embodiments of the present invention will come within the scope of the appended claims and their equivalents.

Claims

Claims
[1] A method for transferring resources in a DRM domain system, the method comprising: configuring a transfer chain including a plurality of resource handlers to transfer resources to at least one destination; generating transfer session identification information corresponding to the transfer chain; transferring a control message including the transfer session identification information to the resource handlers; and transferring the resources by using the resource handlers.
[2] The method of claim 1, wherein there are a plurality of transfer chains.
[3] The method of claim 2, wherein the configuring of the transfer chains comprises: configuring a primary transfer chain including a resource exporter that exports the resources and a resource transformer that receives the resources transferred from the resource exporter and transforms the received resources into such a format as demanded by the destination; and configuring a secondary transfer chain including the resource exporter and a resource importer that imports the resources to the destination.
[4] The method of claim 3, wherein the generating of the transfer session identification information comprises: generating primary transfer session identification information corresponding to the primary transfer chain; and generating secondary transfer session identification information corresponding to the secondary transfer chain.
[5] The method of claim 4, wherein the transferring of the control message to the resource handlers comprises: transferring a resource exporter control message including the primary transfer session identification information to the resource exporter; transferring a resource transformer control message including the primary transfer session identification information and the secondary transfer session identification information to the resource transformer; and transferring a resource importer control message including the secondary transfer session identification information to the resource importer.
[6] The method of claim 4, wherein the transferring of the resources comprises: exporting, by the resource exporter, the resources and transferring the resources to the resource transformer in a transfer session corresponding to the primary transfer session identification information; and transforming, by the resource transformer, the resources into such a format as demanded by the destination and transferring the same to the resource importer in a transfer session corresponding to the secondary transfer session identification information.
[7] The method of claim 1, further comprising: receiving a message requesting transfer of the resources to at least one destination; collecting information about the plurality of resource handlers included in a system; and analyzing the collected information and determining whether to perform the requested transfer.
[8] A resource transfer system comprising: a plurality of resource handlers; and a controller that provides control to receive a message requesting a resource transfer from a client, generate a plurality of transfer session identification information to perform resource transferring, and transfer a control message including the transfer session identification information to the resource handlers to thus perform the resource transferring.
[9] The system of claim 8, wherein the plurality of resource handlers comprises: a resource exporter that exports resources; a resource transformer that transforms the format of the resources received from the resource exporter into a target format; and at least one resource importer that imports the resources received from the resource transformer to a destination.
[10] The system of claim 9, wherein the plurality of transfer session identification information comprises: primary transfer session identification information that identifies a primary transfer session in which the resources are transferred from the resource exporter to the resource transformer; and at least one secondary transfer session identification information that identifies at least one primary transfer session in which the resources are transferred from the resource transformer to the at least one resource importer.
PCT/KR2008/001207 2007-03-02 2008-03-03 Method and system for transferring resource WO2008108564A1 (en)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US89265707P 2007-03-02 2007-03-02
US60/892,657 2007-03-02
US89405007P 2007-03-09 2007-03-09
US60/894,050 2007-03-09
US89662107P 2007-03-23 2007-03-23
US60/896,621 2007-03-23

Publications (1)

Publication Number Publication Date
WO2008108564A1 true WO2008108564A1 (en) 2008-09-12

Family

ID=39738408

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2008/001207 WO2008108564A1 (en) 2007-03-02 2008-03-03 Method and system for transferring resource

Country Status (1)

Country Link
WO (1) WO2008108564A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040098609A1 (en) * 2002-11-20 2004-05-20 Bracewell Shawn Derek Securely processing client credentials used for Web-based access to resources
WO2004105352A1 (en) * 2003-05-19 2004-12-02 Hewlett-Packard Development Company, L.P. Systems and methods for selecting a provider
WO2005046147A1 (en) * 2003-11-04 2005-05-19 Qualcomm Incorporated Method and apparatus for policy control enhancement in a wireless communication system
US20060106802A1 (en) * 2004-11-18 2006-05-18 International Business Machines Corporation Stateless methods for resource hiding and access control support based on URI encryption

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040098609A1 (en) * 2002-11-20 2004-05-20 Bracewell Shawn Derek Securely processing client credentials used for Web-based access to resources
WO2004105352A1 (en) * 2003-05-19 2004-12-02 Hewlett-Packard Development Company, L.P. Systems and methods for selecting a provider
WO2005046147A1 (en) * 2003-11-04 2005-05-19 Qualcomm Incorporated Method and apparatus for policy control enhancement in a wireless communication system
US20060106802A1 (en) * 2004-11-18 2006-05-18 International Business Machines Corporation Stateless methods for resource hiding and access control support based on URI encryption

Similar Documents

Publication Publication Date Title
US7735117B2 (en) Context-sensitive confidentiality within federated environments
JP4993733B2 (en) Cryptographic client device, cryptographic package distribution system, cryptographic container distribution system, and cryptographic management server device
US8554927B2 (en) Method for sharing rights object in digital rights management and device and system thereof
JP5100286B2 (en) Cryptographic module selection device and program
EP2018019B1 (en) Rights Object Acquisition Method and System
EP1892924B1 (en) Method for importing digital rights management data for user domain
KR101038166B1 (en) Method for transferring resource and method for providing information
CN110086755A (en) Realize method, application server, internet of things equipment and the medium of Internet of Things service
KR101457689B1 (en) Method for Managing Multi Domain Manager and Domain System
WO2007043805A1 (en) Method for sharing rights object in digital rights management and device and system thereof
EP1854260B1 (en) Access rights control in a device management system
JP3994657B2 (en) Service provision system
KR20100060130A (en) System for protecting private information and method thereof
JP4950095B2 (en) Service providing system, service providing method, and service providing program
CN113518124B (en) Internet of things equipment authentication method based on cellular block chain network
WO2008108564A1 (en) Method and system for transferring resource
KR20070102374A (en) Method for electing domain reference point device
KR20070091521A (en) Domain management method, domain extension method and domain system
KR20130085474A (en) System and method for access control of device and service source between in home network middleware
KR20080026022A (en) Method for providing information, method for authenticating client and drm interoperable system
Benze et al. Open system for energy services (OS4ES): An EU-funded research project to establish a non-discriminatory, multivendor-capability service delivery platform for smart grid services
Kirstein et al. Handling the internet of things with care
Apolinarski System Support for Security and Privacy in Pervasive Computing
JP2007264962A (en) Authentication system and identification method
CN101542472A (en) Method for managing domain using multi domain manager and domain system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08723245

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08723245

Country of ref document: EP

Kind code of ref document: A1