U.S. patent application number 12/982350 was filed with the patent office on 2011-05-19 for method and apparatus for sharing licenses between secure removable media.
This patent application is currently assigned to HUAWEI TECHNOLOGIES CO., LTD.. Invention is credited to Chen HUANG, Weizhong Yuan, Renzhou Zhang, Zhipeng Zhou.
Application Number | 20110119494 12/982350 |
Document ID | / |
Family ID | 41609935 |
Filed Date | 2011-05-19 |
United States Patent
Application |
20110119494 |
Kind Code |
A1 |
HUANG; Chen ; et
al. |
May 19, 2011 |
METHOD AND APPARATUS FOR SHARING LICENSES BETWEEN SECURE REMOVABLE
MEDIA
Abstract
A method and an apparatus for sharing a license between SRMs are
disclosed. The method includes: a DRM agent obtains the license
from a first SRM, and sets the license to a forwarding state
locally; the DRM agent deducts one right of sharing the license;
and the DRM agent sends the license to a second SRM. In the prior
art, one moving right is deducted when the license moves from SRM1
to the device, and the other moving right is deducted when the
license moves from the device to SRM2. By contrast, in the
technical solution under the present invention, the license
forwarded by the DRM agent is set to the forwarding state, and only
one sharing right needs to be deducted, and therefore, the
consumption of the sharing rights is reduced and the subscriber's
rights are protected.
Inventors: |
HUANG; Chen; (Shenzhen,
CN) ; Zhang; Renzhou; (Shenzhen, CN) ; Zhou;
Zhipeng; (Shenzhen, CN) ; Yuan; Weizhong;
(Shenzhen, CN) |
Assignee: |
HUAWEI TECHNOLOGIES CO.,
LTD.
Shenzhen
CN
|
Family ID: |
41609935 |
Appl. No.: |
12/982350 |
Filed: |
December 30, 2010 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
PCT/CN2009/071721 |
May 11, 2009 |
|
|
|
12982350 |
|
|
|
|
Current U.S.
Class: |
713/182 ;
726/26 |
Current CPC
Class: |
G06F 21/60 20130101;
G06F 21/10 20130101; H04L 2463/101 20130101; G06F 2221/0777
20130101; H04L 63/10 20130101 |
Class at
Publication: |
713/182 ;
726/26 |
International
Class: |
G06F 21/00 20060101
G06F021/00; H04L 9/00 20060101 H04L009/00 |
Foreign Application Data
Date |
Code |
Application Number |
Jul 29, 2008 |
CN |
200810134766.3 |
Claims
1. A method for sharing a license between Secure Removable Media
(SRM), comprising: obtaining, by a Digital Rights Management (DRM)
agent, the license from a first SRM, and setting the license to a
forwarding state locally; deducting, by the DRM agent, one right of
sharing the license; and sending, by the DRM agent, the license to
a second SRM.
2. The method of claim 1, wherein: sharing of the license is
copying of the license or moving of the license, and sharing of
rights is copying of the rights or moving of the rights; when
sharing of the license is moving of the license, the method further
comprises: triggering, by the DRM agent, the first SRM to delete
the license; when the sharing of the license is copying of the
license, the deducting of one right of sharing the license by the
DRM agent comprise: deducting, by the DRM agent, one right of
copying of the license on the first SRM, wherein the license sent
by the DRM agent to the second SRM does not comprise the copying
right; or, deducting, by the DRM agent, one right of copying of the
license sent to the second SRM, and deducting all rights of copying
the license on the first SRM.
3. The method of claim 1, further comprising: keeping, by the DRM
agent, a log in the forwarding process, wherein the log comprises
at least one of a operation type, a current state, a license
identifier, an identifier of the first SRM, a first handle on the
first SRM corresponding to the license, an identifier of the second
SRM, and a second handle on the second SRM corresponding to the
license; when the sharing of the license is interrupted, the method
further comprises: continuing, by the DRM agent, sending the
license to the second SRM according to the log; or, recovering, by
the DRM agent, the license on the first SRM according to the
log.
4. The method of claim 1, wherein the sending of the license by the
DRM agent to the second SRM comprises: forwarding, by the DRM
agent, the license to the second SRM through another DRM agent.
5. A method for sharing a license, comprising: triggering, by a
Digital Rights Management (DRM) agent, a first Secure Removable
Medium (SRM) and a second SRM to negotiate a shared key;
encrypting, by the first SRM, partial or complete information of
the license by using the shared key; and sending the license to the
second SRM.
6. The method of claim 5, wherein: before the first SRM sends the
license to the second SRM, the method further comprises:
performing, by the first SRM, integrity protection for partial or
complete information of the license by using the shared key.
7. The method of claim 5, wherein: after the first SRM sends the
license to the second SRM, the method further comprises:
authenticating, by the second SRM, the license, and deducting one
right of sharing the license after the authentication succeeds.
8. The method of claim 5, wherein: before the first SRM sends the
license to the second SRM, the method further comprises: deducting,
by the first SRM, one right of sharing the license.
9. The method of claim 5, wherein the sending of the license by the
first SRM to the second SRM comprises: sending, by the first SRM,
the license to the second SRM through the DRM agent; and
authenticating, by the DRM agent, the license in a forwarding
process, and deducting one right of sharing the license.
10. The method of claim 5, wherein the triggering, by the DRM agent
, the first SRM and the second SRM to negotiate the shared key
comprises: initiating, by the DRM agent, an authentication process
to the first SRM, and obtaining a first SRM certificate chain;
initiating, by the DRM agent, an authentication process to the
second SRM, sending the obtained first SRM certificate chain to the
second SRM, and obtaining a second SRM certificate chain and a
second random number from the second SRM, wherein the second random
number is encrypted through a first SRM public key; initiating, by
the DRM agent, a key exchange process to the first SRM, sending the
second SRM certificate chain and the second random number encrypted
through the first SRM public key to the first SRM, and obtaining a
first random number encrypted through a second SRM public key from
the first SRM; initiating, by the DRM agent, a key exchange process
to the second SRM, and sending the first random number encrypted
through the second SRM public key to the second SRM; and using, by
the first SRM and the second SRM, the first random number and the
second random number to determine the shared key.
11. A method for sharing a license, comprising: sending, by a first
Digital Rights Management (DRM) agent, the license to an Rights
Issuer (RI) after obtaining the license from a first Secure
Removable Medium (SRM); obtaining, by a second DRM agent, the
license from the RI; and sending, by a second DRM agent, the
license to a second SRM.
12. The method of claim 11, wherein: before the second DRM agent
obtains the license from the RI, the method further comprises:
generating, by the RI, a license bound to the second SRM according
to the license obtained from the first SRM.
13. The method of claim 11, wherein: before the second DRM agent
obtains the license from the RI, the method further comprises:
verifying, by the RI, that the first SRM and the second SRM belong
to the same subscriber.
14. A method for sharing a license, comprising: sending, by a
Digital Rights Management (DRM) agent, the license obtained from a
first Secure Removable Medium (SRM) to a second SRM after
determining that the first SRM and the second SRM belong to a same
subscriber.
15. The method of claim 14, wherein the determining of that the
first SRM and the second SRM belong to the same subscriber by the
DRM agent comprises: sending, by the DRM agent, a query message
that carries an identifier of the first SRM to the RI or a
subscriber manage server to query a subscriber to whom the first
SRM belongs; sending, by the DRM agent, a query message that
carries an identifier of the second SRM to the RI or a subscriber
manager to query a subscriber to whom the second SRM belongs; and
verifying, by the DRM agent, whether the first SRM and the second
SRM belong to the same subscriber; or, sending, by the DRM agent, a
query message that carries the identifier of the first SRM and the
identifier of the second SRM to the RI or subscriber manage server
to verify whether the first SRM and the second SRM belong to the
same subscriber; and returning, by the RI or the subscriber manage
server, a query response to the DRM agent, indicating whether the
first SRM and the second SRM belong to the same subscriber.
16. An apparatus for sharing a license, comprising: an obtaining
unit, configured to obtain the license from a first Secure
Removable Medium (SRM); a forwarding setting unit, configured to
set the obtained license to a forwarding state; a sending unit,
configured to send the obtained license to a second SRM; and a
controlling unit, configured to deduct one right of sharing the
license.
17. The apparatus of claim 16, further comprising: a deletion
requesting unit, configured to request the first SRM to delete the
license; and a deletion response receiving unit, configured to
receive a license deletion response returned by the first SRM.
18. An apparatus for sharing a license, comprising: a Secure
Removable Media (SRM) interacting unit, configured to trigger a
first SRM and a second SRM to perform key negotiation; and a
forwarding unit, configured to forward the license of the first SRM
to the second SRM.
19. An apparatus for sharing a license between a first Secure
Removable Media (SRM) and a second SRM, located in the first SRM,
comprising: a key negotiating unit, configured to perform key
negotiation with the second SRM; a processing unit, configured to
encrypt partial information or complete information of the license
by using a shared key negotiated with the second SRM; and a sending
unit, configured to send the license to the second SRM.
20. The apparatus of claim 19, further comprising: a deleting unit,
configured to delete a local license after confirming that the
second SRM receives the license.
Description
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application is a continuation of International
Application No. PCT/CN2009/071721, filed on May 11, 2009, which
claims priority to Chinese Patent Application No. 200810134766.3,
filed on Jul. 29, 2008, both of which are hereby incorporated by
reference in their entireties.
FIELD OF THE INVENTION
[0002] The present invention relates to Digital Rights Management
(DRM) technologies, and in particular, to a method and an apparatus
for sharing licenses between Secure Removable Media (SRM).
BACKGROUND
[0003] In order to protect legal rights of the content owner, the
DRM manages use of digital contents through a content protection
and rights control solution.
[0004] A typical DRM solution includes: A Content Issuer (CI) uses
a Content Encryption Key (CEK) to encrypt digital contents and
encapsulate them into a DRM Content Format (DCF), distributes them
to the devices, and sends the content identifier of the digital
contents and the corresponding CEK to the Rights Issuer (RI). The
RI generates a license corresponding to the digital contents, and
sends the license to a DRM agent in the device. The license
includes the CEK, and the rights and limitations of using the
contents. The rights include execution, playing, and moving; and
the limitations include use count, accumulated time, and validity
period. After obtaining the DCF and the license, the DRM agent
obtains the CEK through decryption, obtains the contents through
decryption, and uses the digital contents according to the rights
specified in the license.
[0005] The SRM is a kind of removable medium that protects internal
data against unauthorized access. With the SRM storing and moving
the DCF and the license, the storage space is expanded, and the
license is movable.
[0006] In certain scenarios, the subscriber expects to present the
license to others or replace the SRM, which involves moving or
copying of the license from one SRM to another SRM. With the
popularization of multi-card-in-one-phone, subscribers have more
requirements of sharing licenses between SRM cards.
[0007] The SRM standard of the Open Mobile Alliance gives protocols
for moving a license from a device to an SRM, and moving a license
from an SRM to a device. The SRM agent is an entity for performing
DRM-related functions in the SRM.
[0008] The prior art provides a solution to moving a license from a
DRM agent to an SRM, and a solution to moving a license from an SRM
to a DRM agent. In both of the solutions, the sharing rights are
deducted after every moving operation. If a license needs to be
moved from SRM1 to SRM2, the license needs to be moved from SRM1 to
the DRM agent first, and then from the DRM agent to SRM2, which
involves at least two deductions of the sharing rights. In the
process of developing the present invention, the inventor finds
that the moving of a license in the prior art involves multiple
deductions of rights, which is a waste of rights to the
subscriber.
SUMMARY
[0009] The embodiments of the present invention provide a method
and an apparatus for sharing a license between SRMs to overcome
unnecessary consumption of sharing rights.
[0010] The embodiments of the present invention are based on the
following technical solution:
[0011] A method for sharing a license between SRMs includes:
[0012] obtaining, by a DRM agent, the license from a first SRM, and
setting the license to a forwarding state locally; deducting one
right of sharing the license; and sending the license to a second
SRM.
[0013] A method for sharing a license includes:
[0014] triggering, by a DRM agent, a first SRM and a second SRM to
negotiate a shared key;
[0015] encrypting, by the first SRM, partial or complete
information of the license by using the shared key; and
[0016] sending the license to the second SRM.
[0017] A method for sharing a license includes:
[0018] sending, by a first DRM agent, the license to an RI after
obtaining the license from a first SRM; and
[0019] obtaining, by the second DRM agent, the license from the RI,
and sending the license to a second SRM.
[0020] A method for sharing a license includes:
[0021] sending, by a DRM agent, the license obtained from a first
SRM to a second SRM after determining that the first SRM and the
second SRM belong to the same subscriber.
[0022] An apparatus for sharing a license includes:
[0023] an obtaining unit, configured to obtain the license from a
first SRM;
[0024] a forwarding setting unit, configured to set the obtained
license to a forwarding state;
[0025] a sending unit, configured to send the obtained license to a
second SRM; and
[0026] a controlling unit, configured to deduct one right of
sharing the license.
[0027] An apparatus for sharing a license includes:
[0028] an SRM interacting unit, configured to trigger a first SRM
and a second SRM to perform key negotiation; and
[0029] a forwarding unit, configured to forward the license of the
first SRM to the second SRM.
[0030] An apparatus for sharing a license between a first SRM and a
second SRM is located in the first SRM, and includes:
[0031] a key negotiating unit, configured to perform key
negotiation with the second SRM;
[0032] a processing unit, configured to encrypt partial information
or complete information of the license by using a shared key
negotiated with the second SRM; and
[0033] a sending unit, configured to send the license to the second
SRM.
[0034] An apparatus for sharing a license is located in a second
SRM and includes:
[0035] a key negotiating unit, configured to perform key
negotiation with a first SRM;
[0036] a receiving unit, configured to receive the license sent by
the first SRM; and
[0037] a rights deducting unit, configured to deduct one operation
right after the receiving unit receives a correct license.
[0038] An apparatus for sharing a license includes:
[0039] an obtaining unit, configured to obtain the license of a
first SRM from a first DRM agent; and
[0040] a sending unit, configured to: send the license to a second
DRM agent, and submit the license to a second SRM through the
second DRM agent.
[0041] An apparatus for sharing a license includes:
[0042] a determining unit, configured to determine whether a first
SRM and a second SRM belong to the same subscriber;
[0043] an obtaining unit, configured to obtain the license from the
first SRM if the determining unit determines that the first SRM and
the second SRM belong to the same subscriber; and
[0044] an executing unit, configured to send the license to the
second SRM.
[0045] In the prior art, one moving right is deducted when the
license moves from SRM1 to the device, and the other moving right
is deducted when the license moves from the device to SRM2. By
contrast, in the embodiments of the present invention, the license
forwarded by the DRM agent is set to the forwarding state, and only
one moving right needs to be deducted, and therefore, the
consumption of the moving rights is reduced and the subscriber's
rights are protected.
[0046] In another embodiment of the present invention, the rights
in SRM 1 are deleted only if SRM2 determines that it is capable of
installing the rights. In the case that SRM2 is incapable of
installing the rights, the DRM agent can recover the original
rights on SRM1 easily by recovering the available state of the
rights.
[0047] In another embodiment of the present invention, a Secure
Authenticated Channel (SAC) is set between SRM1 and SRM2, the SAC
moves the license, and a DRM agent is responsible only for
forwarding the license. Because the forwarded rights are encrypted
through the key negotiated between SRM1 and SRM2, the DRM agent is
unable to execute operations for the rights. Therefore, the
security of the rights is improved.
[0048] In another embodiment of the present invention, because an
RI submits the rights to SRM2, it is not necessary to consume the
moving rights or the copying rights. Therefore, the fourth
embodiment is also applicable to sharing of the license between
SRMs of the same subscriber.
[0049] In other embodiments of the present invention, a license is
shared between the SRMs that belong to the same subscriber. The DRM
agent queries the RI about the subscriber to whom the
[0050] SRM belongs. If the RI is unaware of the subscriber to whom
the SRM belongs, the DRM agent may need to query another entity
such as subscriber manage server about the subscriber to whom the
SRM belongs. Alternatively, the DRM agent queries the entity that
manages the relations between the SRM and the subscriber (such as
subscriber manage server) directly about the subscriber to whom the
SRM belongs. In this case, because the license is shared between
the SRMs that belong to the same subscriber, no sharing rights need
to be deducted, and the subscriber's resources are saved.
BRIEF DESCRIPTION OF THE DRAWINGS
[0051] FIG. 1 is a flowchart of a method for sharing a license
between SRMs according to the first embodiment of the present
invention;
[0052] FIG. 2 is a flowchart of a method for sharing a license
between SRMs according to the second embodiment of the present
invention;
[0053] FIG. 3 is a flowchart of a method for sharing a license
between SRMs according to the third embodiment of the present
invention;
[0054] FIG. 4 is a flowchart of negotiating a shared key between
SRMs shown in FIG. 3 according to an embodiment of the present
invention;
[0055] FIG. 5 is a flowchart of a method for sharing a license
between SRMs according to the fourth embodiment of the present
invention;
[0056] FIG. 6 is a flowchart of a method for sharing a license
between SRMs of the same subscriber according to the fifth
embodiment of the present invention;
[0057] FIG. 7 is a flowchart of a method for sharing a license
between SRMs of the same subscriber according to the sixth
embodiment of the present invention;
[0058] FIG. 8 shows a structure of a first apparatus on a DRM agent
according to an embodiment of the present invention;
[0059] FIG. 9 shows a structure of a second apparatus on a DRM
agent according to an embodiment of the present invention;
[0060] FIG. 10 shows a structure of a third apparatus on a first
SRM according to an embodiment of the present invention;
[0061] FIG. 11 shows a structure of a fourth apparatus on a second
SRM according to an embodiment of the present invention;
[0062] FIG. 12 shows a structure of a fifth apparatus on an RI or
subscriber manager according to an embodiment of the present
invention; and
[0063] FIG. 13 shows a structure of a sixth apparatus on a DRM
agent according to an embodiment of the present invention.
DETAILED DESCRIPTION OF THE EMBODIMENTS
[0064] The embodiments of the present invention provide a solution
to sharing a license between SRMs. Only one sharing right is
consumed when the license in SRM1 is shared with SRM2 through a DRM
agent or RI.
[0065] The license sharing mentioned above includes moving and
copying of the license. The following method embodiments primarily
take the moving operation as an example.
[0066] The embodiments of the method for sharing a license between
SRMs are elaborated below.
[0067] Overall, the method in the first embodiment and the method
in the second embodiment include the following steps:
[0068] A DRM agent obtains the license from a first SRM, and sets
the license to a forwarding state locally;
[0069] the DRM agent deducts one right of sharing the license;
and
[0070] the DRM agent sends the license to a second SRM.
[0071] Sharing of a license refers to copying or moving of the
license, and sharing of rights refers to copying or moving of the
rights.
[0072] When sharing of a license refers to moving of the license,
the following step needs to be performed additionally: The DRM
agent triggers the first SRM to delete the license.
[0073] The first embodiment differs from the second embodiment in
the time of performing the steps. In the first embodiment, the DRM
agent triggers the first SRM to delete the license after the DRM
agent sets the obtained license to a forwarding state; in the
second embodiment, the DRM agent triggers the first SRM to delete
the license after the DRM agent determines that the license is
received by the second SRM.
[0074] First of all, the first embodiment is described below.
[0075] FIG. 1 is a flowchart of a method for sharing a license
between SRM1 and SRM2 in the first embodiment of the present
invention. The method includes the following steps:
[0076] S101: The DRM agent and SRM agent 1 authenticate each other,
and a Secure Authenticated Channel (SAC) is set up between them. In
the authentication process, the license is exchanged between DRM
agent and SRM agent 1, and is checked for validity. A random number
is exchanged between them, and a communication key is generated
according to the random number. The communication keys include an
encryption key and an integrity protection key.
[0077] The method of setting up a SAC between the DRM agent and the
SRM agent is covered in the prior art, and is not detailed here any
further.
[0078] S102-S103: The DRM agent initiates a process of moving the
rights on SRM1 to SRM2 directly. This operation may be triggered by
interaction between the subscriber and the DRM agent. The DRM agent
obtains the rights information and the REK from SRM1, which is
covered in the prior art.
[0079] S104: The DRM agent authenticates the rights information and
the moving rights, and deducts the moving rights after the
authentication succeeds, which is covered in the prior art. The
deduction of the moving rights may be: deducting one from the
remaining moving rights in the state information corresponding to
the rights, or adding one to the consumed moving rights in the
state information corresponding to the rights. Once the rights are
set to a forwarding state on the device, it means that the rights
need to be moved to another SRM and are not available to the DRM
agent for consuming contents. In this case, if the DRM agent knows
that the rights will be moved to SRM2, the DRM agent may specify
the SRM2 identifier.
[0080] S105-106: The DRM agent instructs SRM agent 1 to delete the
rights, which is covered in the prior art.
[0081] S107-S108: The DRM agent checks whether SRM2 has enough
space for installing the rights, which is covered in the prior
art.
[0082] Before S107, the DRM agent and SRM agent 2 authenticate each
other, and a SAC is set up between them. This step is S107a in FIG.
1. If the DRM agent can interact with two SRM agents
simultaneously, S107a may occur at any time before S107.
[0083] If the DRM agent cannot interact with two SRM agents
simultaneously, before S107, the DRM agent may be disconnected from
SRM1 first, and then get connected with SRM2 to perform subsequent
steps. The subscriber may operate the device to trigger the
implementation of the subsequent steps. Specifically, the rights
may be saved as a file of a special format in the device. The
subscriber browses and determines that the rights are in the
forwarding state, and chooses to move the file to another SRM to
complete the forwarding. Alternatively, the device indicates the
rights information to the subscriber, and the subscriber chooses
whether to continue with the moving. Alternatively, the device
performs the operation automatically according to the identifier of
the destination device correlated with the rights. For example,
when getting connected to SRM2, the device searches for local
rights which are in the forwarding state and correlated with SRM2
as a destination device, and performs the steps after S107
automatically.
[0084] S109-S110: The DRM agent sends a rights installation request
message to SRM agent 2. The rights installation request message
carries a handle, a REK, a list of hash values of the content
identifier, and rights information. SRM2 installs the rights and
returns a response, without deducting the moving rights for a
second time. Therefore, the number of times of deducting the moving
rights is reduced.
[0085] S111: If SRM2 installs the rights successfully, the DRM
agent deletes the local rights.
[0086] Optionally, the moving rights are not deducted in S104, but
are deducted on the device after the rights are installed onto
SRM2.
[0087] Besides, after S106, the device may retain the record of the
source SRM that forwards the rights, namely, record of SRM1. In
this way, if the process of installing the rights onto SRM2 fails,
for example, due to deficient space of SRM2, the rights can be
recovered to SRM1, and the subscriber's rights are protected.
[0088] The first embodiment deals with the license sharing method
by taking license moving as an example. As mentioned above, license
sharing still includes license copying. The process of copying a
license in SRM1 to SRM2 is similar to FIG. 1, but differs in that
the copying rights are consumed in the copying process: The DRM
agent deducts one right of copying the license on SRM1, and the
license sent by the DRM agent to SRM2 does not include copying
right. Alternatively, the DRM agent deducts one right of copying
the license sent to SRM2, and deducts all rights of copying the
license on SRM1. SRM1 does not need to delete the license.
[0089] In the prior art, one sharing right is deducted when the
license moves from SRM1 to the device, and the other sharing right
is deducted when the license moves from the device to SRM2.
[0090] By contrast, in this embodiment of the present invention,
the rights forwarded by the DRM agent are set to the forwarding
state, and only one moving right needs to be deducted, and
therefore, the consumption of the moving rights is reduced and the
subscriber's rights are protected.
[0091] Described below is a second embodiment of the method for
sharing a license between SRMs.
[0092] In S107-S108 of FIG. 1 in the first embodiment, if the
process of installing the rights onto SRM2 fails, the rights are
recovered to SRM1, which is rather complicated. A simpler solution
is to make sure that SRM2 has enough space for installing the
rights and then delete the rights on SRM1.
[0093] As shown in FIG. 2, the process of the second embodiment
includes the following steps:
[0094] S201: The DRM agent, SRM agent 1, and SRM agent 2
authenticate each other, and a SAC is set up between them. The
mutual authentication between the DRM agent and SRM agent 2 may
occur at any time before S205.
[0095] S202-S203: The DRM agent initiates a process of moving the
rights on SRM1 to SRM2 directly. This operation may be triggered by
interaction between the subscriber and the DRM agent.
[0096] The DRM agent obtains the rights information and the REK
from SRM1.
[0097] S204: The DRM agent authenticates the rights information and
the moving rights, and deducts the moving rights after the
authentication succeeds. The operation of deducting the moving
rights may be performed after S206.
[0098] S205-S206: The DRM agent checks whether SRM2 has enough
space for installing the rights.
[0099] S207-S208: The DRM agent sends a rights installation request
message to SRM agent 2. The rights installation request message
carries a handle, a REK, a list of hash values of the content
identifier, and rights information. SRM2 installs the rights and
returns a response. If SRM2 installs the rights successfully, the
DRM agent deletes the local rights.
[0100] S209-S210: If SRM2 installs the rights successfully, the DRM
agent instructs SRM agent 1 to delete the rights.
[0101] S209-S210 may occur after S206.
[0102] If the process of installing the rights onto SRM2 fails, for
example, due to deficient space of SRM2, the DRM agent may cancel
the moving operation, and recover the original rights on SRM1. If
the DRM agent is disconnected from an SRM, the DRM agent may keep a
disconnection log. The disconnection log includes: operation type,
current state, license identifier, SRM1 identifier, handle 1 on
SRM1 corresponding to the license, SRM2 identifier, and handle 2 on
SRM2 corresponding to the license on SRM2. At the next attempt of
connection, the license is recovered according to the information
in the disconnection log: The DRM agent continues sending the
license to SRM2 to complete the operation; or cancels the operation
and recovers the license to SRM 1.
[0103] In order to improve the security of the REK to some extent,
the DRM agent may submit the public key or license of SRM2 to SRM
agent 1. SRM agent 1 uses the public key of SRM2 to encrypt the
REK, and transmits the REK to SRM2 through the DRM agent.
[0104] Evidently, the second embodiment differs from the first
embodiment in that: The rights in SRM1 are deleted only if SRM2
determines that it is capable of installing the rights. In the case
that SRM2 is incapable of installing the rights, the DRM agent can
recover the original rights on SRM1 easily by recovering the
available state of the rights.
[0105] Described below is a third embodiment of the method for
sharing a license between SRMs.
[0106] In the third embodiment, with assistance of the DRM agent, a
SAC is set up between SRM1 and SRM2, and the license is shared
through a SAC key. The third embodiment still takes license moving
as an example, and the scenario of copying a license is
similar.
[0107] Overall, the third embodiment includes the following
steps:
[0108] A DRM agent triggers a first SRM and a second SRM to
negotiate a shared key;
[0109] the first SRM encrypts partial or complete information of
the license by using the shared key; and
[0110] the first SRM sends the license to the second SRM.
[0111] The third embodiment is elaborated below with reference to
FIG. 3.
[0112] As shown in FIG. 3, the process of the third embodiment
includes the following steps:
[0113] S301: The DRM agent, SRM agent 1, and SRM agent 2 exchange
the supported trust anchor with each other.
[0114] S302: The DRM agent triggers authentication of SRM agent 1
and SRM agent 2. The authentication trigger message carries the
selected trust anchor. The DRM agent may select the trust anchor
according to the rights to be moved. Optionally, the authentication
trigger message may further carry an SRM2 identifier. To trigger
this step, the subscriber may choose to move the rights between the
two SRMs.
[0115] S303: SRM agent 1 sends an authentication request to SRM
agent 2. The authentication request carries a trust anchor, an SRM1
certificate chain, and the algorithm supported by SRM agent 1. If
direct communication is enabled between SRM agent 1 and SRM agent
2, the message does not need to pass through the DRM agent;
otherwise, all messages need to be forwarded by the DRM agent.
[0116] S304: SRM agent 2 returns an authentication response to SRM
agent 1. The authentication response carries an SRM agent 2
certificate chain, the algorithm selected by SRM2, and random
number 1 (RN1) for generating a key. RN1 needs to be transmitted
after being encrypted through a public key of SRM2.
[0117] S305: SRM agent 1 sends a key exchange request to SRM agent
2. The key exchange request carries random number 2 (RN2) for
generating a key. RN2 needs to be transmitted after being encrypted
through a public key of SRM1.
[0118] S306: SRM agent 2 returns a key exchange response to SRM
agent 1. The key exchange response may carry the hash value of the
connection value of RN1 and RN2 for confirming the random number.
By now, SRM1 and SRM2 have obtained RN1 and RN2, and use RN1 and
RN2 respectively to generate a session key and a Media Access
Control (MAC) key.
[0119] S307: The DRM agent triggers SRM agent 1 to move rights to
SRM2. The moving trigger message may carry a handle or a license
identifier on the SRM1, wherein the handle or license identifier on
the SRM1 corresponds to the right.
[0120] S308: SRM agent 1 sends an initial moving request to SRM
agent 2. The initial moving request carries size of the rights, and
optionally, carries a handle on the SRM2 corresponding to the
rights.
[0121] S309: SRM agent 2 checks whether enough space is available
for installing the rights locally. If a handle is sent by SRM agent
1 in S508, SRM agent 2 needs to check whether the handle sent by
SRM agent 1 is a duplicate of the handle on SRM2, and add the check
result into an initial moving response returned to SRM agent 1. If
no handle is sent by SRM agent 1 in S308, SRM agent 2 may generate
a handle automatically which is different from other handles
existent locally, and may return the generated handle through the
initial moving response.
[0122] S310: SRM agent 1 sends a moving request to SRM agent 2. The
moving request carries rights information, a REK, and a content
identifier correlated to the rights. If SRM agent 1 knows the
handle correlated with the rights on SRM2, this handle may be
carried in the moving request.
[0123] S311: SRM agent 2 authenticates the rights information,
deducts the moving rights after the authentication succeeds, and
stores the rights into SRM2.
[0124] Optionally, SRM agent 1 may check and deduct the moving
rights before S310. In this case, SRM agent 2 does not need to
deduct the moving rights in step S311.
[0125] The third embodiment differs from the first embodiment and
the second embodiment in that: A SAC is set between SRM1 and SRM2;
the license is moved through the SAC; and a DRM agent is
responsible only for forwarding the license. Because the forwarded
rights are encrypted through the key negotiated between SRM1 and
SRM2, the DRM agent is unable to execute operations for the rights.
Therefore, the security of the rights is improved.
[0126] However, if SRM1 and SRM2 are incapable of authenticating
the rights, the DRM agent may authenticate the rights instead and
deduct the moving rights. This operation may be performed in S310,
and the prerequisite is that SRM agent 1 or SRM agent 2 notifies
the MAC key to the DRM agent.
[0127] S301-S306 in FIG. 3 is a process of negotiating the shared
key between two SRMs. This process is put forward in an embodiment
of the present invention, and is outlined below:
[0128] The DRM agent initiates an authentication process to the SRM
1 and obtains the first SRM certificate chain;
[0129] the DRM agent initiates an authentication process to the SRM
2, sends the obtained first SRM certificate chain to the second
SRM, and obtains the second SRM certificate chain and a second
random number from the SRM 2, where the second random number is
encrypted through the first SRM public key;
[0130] the DRM agent initiates a key exchange process to the SRM 1,
sends the second SRM certificate chain and the second random number
encrypted through the first SRM public key to the SRM 1, and
obtains the first random number encrypted through the second SRM
public key from the SRM 1;
[0131] the DRM agent initiates a key exchange process to the SRM 2,
and sends the first random number encrypted through the second SRM
public key to the SRM 2; and
[0132] the SRM land the SRM 2 use the first random number and the
second random number to determine a shared key.
[0133] This process may occur together with the process of
negotiating the shared key between the DRM agent and the two SRMs.
As shown in FIG. 4, this process includes:
[0134] S401: The DRM agent, SRM agent 1, and SRM agent 2 exchange
the supported trust anchor with each other.
[0135] S402: The DRM agent sends an authentication request to SRM
agent 1. The authentication request carries the selected trust
anchor and a device certificate chain corresponding to this trust
anchor. The DRM agent may select the trust anchor according to the
rights to be moved.
[0136] S403: SRM agent 1 returns an authentication response. The
response message carries an SRM1 certificate chain, and a random
number (RNs1d) encrypted through a device public key.
[0137] S404: The DRM agent sends a three-party authentication
request to SRM agent 2. The three-party authentication request
carries the selected trust anchor, a device certificate chain
corresponding to this trust anchor, and an SRM1 certificate
chain.
[0138] S405: SRM agent 2 returns a three-party authentication
response. The three-party authentication response carries an SRM2
certificate chain, a random number (RNs2d) encrypted through a
device public key, and a random number (RNs2s1) encrypted through
an SRM1 public key.
[0139] S406: The DRM agent sends a three-party key exchange request
to SRM agent 1. The three-party key exchange request carries an
SRM2 certificate chain, a random number (RNs2s1) encrypted through
an SRM1 public key, and a random number (RNds1) encrypted through
an SRM1 public key (the random number may be encrypted through the
SRM1 public key after being connected with hash of RNs1d).
[0140] S407: SRM agent 1 returns a three-party key exchange
response. The three-party key exchange response carries a random
number (RN s1s2) encrypted through an SRM2 public key (the random
number may be encrypted through the SRM2 public key after being
connected with hash of RNs2s1), and optionally carries the hash of
the connection value of RNds1 and RNs1d.
[0141] S408: The DRM agent sends another three-party key exchange
request to SRM agent 2. The another three-party key exchange
request carries a random number (RNs1s2) encrypted through an SRM2
public key (the random number may be encrypted through the SRM2
public key after being connected with hash of RNs2s1), and a random
number (RNds2) encrypted through the SRM2 public key (the random
number may be encrypted through the SRM2 public key after being
connected with hash of RNs2d).
[0142] S409: SRM agent 2 returns another three-party key exchange
response. The another three-party key exchange response may carry
hash of the connection value of RN s1s2 and RNs2s1 and hash of the
connection value of RNds2 and RNs2d.
[0143] By now, a pair of random numbers has been shared between the
DRM agent, SRM agent 1, and SRM agent 2, which can generate a key
independently by using the shared random number. In this way, when
SRM1 moves rights to SRM2, important information such as REK can be
encrypted through the key shared with SRM2, and other information
can be encrypted through the key shared with the DRM agent, or its
integrity can be protected to facilitate DRM agent processing.
[0144] The random number submitted by the DRM agent to SRM agent 1
may be the same as the random number submitted by the DRM agent to
SRM agent 2. In this way, the three parties can use the shared
random number to generate a three-party shared key.
[0145] Alternatively, the DRM agent may use RNs1d provided by SRM
agent 1 as RNds2, and submit it to SRM agent 2; and use RNs2d
provided by SRM agent 2 as RNds1, and submit it to SRM agent 1. In
this way, a key shared by the three parties can also be
generated.
[0146] Currently, when the SRM agent and the DRM agent use the
random number to generate a key, they are connected according to
the order of RNd and RNs. However, in this solution, in order to
ensure consistency of the key, they may be connected according to
the transmission order for each pair of random numbers. That is,
SRM agent 1 gets connected according to the order of RNs1d and
RNds1, and SRM agent 2 gets connected according to the order of
RNds2 and RNs2d. On the condition that the consistency of the key
is not affected, the key may be generated in other modes.
[0147] In the process of moving rights from SRM1 to SRM2 through
the DRM agent, to be on the safe side, SRM1 confirms that SRM2 has
received the rights before deleting the rights on SRM1.
Specifically, the confirmation information of SRM2 may be an
installation information signature affixed with a private key (such
as REK), or a result of encrypting the installation information by
using a key shared by only SRM1 and SRM2 (REK); or SRM1 submits
confirmation information (such as random number) to SRM2, and this
confirmation information may be transmitted after being encrypted
through the public key of SRM2 or the key shared by SRM1 and SRM2.
SRM2 indicates to SRM1 that the confirmation information is
received. For example, SRM2 uses a private key to convert the
signature or confirmation information in a certain way (such as
hash operation or a simple operation of adding 1), and then uses a
key shared by SRM1 and SRM2 to encrypt the converted result and
returns it.
[0148] Described below is a fourth embodiment of the method for
sharing a license between SRMs.
[0149] In the foregoing solution, the rights are moved between two
SRMs through the DRM agent. In some circumstances, the two SRMs may
be located in different places, and cannot be connected to the same
DRM agent directly, and the rights need to be forwarded by more
than one DRM agent. For example, DRM agent 1 obtains the rights
from SRM1, moves the rights to DRM agent 2, and indicates to the
DRM agent 2 that the rights are directed to SRM2. DRM agent 2 moves
the rights to SRM2.
[0150] Besides, the rights may be moved between two SRMs through an
RI, as outlined below:
[0151] The DRM agent 1 obtains a license from the SRM 1 and sends
the license to the RI; and
[0152] the DRM agent 2 obtains the license from the RI, and sends
the license to the SRM 2.
[0153] As shown in FIG. 5, the process includes the following
detailed steps:
[0154] S501: The RI sends a ROAP trigger{SRMROUpload} to DRM agent
1, triggering the device to upload the license on the SRM. The ROAP
trigger includes information such as RI identifier and RI URL, and
includes a roRequested property of the Boolean type indicating
whether the RI requires the SRM to report the rights to be
uploaded. If the RI has buffered the delivered license, the value
of the roRequested property is "false"; otherwise, the value of the
roRequested property is "true". Optionally, the trigger includes an
SRM1 identifier and a license identifier. This step is optional.
The subscriber may use a man-machine interface to operate the
device to upload the license on SRM1, and the process starts from
S502 directly.
[0155] S502: DRM agent 1 sends a RightsUpload request message to
SRM agent 1. The RightsUpload request message carries a handle that
identifies the rights, and a new handle for replacing handle that
identifies the rights Before S502, DRM agent 1 and SRM agent 1 need
to authenticate each other, and a SAC is set up between them.
[0156] S503: SRM agent 1 judges whether the new handle is a
duplicate of other local handles. If the new handle is not a
duplicate, SRM agent 1 replaces the handle that identifies the
rights with the new handle, and sets the rights to the unavailable
state. SRM agent 1 returns a RightsUpload response message to DRM
agent 1. If the new handle is not a duplicate, the RightsUpload
response message further carries the rights information, REK, Kmac,
timestamp, and signature affixed by SRM agent 1 for {flag
indicative of upload, REK, RI identifier, timestamp}.
[0157] S504: DRM agent 1 checks whether the RI signature in the
rights information and the state information exceed the original
rights.
[0158] S505: DRM agent 1 sends a SRMROUpload request message to the
RI. The SRMROUpload request message not only carries public
parameters such as identifier of device 1, RI identifier, nonce,
timestamp, and certificate chain of device 1, but also carries
upload information: [0159] RightsObjectContainer part in the rights
information obtained from SRM agent 1
[0160] (namely, <rights> and <signature> in the license
delivered by the original RI) or a result of converting its format.
If the RI marks roRequested as "false" in ROAP trigger
{SRMROUpload}, this parameter is omissible; [0161] state
information in the rights information obtained from SRM agent 1 if
the license has a state; [0162] REK and Kmac encrypted through an
RI public key; [0163] an SRM1 identifier, SRM1 certificate chain,
timestamp in the SRMRightsUpload response message, signature
affixed by SRM agent 1 for {flag indicative of upload, REK, RI
identifier, timestamp}; and [0164] a result of performing MAC
operation for the foregoing parameters by using Kmac.
[0165] DRM agent 1 needs to affix a signature to the parameters in
the request message, and sends the request message that carries the
signature to the RI.
[0166] S506: The RI verifies the parameters in the request message:
[0167] If the request menage carries a DRM agent 1 certificate
chain, the RI verifies the validity of the certificate chain (which
may be implemented through OCSP or CRL), and uses the DRM agent 1
certificate chain in the request message or the DRM agent 1
certificate chain in the local device context of the RI to verify
the DRM agent 1 signature in the request message. [0168] The RI
obtains REK and Kmac through decryption, and applies the MAC value
in the Kmac verification request message. [0169] The RI verifies
validity of the SRM1 certificate chain, possibly through OCSP or
CRL, and uses the SRM1 certificate chain to verify the validity of
the SRM1 signature information. [0170] The RI verifies whether the
timestamp in the request message is earlier than the current time,
and whether the timestamp in the SRMRightsUpload response message
is earlier than the timestamp in the request message. [0171] The RI
verifies correctness of <rights> and <signature> (if
they exist in the request message), and, if the license has a
state, the RI verifies whether the state information falls within
the original license. [0172] The RI attempts to use the REK to
decrypt the CEK in the <rights> element, and verifies
correctness of the REK and the rights.
[0173] S507: DRM agent 1 sends a RightsRemovalRequest message to
SRM agent 1. The message carries a handle that identifies the
rights. This handle is the new handle in S502.
[0174] S508: SRM agent 1 deletes the rights corresponding to the
handle in the RightsRemovalRequest message, and returns a
RightsRemovalResponse message that carries the processing result to
DRM agent 1.
[0175] S509: The RI sends another ROAP trigger{SRMROAcquisition} to
DRM agent 2, triggering DRM agent 2 to help SRM2 obtain the
uploaded license. The another ROAP trigger includes these
parameters: RI identifier, RI alias, RI URL, license identifier,
license alias, content identifier, and an indication of whether the
RI stores the certificate chain of device 2 and SRM2. DRM agent 2
and DRM agent 1 may be the same DRM agent. This step is optional.
The subscriber may use a man-machine interface to operate the
device to obtain the license in place of SRM2, and the process
starts from S510 directly.
[0176] S510: DRM agent 2 sends a request for obtaining the license
to the RI. The request carries: device 2 identifier, RI identifier,
nonce, timestamp, license identifier, SRM2 identifier, certificate
chain of device 2, and certificate chain of SRM2. If the trigger
indicates that the RI already stores the certificate chain of
device 2 or SRM2, the certificate chain does not need to be carried
in this request. Before S510, DRM agent 2 and SRM agent 2 need to
authenticate each other, and a SAC is set up between them.
[0177] S511: The RI returns a license response to DRM agent 2. The
response carries: device 2 identifier, RI identifier, nonce,
protected license, and RI certificate chain (if the request from
DRM agent 2 indicates that DRM agent 2 has stored the RI
certificate chain, the RI certificate chain does not need to be
carried in this license response). The license may be bound to
SRM2, or bound to DRM agent 2, but it is indicated that the
licensed need be provided to SRM2.
[0178] S512: DRM agent 2 writes the license delivered by the RI
into SRM2. If the license is bound to SRM2, DRM agent 2 may send
the encrypted connection value of REK and Kmac to SRM agent 2
first, SRM agent 2 sends the connection value to Kmac, and uses the
connection value to verify integrity of the license. DRM agent 2
writes the rights and the signature into SRM2. If the license is
bound to DRM agent 2, DRM agent 2 obtains the REK through
decryption, and writes the REK together with the rights and the
signature into SRM2.
[0179] In the foregoing process, S507-S508 may occur before,
during, or after S509-S512.
[0180] In the foregoing embodiments of the method for sharing a
license between SRMs, the first embodiment to the third embodiment
involve consumption of only one moving right or copying right; in
the fourth embodiment, because the RI provides the license for
SRM2, no moving right or copying right needs to be consumed.
Therefore, the fourth embodiment is also applicable to the scenario
of sharing a license between SRMs of the same subscriber. If the
sharing rights need to be consumed for sharing of the license
between SRMs of the same subscriber, the subscriber incurs losses.
Therefore, a solution to sharing a license between SRMs of the same
subscriber without consuming sharing rights is provided in an
embodiment of the present invention.
[0181] Although no moving right is consumed for sharing of a
license between the SRMs of the same user, the RI needs to verify
that SRM2 and SRM1 belong to a same subscriber. Multiple
verification methods are applicable: The RI performs the
verification according to the mapping relation between the locally
stored SRM identifier and the subscriber identifier, or the RI
queries another entity such as subscriber manager, or the RI
performs the verification according to the information provided by
the subscriber when the subscriber attempts to use the SRM (for
example, password, and an answers to a question).
[0182] The subscriber may upload multiple licenses to the RI at a
single attempt, or install multiple licenses onto SRM2 at a single
attempt. This batch processing mode is especially applicable to the
scenario that the subscriber replaces the SRM card.
[0183] The following solution serves as a substitute of the
solution to sharing rights between SRMs of the same subscriber: The
DRM agent queries the RI about whether SRM1 and SRM2 belong to the
same subscriber, and the rights are shared directly, without
requiring the RI to re-generate the license.
[0184] Overall, the method for sharing a license between SRMs of
the same subscribers in an embodiment of the present invention
includes:
[0185] The DRM agent sends the license obtained from a first SRM to
a second SRM after determining that the first SRM and the second
SRM belong to the same subscriber.
[0186] The fifth embodiment differs from the sixth embodiment in
how the DRM agent queries the RI or the subscriber manager about
whether the first SRM and the second SRM belong to the same
subscriber.
[0187] Detailed below are embodiments of the method for sharing a
license between SRMs of the same subscriber.
[0188] First, the fifth embodiment of the method for sharing a
license between SRMs of the same subscriber is described below.
[0189] Overall, the process of querying whether the first SRM and
the second SRM belong to the same subscriber in the fifth
embodiment is:
[0190] By sending a query message that carries the identifier of
the SRM 1 to the RI or subscriber manage server, the DRM agent
queries the subscriber to whom the SRM 1 belongs;
[0191] by sending another query message that carries the identifier
of the SRM 2 to the RI or subscriber manage server, the DRM agent
queries the subscriber to whom the SRM 2 belongs; and the DRM agent
checks whether the SRM 1 and the SRM 2 belong to the same
subscriber.
[0192] As shown in FIG. 6, the process of the fifth embodiment
includes the following steps:
[0193] S601: The DRM agent shares the rights on SRM1 with SRM 2 of
the same subscriber according to a subscriber request, and obtains
rights information and a REK from SRMI. Before S601, the DRM agent
and SRM agent 1 need to authenticate each other, and a SAC is set
up between the DRM agent and SRM agent 1.
[0194] S602-S603: The DRM agent queries the RI about the subscriber
to whom SRM1 belongs. The query request carries an SRM1 identifier,
and the RI returns a response message that carries the subscriber
identifier.
[0195] S604: The DRM agent checks whether the RI signature in the
rights information and the state information exceed the original
rights in the rights information, and installs the rights if they
do not exceed the original rights. When installing the rights, the
DRM agent identifies the unavailable state of the rights, and
correlates the rights with the subscriber identifier returned by
the RI in S603.
[0196] S605: If the sharing operation is a moving operation, the
DRM agent instructs SRM1 to delete the rights, as detailed in
S105-S106 in FIG. 1.
[0197] S606-S607: DRM agent shares the rights with SRM2. Because
the rights are bound to the subscriber identifier, the DRM agent
queries the RI about the subscriber to whom SRM2 belongs. The query
request carries an SRM2 identifier, and the RI returns a response
message that carries the subscriber identifier. Before S606, the
DRM agent and SRM agent 2 need to authenticate each other, and a
SAC is set up between them.
[0198] S608: The DRM agent checks whether the subscriber of SRM2 is
the same as the subscriber bound to the rights, namely, the same as
the subscriber of SRM1. If the subscriber is the same, the DRM
agent performs S609, or else rejects to share the rights with
SRM2.
[0199] S609: The DRM agent installs the rights onto SRM2, as
detailed in S107-S110 in FIG. 1.
[0200] S610: If SRM2 installs the rights successfully, the DRM
agent deletes the local rights.
[0201] Now, the sixth embodiment of the method for sharing a
license between SRMs of the same subscriber is described below.
[0202] In the fifth embodiment, the DRM agent queries the
subscriber of SRMI and the subscriber of SRM2 respectively and
compares the two subscribers; in the sixth embodiment, however, the
DRM agent reports the identifier of SRM1 and the identifier of SRM2
to the RI, and the RI compares the two subscribers and returns a
comparison result. In this case, the DRM agent does not need to
understand details of the subscriber identifier.
[0203] Overall, the process of querying the subscriber of the first
SRM and the subscriber of the second SRM in the sixth embodiment
is:
[0204] By sending a query message that carries the identifier of
the SRM 1 and the identifier of the SRM 2 to the RI or subscriber
manager, the DRM agent checks whether the first SRM and the second
SRM belong to the same subscriber; and
[0205] the RI or subscriber manager returns a query response to the
DRM agent, indicating whether the first SRM and the second SRM
belong to the same subscriber.
[0206] As shown in FIG. 7, the process of the sixth embodiment
includes the following steps:
[0207] S701: The DRM agent shares the rights on SRM1 with another
SRM of the same subscriber according to a subscriber request, and
obtains rights information and a REK from SRM1, as detailed in
S102-S103 in FIG. 1. Before S701, the DRM agent and SRM agent 1
need to authenticate each other, and a SAC is set up between the
DRM agent and SRM agent 1.
[0208] S702: The DRM agent checks whether the RI signature in the
rights information and the state information exceed the original
rights in the rights information, and installs the rights if they
do not exceed the original rights. When installing the rights, the
DRM agent identifies the unavailable state of the rights, and
correlates the rights with the subscriber of SRM1.
[0209] S703: If the sharing operation is a moving operation, the
DRM agent instructs SRM1 to delete the rights, as detailed in
S105-S106 in FIG. 1.
[0210] S704-S705: DRM agent shares the rights with SRM2. Because
the rights are bound to the subscriber of SRM1, the DRM agent
queries the RI about whether SRM1 and SRM2 belong to the same
subscriber. The query request carries the identifier of SRM1 and
the identifier of SRM2. The RI checks whether the subscriber
correlated with SRM1 is the same as the subscriber correlated with
SRM2, and returns a check result through a response message. If the
result shows that SRM1 and SRM2 belong to the same subscriber, the
DRM agent performs S706; otherwise, the DRM agent rejects to share
the rights with SRM2. Before S904, the DRM agent and SRM agent 2
need to authenticate each other, and a SAC is set up between
them.
[0211] S706: The DRM agent installs the rights onto SRM2, as
detailed in S107-S110 in FIG. 1.
[0212] S707: If SRM2 installs the rights successfully, the DRM
agent deletes the local rights.
[0213] In the sixth embodiment, the DRM agent obtains the license
from SRM1 first, and then queries the RI about whether SRM1 and
SRM2 belong to the same subscriber. If the destination SRM is
already determined when the subscriber initiates the sharing,
optionally, the DRM agent queries the RI about whether SRM1 and
SRM2 belong to the same subscriber first, and then obtains the
license from SRM1. Besides, the DRM agent may check whether SRM2
has enough space for installing the rights and then deletes the
rights on SRM1.
[0214] In the foregoing two embodiments of the method for sharing a
license between the SRMs that belong to the same subscriber, the
DRM agent queries the RI about the subscriber to whom the SRM
belongs. If the RI is unaware of the subscriber to whom the SRM
belongs, the DRM agent may need to query another entity such as
subscriber manage server about the subscriber to whom the SRM
belongs. Alternatively, the DRM agent queries the entity that
manages the relations between the SRM and the subscriber (such as
subscriber manager) directly about the subscriber to whom the SRM
belongs.
[0215] In the foregoing two embodiments of the method for sharing a
license between the SRMs that belong to the same subscriber, it is
assumed that SRM1 and SRM2 are connected with the same DRM agent.
In some circumstances, the two SRMs are located in different places
and cannot be connected to the same DRM agent, and the rights need
to be forwarded by more than one DRM agent. For example, FIG. 6 is
modified in that two DRM agents exist: DRM agent 1 connected to
SRM1 and DRM agent 2 connected to SRM2. Specifically, DRM agent 1
queries the subscriber of SRM1, and, when moving the license to DRM
agent 2, specifies that the rights can be shared only with the SRM
of this subscriber. DRM agent 2 determines that SRM2 belongs to the
same subscriber before installing the rights onto SRM2.
Alternatively, after determining that SRM1 and SRM2 belong to the
same subscriber, DRM agent 1 shares the license with DRM agent 2
and specifies that the license is finally shared with SRM2, and
then DRM agent 2 installs the rights onto SRM2. Alternatively, the
DRM agent shares the license with DRM agent 2 and specifies that
the license is shared with the SRM that belongs to the same
subscriber of SRM1. After determining that SRM1 and SRM2 belong to
the same subscriber, the DRM agent installs the rights onto SRM2.
FIG. 7 is modified in the following way: DRM agent 1 queries the RI
about the subscriber of SRM1 and the subscriber of SRM2; after the
RI determines that SRM1 and SRM2 belong to the same subscriber, DRM
agent 1 shares the license with DRM agent 2, and DRM agent 2
installs the rights onto SRM2. Alternatively, DRM agent 1 shares
the license with DRM agent 2, and DRM agent 2 queries the RI about
the subscriber of SRM1 and the subscriber of SRM2; after the RI
determines that SRM1 and SRM2 belong to the same subscriber, DRM
agent 2 installs the rights onto SRM2. Evidently, in the fifth
embodiment and the sixth embodiment, the license is shared between
two SRMs of the same subscriber without consuming the sharing
rights, the subscriber's rights are protected.
[0216] In conclusion, when the subscriber initiates sharing of a
license between two SRMs, the device may judge whether the two SRMs
belong to the same subscriber: if they belong to the same
subscriber, the license is shared directly without checking the
sharing rights, as illustrated in the fifth embodiment and the
sixth embodiment; if they belong to different subscribers, the
device checks the sharing rights and deducts one right of sharing
the license, as illustrated in the first embodiment and the second
embodiment.
[0217] Corresponding to the method embodiments above, various
apparatuses are provided herein.
[0218] The first apparatus provided herein refers to DRM agent or a
functional entity located in the DRM agent. The apparatus performs
the functions of the DRM agent shown in FIG. 1 or FIG. 2. As shown
in FIG. 8, the apparatus includes:
[0219] an obtaining unit 801, configured to obtain the license from
a first SRM;
[0220] a forwarding setting unit 802, configured to set the license
obtained by the obtaining unit 801 to a forwarding state;
[0221] a sending unit 803, configured to send the license obtained
by the obtaining unit 801 to a second SRM; and
[0222] a controlling unit 804, configured to deduct one right of
sharing the license.
[0223] Preferably, the apparatus further includes:
[0224] a deletion requesting unit 805, configured to request the
first SRM to delete the license; and
[0225] a deletion response receiving unit 806, configured to
receive a license deletion response returned by the first SRM.
[0226] The second apparatus provided herein refers to DRM agent or
a functional entity located in the DRM agent. The apparatus
performs the functions of the DRM agent shown in FIG. 3. As shown
in FIG. 9, the apparatus includes: an SRM interacting unit 901,
configured to trigger a first SRM and a second SRM to perform key
negotiation; and a forwarding unit 902, configured to forward the
license of the first SRM to the second SRM.
[0227] The third apparatus provided herein refers to the first SRM
or a functional entity located in the first SRM. The apparatus
performs the functions of SRM1 shown in FIG. 3. As shown in FIG.
10, the apparatus includes:
[0228] a key negotiating unit 1001, configured to perform key
negotiation with the second SRM;
[0229] a processing unit 1002, configured to encrypt partial
information or complete information of the license by using a
shared key negotiated with the second SRM; and
[0230] a sending unit 1003, configured to send the license to the
second SRM.
[0231] Preferably, the apparatus further includes: a deleting unit
1004, configured to delete the local license after confirming that
the second SRM receives the license.
[0232] The fourth apparatus provided herein refers to the second
SRM or a functional entity located in the second SRM. The apparatus
performs the functions of SRM2 shown in FIG. 3. As shown in FIG.
11, the apparatus includes:
[0233] a key negotiating unit 1101, configured to perform key
negotiation with a first SRM;
[0234] a receiving unit 1102, configured to receive the license
sent by the first SRM; and
[0235] a rights deducting unit 1103, configured to deduct one
operation right after the receiving unit 1102 receives a correct
license.
[0236] The fifth apparatus provided herein refers to RI or
subscriber manager, or a functional entity located in the RI or
subscriber manager. The apparatus performs the functions of the RI
shown in FIG. 5. As shown in FIG. 12, the apparatus includes:
[0237] an obtaining unit 1201, configured to obtain the license of
a first SRM from a first DRM agent; and
[0238] a sending unit 1202, configured to: send the license to a
second DRM agent, and submit the license to a second SRM through
the second DRM agent.
[0239] The sixth apparatus provided herein refers to DRM agent or a
functional entity located in the DRM agent. The apparatus performs
the functions of the DRM agent shown in FIG. 6 or FIG. 7. As shown
in FIG. 13, the apparatus includes:
[0240] a determining unit 1301, configured to determine whether a
first SRM and a second SRM belong to the same subscriber;
[0241] an obtaining unit 1302, configured to obtain the license
from the first SRM if the determining unit 1301 determines that the
first SRM and the second SRM belong to the same subscriber; and
[0242] an executing unit 1303, configured to send the license
obtained by the obtaining unit 1302 to a second SRM.
[0243] It should be noted that the embodiments above suppose that
the license is shared between two SRMs. Undoubtedly, persons
skilled in the art understand that the embodiments of the present
invention are applicable to sharing of a license between three or
more SRMs. The embodiments of the present invention are also
applicable to sharing a license on an SRM of one DRM agent with
another DRM agent.
[0244] Persons of ordinary skilled in the art understand that all
or part of the steps of the method in the embodiments of the
present invention may be implemented by a program instructing
relevant hardware. The program may be stored in a computer readable
storage medium. When the program runs, the corresponding steps in
the foregoing method are performed. The storage medium may be
ROM/RAM, magnetic disk, or CD-ROM.
[0245] Although the invention is described through some exemplary
embodiments, the invention is not limited to such embodiments. It
is apparent that those skilled in the art can make modifications
and variations to the invention without departing from the spirit
and scope of the invention. The invention is intended to cover the
modifications and variations provided that they fall in the scope
of protection defined by the following claims or their
equivalents.
* * * * *