U.S. patent application number 11/745816 was filed with the patent office on 2007-11-15 for method of transfering rights object and electronic device.
This patent application is currently assigned to SAMSUNG ELECTRONICS CO., LTD.. Invention is credited to Kyung-im Jung, Ji-soo Kim, Yeo-jin Kim, Yun-sang Oh, Sang-gyoo Sim.
Application Number | 20070265981 11/745816 |
Document ID | / |
Family ID | 39064246 |
Filed Date | 2007-11-15 |
United States Patent
Application |
20070265981 |
Kind Code |
A1 |
Kim; Yeo-jin ; et
al. |
November 15, 2007 |
METHOD OF TRANSFERING RIGHTS OBJECT AND ELECTRONIC DEVICE
Abstract
A method of transferring a rights object (RO) and an electronic
device are provided. The method includes generating a secure RO by
encrypting an RO including usage rights information regarding
digital content and transferring the secure RO from a first device
to a second device.
Inventors: |
Kim; Yeo-jin; (Suwon-si,
KR) ; Oh; Yun-sang; (Seoul, KR) ; Sim;
Sang-gyoo; (Suwon-si, KR) ; Jung; Kyung-im;
(Seongnam-si, KR) ; Kim; Ji-soo; (Yongin-si,
KR) |
Correspondence
Address: |
SUGHRUE MION, PLLC
2100 PENNSYLVANIA AVENUE, N.W., SUITE 800
WASHINGTON
DC
20037
US
|
Assignee: |
SAMSUNG ELECTRONICS CO.,
LTD.
Suwon-si
KR
|
Family ID: |
39064246 |
Appl. No.: |
11/745816 |
Filed: |
May 8, 2007 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
60799652 |
May 12, 2006 |
|
|
|
Current U.S.
Class: |
705/59 ;
705/51 |
Current CPC
Class: |
H04L 63/0869 20130101;
H04L 63/0428 20130101; G06Q 20/027 20130101; H04L 2209/603
20130101; H04L 9/3273 20130101; G06F 21/33 20130101; H04L 63/0442
20130101; H04L 63/0853 20130101; G06F 2221/0797 20130101; H04L
2209/24 20130101; G06F 21/10 20130101; G06F 21/445 20130101; G06F
2221/0753 20130101; H04L 63/0823 20130101; H04L 9/0816 20130101;
H04L 9/3268 20130101 |
Class at
Publication: |
705/59 ;
705/51 |
International
Class: |
H04L 9/00 20060101
H04L009/00 |
Foreign Application Data
Date |
Code |
Application Number |
Apr 2, 2007 |
KR |
10-2007-0032497 |
Claims
1. A method of transferring a rights object (RO) including usage
rights information regarding digital content, the method
comprising: generating a secure RO by encrypting the RO; and
transferring the secure RO from a first device to a second
device.
2. The method of claim 1, wherein the generating the secure RO
comprises: extracting the usage rights information from the RO; and
encrypting the usage rights information.
3. The method of claim 2, wherein the usage rights information
comprises a content encryption key (CEK) of the digital
content.
4. The method of claim 3, wherein the encrypting the usage rights
information comprises encrypting the CEK of the digital content
using an encryption key.
5. The method of claim 4, further comprising: storing the secure RO
in the first device; and removing the secure RO from the first
device if the transfer of the secure RO from the first device to
the second device is completed.
6. The method of claim 1, further comprising: issuing from the
first device a request for decryption of the secure RO to the
second device; and decrypting the secure RO at the second
device.
7. The method of claim 5, further comprising: issuing from the
first device a request for decryption of the secure RO to the
second device; and decrypting the secure RO at the second
device.
8. The method of claim 7, further comprising transmitting the
encryption key to the second device, wherein the decrypting the
secure RO comprises decrypting the secure RO using the encryption
key.
9. An electronic device comprising: a storage module which stores a
rights object (RO) including usage rights information regarding
digital content; an encryption module which generates a secure RO
by encrypting the RO; an interface module which is configured to
interface with an external device; and a control module which
controls the encryption module to generate the secure RO and
transfers the secure RO to the external device via the interface
module.
10. The electronic device of claim 9, wherein the encryption module
extracts the usage rights information from the RO and generates the
secure RO by encrypting the usage rights information.
11. The electronic device of claim 10, wherein the usage rights
information comprises a content encryption key (CEK) of the digital
content.
12. The electronic device of claim 11, wherein the encryption
module encrypts the CEK of the digital content using an encryption
key.
13. The electronic device of claim 12, wherein the control module
stores the secure RO in the storage module and removes the secure
RO from the storage module if the transfer of the secure RO to the
external device is completed.
14. The electronic device of claim 12, wherein the control module
transmits the encryption key to the external device and issues to
the external device a request for decryption of the secure RO using
the encryption key.
15. An electronic device comprising: an interface module which is
configured to interface with an external device that transmits a
secure rights object (RO); a storage module which stores the secure
RO received from the external device via the interface module; a
decryption module which decrypts the secure RO; and a control
module which controls the decryption module to decrypt the secure
RO and stores a decrypted RO obtained by the decryption performed
by the decryption module in the storage module.
16. The electronic device of claim 15, wherein the interface module
receives a request for decryption of the secure RO from the
external device and the control module controls the decryption
module to decrypt the secure RO in response to the request.
17. The electronic device of claim 16, wherein the interface module
receives an encryption key from the external device, and the
control module controls the decryption module to decrypt the secure
RO using the encryption key.
18. The electronic device of claim 17, wherein the control module
notifies the external device, via the interface module, that the
decryption of the secure RO has been completed.
Description
[0001] This application claims priority from Korean Patent
Application No. 10-2007-32497 filed on Apr. 2, 2007 in the Korean
Intellectual Property Office, and U.S. Provisional Patent
Application No. 60/799,652 filed on May 12, 2006 in the United
States Patent and Trademark Office, the disclosures of which are
incorporated herein by reference in their entirety.
BACKGROUND OF THE INVENTION
[0002] 1. Field of the Invention
[0003] Methods consistent with the present invention relate to
transferring a rights object (RO) and an electronic device, and
more particularly, to transferring an RO and an electronic device
which can prevent an RO from being copied during the transfer of
the RO.
[0004] 2. Description of the Related Art
[0005] In recent years, research has been vigorously conducted on
Digital Rights Management (DRM), which is a technology for
protecting digital content that can be easily copied and
distributed, and various services adopting DRM technology have been
or are currently being commercialized.
[0006] Related art techniques of protecting digital content
generally focus on the prevention of illegitimate access to digital
content. For example, in the related art, only users who have paid
charges for digital content are allowed to access the digital
content, whereas users who have not paid any charges for the
digital content are not allowed to access the digital content.
[0007] Due to the characteristics of digital data, digital content
can be easily reused, processed, copied, and distributed.
Therefore, if digital content is illegitimately copied or
distributed by users who have access to the digital content, the
digital content can be used even by users who have not paid any
charges for the digital content and are thus not eligible for the
digital content.
[0008] In order to address this, DRM technology requires encryption
of digital content for safe distribution of digital content and
also requires a predetermined license, called a Rights Object (RO),
for the use of digital content.
[0009] Referring to FIG. 1, a user who wishes to use digital
content may be provided with desired digital content by a content
provider 120 with a host device 110. The digital content provided
by the content provider 120 is encrypted. In order to use encrypted
digital content (hereinafter referred to as a content item), an RO
is necessary.
[0010] The user may purchase an RO including the right to execute a
content item from an RO issuer 130 using the host device 110. The
right to execute the content item may be a content encryption key
that is necessary to decrypt the content item.
[0011] The RO issuer 130 may report a statement regarding the
issuance of ROs to the content provider 120. The RO issuer 130 may
be the same entity as the content provider 120.
[0012] A user can use a content item by acquiring an RO
corresponding to the content item.
[0013] A content item can be freely copied to or distributed to a
number of users without an RO. An RO includes usage restriction
information regarding the number of times that a content item can
be used, a period of time for which the content item can be used,
and/or the number of times that the RO can be copied, and thus
imposes restrictions on the reuse or copy of content.
[0014] In short, it is possible to effectively protect digital
content using DRM technology
[0015] A user may store an RO in a host device such as a mobile
phone or a personal digital assistant (PDA) which can execute
multimedia data.
[0016] In order to facilitate the maintenance and distribution of
content items and ROs, methods of storing ROs in portable storage
devices such as memory sticks or multimedia cards (MMCs) have been
developed.
[0017] FIG. 2 illustrates a flowchart of a related art method of
transferring an RO present in a host device 110 to a portable
storage device 140. When the portable storage device 140 is
connected to the host device 110, a user can execute an RO transfer
command for transferring an RO from the host device 110 to the
portable storage device 140.
[0018] Referring to FIG. 2, in operation S110, the host device 110
transfers an RO to the portable storage device 140 upon execution
of an RO transfer command. In operation S120, when the transfer of
the RO is complete, the portable storage device 140 notifies the
host device 110 of the completion of the RO transfer. In operation
S130, the host device 110 removes the RO present therein upon being
notified that the transfer of the RO has been completed.
[0019] If the method is terminated abnormally at a time A between
operation S110 and operation S120, the host device 110 cannot be
notified of whether the transfer of the RO has been completed and
thus may not be able to decide when to remove the RO present
therein. As a result, the RO remains in both the host device 110
and the portable storage device 140. That is, the RO is copied
during the transfer of the RO.
SUMMARY OF THE INVENTION
[0020] The present invention provides a method of transferring an
RO and an electronic device which can prevent an RO from being
copied during the transfer of the RO.
[0021] According to an aspect of the present invention, there is
provided a method of transferring a RO including usage rights
information regarding digital content, the method including
generating a secure RO by encrypting the RO and transferring the
secure RO from a first device to a second device.
[0022] According to another aspect of the present invention, there
is provided an electronic device, including a storage module which
stores an RO including usage rights information regarding digital
content, an encryption module which generates a secure RO by
encrypting the RO, an interface module which enables the electronic
device to interface with an external device, and a control module
which controls the encryption module to generate the secure RO and
transfers the secure RO to the external device via the interface
module.
[0023] According to another aspect of the present invention, there
is provided an electronic device, including an interface module
which enables the electronic device to interface with an external
device that transmits an encrypted RO, a storage module which
stores the encrypted RO, a decryption module which decrypts the
encrypted RO, and a control module which controls the decryption
module to decrypt the encrypted RO and stores a decrypted RO
obtained by the decryption performed by the decryption module in
the storage module.
BRIEF DESCRIPTION OF THE DRAWINGS
[0024] The above and other aspects of the present invention will
become more apparent by describing in detail exemplary embodiments
thereof with reference to the attached drawings in which:
[0025] FIG. 1 illustrates a block diagram of a related art digital
rights management system;
[0026] FIG. 2 illustrates a flowchart of a related art method of
transferring a rights object (RO);
[0027] FIG. 3 illustrates a block diagram of a system for
transferring an RO according to an exemplary embodiment of the
present invention; and
[0028] FIG. 4 illustrates a flowchart of a method of transferring
an RO according to an exemplary embodiment of the present
invention.
DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS OF THE INVENTION
[0029] The present invention will now be described more fully with
reference to the accompanying drawings, in which exemplary
embodiments of the invention are shown. The invention may, however,
be embodied in many different forms and should not be construed as
being limited to the exemplary embodiments set forth herein;
rather, these exemplary embodiments are provided so that this
disclosure will be thorough and complete, and will fully convey the
concept of the invention to those skilled in the art. Like
reference numerals in the drawings denote like elements, and thus
their description will be omitted.
[0030] For a better understanding of the present invention, the
definitions of the terms frequently used in this disclosure will be
given below.
[0031] The term `transfer` denotes a process of moving a file from
one device to another. During the transfer of a file, the file may
exist in two devices at the same time. However, once the transfer
of a file from a first device to a second device is completed, the
file must not exist in the first device any longer, but must exist
only in the second device.
[0032] The term `copy` denotes a process of duplicating a Rights
Object (RO) so that the RO can become available in two or more
devices.
[0033] The present invention is described hereinafter with
reference to flowchart illustrations of user interfaces, methods,
and computer program products according to exemplary embodiments of
the invention. It will be understood that each block of the
flowchart illustrations, and combinations of blocks in the
flowchart illustrations, can be implemented by computer program
instructions. These computer program instructions can be provided
to a processor of a general purpose computer, special purpose
computer, or other programmable data processing apparatus to
produce a machine, such that the instructions, which are executed
via the processor of the computer or other programmable data
processing apparatus, create means for implementing the functions
specified in the flowchart block or blocks.
[0034] These computer program instructions may also be stored in a
computer usable or computer-readable memory that can direct a
computer or other programmable data processing apparatus to
function in a particular manner, such that the instructions stored
in the computer usable or computer-readable memory produce an
article of manufacture including instruction means that implement
the function specified in the flowchart block or blocks.
[0035] The computer program instructions may also be loaded onto a
computer or other programmable data processing apparatus to cause a
series of operational steps to be performed on the computer or
other programmable apparatus to produce a computer implemented
process such that the instructions that are executed on the
computer or other programmable apparatuses provide steps for
implementing the functions specified in the flowchart block or
blocks.
[0036] And each block of the flowchart illustrations may represent
a module, segment, or portion of code, which comprises one or more
executable instructions for implementing the specified logical
function(s). It should also be noted that in some alternative
implementations, the functions noted in the blocks may occur out of
the order. For example, two blocks shown in succession may in fact
be executed substantially concurrently or the blocks may sometimes
be executed in the reverse order, depending upon the functionality
involved.
[0037] FIG. 3 illustrates a block diagram of a system for
transferring an RO according to an exemplary embodiment of the
present invention. Referring to FIG. 3, the system includes a host
device 10 in which an RO is stored and a portable storage device 20
which can be connected to the host device 10.
[0038] The host device 10 reproduces and manages digital content
according to the rights defined in the RO present in the host
device 10. The host device 10 may be a multimedia device such as a
mobile phone, a personal digital assistant (PDA), a laptop
computer, a desktop computer, or a digital television.
[0039] The portable storage device 20 includes a nonvolatile memory
such as a flash memory which can read, write, and erase data. The
portable storage device 20 has data processing capabilities and can
be easily connected to or detached from the host device 10. The
portable storage device 20 may be a Smart Media (SM) card, a memory
stick, a Compact Flash (CF) card, an eXtreme Digital (XD) card, or
a multimedia card.
[0040] The host device 10 includes a storage module 12 which stores
an RO, an encryption module 14 which encrypts an RO, an interface
module 16 which enables the host device 10 to interface with the
portable storage device 20, and a control module 18 which controls
the storage module 12, the encryption module 14, and the interface
module 16.
[0041] The RO present in the storage module 12 is a type of license
including rights information regarding the right to use a content
item, use restriction information regarding restrictions imposed on
the use of the content item, copy restriction information regarding
restrictions imposed on the copy of an RO, an identifier of the RO,
and an identifier of the content item.
[0042] The rights information regarding the right to use a content
item may be a content encryption key (CEK) which is necessary to
decode a content item.
[0043] The encryption module 14 encrypts the RO present in the
storage module 12 upon the request of the control module 18 and
generates an encrypted RO.
[0044] More specifically, the encryption module 14 extracts a CEK
from an RO, and encrypts the RO by encrypting the CEK using an
encryption key. However, the present invention is not restricted to
this. The encryption module 14 may extract one or more pieces of
information, other than the CEK, from an RO and encrypt the
extracted pieces of information. Once an RO is encrypted, content
corresponding to the RO cannot be used until the RO is decrypted.
Hereinafter, the RO having some specific fields encrypted by the
encryption key, which only host device knows, is referred to as the
secure RO.
[0045] The interface module 16 enables the host device 10 to
interface with the portable storage device 20. The host device 10
transmits data to or receives data from the portable storage device
20 through the interface 16. When the host device 10 is connected
to the portable storage device 20, the interface module 16 of the
host device 10 may be electrically connected to an interface module
22 of the portable storage device 20. However, the present
invention is not restricted to this. That is, when the host device
10 is connected to the portable storage device 20, the interface
module 16 of the host device 10 may not necessarily be directly
connected to the interface module 22 of the portable storage device
20, and may communicate with the interface module 22 of the
portable storage device 20 with the aid of a wireless medium. In
addition, the interface module 16 of the host device 10 and the
interface module 22 of the portable storage device 20 may conduct
mutual authentication and secure communication apart from
processing the secure RO. The secure communication means that the
transferred data, including the secure RO, are encrypted by the
session key generated during the mutual authentication step.
[0046] When an RO transfer command is received from a user, the
control module 18 controls the encryption module 14 to encrypt the
RO present in the storage module 12 and stores a secure RO obtained
by the encryption performed by the encryption module 14 in the
storage module 12. Thereafter, the control module 18 transfers the
secure RO to the portable storage device 20 via the interface
module 16. The RO transfer command may be received from the user by
an input module (not shown). Alternatively, the control module 18
may transfer the RO present in the storage module 12 to the
portable storage device 20 upon connecting the portable storage
device 20 to the host device 10.
[0047] When the portable storage device 20 notifies the control
module 18, via the interface module 16, that the transfer of the
secure RO has been complete, the control module 18 removes the
secure RO present in the storage module 12.
[0048] Thereafter, the control module 18 issues a request for
decryption of the secure RO to the portable storage device 20 via
the interface module 16. In this case, the control module 18
transmits the encryption key used to produce the secure RO to the
portable storage device 20.
[0049] The portable storage device 20 includes the interface module
22, a storage module 24, a decryption module 26, and a control
module 28.
[0050] The interface module 22 enables the portable storage device
20 to interface with the host device 10. The portable storage
device 20 transmits data to or receives data from the host device
10 via the interface module 22.
[0051] The storage module 24 stores a secure RO received by the
interface module 22. A secure RO may have an identification module
(not shown) by which the secure RO can be distinguished from an RO
yet to be encrypted. Alternatively, an identification module
capable of distinguishing a secure RO from an RO yet to be
encrypted may be provided as an independent module.
[0052] The decryption module 26 decrypts the secure RO present in
the storage module 24 upon the request of the control module 28. In
detail, the decryption module 26 decrypts the secure RO present in
the storage module 24 using the encryption key received from the
host device 10 via the interface module 22.
[0053] The control module 28 identifies a secure RO received by the
interface module 22 and stores the secure RO in the storage module
24. When a request for decryption of the secure RO is issued by the
host device 10, the control module 28 controls the decryption
module 26 to decrypt the secure RO and stores a decrypted secure RO
obtained by the decryption module 26 in the storage module 24.
Also, the control module 28 notifies the host device 10, via the
interface module 22, that the decryption of the secure RO has been
completed.
[0054] FIG. 4 illustrates a flowchart of a method of transferring
an RO according to an exemplary embodiment of the present
invention. Referring to FIG. 4, in operation S10, when an RO
transfer command is received from a user, the encryption module 14
of the host device 10 generates a secure RO by extracting a CEK of
an RO present in the storage module 12 and encrypting the CEK with
a encryption key under the control of the control module 18. In
operation S12, the control module 18 stores the secure RO in the
storage module 12. The RO stored in the host device 10 needs to be
prevented from being used by the host device 10 before successfully
transferring the RO to the portable storage device 20 because it is
not desirable that the state information of the transferred secure
RO differs from the state information of the RO stored in the host
device 10. That is, the host device 10 stores the secure RO instead
of the existing RO to maintain the consistency of two ROs stored in
the host device 10 and the portable storage device 20. But, the
control module 18 may not store the secure RO in the storage module
12. If the state information of the transferred secure RO differs
from the state information of the RO stored in the host device 10,
the transferred secure RO may be removed, and the transfer process
may restart. In operation S14, the control module 18 transmits the
secure RO to the portable storage device 20 via the interface
module 16.
[0055] In operation S16, the control module 28 of the portable
storage device 20 receives the secure RO transmitted by the control
module 18 of the host device 10 via the interface module 22 and
stores the secure RO in the storage module 24. In operation S18,
the control module 28 notifies the host device 10, via the
interface module 22, that the transfer of the secure RO has been
completed.
[0056] In operation S20, the control module 18 of the host device
10 removes the secure RO present in the storage module 12 upon
being notified that the transfer of the secure RO has been
completed.
[0057] In operation S22, the control module 18 issues a request for
decryption of the secure RO to the portable storage device 20 via
the interface module 16. In this case, the control module 18
transmits the encryption key used to produce the secure RO to the
portable storage device 20.
[0058] In operation S24, the control module 28 of the portable
storage device 20 controls the decryption module 26 to decrypt the
secure RO using the encryption key transmitted by the control
module 18 of the host device 10. In operation S26, the control
module 28 stores a decrypted RO obtained by the decryption
performed by the decryption module 26 in the storage module 24. In
operation S28, the control module 28 notifies the host device 10,
via the interface module 22, that the decryption of the secure RO
has been completed.
[0059] Even if the method is terminated abnormally at a time B
between operation S16 and operation S18, an RO present in the host
device 10 and the portable storage device 20, respectively, cannot
be used because the RO is still encrypted. Therefore, it is
possible to prevent an RO from being copied.
[0060] If the host device 10 does not remove the secure RO present
in the storage module 12 in operation S20, the secure RO can be
used later by decrypting the secure RO. However, the secure RO
present in the portable storage device 20 can be transferred to but
not used by other devices. In order to use the secure RO present in
the portable storage device 20, the user must perform the
above-described method of transferring an RO.
[0061] In the above-described exemplary embodiments, a CEK of an RO
is encrypted before the transfer of the RO so that the RO cannot be
used unless decrypted. Therefore, even if an RO exists in two
devices at the same time, the copy of the RO can be prevented, and
the use of the RO can be allowed only when the transfer of the RO
is properly completed. In the above-described exemplary
embodiments, an RO present in the host device 10 is encrypted, and
the encrypted RO is transferred to the portable storage device 20.
However, the present invention is not restricted to this and the
present invention may be applied to the transfer of an RO from a
portable storage device to a host device, from one host device to
another host device, and from one portable storage device to
another portable storage device.
[0062] As described above, according to the present invention, it
is possible to prevent an RO from being copied during the transfer
of the RO.
[0063] While the present invention has been particularly shown and
described with reference to exemplary embodiments thereof, it will
be understood by those of ordinary skill in the art that various
changes in form and details may be made therein without departing
from the spirit and scope of the present invention as defined by
the following claims.
* * * * *