技术领域technical field
本发明涉及在数字版权管理(DRM:DigitalRightsManagement)中在设备间传送(移动)版权对象(RO:RightsObject)的方法和装置,具体地说,涉及经由服务器将数字内容的RO从一个设备传送到另一设备的方法和装置。The present invention relates to a method and an apparatus for transferring (moving) a rights object (RO: RightsObject) between devices in digital rights management (DRM: Digital Rights Management), in particular, to transferring ROs of digital content from one device to another via a server. A device, method and apparatus.
背景技术Background technique
可以通过各种可用的途径(例如,通过从内容发布中心(CI:ContentIssuer)的网站下载、或从其他装备通过邮件(例如,电子邮件)或任意介质接收)来获得数字内容。为了使用该数字内容,版权对象(RO)应该由版权发布中心(RI:RightsIssuer)发出。与此相关的技术称为数字版权管理(DRM)。Digital content can be obtained through various available means (for example, by downloading from a website of a content distribution center (CI: ContentIssuer), or receiving from other equipment by mail (for example, email) or arbitrary media). In order to use the digital content, a Rights Object (RO) should be issued by a Rights Issuer (RI: RightsIssuer). The technology related to this is called digital rights management (DRM).
通常,DRM代理是安装在使用这些内容的设备中的软件或程序。代替CI提供商和RO提供商,由DRM代理防止对数字内容的非法使用和盗版,并保护这些CI提供商和RO提供商的版权。Typically, a DRM agent is software or a program installed in a device that uses the content. Instead of CI providers and RO providers, DRM agents prevent illegal use and piracy of digital content and protect copyrights of these CI providers and RO providers.
两类RO包括有状态的RO和无状态的RO。有状态的RO受限于诸如使用次数或使用时长的限制。这里,当重现(播放)相应的数字内容时,必须核查并记录已经使用了多少权限,所记录的信息称为状态信息。因此,通常在播放数字内容的同时更新该状态信息。Two types of ROs include stateful ROs and stateless ROs. A stateful RO is subject to restrictions such as the number of times it can be used or how long it can be used. Here, when reproducing (playing) the corresponding digital content, it is necessary to check and record how many rights have been used, and the recorded information is called status information. Therefore, the state information is usually updated while playing the digital content.
发明内容Contents of the invention
技术问题technical problem
通常,为了在DRM系统中使用特定数字内容,设备用户应当直接地拥有由RI发布的内容的RO。已经引入了用于设备访问RI以获得由该RI发出的RO的许多方法。Generally, in order to use a certain digital content in a DRM system, a device user should directly own the RO of the content issued by the RI. A number of methods have been introduced for a device to access an RI to obtain an RO issued by that RI.
然而,还没有提出认证的设备将它的由RI直接发布的RO的全部或一部分传送(例如,传递、移动等)到另一设备的详细方法。However, a detailed method for an authenticated device to transfer (eg, transfer, move, etc.) all or a part of its RO issued directly by the RI to another device has not been proposed.
技术方案Technical solutions
因此,本发明的目的在于提供用于经由服务器将特定设备的版权对象(RO)的全部或一部分移动(传送)到另一设备的装置和方法。Accordingly, an object of the present invention is to provide an apparatus and method for moving (transferring) all or a part of a rights object (RO) of a specific device to another device via a server.
为了实现本发明的目的,提供了一种经由服务器在设备之间传送RO的方法,该方法包括以下步骤:由发送设备对第一RO进行转换,以生成第二RO;从所述发送设备向所述服务器发送RO移动请求消息,以请求经由所述服务器向接收设备传送(移动)所述第二RO;从所述服务器接收针对所述RO移动请求消息的响应消息;以及删除所述第一RO或者修改与所述第一RO相关的状态信息。In order to achieve the purpose of the present invention, a method for transmitting ROs between devices via a server is provided, the method comprising the following steps: converting the first RO by the sending device to generate a second RO; The server sends an RO move request message to request to transfer (move) the second RO to a receiving device via the server; receives a response message to the RO move request message from the server; and deletes the first RO move request message; The RO may modify state information related to the first RO.
在本发明的另一实施方式中,提供了一种经由服务器在设备之间传送RO的方法,该方法包括以下步骤:从发送设备接收RO移动请求消息;向所述发送设备发送针对所述RO移动请求消息的响应消息;将包括在所述RO移动请求消息中的第一RO转换为第二RO;以及向接收设备传送转换后的第二RO。In another embodiment of the present invention, there is provided a method for transferring an RO between devices via a server, the method comprising the following steps: receiving an RO movement request message from the sending device; sending a request message for the RO to the sending device A response message to a move request message; convert a first RO included in the RO move request message into a second RO; and transmit the converted second RO to a receiving device.
为了实现本发明的该目的,提供了一种经由服务器将RO传送到接收设备的发送设备,该发送设备包括:数字版权管理(DRM)代理,其对要经由服务器移动到接收设备的RO进行编码,并将包括了所述编码后的RO的RO移动请求消息发送给所述服务器;以及通信模块,其至少与所述服务器进行通信。In order to achieve the object of the present invention, there is provided a sending device that transmits an RO to a receiving device via a server, the sending device including: a digital rights management (DRM) agent that encodes the RO to be moved to the receiving device via the server , and send an RO move request message including the coded RO to the server; and a communication module, which at least communicates with the server.
为了实现本发明的该目的,提供了一种在设备之间传送RO的服务器,该服务器包括:版权发布中心(RI),该版权发布中心从发送设备接收其中包括了要移动给接收设备的RO的RO移动请求消息,向所述发送设备发送针对所述RO移动请求消息的响应消息,对包括在所述RO移动请求消息中的所述RO进行转换,并将所述转换后的RO传送给所述接收设备;以及通信模块,其至少与所述发送设备和所述接收设备进行通信。In order to achieve the object of the present invention, there is provided a server for transferring ROs between devices, the server comprising: a copyright issuance center (RI) that receives from a sending device including ROs to be moved to a receiving device an RO move request message, send a response message to the RO move request message to the sending device, convert the RO included in the RO move request message, and transmit the converted RO to the the receiving device; and a communication module that communicates with at least the sending device and the receiving device.
为了实现本发明的该目的,提供了一种经由服务器在设备之间传送RO的系统,该系统包括:发送设备,其发送包括了第二RO的RO移动请求消息,该第二RO是从第一RO转换而来的;服务器,其将包括在所述RO移动请求消息中的第二RO转换为第三RO,并将转换后的第三RO发送给接收设备;以及接收设备,其从所述服务器接收所述第三RO,并安装所述第三RO。In order to achieve the object of the present invention, there is provided a system for transferring ROs between devices via a server, the system including: a sending device sending an RO move request message including a second RO obtained from the first RO converted from an RO; the server, which converts the second RO included in the RO movement request message into a third RO, and sends the converted third RO to the receiving device; and the receiving device, from the The server receives the third RO and installs the third RO.
为了实现本发明的该目的,提供了一种经由服务器在设备之间传送版权对象的方法,该方法包括以下步骤:由发送设备发送包括了版权对象识别符的版权对象移动请求消息;由所述服务器检查与所述版权对象识别符相对应的版权对象;由所述发送设备从所述服务器接收版权对象移动响应消息;以及由所述发送设备删除与所述版权对象识别符相对应的所述版权对象或者修改与所述版权对象相关的状态信息。In order to achieve the object of the present invention, a method for transferring a rights object between devices via a server is provided, the method comprising the following steps: sending a rights object movement request message including a rights object identifier by the sending device; The server checks the rights object corresponding to the rights object identifier; receives, by the sending device, a rights object move response message from the server; and deletes, by the sending device, the rights object corresponding to the rights object identifier rights object or modify state information associated with said rights object.
所述经由服务器在设备之间传送版权对象的方法还包括以下步骤:由所述服务器将检查后的版权对象转换为接收设备的版权对象;以及由所述服务器将所述转换后的版权对象传送给所述接收设备。The method of transferring a rights object between devices via a server further includes the steps of: converting, by the server, the checked rights object into a rights object of a receiving device; and transferring, by the server, the converted rights object to the receiving device.
所述转换版权对象的步骤还包括以下步骤:由所述服务器利用所述服务器的公钥或之前与所述发送设备共享的保密密钥,来对所述检查后的版权对象进行解码;利用所述接收设备的公钥或之前与所述接收设备共享的保密密钥,来对所述解码后的版权对象进行编码。The step of converting the rights object further includes the following steps: the server uses the public key of the server or the secret key previously shared with the sending device to decode the checked rights object; Encoding the decoded rights object using the public key of the receiving device or the secret key previously shared with the receiving device.
附图说明Description of drawings
图1示出了根据本发明的经由服务器在设备之间移动版权对象的系统的构造的实施方式;1 shows an embodiment of the construction of a system for moving rights objects between devices via a server according to the present invention;
图2示出了根据本发明的经由服务器从一个设备向另一个设备移动版权对象的方法的实施方式;Figure 2 shows an embodiment of a method of moving a rights object from one device to another via a server according to the present invention;
图3示出了描述根据本发明的RO移动触发的语法的示例性文本;FIG. 3 shows an exemplary text describing the grammar of the RO movement trigger according to the present invention;
图4示出了根据本发明的RO移动请求消息的参数;Fig. 4 shows the parameters of the RO mobile request message according to the present invention;
图5示出了根据本发明的RO移动请求消息的示例性语法;Fig. 5 has shown the exemplary syntax of RO mobile request message according to the present invention;
图6示出了包括在根据本发明的RO移动请求消息中的重定向识别符扩展参数的概要部分;FIG. 6 shows an outline part of a redirection identifier extension parameter included in an RO move request message according to the present invention;
图7示出了根据本发明的RO移动请求消息的结构;Fig. 7 shows the structure of the RO mobile request message according to the present invention;
图8示出了表明根据本发明的RO移动请求消息的语法的示例性文本;以及FIG. 8 shows exemplary text indicating the syntax of an RO move request message according to the present invention; and
图9示出了表明包括在RO中的移动许可的示例性XML文档。FIG. 9 shows an exemplary XML document indicating a mobile license included in an RO.
具体实施方式detailed description
本发明被实施为使得第一设备经由服务器将由该第一设备所获得的RO的全部或一部分传送或移动(在下文中,“传送”和“移动”用作相同含义)给第二设备。The present invention is implemented such that a first device transfers or moves (hereinafter, "transfer" and "move" are used as the same meaning) all or a part of an RO obtained by the first device to a second device via a server.
当经由服务器将第一设备的全部RO传送给第二设备时,该第一设备不能再使用该RO,而第二设备可以使用对其传送的RO。另一方面,当经由服务器将第一设备的RO的一部分传送给第二设备时,该第一设备可以使用除所传送的那部分RO之外的其余RO,而第二设备可以使用对其传送的那部分RO。When the entire RO of the first device is transferred to the second device via the server, the first device cannot use the RO anymore, and the second device can use the RO transferred thereto. On the other hand, when a part of the RO of the first device is transferred to the second device via the server, the first device can use the rest of the RO except for the transferred part of the RO, and the second device can use the RO transferred to it. That part of the RO.
经由服务器从第一设备传送到第二设备的RO可以是设备版权对象和用户域版权对象中的一种。The RO transmitted from the first device to the second device via the server may be one of a device rights object and a user domain rights object.
如果服务器之前存储了与第一设备所获得的RO相关的信息(例如,当服务器是最初向第一设备发出RO的RI时),该第一设备和服务器可以基于RO识别符来彼此识别RO。这里,该第一设备将RO识别符和状态信息对象传送给服务器,由此服务器使用第二设备的公钥或之前与第二设备共享的保密密钥(secretkey),对与所接收到的RO识别符和状态信息对象相对应的RO进行编码,以随后传送给第二设备。If the server previously stored information related to ROs obtained by the first device (eg, when the server was the RI that originally issued the RO to the first device), the first device and the server can identify ROs to each other based on the RO identifier. Here, the first device transmits the RO identifier and the state information object to the server, so that the server uses the public key of the second device or the secret key (secretkey) previously shared with the second device to identify the received RO The RO corresponding to the identifier and the state information object is encoded for subsequent transmission to the second device.
第一设备和第二设备可以属于同一用户,或者属于彼此不同的用户。The first device and the second device may belong to the same user, or to different users from each other.
该服务器可以对不被允许的RO的传送进行限制。该服务器是包括内容发布中心(CI)和版权发布中心(RI)的内容提供商。The server may restrict the transfer of ROs that are not allowed. The server is a content provider including a content distribution center (CI) and a rights distribution center (RI).
如果所传送的RO具有移动许可,则该第二设备可以将所传送的RO传送给另一设备。If the transferred RO has permission to move, the second device may transfer the transferred RO to another device.
该第一设备将其中包括了第二RO的RO移动请求消息发送给服务器,该第二RO是从由第一设备本身所获得的第一RO转换而来的。服务器向该第一设备发送针对该RO移动请求消息的响应消息。服务器还将包括在RO移动请求消息中的第二RO转换为第三RO,接着将转换后的第三RO传送给该第二设备。The first device sends an RO move request message including a second RO converted from the first RO obtained by the first device itself to the server. The server sends a response message to the RO move request message to the first device. The server also converts the second RO included in the RO move request message into a third RO, and then transmits the converted third RO to the second device.
在本发明中,所述状态信息包括分别指示与RO相对应的当前状态的各种值。这里,当RO包括任意一种有状态限制(例如,间隔、次数、累积计时等)时,该状态信息表示由DRM代理管理的值。状态信息对象表示用于将状态信息从一个设备传送到另一设备的目的的状态信息格式的实例。In the present invention, the status information includes various values respectively indicating the current status corresponding to the RO. Here, when the RO includes any kind of stateful restriction (for example, interval, number of times, cumulative timing, etc.), the state information represents a value managed by the DRM agent. A status information object represents an instance of a status information format for the purpose of transferring status information from one device to another.
现在参照附图,说明本发明的实施方式。Embodiments of the present invention will now be described with reference to the drawings.
图1示出了根据本发明的经由服务器在设备之间移动版权对象的系统的构造的实施方式。如图1所示,根据本发明的系统包括:第一设备10,其发送包括了第二RO的RO移动请求消息,该第二RO是从该第一RO转换而来的;服务器40,其将包括在该RO移动请求消息中的第二RO转换为第三RO并将转换后的第三RO发送给第二设备20;以及第二设备20,其从服务器40接收第三RO以进行安装。FIG. 1 shows an embodiment of the construction of a system for moving a rights object between devices via a server according to the present invention. As shown in FIG. 1, the system according to the present invention includes: a first device 10, which sends an RO move request message including a second RO, which is converted from the first RO; a server 40, which converting the second RO included in the RO move request message into a third RO and sending the converted third RO to the second device 20; and the second device 20 receiving the third RO from the server 40 for installation .
当接收到该RO移动请求消息时,服务器40向该第一设备发送针对该RO移动请求消息的响应消息。When receiving the RO move request message, the server 40 sends a response message to the RO move request message to the first device.
第一设备10具有第一DRM代理11,而第二设备具有第二DRM代理21。服务器40可以是内容提供商或RI。内容提供商包括内容发布中心(CI)和版权发布中心(RI)。The first device 10 has a first DRM agent 11 and the second device has a second DRM agent 21 . Server 40 may be a content provider or RI. The content provider includes a content publishing center (CI) and a copyright publishing center (RI).
第一设备10还包括至少与该服务器进行通信的通信模块,并且第二设备20还包括至少与该服务器进行通信的通信模块。该服务器还包括至少与第一设备10和第二设备20进行通信的通信模块。The first device 10 further includes a communication module at least communicating with the server, and the second device 20 further includes a communication module at least communicating with the server. The server also includes a communication module for communicating with at least the first device 10 and the second device 20 .
第一RO表示由服务器40发布给第一设备10的RO。The first RO indicates an RO issued by the server 40 to the first device 10 .
第二RO表示当经由服务器40将第一RO移动(传送)到第二设备20时第一RO的全部或一部分。The second RO indicates all or a part of the first RO when the first RO is moved (transferred) to the second device 20 via the server 40 .
第二RO表示这样的RO,即,该RO是第一设备10通过利用第一设备10的私钥或与服务器40共享的保密密钥对第一RO进行解码(这里,对第一RO的版权加密密钥(REK:RightsEncryptionKey)和MAC密钥进行解码)、随后使用服务器40的公钥或与服务器40共享的保密密钥对解码后的第一RO进行编码来获得的。The second RO means the RO that the first device 10 decodes the first RO by using the private key of the first device 10 or the secret key shared with the server 40 (here, the copyright of the first RO Encryption key (REK: RightsEncryptionKey) and MAC key to decode), and then use the public key of the server 40 or the secret key shared with the server 40 to encode the decoded first RO.
第二RO至少包括利用服务器40的公钥或与服务器40共享的保密密钥进行编码(或加密)的版权加密密钥(REK)。可以将第一RO中解码后的MAC密钥包括在第二RO中。The second RO includes at least a copyright encryption key (REK) encoded (or encrypted) with a public key of the server 40 or a secret key shared with the server 40 . The decoded MAC key in the first RO may be included in the second RO.
第二RO可以包括许可、限制、数字签名值、内容加密密钥(CEK:Contentsencryptionkey)和REK,所有这些都与第一RO的相同。The second RO may include permissions, restrictions, digital signature value, content encryption key (CEK: Content encryption key), and REK, all of which are the same as those of the first RO.
当第一RO是有状态的RO时,第一设备10将第二RO连同该状态信息对象一起发送给服务器40。When the first RO is a stateful RO, the first device 10 sends the second RO together with the state information object to the server 40 .
该第二RO包括版权加密密钥(REK)和MAC密钥,利用服务器40的公钥来对REK和MAC密钥进行封装(wrap)和编码,使得服务器40可以对REK和MAC密钥进行解码(或解密),该第二RO还包括利用第一RO中解码后的MAC密钥或新生成的MAC密钥而计算的mac值,以允许服务器40验证该第二RO。The second RO includes a copyright encryption key (REK) and a MAC key, and the REK and MAC keys are wrapped and encoded using the public key of the server 40, so that the server 40 can decode the REK and MAC keys (or decrypted), the second RO also includes a mac value calculated using the decoded MAC key in the first RO or a newly generated MAC key to allow the server 40 to verify the second RO.
第三RO表示这样的RO,即,该RO是服务器40通过利用服务器40的私钥或与第一设备10共享的保密密钥对第二RO进行解码、随后使用第二设备20的公钥或与第二设备20共享的保密密钥对解码后的第二RO进行编码而获得的。The third RO means the RO that the server 40 decodes the second RO by using the private key of the server 40 or the secret key shared with the first device 10, and then uses the public key of the second device 20 or The secret key shared with the second device 20 is obtained by encoding the decoded second RO.
服务器40利用服务器40的公钥或与第一设备10共享的保密密钥来对第二RO的REK和MAC密钥进行解码。The server 40 decodes the REK and MAC keys of the second RO using the public key of the server 40 or the secret key shared with the first device 10 .
服务器40利用第二设备20的公钥或与第二设备20共享的保密密钥,来对被服务器40解码的第二RO的REK进行编码。随后,服务器40修改包括在第二RO中的限制内的移动(或传送)次数限制值,并利用第二RO中解码后的MAC密钥或新生成的MAC密钥来生成mac值,以对象化(object)第三RO。The server 40 encodes the REK of the second RO decoded by the server 40 using the public key of the second device 20 or a secret key shared with the second device 20 . Subsequently, the server 40 revises the movement (or transmission) times limit value included in the limit in the second RO, and utilizes the MAC key after decoding in the second RO or a newly generated MAC key to generate a mac value, so as to target Object the third RO.
如果第一设备10传送了第二RO和状态信息对象,则服务器40将第二RO转换为第三RO,第三RO是对第二RO和传送后的状态信息对象进行合并的状态。If the first device 10 transmits the second RO and the state information object, the server 40 converts the second RO into a third RO, which is a state combining the second RO and the transmitted state information object.
在第一设备10将第一RO的全部转换为第二RO并随后将第二RO传送给服务器40之后,当从服务器40接收到针对RO移动请求消息的响应消息时,第一设备10删除该第一RO。After the first device 10 converts all of the first RO into the second RO and then transmits the second RO to the server 40, when receiving a response message to the RO move request message from the server 40, the first device 10 deletes the The first RO.
在第一设备10将第一RO的一部分转换为第二RO并随后将转换后的第二RO发送给服务器40之后,当从服务器40接收到针对RO移动请求消息的响应消息时,第一设备10修改(更新)与第一RO有关的状态信息。After the first device 10 converts a part of the first RO into the second RO and then transmits the converted second RO to the server 40, when receiving a response message to the RO move request message from the server 40, the first device 10 Modify (update) the state information related to the first RO.
在本发明中,第一实施方式和第二实施方式分别说明了经由服务器对RO的全部进行的传送(或移动等)和经由服务器对RO的一部分进行的传送(或移动等)。In the present invention, the first embodiment and the second embodiment respectively describe transfer (or transfer, etc.) of all ROs via the server and transfer (or transfer, etc.) of a part of ROs via the server.
以下,首先根据第一实施方式示意性地说明经由服务器将RO从一个设备传送到另一设备的方法。第一实施方式示出了对RO的全部进行的传送。Hereinafter, first, a method of transferring an RO from one device to another device via a server is schematically explained according to the first embodiment. The first embodiment shows transfer of all ROs.
第一设备10的第一用户利用第一设备10(例如,一种移动电话或移动通信终端)或诸如PC的其他装置,来浏览来自服务器40(即,内容提供商,具体地说,版权发布中心(RI)41)的具体内容(例如,MP3音乐文件、视频文件等)。这里,RI针对具体内容生成的RO可以包括移动许可。The first user of the first device 10 utilizes the first device 10 (for example, a mobile phone or a mobile communication terminal) or other devices such as a PC to browse the content from the server 40 (that is, the content provider, specifically, the copyright release). Center (RI) 41) specific content (for example, MP3 music files, video files, etc.). Here, the RO generated by the RI for specific content may include a mobile license.
如果该具体内容是MP3文件,第一用户希望将该MP3文件作为礼物交给第二用户。If the specific content is an MP3 file, the first user wishes to give the MP3 file to the second user as a gift.
当RI41针对该MP3文件生成的RO包含移动许可时,第一用户下载MP3文件及其RO。When the RO generated by RI41 for the MP3 file contains the mobile license, the first user downloads the MP3 file and its RO.
然后,为了传送(移动)没有被使用或部分被使用的RO的全部,该第一用户访问服务器40并将该MP3文件的RO传送给服务器40。Then, in order to transfer (move) all of the unused or partially used ROs, the first user accesses the server 40 and transfers the RO of the MP3 file to the server 40 .
第二用户的第二设备20(例如,便携式MP3播放器)连接到第一设备10的服务器40,以下载由第一用户传送给服务器40的MP3文件和RO。The second device 20 (eg, a portable MP3 player) of the second user is connected to the server 40 of the first device 10 to download the MP3 file and RO transmitted to the server 40 by the first user.
因此,该第二用户可以使用第二设备20来播放该MP3文件,而第一用户无法再利用第一设备10来播放该MP3文件。Therefore, the second user can use the second device 20 to play the MP3 file, but the first user cannot use the first device 10 to play the MP3 file.
这样,第一设备10可以经由服务器40将自己所获得的RO的全部传送(移动)给第二设备20。In this way, the first device 10 can transfer (move) all of the ROs it has obtained to the second device 20 via the server 40 .
在下文中,根据本发明的第二实施方式示意性地对经由服务器将RO的一部分从一个设备传送到另一设备的方法进行描述。第二实施方式示出了对RO的一部分进行的传送。Hereinafter, a method of transferring a part of an RO from one device to another device via a server is schematically described according to a second embodiment of the present invention. The second embodiment shows transfer to a part of the RO.
第一用户利用第一设备10浏览来自服务器40的可用内容(即,视频)。The first user utilizes the first device 10 to browse available content (ie, videos) from the server 40 .
第一用户选择具体视频,并指示他希望播放该具体视频十次并共享该具体视频。The first user selects a specific video and indicates that he wishes to play the specific video ten times and share the specific video.
服务器40生成所选择视频的RO,该RO具有十次播放限制的限制及移动许可。The server 40 generates a RO of the selected video with a limit of ten play limits and permission to move.
第一用户随后利用第一设备10来下载该视频和RO。The first user then utilizes the first device 10 to download the video and the RO.
第一用户利用第一设备10来播放该视频一次。The first user utilizes the first device 10 to play the video once.
如果第二设备20希望播放视频特定次数,则第一用户利用第一设备10来访问服务器40并向服务器40传送该视频的RO的一部分。If the second device 20 wishes to play the video a certain number of times, the first user utilizes the first device 10 to access the server 40 and transmit to the server 40 a part of the RO of the video.
即,如果第二设备20希望播放视频一次,则第一设备将从自己所获得的RO的全部中的用于一次播放的RO传送给服务器40。That is, if the second device 20 wishes to play the video once, the first device transmits to the server 40 the RO for one play among all the ROs obtained by itself.
第二用户经由第二设备20访问服务器40,随后下载从第一设备10传送给服务器40的视频和RO(这里,第二用户可以与第一用户是同一或不同的用户)。The second user accesses the server 40 via the second device 20, and then downloads the video and RO transmitted to the server 40 from the first device 10 (here, the second user may be the same or different user from the first user).
因此,第二用户可以基于经由第二设备20所获得的用于一次播放的RO来播放视频。Accordingly, the second user can play the video based on the RO for one-time play obtained via the second device 20 .
同时,第一设备10于是具有播放视频八次的RO。At the same time, the first device 10 then has a RO that plays the video eight times.
以下,参照图2详细说明第一和第二实施方式。Hereinafter, the first and second embodiments will be described in detail with reference to FIG. 2 .
图2示出了根据本发明第一实施方式的经由服务器将版权对象从一个设备移动到另一设备的示例性方法。基于图2中所示的信号流来说明第一实施方式。以只关注第二实施方式与第一实施方式的差别的方式来说明第二实施方式。FIG. 2 illustrates an exemplary method of moving a rights object from one device to another via a server according to the first embodiment of the present invention. The first embodiment is explained based on the signal flow shown in FIG. 2 . The second embodiment will be described focusing only on the differences between the second embodiment and the first embodiment.
第一DRM代理设置在第一设备10中,而第二DRM代理21设置在第二设备20中。RI41设置在服务器40中。第一设备10的第一用户可以与第二设备20的第二用户为同一用户或者不同用户。此外,待传送的RO可以是设备RO或用户域RO。The first DRM agent is set in the first device 10 and the second DRM agent 21 is set in the second device 20 . RI41 is provided in the server 40. The first user of the first device 10 and the second user of the second device 20 may be the same user or different users. In addition, the RO to be transferred may be a device RO or a user domain RO.
出于说明起见,第一设备10所获得的RO称为第一RO,要从第一设备10传送给服务器40的RO称为第二RO,而要从服务器40传送给第二设备20的RO称为第三RO。For the sake of illustration, the RO obtained by the first device 10 is called a first RO, the RO to be transmitted from the first device 10 to the server 40 is called a second RO, and the RO to be transmitted from the server 40 to the second device 20 is called a first RO. It is called the third RO.
RI41已经将第一RO发布给第一DRM代理11。第一RO可以是未使用的RO或是在被部分使用后的剩余RO。RI41 has issued the first RO to the first DRM agent 11. The first RO may be an unused RO or a remaining RO after being partially used.
以下,对第一DRM代理11将第一RO的全部或一部分传送(移动)给第二DRM代理21的情况进行说明。Hereinafter, a case where the first DRM agent 11 transfers (moves) all or part of the first RO to the second DRM agent 21 will be described.
当希望将RO从一个DRM代理传送到另一DRM代理时(即,当经由RI传送RO时),该RO应当具有由该RI生成的数字签名。因此,当请求移动(传送)从第一RO转换来的第二RO时,数字签名可以为RI41提供完整性功能和非否认性(non-repudiation)功能,以允许RI41检查自己是否发出了该RO。When it is desired to transfer an RO from one DRM Agent to another (ie when transferring an RO via an RI), the RO should have a digital signature generated by the RI. Therefore, when requesting to move (transmit) the second RO converted from the first RO, the digital signature can provide RI41 with an integrity function and a non-repudiation function to allow RI41 to check whether it has issued the RO .
首先,第一DRM代理11的第一用户浏览RI入口(portal),并选择将RO移动(传送)给另一DRM代理的移动服务。第一用户随后向RI41请求服务,该服务用于将自己所获得的第一RO传送给第二DRM代理。First, a first user of a first DRM agent 11 browses an RI portal and selects a move service to move (transfer) an RO to another DRM agent. The first user then requests a service from the RI41, and the service is used to transmit the first RO obtained by the user to the second DRM agent.
RI41向第一DRM代理发送版权对象获取协议(ROAP:rightsobjectaccessprotoco1)触发(RO移动触发),以指示开始向RI41传送RO(S10)。The RI41 sends a Rights Object Acquisition Protocol (ROAP: rightsobjectaccessprotocol) trigger (RO move trigger) to the first DRM agent to instruct to start transferring the RO to the RI41 (S10).
如果第一DRM代理11已经知道了目标DRM代理(例如,第二DRM代理21)的识别符,则可以不执行步骤S10。第二DRM代理的识别符表示第二设备的ID。If the first DRM agent 11 already knows the identifier of the target DRM agent (eg, the second DRM agent 21 ), step S10 may not be performed. The identifier of the second DRM agent indicates the ID of the second device.
当接收到用户发起或ROAP触发时,第一DRM代理11生成受保护的RO(即,第二RO),以传送给RI41。When receiving user initiation or ROAP trigger, the first DRM agent 11 generates a protected RO (ie, the second RO) to transmit to the RI41.
即,第一DRM代理11使用第一设备的私钥或之前与RI41共享的保密密钥,来对RI41发出的RO(即,第一DRM代理11所获得的RO(即,第一RO))进行解码。这里,对第一RO的版权加密密钥(REK)和MAC密钥进行解码。That is, the first DRM agent 11 uses the private key of the first device or the secret key shared with the RI41 before, to the RO issued by the RI41 (that is, the RO obtained by the first DRM agent 11 (that is, the first RO)) to decode. Here, the copyright encryption key (REK) and MAC key of the first RO are decoded.
第一DRM代理11生成另一受保护的RO(即,第二RO)。该另一受保护的RO也可以包括内容加密密钥(CEK)、许可、限制、和数字签名,所有这些都与包括在第一设备10所获得的RO(即,第一RO)中的内容加密密钥(CEK)、许可、限制、和数字签名相同。The first DRM agent 11 generates another protected RO (ie, the second RO). This other protected RO may also include a content encryption key (CEK), permissions, restrictions, and digital signatures, all of which are related to the content included in the RO obtained by the first device 10 (i.e., the first RO). The encryption key (CEK), permissions, restrictions, and digital signatures are the same.
当生成受保护的RO(即,第二RO)时,第一DRM代理11利用RI41的公钥或之前与RI41共享的保密密钥,来对REK和MAC密钥进行编码,以允许RI41读出REK和MAC密钥。第一DRM代理11还生成要用于第二RO的完整性验证的mac值,以允许RI41验证第二RO的完整性。When generating a protected RO (i.e., a second RO), the first DRM agent 11 encodes the REK and MAC keys using the public key of RI41 or the secret key previously shared with RI41 to allow RI41 to read REK and MAC keys. The first DRM agent 11 also generates a mac value to be used for the integrity verification of the second RO to allow the RI 41 to verify the integrity of the second RO.
假设第一RO是有状态的RO,如果第一RO被完整地或部分地传送,则第一DRM代理11根据所管理的状态信息生成状态信息对象(S12)。Assuming that the first RO is a stateful RO, if the first RO is completely or partially transmitted, the first DRM agent 11 generates a state information object according to the managed state information (S12).
在生成受保护的RO(即,第二RO)之后,第一DRM代理11生成RO移动请求消息(例如,ROAP-RO移动请求),并将该消息发送给RI41(S14),该RO移动请求消息包括了所生成的RO、状态信息对象(如果RO是有状态的RO)和第二设备的识别符以及该消息的数字签名。该第二设备的识别符可以不包括在该RO移动请求消息中。第一用户可以稍后在RI入口处指定第二设备的识别符。该RO移动请求消息表示用于请求将RO传送(移动)到另一DRM代理的消息,稍后对其进行详细说明。After generating the protected RO (that is, the second RO), the first DRM agent 11 generates a RO move request message (for example, ROAP-RO move request), and sends the message to RI41 (S14), the RO move request The message includes the generated RO, the state information object (if the RO is a stateful RO) and the identifier of the second device and the digital signature of the message. The identifier of the second device may not be included in the RO move request message. The first user may later specify the identifier of the second device at the RI entry. The RO move request message indicates a message for requesting transfer (move) of an RO to another DRM agent, and details thereof will be described later.
在使用发送自第一DRM代理11的ROAP请求(例如,ROAP-RO移动请求)消息中的数字签名成功地完成了包括撤回(revocation)状态检查的认证之后,RI41生成与第二DRM代理绑定的受保护的RO(即,第三RO)(S16)。After successfully completing authentication including a revocation status check using the digital signature in the ROAP request (e.g., ROAP-RO Move Request) message sent from the first DRM agent 11, RI 41 generates a binding with the second DRM agent protected RO (that is, the third RO) (S16).
即,RI41验证所接收到的RO(即,第二RO),并利用RI41的私钥(或之前共享的保密密钥)对所接收到的RO进行解码,以生成与第二设备20绑定的RO(即,第三RO)。That is, RI41 verifies the received RO (i.e., the second RO), and decodes the received RO using the private key of RI41 (or the previously shared secret key) to generate the RO bound to the second device 20. The RO (ie, the third RO).
当生成第三RO(即,与第二DRM代理绑定的RO)时,如果接收到状态信息对象,则RI41应当对所接收到的状态信息对象和限制信息进行组合,并且还应当对包括在从第一设备(发送设备)10接收到的第二RO中的限制值进行修改。When generating the third RO (that is, the RO bound to the second DRM agent), if a state information object is received, then RI41 should combine the received state information object and restriction information, and should also The limit value in the second RO received from the first device (sending device) 10 is modified.
此外,如果包括在所接收的第二RO中的<move>元素具有次数限制,则RI41应当将具有该<move>元素的<count>元素的值减少1。Also, if the <move> element included in the received second RO has a number of times limit, the RI 41 should decrease the value of the <count> element having the <move> element by 1.
在对包括在接收到的第二RO的<rights>元素中的限制值进行修改之后,RI41生成针对<rights>元素的数字签名值。After modifying the restriction value included in the <rights> element of the received second RO, the RI41 generates a digital signature value for the <rights> element.
RI41使用目标设备(即,第二设备20)的公钥或之前与第二设备20共享的保密密钥对版权加密密钥(REK)和MAC密钥进行编码,随后将编码后和封装的REK和MAC密钥附加到位于<ro>元素下的<encKey>元素中。RI41 encodes the copyright encryption key (REK) and the MAC key using the public key of the target device (i.e., the second device 20) or the secret key previously shared with the second device 20, and then encodes and encapsulates the REK and MAC key are attached to the <encKey> element located under the <ro> element.
RI41生成<ro>元素的mac值并将所生成的mac值附加到位于<protectedRO>元素下的<mac>元素。通过这种方式,RI41生成第二DRM代理21的RO(即,第三RO或与第二DRM代理21绑定的RO)。RI41 Generates the mac value of the <ro> element and appends the generated mac value to the <mac> element located under the <protectedRO> element. In this way, the RI41 generates the RO of the second DRM agent 21 (ie, the third RO or the RO bound to the second DRM agent 21).
随后,RI41响应于RO移动请求消息(例如,ROAP-ro移动请求)将RO移动响应消息(例如,ROAP-ro-移动响应)发送到第一DRM代理11(S18)。RO移动响应消息表示RI41是否确认所传送的第二RO将被成功地传递。稍后将详细地说明RO移动响应消息。Subsequently, the RI 41 transmits an RO move response message (eg, ROAP-ro-Move Response) to the first DRM agent 11 in response to the RO move request message (eg, ROAP-ro move request) (S18). The RO Move Response message indicates whether the RI41 confirms that the transferred second RO will be successfully transferred. The RO Mobile Response message will be described in detail later.
在第一实施方式中(即,用于完整地传送RO),在识别出已经成功地将RO传送给RI41之后,接收到RO移动响应消息的第一DRM代理11删除相应的RO(即,第一RO)(S20),而在第二实施方式中(即,用于部分地传送RO)修改与对应RO(即,第一RO)相关的状态信息。In the first embodiment (i.e., for fully transferring the RO), after recognizing that the RO has been successfully transferred to the RI 41, the first DRM agent 11 receiving the RO move response message deletes the corresponding RO (i.e., the first One RO) (S20), while in the second embodiment (ie, for partially transferring the RO) the status information related to the corresponding RO (ie, the first RO) is modified.
另一方面,RI41执行典型的1通(1-pass)或2通(2-pass)RO获取协议(S22、S24和S26)。在2通RO的情况下,RI41向第二DRM代理21发送ROAP触发,以指示第二DRM代理21下载从第一DRM代理11所传送的RO。On the other hand, RI41 performs a typical 1-pass or 2-pass RO acquisition protocol (S22, S24 and S26). In the case of 2-way RO, the RI 41 sends a ROAP trigger to the second DRM agent 21 to instruct the second DRM agent 21 to download the RO transferred from the first DRM agent 11 .
第二DRM代理21在成功地完成与RI41进行的获取协议过程之后,下载由第一DRM代理11的第一用户发送到RI41的RO。因此,第二DRM代理21安装所下载的RO(S28)。The second DRM agent 21 downloads the RO sent to the RI41 by the first user of the first DRM agent 11 after successfully completing the acquisition agreement process with the RI41. Accordingly, the second DRM agent 21 installs the downloaded RO (S28).
现在将详细说明在本发明中所提出的RO移动触发、RO移动请求消息和RO移动响应消息。The RO Move Trigger, RO Move Request message, and RO Move Response message proposed in the present invention will now be described in detail.
以下,首先说明RO移动触发。Hereinafter, the RO movement trigger will be described first.
该RO移动触发表示当发送设备希望经由RI将RO传送(移动)到接收设备时从RI发送到发送设备的ROAP触发。RO移动触发可以是DRMROAP触发的一个扩展。This RO move trigger means a ROAP trigger transmitted from RI to the transmitting device when the transmitting device wishes to transfer (move) the RO to the receiving device via the RI. The RO movement trigger may be an extension of the DRM ROAP trigger.
如图2中的步骤S10所示,将RO移动触发从RI41发送到第一DRM代理11,以指示第一DRM代理11开始向RI41传送RO。As shown in step S10 in FIG. 2 , an RO move trigger is sent from RI41 to the first DRM agent 11 to instruct the first DRM agent 11 to start transferring ROs to RI41.
图3示出了说明根据本发明的RO移动触发的语法的示例性文本。图3中的下划线部分具体示出了文本扩展部分。FIG. 3 shows exemplary text illustrating the syntax of the RO move trigger according to the present invention. The underlined part in Fig. 3 specifically shows the text extension part.
当第一DRM代理11接收到包括了<roapTrigger>元素(其具有<roMove>元素)的ROAP触发时,第一DRM代理11应当获取第一用户的许可并启动ROAP-RO移动请求协议。如果第一DRM代理在所接收到的RO移动触发中没有指定的<riID>的Ri上下文(Context),则第一DRM代理11应当使用在RO移动触发中的<roapURL>元素来启动ROAP-设备呼叫登记协议(helloregistrationprotocol)。When the first DRM agent 11 receives the ROAP trigger including the <roapTrigger> element (which has the <roMove> element), the first DRM agent 11 should obtain the permission of the first user and start the ROAP-RO move request protocol. If the first DRM agent does not have the Ri context (Context) of <riID> specified in the received RO move trigger, the first DRM agent 11 shall use the <roapURL> element in the RO move trigger to start the ROAP-device Call Registration Protocol (helloregistrationprotocol).
当第一用户选择待传送的一个或更多个RO时,RI41可以在RO移动触发中指定(多个)<roID>元素。When the first user selects one or more ROs to transfer, RI41 may specify the <roID> element(s) in the RO move trigger.
在通过RO移动触发接收到由RI41指定的<roID>元素之后,第一DRM代理11应当将待传送的RO或roID(RO的标识符)包括(添加)在ROAP-RO移动请求消息(即,ROAP-ro移动请求)中。After receiving the <roID> element specified by RI41 by the RO move trigger, the first DRM agent 11 should include (add) the RO to be transferred or the roID (identifier of the RO) in the ROAP-RO move request message (i.e., ROAP-ro mobile request).
如果希望将其RO传送给另一设备的第一用户指定了目标设备,则RI41应当设置<roapTrigger>元素中的<targetDeviceID>元素。因此,包括在RO移动触发中的<roapTrigger>元素可以具有<targetDeviceID>元素。<targetDeviceID>元素可以包括RO要被传送到的设备(即,目标设备)的ID值。If the first user who wishes to transfer his RO to another device specifies a target device, the RI41 should set the <targetDeviceID> element in the <roapTrigger> element. Therefore, the <roapTrigger> element included in the RO mobile trigger may have a <targetDeviceID> element. The <targetDeviceID> element may include an ID value of a device (ie, target device) to which the RO is to be transferred.
以下说明RO移动请求消息。The following describes the RO move request message.
将RO移动请求消息(即,ROAP-RO移动请求消息)从发送设备发送到RI41,以由RI启动移动协议。该消息表示经由RI将RO传送到目标DRM代理。参照图2,在步骤S14将RO移动请求消息从第一DRM代理11发送到RI41。An RO move request message (ie, ROAP-RO move request message) is sent from the sending device to RI 41 to start the move protocol by RI. This message indicates that the RO is transferred to the target DRM Agent via the RI. Referring to FIG. 2, an RO move request message is sent from the first DRM agent 11 to the RI 41 at step S14.
图4示出了根据本发明的RO移动请求消息的参数。在图4中,M表示必选成分,而o是可选成分。FIG. 4 shows parameters of an RO move request message according to the present invention. In Figure 4, M represents a mandatory component, while o is an optional component.
设备ID表示请求设备(即,发送设备)。RIID表示服务器(即,RI)的ID。The device ID indicates the requesting device (ie, the sending device). RIID represents the ID of the server (ie, RI).
触发现实数据(triggernonce)与从RI41接收到的RO移动触发中包括的现实数据值相同。当指定(定义)了触发现实数据参数时,RI41可以保存第一用户在浏览期间已经指定的目标设备的ID(即,第二设备的ID)。在这种情况下,可以不必在RO移动请求消息中指定(定义)目标设备ID参数。The trigger real data (triggernonce) is the same value as the real data included in the RO movement trigger received from the RI41. When the trigger reality data parameter is designated (defined), the RI 41 may save the ID of the target device (ie, the ID of the second device) that the first user has designated during browsing. In this case, it may not be necessary to specify (define) the target device ID parameter in the RO move request message.
设备现实数据(devicenonce)表示发送设备(即,第一设备)所选择的现实数据。The device actual data (devicenonce) represents actual data selected by the transmitting device (ie, the first device).
请求时间表示发送设备所识别出的当前DRM时间。The request time represents the current DRM time recognized by the sending device.
如果从RI接收到的RO移动触发具有<targetDeviceID>,则应当指定目标设备ID。目标设备ID值应当与该RO移动触发中的<targetDeviceID>元素相同。如果没有指定目标设备ID参数,则第一用户应当在RI入口处指定目标设备。If the RO movement trigger received from RI has <targetDeviceID>, the target device ID shall be specified. The target device ID value shall be the same as the <targetDeviceID> element in the RO move trigger. If no target device ID parameter is specified, the first user shall specify a target device at the RI entry.
(多个)ROInfo参数表示要移动(传送)的一个或更多个RO。它可以包含一个或更多个ROID和状态信息对象对,或包含一个或更多个受保护的RO和状态信息对象。The ROInfo parameter(s) indicates one or more ROs to be moved (transferred). It may contain one or more ROID and state information object pairs, or contain one or more protected RO and state information objects.
受保护的RO的内容应当与最初从RI所接收的RO的内容中的除了包括在<protectedRO>元素中的<ro>元素的<encKey>元素和包括在<protectedRO>元素中的<mac>元素以外的内容相同。The content of the protected RO shall be the same as the content of the RO originally received from the RI except for the <encKey> element of the <ro> element included in the <protectedRO> element and the <mac> element included in the <protectedRO> element other than the same.
<encKey>元素具有经封装的版权加密密钥(REK)和MAC密钥。应当由第一设备利用RI的公钥或之前与RI共享的保密密钥来对这两个密钥进行编码,该公钥之前在相互认证处理中已被共享。The <encKey> element has an encapsulated copyright encryption key (REK) and MAC key. These two keys should be encoded by the first device with RI's public key, which was previously shared in the mutual authentication process, or a secret key previously shared with RI.
<mac>元素包括<protectedRO>元素的mac值。应当利用<encKey>元素中的MAC密钥或利用新生成的MAC密钥来计算该mac值,并将其附加到<mac>元素中。The <mac> element contains the mac value of the <protectedRO> element. This mac value shall be calculated using the MAC key in the <encKey> element or using a newly generated MAC key and appended to the <mac> element.
当RO是有状态的RO时,(多个)状态信息对象的参数应当被包括在RO移动请求消息中。所述(多个)状态信息对象的参数表示由第一设备的第一DRM代理所管理的状态信息。When the RO is a stateful RO, the parameters of the state information object(s) shall be included in the RO move request message. The parameters of the state information object(s) represent state information managed by the first DRM agent of the first device.
当完整地传送(移动)具体RO时,根据与具体RO的全部相对应的状态信息来生成状态信息对象。相反,当部分地传送具体RO时,根据与该具体RO的一部分相对应的状态信息来生成状态信息对象。When a specific RO is completely transferred (moved), a status information object is generated from status information corresponding to all of the specific RO. In contrast, when a specific RO is partially transmitted, a status information object is generated from status information corresponding to a part of the specific RO.
如果RI上下文并没有表示RI已经保存了它所要求的设备证书信息,则在RO移动请求消息包括证书链参数。If the RI context does not indicate that the RI has stored the required device certificate information, the certificate chain parameter is included in the RO move request message.
扩展参数可以包括重定向识别符扩展。当在扩展参数字段中存在重定向识别符扩展时,扩展参数表示要接收受保护的RO的接收设备(例如,第二设备)的ID。ID可以是由蜂窝运营商为各个设备设定的电话号码。如果重定向识别符扩展不存在,则这隐含地向RO表示第一设备正在对具有相等的值或更小的值的新RO提交未使用的RO(这里,未使用的RO与受保护的RO参数相对应)。即,如果在RO移动请求消息的扩展参数字段中不存在重定向识别符扩展,则接收到RO移动请求消息的RI识别出包括在RO移动请求消息中的RO(即,与受保护的RO字段相对应的RO)要通过被转换为另一RO而被发出。Extension parameters may include redirection identifier extensions. When there is a redirection identifier extension in the extension parameter field, the extension parameter indicates the ID of the receiving device (eg, the second device) to receive the protected RO. The ID can be a phone number set by the cellular operator for each device. If the redirection identifier extension does not exist, this implicitly indicates to the RO that the first device is submitting an unused RO to a new RO of equal value or less (here, the unused RO is the same as the protected corresponding to the RO parameter). That is, if there is no redirection identifier extension in the extended parameter field of the RO move request message, the RI receiving the RO move request message recognizes the RO included in the RO move request message (i.e., the same as the protected RO field The corresponding RO) is to be emitted by being converted into another RO.
签名参数表示RO移动请求消息的数字签名。The signature parameter indicates the digital signature of the RO move request message.
图5示出了根据本发明的RO移动请求消息的示例性语法。在图5中,<roMoveRequest>元素定义了ROAP-RO移动请求消息,并具有复数类型的“roap:ROMoveRequest”。“roap:ROMoveRequest”类型扩展了基本“roap:Requesttype”功能。FIG. 5 shows an exemplary syntax of an RO move request message according to the present invention. In FIG. 5, the <roMoveRequest> element defines a ROAP-RO move request message, and has a plural type of "roap:ROMoveRequest". The "roap:ROMoveRequest" type extends the base "roap:Requesttype" functionality.
图6示出了包括在根据本发明的RO移动请求消息中的重定向识别符扩展参数的概要部分。FIG. 6 shows an outline part of a redirect identifier extension parameter included in an RO move request message according to the present invention.
以下说明RO移动响应消息。The following describes the RO Mobile Response message.
响应于RO移动请求消息(即,ROAP-RO移动请求),将RO移动响应消息(即,ROAP-RO移动响应)从RI发送到发送设备,即,在图2中的步骤S18中从RI41发送到第一DRM代理的消息。RO移动响应消息表示RI是否确认成功地传递(传送)了RO。In response to the RO Move Request message (i.e., ROAP-RO Move Request), an RO Move Response message (i.e., ROAP-RO Move Response) is sent from RI to the sending device, i.e., from RI 41 in step S18 in FIG. 2 A message to the first DRM agent. The RO Move Response message indicates whether the RI confirms that the RO was successfully delivered (delivered).
图7示出了根据本发明的RO移动请求消息的示例性语法。FIG. 7 shows an exemplary syntax of an RO move request message according to the present invention.
状态(status)参数表示由Ri进行的RO移动请求消息的处理状态。如果处理成功,则状态参数值为“成功”。否则,RI选择一个表示错误的状态消息。The status (status) parameter indicates the processing status of the RO move request message by Ri. If processing was successful, the status parameter value is "success". Otherwise, RI chooses a status message indicating an error.
设备ID参数表示接收RO移动响应消息的设备的ID。该参数具有与包括在RO移动请求消息中的设备ID参数值(即,图4的设备ID参数值)相同的值。The device ID parameter indicates the ID of the device receiving the RO mobile response message. This parameter has the same value as the device ID parameter value (ie, the device ID parameter value of FIG. 4 ) included in the RO move request message.
RIID参数表示发送RO移动响应消息的RI的ID。RI现实数据参数具有由该RI所选择的现实数据。The RIID parameter indicates the ID of the RI that sent the RO Mobile Response message. The RI real data parameter has the real data selected by this RI.
ROURI参数表示用于获取与目标设备绑定的RO的地址(例如,HTTPURL)。设备可以将ROURI传递给目标设备,以允许该目标设备下载该RO。The ROURI parameter indicates an address (for example, HTTPURL) for obtaining an RO bound to the target device. The device may pass the ROURI to the target device to allow the target device to download the RO.
为RO移动响应消息定义了扩展参数,但是在这里并不使用。Extended parameters are defined for the RO Mobile Response message, but are not used here.
签名参数表示RO移动响应消息的数字签名。The signature parameter indicates the digital signature of the RO Mobile Response message.
图8示出了表明根据本发明的RO移动请求消息的语法的示例性文本。FIG. 8 shows exemplary text indicating the syntax of an RO move request message according to the present invention.
<roMoveResponse>元素定义了ROAP-RO移动响应消息。The <roMoveResponse> element defines the ROAP-RO move response message.
<roMoveResponse>元素具有“roap:ROMoveResponse”复数类型。该复数类型扩展了基本“roap:Response”类型。The <roMoveResponse> element has a "roap:ROMoveResponse" plural type. This plural type extends the base "roap:Response" type.
以下,说明包括在由RI发出的RO中的数字签名。Next, the digital signature included in the RO issued by the RI will be described.
当希望将RO从一个DRM代理传送到另一DRM代理时,无论RO是经由RI而被传送或直接被传送,RI都发出具有数字签名的RO。当RO移动请求被处理时,该数字签名可以为RI提供非否认性功能,以使得RI检查该RO是否是其自身发出的。When it is desired to transfer an RO from one DRM Agent to another, whether the RO is transferred via the RI or directly, the RI issues the RO with a digital signature. When the RO move request is processed, the digital signature can provide the non-repudiation function for the RI, so that the RI checks whether the RO is issued by itself.
参照图2,当第一设备10接收到由RI41发出的RO并安装它时,如果在<rights>元素中定义了“move(移动)”许可,则第一设备10的第一DRM代理11应当保存<signature>元素的值(这里,如果RO包括了移动许可,则由RI生成<signature>元素的值)。第一DRM代理11应当能够创建与包括在最初由RI41发出的RO中的<rights>元素相同的<rights>元素。Referring to FIG. 2, when the first device 10 receives the RO issued by the RI41 and installs it, if "move (moving)" permission is defined in the <rights> element, the first DRM agent 11 of the first device 10 should Save the value of the <signature> element (here, if the RO includes mobile permission, the value of the <signature> element is generated by the RI). The first DRM agent 11 should be able to create the same <rights> element as included in the RO originally issued by the RI 41 .
此外,第一DRM代理11应当保存包括在在最初发出的RO中的REK和MAC密钥。Furthermore, the first DRM agent 11 should hold the REK and MAC keys included in the initially issued RO.
图9示出了表明包括在RO中的“移动”许可的示例性XML文档。FIG. 9 shows an exemplary XML document indicating a "Move" license included in an RO.
位于<Move>元素下方的<type>元素可以具有“经由RI”和/或“直接传送”的(多个)值。如果<type>元素的值是“经由RI”,则第一DRM代理11可以经由RI41来移动RO。如果<type>元素的值是“直接传送”,则第一DRM代理11可以直接地将RO移动到另一DRM代理(这里,本发明中并不考虑直接传送RO的详细说明)。A <type> element located below a <Move> element may have a value(s) of "via RI" and/or "direct transfer". If the value of the <type> element is 'via RI', the first DRM agent 11 can move the RO via RI41. If the value of the <type> element is "direct transfer", the first DRM agent 11 can directly move the RO to another DRM agent (here, the detailed description of direct transfer RO is not considered in the present invention).
<constraint>元素下的<count>元素表示传送RO的次数。The <count> element under the <constraint> element indicates the number of times the RO is transmitted.
如果<count>元素的值是“0”,则第一DRM代理11不应当向RI41发送针对该RO的RO移动请求消息。If the value of the <count> element is '0', the first DRM agent 11 should not send the RO move request message for this RO to the RI41.
可以在第二设备20的第二DRM代理21安装所接收到的RO时等同地应用在第一DRM代理11安装待传送的RO(该RO是最初由RI41发出的RO)时所执行的处理操作。The processing operations performed when the first DRM agent 11 installs the RO to be transferred, which is the RO originally issued by the RI 41 , can be equally applied when the second DRM agent 21 of the second device 20 installs the received RO. .
在本发明的另一实施方式中,将对经由服务器在设备之间传送版权对象的方法进行描述。在另一实施方式中,发送设备向服务器发送RO识别符而不是RO本身,以请求RO移动。即,该另一实施方式与上述第一和第二实施方式不同之处在于,发送设备向服务器发送RO识别符而不是RO。In another embodiment of the present invention, a method of transferring a rights object between devices via a server will be described. In another embodiment, the sending device sends the RO identifier instead of the RO itself to the server to request RO movement. That is, this other embodiment is different from the first and second embodiments described above in that the sending device sends the RO identifier to the server instead of the RO.
参照图1和图2,对经由服务器40(即,RI41)将第一设备10的RO传送到第二设备20的情况进行说明。Referring to FIGS. 1 and 2 , a case where the RO of the first device 10 is transmitted to the second device 20 via the server 40 (ie, RI 41 ) will be described.
如果RI41已经保存了第一设备10的RO,则第一设备10和RI41都可以基于RO识别符来识别该RO。If the RI41 has saved the RO of the first device 10, both the first device 10 and the RI41 can identify the RO based on the RO identifier.
第一设备10将包括了用于识别RO的RO识别符的RO移动请求消息发送给RI41,以请求RI41将它的RO传送给第二设备20。这里,RO移动请求消息可以不包括图4中所示的作为必选成分的(多个)受保护的RO参数,而包括RO识别符作为必选成分。The first device 10 sends the RO move request message including the RO identifier for identifying the RO to the RI41 to request the RI41 to transfer its RO to the second device 20 . Here, the RO move request message may not include the protected RO parameter(s) shown in FIG. 4 as a mandatory component, but may include an RO identifier as a mandatory component.
RI41随后检查与包括在所接收到的RO移动请求消息中的RO识别符相对应的RO。RI41利用它的私钥或之前与第一设备10共享的保密密钥,来对检查后的RO进行解码。然后,RI41利用第二设备20的公钥或之前与第二设备20共享的保密密钥,来对解码后的RO进行编码。RI41 then checks the RO corresponding to the RO identifier included in the received RO Move Request message. RI 41 decodes the checked RO with its private key or a secret key previously shared with the first device 10 . Then, the RI41 encodes the decoded RO by using the public key of the second device 20 or the secret key previously shared with the second device 20 .
当对RO进行编码时,如果解码后的RO具有移动次数限制,则RI41将传送次数减少1。RI41还利用第二设备20的公钥或之前与第二设备20共享的保密密钥,来对包括在解码后的RO中的REK和MAC密钥进行编码。RI41通过计算MAC密钥或新生成的MAC密钥,来生成mac值。When encoding the RO, if the decoded RO has a movement count limit, the RI41 decreases the transfer count by 1. The RI 41 also encodes the REK and MAC keys included in the decoded RO using the public key of the second device 20 or the secret key previously shared with the second device 20 . RI41 generates a mac value by calculating a MAC key or a newly generated MAC key.
如果RO是有状态的RO,则RI41可以对状态信息对象进行编码。If the RO is a stateful RO, RI41 may encode a state information object.
这样,在生成要被移动到第二设备20的RO之后或在生成RO期间,RI41响应于RO移动请求消息,将响应消息(例如,RO移动响应消息)发送到第一设备10。如果该响应消息表示确保RO的成功传送,则第一设备10针对传送了完整RO的情况删除RO,并针对传送了一部分RO的情况对与该RO相关的状态信息进行修改。In this way, after generating the RO to be moved to the second device 20 or during generating the RO, the RI 41 transmits a response message (for example, an RO move response message) to the first device 10 in response to the RO move request message. If the response message indicates that the successful transmission of the RO is ensured, the first device 10 deletes the RO if a complete RO is transmitted, and modifies the status information related to the RO if a part of the RO is transmitted.
RI41将编码后的Ro和状态信息对象(在有状态的RO的情况下)传送给第二设备20。第二设备20相应地接收该RO,以进行安装。The RI 41 transmits the encoded Ro and the state information object (in the case of a stateful RO) to the second device 20 . The second device 20 accordingly receives the RO for installation.
如到目前为止所述,本发明提供了经由服务器将特定设备所获取的RO的全部或一部分传送(移动)到另一设备的方法,可以经由服务器将由该服务器发出的针对特定内容的RO传送到另一设备。As described so far, the present invention provides a method of transferring (moving) all or part of the RO acquired by a specific device to another device via a server, and the RO for specific content issued by the server can be transferred to another device.
已经根据仅作为示意性的实施方式对本发明进行了说明。很明显,本领域技术人员在不脱离本发明的精神或范围的情况下可以对本发明进行各种修改和变化。因此,本发明旨在涵盖落入所附权利要求及其等同物范围内的本发明的这些修改和变化。The invention has been described on the basis of exemplary embodiments only. It will be apparent to those skilled in the art that various modifications and changes can be made in the present invention without departing from the spirit or scope of the inventions. Thus, it is intended that the present invention covers the modifications and variations of this invention that come within the scope of the appended claims and their equivalents.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| KR1020060008575 | 2006-01-26 | ||
| KR1020060008575AKR20070078340A (en) | 2006-01-26 | 2006-01-26 | System and method for delivering content usage rights between devices |
| KR10-2006-0008575 | 2006-01-26 | ||
| US78723206P | 2006-03-30 | 2006-03-30 | |
| US60/787,232 | 2006-03-30 | ||
| US83349306P | 2006-07-27 | 2006-07-27 | |
| US60/833,493 | 2006-07-27 | ||
| KR1020060081343AKR100830941B1 (en) | 2006-03-30 | 2006-08-25 | Method for moving rights object in digital rights management and device thereof |
| KR10-2006-0081343 | 2006-08-25 | ||
| KR1020060081343 | 2006-08-25 | ||
| PCT/KR2007/000449WO2007086697A1 (en) | 2006-01-26 | 2007-01-25 | Apparatus and method for moving rights object from one device to another device via server |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210396734.7ADivisionCN103023640B (en) | 2006-01-26 | 2007-01-25 | Via server, right objects is moved to from an equipment apparatus and method of another equipment |
| Publication Number | Publication Date |
|---|---|
| CN101375543A CN101375543A (en) | 2009-02-25 |
| CN101375543Btrue CN101375543B (en) | 2016-05-11 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200780003696.1AExpired - Fee RelatedCN101375543B (en) | 2006-01-26 | 2007-01-25 | Apparatus and method for moving rights object from one device to another via server |
| Country | Link |
|---|---|
| KR (1) | KR20070078340A (en) |
| CN (1) | CN101375543B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2763072A4 (en)* | 2011-09-29 | 2015-09-02 | Lg Electronics Inc | Method, device, and system for downloading contents on the basis of a rights verification |
| CN102945532A (en)* | 2012-11-20 | 2013-02-27 | 南京邮电大学 | Digital rights realizing method for supporting rights assignment |
| US9148489B2 (en) | 2013-03-11 | 2015-09-29 | Qualcomm Incorporated | Exchanging a contact profile between client devices during a communication session |
| US9622275B2 (en) | 2013-03-15 | 2017-04-11 | Qualcomm Incorporated | System and method for allowing multiple devices to communicate in a network |
| KR101383650B1 (en)* | 2013-11-28 | 2014-04-11 | 주식회사 알아이 | Digital content sales brokerage device and method |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1554063A (en)* | 2001-07-06 | 2004-12-08 | ��˹��ŵ�� | Digital rights management in a mobile communication environment |
| CN1585324A (en)* | 2003-08-21 | 2005-02-23 | 三星电子株式会社 | Method for sharing rights objects between users |
| KR20050111534A (en)* | 2005-04-08 | 2005-11-25 | (주)인테고소프트 | The trade intermediation system and method of digital contents right to use and memory media recoding program to operate the method |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040199471A1 (en)* | 2003-04-01 | 2004-10-07 | Hardjono Thomas P. | Rights trading system |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1554063A (en)* | 2001-07-06 | 2004-12-08 | ��˹��ŵ�� | Digital rights management in a mobile communication environment |
| CN1585324A (en)* | 2003-08-21 | 2005-02-23 | 三星电子株式会社 | Method for sharing rights objects between users |
| KR20050111534A (en)* | 2005-04-08 | 2005-11-25 | (주)인테고소프트 | The trade intermediation system and method of digital contents right to use and memory media recoding program to operate the method |
| Publication number | Publication date |
|---|---|
| CN101375543A (en) | 2009-02-25 |
| KR20070078340A (en) | 2007-07-31 |
| Publication | Publication Date | Title |
|---|---|---|
| RU2432691C2 (en) | Apparatus and method of sending rights object from one device to another via server | |
| JP4790021B2 (en) | SRM digital copyright management method and apparatus | |
| US8494965B2 (en) | Electronic copyright license repository | |
| CN100507931C (en) | Method and apparatus for transferring content between digital rights management systems | |
| CN101321168B (en) | Right object acquisition method and system | |
| US8255333B2 (en) | Method of generating license, and method and apparatus for providing contents using the same | |
| CN101310474B (en) | Method and system for digital rights management between devices | |
| CN101375543B (en) | Apparatus and method for moving rights object from one device to another via server | |
| JP2004040209A (en) | Server, IC card, content distribution method, content acquisition processing method, and program | |
| US7979708B2 (en) | Digital rights management | |
| CN103023640B (en) | Via server, right objects is moved to from an equipment apparatus and method of another equipment | |
| CN102812470A (en) | Content binding on first visit | |
| US20070130078A1 (en) | Digital rights management compliance with portable digital media device | |
| KR100885722B1 (en) | User-generated content protection system and method | |
| KR100704701B1 (en) | Sound source editing method and device in user computing device using DRM | |
| MX2008009649A (en) | Apparatus and method for moving rights object from one device to another device via server | |
| KR101190946B1 (en) | Method and System for Managing Digital Content Right by Using "Over The Air" Actication | |
| WO2012065385A1 (en) | Method, device and mobile terminal for playing digital rights management file | |
| JP2007525738A (en) | Download multiple objects | |
| KR20060117771A (en) | DRM based content playback service method and device | |
| CN101103577A (en) | Digital Rights Management for Portable Digital Media Devices | |
| KR20110111988A (en) | Method and system for controlling application execution installed in portable terminal |
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | Granted publication date:20160511 Termination date:20210125 | |
| CF01 | Termination of patent right due to non-payment of annual fee |