U.S. patent application number 11/741292 was filed with the patent office on 2007-12-13 for method and apparatus for issuing rights object required to use digital content.
This patent application is currently assigned to SAMSUNG ELECTRONICS CO., LTD.. Invention is credited to Kyung-im JUNG, Ji-soo KIM, Yeo-jin KIM, Yun-sang OH, Sang-gyoo SIM.
Application Number | 20070288383 11/741292 |
Document ID | / |
Family ID | 39064246 |
Filed Date | 2007-12-13 |
United States Patent
Application |
20070288383 |
Kind Code |
A1 |
KIM; Yeo-jin ; et
al. |
December 13, 2007 |
METHOD AND APPARATUS FOR ISSUING RIGHTS OBJECT REQUIRED TO USE
DIGITAL CONTENT
Abstract
Provided are a method and apparatus for issuing a rights object
required to use digital content. The method includes receiving the
digital content and the rights object; and encrypting the received
rights object using a public key of a secure multimedia card (SMC)
and storing the encrypted rights object in the SMC.
Inventors: |
KIM; Yeo-jin; (Suwon-si,
KR) ; OH; Yun-sang; (Seoul, KR) ; SIM;
Sang-gyoo; (Suwon-si, KR) ; JUNG; Kyung-im;
(Seongnam-si, KR) ; KIM; Ji-soo; (Yongin-si,
KR) |
Correspondence
Address: |
SUGHRUE MION, PLLC
2100 PENNSYLVANIA AVENUE, N.W., SUITE 800
WASHINGTON
DC
20037
US
|
Assignee: |
SAMSUNG ELECTRONICS CO.,
LTD.
Suwon-si
KR
|
Family ID: |
39064246 |
Appl. No.: |
11/741292 |
Filed: |
April 27, 2007 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
60799652 |
May 12, 2006 |
|
|
|
Current U.S.
Class: |
705/51 ;
705/79 |
Current CPC
Class: |
G06Q 20/027 20130101;
G06F 21/10 20130101; H04L 9/3268 20130101; G06F 21/445 20130101;
H04L 2209/603 20130101; H04L 63/0823 20130101; G06F 21/33 20130101;
G06F 2221/0753 20130101; H04L 9/0816 20130101; H04L 9/3273
20130101; H04L 2209/24 20130101; H04L 63/0853 20130101; H04L
63/0442 20130101; H04L 63/0428 20130101; H04L 63/0869 20130101;
G06F 2221/0797 20130101 |
Class at
Publication: |
705/51 ;
705/79 |
International
Class: |
H04L 9/00 20060101
H04L009/00 |
Foreign Application Data
Date |
Code |
Application Number |
Mar 13, 2007 |
KR |
10-2007-0024318 |
Claims
1. A method of issuing a rights object required to use digital
content, the method comprising: receiving the digital content and
the rights object; and encrypting the rights object using a public
key of a secure multimedia card (SMC) and storing the encrypted
rights object in the SMC.
2. The method of claim 1, wherein the rights object can be moved
and/or copied, when the right to move and/or copy the rights object
is available.
3. A method of issuing a rights object required to use digital
content, the method comprising: selecting the digital content using
a digital content purchase interface and paying for the digital
content; encrypting a rights object for the digital content using a
binding target key; and storing the encrypted rights object in a
secure multimedia card (SMC).
4. The method of claim 3, wherein the encrypting the rights object
comprises encrypting the rights object using a key of the SMC.
5. The method of claim 3, wherein the encrypting the rights object
comprises encrypting the rights object using a key of a user.
6. The method of claim 3, wherein the encrypting the rights object
comprises encrypting the rights object using a key of a domain.
7. The method of claim 3, wherein the encrypting the rights object
comprises encrypting the rights object using a key of a host.
8. The method of claim 3, wherein the binding target key is
designated by one of a copyright issuer and a user.
9. The method of claim 3, wherein the rights object can be moved
and/or copied, when the right to move and/or copy the rights object
is available.
10. A method of issuing a rights object required to use digital
content, the method comprising: forming a security channel with a
digital content storage device after mutual authentication and
receiving the rights object from the digital content storage
device; and decrypting the rights object using a binding target key
and providing information required to play back the digital
content.
11. The method of claim 10, wherein the rights object is decrypted
using a key of a secure multimedia card.
12. The method of claim 10, wherein the rights object is decrypted
using a key of a user.
13. The method of claim 10, wherein the rights object is decrypted
using a key of a domain.
14. The method of claim 10, wherein the rights object is decrypted
using a key of a host.
15. An apparatus for issuing a rights object required to use
digital content, the apparatus comprising: a purchase interface
unit which receives information regarding the digital content
selected by a user, the purchase interface unit being used by the
user to pay for the digital content; an encryption unit which
encrypts the rights object for the digital content using a binding
target key and stores the encrypted rights object in a secure
multimedia card (SMC); and a communication interface unit which
communicates with the SMC.
16. The apparatus of claim 15, wherein the encryption unit encrypts
the rights object using a key of the SMC.
17. The apparatus of claim 15, wherein the encryption unit encrypts
the rights object using a key of the user.
18. The apparatus of claim 15, wherein the encryption unit encrypts
the rights object using a key of a domain.
19. The apparatus of claim 15, wherein the encryption unit encrypts
the rights object using a key of a host.
20. The apparatus of claim 15, wherein the binding target key is
designated by one of a copyright issuer and the user.
21. The apparatus of claim 15, wherein the rights object can be
moved and/or copied, when the right to move and/or copy the rights
object is available.
22. An apparatus for issuing a rights object required to use
digital content, the apparatus comprising: a communication
interface unit which forms a security channel with a secure
multimedia card (SMC) after mutual authentication and receives the
rights object from the SMC; and a content provision unit which
decrypts the rights object using a binding target key and provides
information required to play back the digital content.
23. The apparatus of claim 22, wherein the rights object is
decrypted using a key of the SMC.
24. The apparatus of claim 22, wherein the rights object is
decrypted using a key of a user.
25. The apparatus of claim 22, wherein the rights object is
decrypted using a key of a domain.
26. The apparatus of claim 22, wherein the rights object is
decrypted using a key of a host.
27. A computer readable recording medium storing a computer program
for performing a method of issuing a rights object required to use
digital content, the method comprising: receiving the digital
content and the rights object; and encrypting the rights object
using a public key of a secure multimedia card (SMC) and storing
the encrypted rights object in the SMC.
28. A computer readable recording medium storing a computer program
for performing a method of issuing a rights object required to use
digital content, the method comprising: selecting the digital
content using a digital content purchase interface and paying for
the digital content; encrypting a rights object for the digital
content using a binding target key; and storing the encrypted
rights object in a secure multimedia card.
29. A computer readable recording medium storing a computer program
for performing a method of issuing a rights object required to use
digital content, the method comprising: forming a security channel
with a digital content storage device after mutual authentication
and receiving the rights object from the digital content storage
device; and decrypting the rights object using a binding target key
and providing information required to play back the digital
content.
Description
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application claims priority from Korean Patent
Application No. 10-2007-24318 filed on Mar. 13, 2007 in the Korean
Intellectual Property Office, and U.S. Provisional Patent
Application No. 60/799,652 filed on May 12, 2006 in the United
States Patent and Trademark Office, the disclosures of which are
incorporated herein by reference in their entirety.
BACKGROUND OF THE INVENTION
[0002] 1. Field of the Invention
[0003] The present invention relates to a method and apparatus for
issuing a rights object required to use digital content, and more
particularly, to a method and apparatus for issuing a rights object
and capable of storing digital rights management (DRM) content,
which is usually provided online, in a secure multimedia card (SMC)
so that the DRM content can also be provided offline.
[0004] 2. Description of the Related Art
[0005] DRM is a technical mechanism to protect copyright on digital
content and properly charge for the use of the digital content. In
particular, DRM is designed to protect digital content that can be
easily copied and distributed in illegal ways.
[0006] Conventionally, in order to protect digital content, access
to the digital content was allowed to users who had paid for the
digital content, but not to users who had not paid for the digital
content. However, since the digital content, by its nature, can be
easily reused, processed, copied, and distributed, if a user who
had accessed the digital content illegally copied or distributed
the digital content, the users who had not paid for the digital
content could also use the digital content.
[0007] To tackle this problem, DRM encrypts digital content so that
the digital content can be distributed in an encrypted form. In
addition, DRM requires a specified license called a "rights object"
to use the encrypted digital content.
[0008] FIG. 1 illustrates a related art DRM concept.
[0009] Referring to FIG. 1, a user 110 who desires to use digital
content (hereinafter, referred to as content) may obtain desired
content from a content issuer 120.
[0010] In this case, the content provided by the content issuer 120
is in an encrypted form. Therefore, a DRM system needs a rights
object to use the encrypted content. The rights object is a
software object that includes information such as copyright
information of content, information regarding user rights, etc.
[0011] The user 110 may pay a rights object issuer 130 for a rights
object including the right to execute the encrypted content and
obtain the rights object from the rights object issuer 130. Rights
included in the rights object may include a content encryption key
(CEK) required to decrypt the encrypted content.
[0012] The rights object issuer 130 reports the details of the
issuance of the rights object to the content issuer 120. In some
cases, the rights object issuer 130 and the content issuer 120 may
be the same entity.
[0013] The user 110 who obtained the rights object as described
above may consume the rights object and thus use the encrypted
content.
[0014] A rights object includes limit information such as the
number of times that content can be used by consuming the rights
object, a period of time during which the content can be used by
consuming the rights object, or the number of times that the rights
object can be copied. Unlike content, the reuse or copying of a
rights object is limited. Therefore, content can be effectively
protected by DRM.
[0015] Generally, users store rights objects in various hosts,
which execute multimedia data, such as a personal computer (PC), an
MP3 player, a mobile phone, and a personal digital assistant (PDA).
Accordingly, there is a growing need for sharing digital content
between different devices.
[0016] However, since DRM content, which is sold based on
conventional DRM technology, is dependent on a particular device,
it cannot be used on other devices.
SUMMARY OF THE INVENTION
[0017] The present invention provides a method and apparatus for
issuing a rights object required to use digital content, which are
capable of storing digital content and a rights object in hardware,
such as a SMC, in the form of media so that the digital content can
be used on various multimedia devices.
[0018] According to an aspect of the present invention, there is
provided a method of issuing a rights object required to use
digital content. The method includes receiving the digital content
and the rights object; and encrypting the rights object using a
public key of an SMC and storing the encrypted rights object in the
SMC.
[0019] According to another aspect of the present invention, there
is provided a method of issuing a rights object required to use
digital content. The method includes selecting the digital content
using a digital content purchase interface and paying for the
digital content; encrypting a rights object for the digital content
using a binding target key; and storing the encrypted rights object
in an SMC.
[0020] According to another aspect of the present invention, there
is provided a method of issuing a rights object required to use
digital content. The method includes forming a security channel
with a digital content storage device after mutual authentication
and receiving the rights object from the digital content storage
device; and decrypting the rights object using a binding target key
and providing information required to play back the digital
content.
[0021] According to another aspect of the present invention, there
is provided an apparatus for issuing a rights object required to
use digital content. The apparatus includes a purchase interface
unit which receives information regarding the digital content
selected by a user, the purchase interface unit being used by the
user to pay for the digital content; an encryption unit which
encrypts the rights object for the digital content using a binding
target key and stores the encrypted rights object in an SMC; and a
communication interface unit which communicates with the SMC.
[0022] According to another aspect of the present invention, there
is provided an apparatus for issuing a rights object required to
use digital content. The apparatus includes a communication
interface unit which forms a security channel with an SMC after
mutual authentication and receives the rights object from the SMC;
and a content provision unit which decrypts the rights object using
a binding target key and provides information required to play back
the digital content.
BRIEF DESCRIPTION OF THE DRAWINGS
[0023] The above and other aspects of the present invention will
become more apparent by describing in detail exemplary embodiments
thereof with reference to the attached drawings in which:
[0024] FIG. 1 illustrates a related art DRM concept;
[0025] FIG. 2 illustrates a method of issuing a rights object
required to use digital content according to an exemplary
embodiment of the present invention;
[0026] FIG. 3 illustrates a method of issuing a rights object
required to use digital content according to another exemplary
embodiment of the present invention;
[0027] FIG. 4 illustrates a method of using a rights object
required to use digital content according to an exemplary
embodiment of the present invention;
[0028] FIG. 5 is a block diagram of an apparatus for issuing a
rights object required to use digital content according to an
exemplary embodiment of the present invention; and
[0029] FIG. 6 is a block diagram of an apparatus for using a rights
object required to use digital content according to another
exemplary embodiment of the present invention.
DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS OF THE INVENTION
[0030] The present invention will now be described more fully with
reference to the accompanying drawings, in which exemplary
embodiments of the invention are shown. The present invention may,
however, be embodied in many different forms and should not be
construed as being limited to the exemplary embodiments set forth
herein; rather, these exemplary embodiments are provided so that
this disclosure will be thorough and complete, and will fully
convey the concept of the present invention to those skilled in the
art. Like reference numerals in the drawings denote like elements,
and thus their description will be omitted.
[0031] Hereinafter, a method and apparatus for issuing a rights
object required to use digital content according to exemplary
embodiments of the present invention will be described with
reference to block diagrams or flowchart illustrations.
[0032] It will be understood that each block of the flowchart
illustrations, and combinations of blocks in the flowchart
illustrations, can be implemented by computer program instructions.
These computer program instructions can be provided to a processor
of a general purpose computer, special purpose computer, or other
programmable data processing apparatus, such that the instructions,
which are executed via the processor of the computer or other
programmable data processing apparatus, create means for
implementing the functions specified in the flowchart block or
blocks.
[0033] These computer program instructions may also be stored in a
computer usable or computer readable recording medium that can
direct a computer or other programmable data processing apparatus
to function in a particular manner, such that the instructions
stored in the computer usable or computer readable recording medium
produce an article of manufacture including instruction means that
implement the function specified in the flowchart block or
blocks.
[0034] The computer program instructions may also be loaded onto a
computer or other programmable data processing apparatus to cause a
series of operational steps to be performed on the computer or
other programmable apparatus to produce a computer implemented
process such that the instructions that are executed on the
computer or other programmable apparatus provide steps for
implementing the functions specified in the flowchart block or
blocks.
[0035] And each block of the flowchart illustrations may represent
a module, segment, or portion of code, which comprises one or more
executable instructions for implementing the specified logical
function(s). It should also be noted that in some alternative
implementations, the functions noted in the blocks may occur out of
the order. For example, two blocks shown in succession may in fact
be executed substantially concurrently or the blocks may sometimes
be executed in the reverse order, depending upon the functionality
involved.
[0036] Hereinafter, exemplary embodiments of the present invention
will be described in detail with reference to the accompanying
drawings.
[0037] It is assumed that a rights object stored in a SMC, which is
used in the exemplary embodiments of the present invention,
includes information definitely needed to use DRM content and that
the format of the rights object can be easily converted into
formats supported by different DRM systems.
[0038] FIG. 2 illustrates a method of issuing a rights object
required to use digital content according to an exemplary
embodiment of the present invention.
[0039] Referring to FIG. 2, SMC manufacturer 230 receives a digital
content 221 from a content issuer 220 who provides digital content
and holds copyright on the digital content, and receives a rights
object 211 from a copyright issuer 210 who issues a rights object
(operation S201).
[0040] Then, the SMC manufacturer 230 encrypts the received rights
object 211 using a key of an SMC 240, and stores the encrypted
rights object 211 in the SMC 240 together with the digital content
221 (operation S202).
[0041] Here, the key used to encrypt the received rights object 211
may use public-key cryptography or symmetric-key cryptography.
[0042] Public-key cryptography, also known as asymmetric-key
cryptography, is a form of cryptography in which different
encryption keys are used to encrypt and decrypt data.
[0043] In the public-key cryptography, an encryption key is
composed of a pair of a public key and a private key.
[0044] The public key need not be kept secret and can be easily
revealed to other devices, while the private key is revealed only
to a particular device.
[0045] Symmetric-key cryptography, also known as secret-key
cryptography, is a form of cryptography in which the same
encryption key is used to encrypt and decrypt data.
[0046] The encryption key used in operation S202 may use any one of
the public-key cryptography and the symmetric-key cryptography
described above, which is not limited to the present
embodiment.
[0047] To encrypt data (including a rights object and/or content in
this exemplary embodiment) using a key of a specific target is
called "binding," and bound data can be decrypted by the specific
target only.
[0048] An exemplary embodiment of binding data to a specific target
will be described in detail later with reference to FIG. 3.
[0049] A user cannot arbitrarily move or copy the rights object
211, which is bound to the SMC 240, to another device. If the user
is given the right to change a binding target, the user can change
the binding target in a predetermined procedure.
[0050] After operation S202, the SMC manufacturer 230
commercializes the SMC 240, which stores the digital content 221
and the rights object 211, and releases it onto the market.
[0051] FIG. 3 illustrates a method of issuing a rights object
required to use digital content according to another exemplary
embodiment of the present invention.
[0052] In the exemplary embodiment illustrated in FIG. 3, it is
assumed that an SMC 340 held by a user is inserted into an online
host 330 and that the online host 330 receives one or more pieces
of content from a content issuer 320 and one or more corresponding
rights objects from a copyright issuer 310.
[0053] A host is a device, which plays back DRM content according
to rights included in a rights object, and includes an SMC
connection unit. An online host is an SMC-support host that can
access a network and receive a rights object from a copyright
issuer.
[0054] Examples of the online host 330 include a PC, a mobile
phone, a PDA, a portable media player (PMP), and a kiosk. If a
kiosk is used as the online host 330, an SMC can be purchased at
the same time when a rights object is issued, which will be
described with reference to FIG. 3.
[0055] Referring to FIG. 3, the user selects and pays for desired
content 321 using a content purchase interface provided by the
online host 330 (operation S301).
[0056] The content purchase interface provided by the online host
330 may include a display unit (not shown) displaying one or more
content lists and/or an input unit (not shown) receiving selection
of content in order to facilitate the selection of the user. In
addition, the content purchase interface may be connected to a
settlement system (not shown) by wired and wireless networks so
that the user can pay for the content 321.
[0057] After operation S301, a rights object 311 for the paid
content 321 is encrypted using a key of a binding target designated
by the online host 330 (operation S302).
[0058] The binding target may be designated according to a policy
of the copyright issuer 310. Alternatively, the user may designate
the binding target after paying for the content 321.
[0059] Binding targets according to this exemplary embodiment
include a card, a user, a domain and a host, and a detailed
description thereof is as follows.
[0060] (1) SMC binding: since a rights object is encrypted using a
key of an SMC, if it is moved or copied to devices other than the
SMC, corresponding content cannot be used. However, anyone who
holds the SMC can consume the rights object bound to the SMC.
[0061] (2) User binding: since a rights object is encrypted using a
key of a user, other people cannot use the rights object. However,
the user can consume the rights object bound to various devices
that the user has.
[0062] (3) Domain binding: since a rights object is encrypted using
a key of a domain, devices that have not joined the domain cannot
use the rights object. However, all devices that have joined the
domain can consume the rights object bound to the domain.
[0063] (4) Host binding: since a rights object is encrypted using a
key of a host, if the rights object is moved to devices other than
the host, it cannot be used. However, anyone who owns the host can
consume the rights object bound to the host.
[0064] A rights object can be moved and copied when the right to
move and copy the rights object is available. If a rights object is
moved from a first device to a second device, the rights object is
completely removed from the first device. Therefore, the rights
object exists only in the second device.
[0065] In operation S302, if it is the copyright issuer 310 that
binds the rights object 311 to a binding target, the rights object
311 is encrypted using a key of a binding target designated by the
copyright issuer 310 and transmitted subsequently to the online
host 330. On the other hand, in operation S302, if it is the online
host 330 that binds the rights object 311, the rights object 311 is
encrypted using a key of a binding target designated by the online
host 330 after the rights object 311 is issued by the copyright
issuer 310 to the online host 330.
[0066] After operation S302, the encrypted rights object 311 and
the content 321 are transmitted to the online host 330 (operation
S303).
[0067] After operation S303, the encrypted rights object 311 and
the content 321 are moved to and stored in the SMC 340 (operation
S304).
[0068] In this case, the rights object 311 may include the right to
move the rights object 311 from the online host 330 to the SMC 340,
and the right may limit the rights object 311 to be moved only to a
predetermined SMC.
[0069] After operation S304, the user may retrieve the SMC 340 from
the online host 330 and use the content 321 by consuming the rights
object 311 according to the binding target.
[0070] FIG. 4 illustrates a method of using a rights object
required to use digital content according to an exemplary
embodiment of the present invention.
[0071] In the exemplary embodiment illustrated in FIG. 4, it is
assumed that content 412 and a rights object 411 are stored in an
SMC 410 held by a user and that the user inserts the SMC 410 into a
host 420 in order to use the content 412 and the rights object
411.
[0072] If the SMC 410 is inserted into the host 420, the host 420
and the SMC 410 form a security channel after authenticating each
other (operation S401).
[0073] Here, the SMC 410 and the host 420 can authenticate each
other using a binding target.
[0074] For example, if the rights object 411 stored in the SMC 410
is bound to a user key, the SMC 410 and the host 420 can
authenticate each other using the user key in operation S401.
However, the present invention is not limited thereto, and the SMC
410 and the host 420 can also authenticate each other using other
methods.
[0075] The security channel is a transmission channel formed after
devices authenticate each other, and guarantees the encryption and
integrity of transmission data.
[0076] After operation S401, if the host 420 requests the SMC 410
to provide the rights object 411, the SMC 410 transmits the rights
object 411 to the host 420 (operation S402).
[0077] The rights object 411 transmitted to the host 420 includes
the right to use the content 412, usage limit information of the
content 412, duplication limit information of the rights object
411, an identification (ID) of the rights object 411, an ID of the
content 412, etc.
[0078] Hereinafter, the above information contained in the rights
object 411 will be described in more detail.
[0079] The right to use the content 412 includes a content
encryption key (CEK) required to decrypt the content 412, and the
CEK is a key value used by a device (the host 420 in this exemplary
embodiment) to decrypt the content 412. The host 420 receives the
rights object 411 from a storage device (the SMC 410 in this
exemplary embodiment) storing the rights object 411, extracts the
CEK from the received rights object 411, and decrypts the content
412 using the extracted CEK. Thus, the protected content 412 can be
used.
[0080] The usage limit information indicates a limit to which the
rights object 411 can be consumed in order to execute the content
412. Types of limits contained in the usage limit information
include a usage date limit, a usage frequency limit, a usage period
limit, and a usage time limit.
[0081] In addition, the duplication limit information indicates the
number of times or a degree to which the rights object 411 can be
copied or moved. The duplication limit information may include copy
limit information and movement limit information.
[0082] Copying the rights object 411 denotes transmitting the
rights object 411 from the existing host 420 or a first storage
device (hereinafter, referred to as a source device) to another
host (not shown) or a second storage device (hereinafter, referred
to as a destination device) without removing the rights object 411
from the source device. Moving the rights object 411 denotes
transmitting the rights object 411 from the source device to the
destination device while removing the rights object 411 from the
source device.
[0083] Therefore, a user can copy or move a rights object stored in
a host or a portable storage device to another host or another
portable storage device up to a maximum number of times that the
rights object can be copied or moved, which is set in the rights
object.
[0084] The ID of the rights object 411 is an identifier used to
distinguish the rights object 411 from other rights objects, and
the ID of the content 412 is an identifier used to identify the
content 412 which can be executed by consuming the rights object
411.
[0085] The rights object 411, which was transmitted from the SMC
410 to the host 420 in operation S402, is decrypted by the host 420
using a binding target key, and the decrypted rights object 411
provides information required to play back the content 412
(operation S403).
[0086] Here, the binding target key used to decrypt the rights
object 411 is determined according to a binding target key used to
encrypt the rights object 411.
[0087] Binding targets according to this exemplary embodiment
include a card, a user, a domain and a host, and a detailed
description thereof is as follows.
[0088] (1) SMC binding: a rights object is decrypted using a key of
an SMC.
[0089] (2) User binding: a host generates a user's key based on
input user information or receives the user's key from a
predetermined repository, and decrypts a rights object using the
user's key.
[0090] (3) Domain binding: a host, which has joined a domain,
decrypts a rights object using a key of the domain.
[0091] (4) Host binding: if a host currently connected to an SMC is
a host to which a rights object is bound, the rights object is
decrypted using a key of the host.
[0092] After operation S403, the content 412 is decrypted using the
CEK, which was obtained from the decrypted rights object 411, and
used by the user (operation S404).
[0093] FIG. 5 is a block diagram of an apparatus for issuing a
rights object required to use digital content according to an
exemplary embodiment of the present invention.
[0094] Referring to FIG. 5, a DRM apparatus 500 includes an SMC
501, a purchase interface unit 502, an encryption unit 503, and a
communication interface unit 504. The SMC 501 stores content, a
rights object and state information of the rights object, and
supports the use of the content according to copyright and
copyright restrictions. The purchase interface unit 502 receives
information regarding content selected by a user to purchase and is
used by the user to pay for the selected content. The encryption
unit 503 encrypts a rights object for the paid content using a
designated biding target key and stores the encrypted rights object
in the SMC 501. The communication interface unit 504 communicates
with the SMC 501.
[0095] As described above, the SMC 501 stores content, a rights
object and state information of the rights object, and supports the
use of the content according to copyright and copyright
restrictions. Examples of the SMC 501 include a memory card and a
smart card.
[0096] The state information of the rights object indicates the
degree to which the rights object has been consumed. The state
information may be included in the rights object. Alternatively, a
device storing the rights object may manage the state information
separately from the rights object.
[0097] For example, if a usage time limit is set to 10 hours in a
rights object and a host has consumed the rights object for more
than 4 hours in order to use corresponding content, the state
information of the rights object may represent the period of time
during which the host has consumed the rights object so far, that
is, 4 hours, or the period of time during which the host can
consume the rights object and use the content, that is, 6
hours.
[0098] The purchase interface unit 502 receives information
regarding content selected by a user to purchase, and is used by
the user to pay for the selected content.
[0099] To this end, the purchase interface unit 502 may include an
input unit (not shown) and may be connected to a separate
settlement system (not shown) so that the user can pay for the
content.
[0100] The encryption unit 503 encrypts a rights object for the
content, which was paid for using the purchase interface unit 502,
using a designated binding target key, and stores the encrypted
rights object in the SMC 501 via the communication interface unit
504.
[0101] The communication interface unit 504 may include a
predetermined contact terminal in order to contact the SMC 501 and
transmit or receive data to/from the SMC 501. The communication
interface unit 504 may also include a predetermined wireless
communication device in order to wirelessly transmit or receive
data to/from the SMC 501 without contacting the SMC 501.
[0102] A binding target may be designated according to a policy of
a copyright issuer. Alternatively, the user may designate a binding
target after paying for the content.
[0103] Binding targets according to this exemplary embodiment
include a card, a user, a domain and a host, and a detailed
description thereof is as follows.
[0104] (1) SMC binding: since a rights object is encrypted using a
key of an SMC, if it is moved or copied to devices other than the
SMC, corresponding content cannot be used. However, anyone who
holds the SMC can consume the rights object bound to the SMC.
[0105] (2) User binding: since a rights object is encrypted using a
key of a user, other people cannot use the rights object. However,
the user can consume the rights object bound to various devices
that the user has.
[0106] (3) Domain binding: since a rights object is encrypted using
a key of a domain, devices that have not joined the domain cannot
use the rights object. However, all devices that have joined the
domain can consume the rights object bound to the domain.
[0107] (4) Host binding: since a rights object is encrypted using a
key of a host, if the rights object is moved to devices other than
the host, it cannot be used. However, anyone who has the host can
consume the rights object bound to the host.
[0108] A rights object can be moved or copied, when the right to
move or copy the rights object is available. If a rights object is
moved from a first device to a second device, the rights object is
completely removed from the first device. Therefore, the rights
object exists only in the second device.
[0109] If it is a copyright issuer that binds the rights object to
a binding target, the rights object is encrypted by the encryption
unit 503 using a key of a binding target designated by the
copyright issuer and transmitted subsequently to an online host. On
the other hand, if it is the online host that binds the rights
object, the rights object is encrypted using a key of a binding
target designated by the online host after the rights object is
issued by the copyright issuer.
[0110] FIG. 6 is a block diagram of an apparatus for using a rights
object required to use digital content according to another
exemplary embodiment of the present invention.
[0111] Referring to FIG. 6, a DRM apparatus 600 includes an SMC
601, a communication interface unit 602, and a content provision
unit 603.
[0112] The SMC 601 stores content, a rights object and state
information of the rights object, and supports the use of the
content according to copyright and copyright restrictions. The
communication interface unit 602 forms a security channel with the
SMC 601 after mutual authentication and receives a rights object
from the SMC 601. The content provision unit 603 decrypts the
received rights object using a binding target key and provides
information needed to play back content.
[0113] The SMC 601 included in the DRM apparatus 600 of FIG. 6 is
identical to the SMC 501 included in the DRM apparatus 500 of FIG.
5, and thus a detailed description thereof will not be
repeated.
[0114] As described above, the communication interface unit 602
forms a security channel with the SMC 601 after mutual
authentication, and receives a rights object from the SMC 601.
[0115] To this end, the communication interface unit 602 may
include a predetermined contact terminal in order to contact the
SMC 601 and transmit or receive data to/from the SMC 601. The
communication interface unit 602 may also include a predetermined
wireless communication device in order to wirelessly transmit or
receive data to/from the SMC 601 without contacting the SMC
601.
[0116] The DRM apparatus 600 illustrated in FIG. 6 forms the
security channel with the SMC 601 using the communication interface
unit 602, and receives a rights object.
[0117] The security channel is a transmission channel formed after
devices authenticate each other and guarantees the encryption and
integrity of transmission data.
[0118] The content provision unit 603 decrypts the received rights
object using a binding target key, and provides information
required to play back content.
[0119] Here, the content provision unit 603 determines a binding
target key, which is to be used to decrypt the received rights
object, according to a binding target key used to encrypt the
rights object.
[0120] Binding targets according to this exemplary embodiment
include a card, a user, a domain and a host, and a detailed
description thereof is as follows.
[0121] (1) SMC binding: a rights object is decrypted using a key of
an SMC.
[0122] (2) User binding: a host generates a user's key based on
input user information or receives the user's key from a
predetermined repository, and decrypts a rights object using the
user's key.
[0123] (3) Domain binding: a host, which has joined a domain,
decrypts a rights object using a key of the domain.
[0124] (4) Host binding: if a host currently connected to an SMC is
a host to which a rights object is bound, the rights object is
decrypted using a key of the host.
[0125] The content provision unit 603 obtains a CEK from the
decrypted rights object, and decrypts the content so that the user
can use the content.
[0126] Each component illustrated in FIGS. 5 and 6 may be
implemented as, but is not limited to, a software or hardware
component, such as a Field Programmable Gate Array (FPGA) or
Application Specific Integrated Circuit (ASIC), which performs
certain tasks.
[0127] Each component may advantageously be configured to reside on
the addressable storage medium and configured to execute on one or
more processors. Thus, a component may include, by way of example,
components, such as software components, object-oriented software
components, class components and task components, processes,
functions, attributes, procedures, subroutines, segments of program
code, drivers, firmware, microcode, circuitry, data, databases,
data structures, tables, arrays, and variables. The functionality
provided for in the components may be combined into fewer
components or further separated into additional components.
[0128] As described above, a method and apparatus for issuing a
rights object required to use digital content according to
exemplary embodiments of the present invention provide at least one
of the following advantages.
[0129] Since content and a rights object are kept in hardware, such
as an SMC, in the form of media, the possession value of digital
content media and the convenience of content management are
provided. In addition, content can be used on various multimedia
devices.
[0130] Since consumers are able to purchase DRM content, which is
usually sold online, offline, the digital content market can expand
its consumer base by absorbing consumers who are not familiar with
the Internet.
[0131] If a rights object issued to an SMC includes information
definitely needed to use DRM content, different DRMs can be
supported. Therefore, a playback area of digital content can be
easily expanded.
[0132] Furthermore, no uniform limitation is imposed on the copying
and moving of a rights object. Instead, various policies for the
use of content can be reflected. Therefore, content usability can
be enhanced.
[0133] Since a copyright issuer and a content provider can directly
sell content, the digital content market can be diversified.
[0134] While the present invention has been particularly shown and
described with reference to exemplary embodiments thereof, it will
be understood by those of ordinary skill in the art that various
changes in form and detail may be made therein without departing
from the spirit and scope of the present invention as defined by
the following claims. The exemplary embodiments should be
considered in descriptive sense only and not for purposes of
limitation.
* * * * *