Method and device for supporting content exchange between domains with different drm

FIELD: information technology.

SUBSTANCE: present invention relates to the mechanism of digital rights management (DRM), and more specifically, to the method and apparatus for sharing content between domains with different DRM. The first DRM-device comprises an unpacking resource for unpacking the contents formatted with first DRM, into clean resources, metadata and rights expression; conversion means for transforming each of the clean resources, metadata, and the expression of rights in its own predefined neutral format, respectively; means of forming neutral-formatted contents, combining the converted resources, metadata and rights of expression, adding to the pre-defined header information; and transferring means for transmission of neutral-formatted contents of the second DRM-mentioned device. The second DRM-device comprises means of extracting the clean resources, metadata, and the expression rights of the neutral-formatted contents, transferred from the above mentioned first DRM-device, and means of packing of the extracted clean resources, the metadata and expression of the rights in the contents formatted with second DRM.

EFFECT: more functional capabilities.

26 cl, 8 dwg

 

The level of technology

1. The technical field

The present invention relates to a mechanism for digital rights management (DRM), and more specifically to a method and apparatus for sharing content between domains with different DRM.

2. Description of the prior art

In General, audio, video and other content in domains with different DRM, which is available through a variety of wired, wireless and broadcast networks such as the Internet or other wireless communication network, can be performed only relevant DRM devices. Recently various DRM devices have become widely used. However, since they do not provide opportunities to interact and cannot perform content-driven domains with different DRM access to the content is restricted. Even if various devices such as MP3 players, cell phones, portable audio/video (PAV) devices, and so on, are one and the same user, it is not possible to exchange content between devices, each of which uses a different DRM device. Accordingly, the usefulness of the content will be limited. Even if a universal DRM-enabled device all DRM formats, would be developed as traditional DRM-device is still incompatible with various other DRM formats,user requirements for accessing various content will not be satisfied.

Thus, there is a need for a mechanism to support content sharing between devices with different DRM formats.

The invention

The present invention is devoted to the data structure neutral-formatted contents, which allows content to be shared between domains with different DRM.

The present invention also relates to a device and method support efficient sharing of content between devices with different DRM format, using neutral-formatted contents.

The first aspect of the present invention provides a device to export the content formatted according to the DRM device with the target DRM with a different DRM format. The device comprises a means for extracting the content formatted according to DRM, net resources, metadata, and rights expression; means for converting each of the extracted net resources, metadata, and rights expression into your own predefined neutral format, respectively; and means for forming a neutral-formatted contents by combining the converted resources, metadata, and rights expression and add to it a predefined header information; and a transmission medium neutral formatyou the aqueous contents of the device with the target DRM.

The second aspect of the present invention provides a device for importing a preset neutral-formatted contents of a domain with the given DRM containing extracting means for extracting pure resources, metadata, and rights expression from the pre-installed neutral-formatted contents; and packing means for packing the extracted net resources, metadata, and rights expression into the content that is formatted according to the DRM, the content is formatted according DRM is different DRM devices in the domain with the specified DRM.

The third aspect of the present invention provides a device for exporting and importing content. The device comprises a means for extracting the content in its own DRM format in the clear resources, metadata, and rights expression; means for converting each of the extracted net resources, metadata, and rights expression into a predefined neutral format, respectively; and means for forming a neutral-formatted contents by combining the converted resources, metadata, and rights expression and add to it a predefined header information; means for providing a neutral-formatted contents to the ENU with different DRM; means for extracting pure resources, metadata, and rights expression from neutral-formatted contents transmitted from a domain with a different DRM; and means for packaging the extracted net resources, metadata, and rights expression into the content that is formatted with the specified DRM.

A fourth aspect of the present invention provides a way of exporting the content formatted with the specified DRM device with the target DRM with a different DRM format. The method comprises the steps of unpacking the contents, formatted with this DRM, net resources, metadata, and rights expression; converting each of the pure resources, metadata, and rights expression into your own predefined neutral format, respectively; and forming the neutral-formatted contents by combining the converted resources, metadata, and rights expression and adding to it a predefined header information; and a transmission neutral-formatted contents of the device with the target DRM.

The fifth aspect of the present invention provides a way to import a preset neutral-formatted contents of a domain with the given DRM, containing the steps of extracting pure resources, metadata, and rights expression from the pre-installed neutral forms of the target content; and packing the extracted net resources, metadata, and rights expression into the content that is formatted with the specified DRM, the content is formatted with this DRM is different DRM devices in the domain with the specified DRM.

The sixth aspect of the present invention provides a way of exporting and importing content, comprising stages of unpacking the contents, formatted with the specified DRM in the clear resources, metadata, and rights expression; converting each of the extracted net resources, metadata, and rights expression into your own predefined neutral format, respectively; and forming the neutral-formatted contents by combining the converted resources, metadata, and rights expression and adding to it a predefined header information; transmission neutral-formatted contents of a domain with a different DRM; extract pure resources, metadata, and rights expression from neutral-formatted contents transferred from domain with a different DRM; and packaging the extracted net resources, metadata, and rights expression into the content that is formatted with the specified DRM.

The seventh aspect of the present invention provides a data structure neutral format of content that is suitable for exchange between DRM devices Domenech with a different DRM. The data structure includes a header part and the main part. The header portion includes a version-neutral format; the length of the header; the type of encryption algorithm resources and the encryption key resources; the type of hash algorithm applied to the header and the main part and the value of the hash function; and the type of digital signature algorithm and the digital signature; and the main part includes resources that is encrypted using the encryption algorithm of resources; the expression of rights in its own predefined neutral format; and metadata in its own predefined neutral format.

The eighth aspect of the present invention provides a system for exchanging content between the first DRM device and the second DRM device, where each of them belongs to domains with different DRM. The first DRM device includes uncompressing tool for extracting content formatted with the first DRM in the clear resources, metadata, and rights expression; converting means for converting each of the pure resources, metadata, and rights expression into the corresponding neutral format, respectively; forming means for forming a neutral-formatted contents by combining the converted resources, metadata, and rights expression and adding to it before artelino certain header information; and transmitting means for transmission to the neutral-formatted contents mentioned second DRM device. The second DRM device includes extracting means for extracting pure resources, metadata, and rights expression from neutral-formatted contents transmitted from the first DRM device; and packing means for packing the extracted net resources, metadata, and rights expression into the content that is formatted with the second DRM.

Brief description of drawings

The above and other features and advantages of the present invention will become more apparent to experts in the art from the detailed description of the preferred variants of its implementation with reference to the accompanying drawings.

Figure 1 is a diagram illustrating the process of sharing content between different DRM clients in accordance with the present invention.

Figure 2 is a diagram illustrating the adaptation process according to an exemplary variant of implementation of the present invention.

Figure 3 shows the structure of content data in a neutral format according to an exemplary variant of implementation of the present invention.

Figure 4 shows the main components of the original DRM client (A DRM) and the target DRM client (DRM B) to export/import the content according to an exemplary variant of the wasp is estline of the present invention.

Figure 5 is a diagram illustrating the authentication process software export/import according to an exemplary variant of implementation of the present invention.

6 is a diagram illustrating the key exchange process between the original export/import and the target module export/import according to an exemplary variant of implementation of the present invention.

7 is a diagram illustrating the authentication process device according to an exemplary variant of implementation of the present invention.

Fig shows a diagram that more specifically illustrates the process of export/import between different DRM clients according to an exemplary variant of implementation of the present invention.

A detailed description of the preferred embodiments

Before describing the present invention in detail will be defined some of the terms used in this specification.

"DRM" stands for digital rights management.

"Net resources" provide information that can be reproduced in a form that is expressive (significant) for users, such as mp3 files.

"Packaging" refers to an operation to form the content, resources, metadata, and rights expression are combined. Software for the implementation of the program package called "packer".

"Unpacking" refers to the operation that extracts pure resources, metadata, and rights expression from the content. Software to perform decompression is called "Extraction".

"PAV" means a portable audiovideosoft. PAV is used to play/perform audio and/or video content.

Figure 1 is a diagram illustrating the process of sharing content between different DRM clients in accordance with the present invention. It is assumed that the DRM client A wants to export (transfer) content, and DRM-client B wants to import (accept) it. As shown in figure 1, at step 110 checks whether the contents of the authorization to be exported, referring to the expression of the rights contained in the content.

If the content was defined as having authorization to be exported, it is then decompressed in the clear resources, metadata, and rights expression on the stage 120. Unpacked pure resources, metadata, and rights expression respectively converted into each predefined neutral format at step 130. This work is called "content adaptation" in this description. Adaptation of content explained in detail below with reference to figure 2.

At step 140 resources, metadata, and rights expression into its own neutral format are then combined, and the added part of the header for more information so neutral-formatted contents is generated and then encrypted. Neutral-formatted contents is transmitted to the DRM client B. This work is called "combined shipping" in this description. In the United shipping there are one header and one main part that includes the neutral-formatted pure resources, metadata, and rights expression. The header includes the locations of the main part, so that they can be extracted separately. The value of the hash function is computed on the basis of the header and the main part, except the values of the hash functions, and digital signatures.

In order to perform the secure transfer of content between domains with different DRM, neutral-formatted contents is encrypted using, for example, the mechanism of public key infrastructure (PKI) or the separation mechanism is key. The basic algorithm to encrypt the content may include an asymmetric encryption algorithm to transfer a secret key and an integrity check (e.g., RSA)encryption algorithm of resources (for example, AES-128) and a hash algorithm (such as SHA-1). It is noted that such algorithms are exemplary, and other algorithms can be selected with a discussion between the source and the target DRM clients. In one embodiment, using the data, the algorithms can be defined in the header portion or communicated to the target client via the exchange of messages between the source and target client.

DRM-client B, who wants to import the neutral-formatted contents, receives and unpacks it in the clear resources, metadata, and rights expression (step 150). Extracted pure resources, metadata, and rights expression then re-packaged to adapt to the DRM client B (step 160). Accordingly, re-packaged content may be extracted or reproduced devices with DRM format B.

Figure 2 is a diagram illustrating the adaptation process according to an exemplary variant of implementation of the present invention. As shown in figure 2, the process 200 adaption to play neutral-formatted contents may include the process 210 adaptation of the resource, the process 220 adaptation of expression rights and the process 230 adaptation metadata. For each adaptation according to the present invention is determined by the corresponding neutral format. Must be guaranteed that the process 200 of adaptation takes place in a trusted environment.

The process 210 adaptation of resources is a process in which pure resources taken from the original DRM client is converted into a predefined neutral-formatted resources that do not depend on devices with a particular DRM format. The process 210 adaptation resources randomly generates an encryption key of the content (granted)to saxifragaceae resources using the encryption algorithm, such as AES-128. The key used for encryption can be inserted into an expression rights in the neutral-formatted contents. The hash function is computed on the basis of the header, and the main part, except for the hash functions and digital signatures, and recorded in the field hash of the header. Info hash functions digitally signed using the private key and stored in the digital signature field.

The process 220 adaptation rights expression converts the given expression rights in the corresponding predefined neutral format. In this embodiment, the expression language rights MPEG-21 (REL) is used as a neutral format of expression rights. Neutral expression rights may be added or omitted depending on the policy or the availability of the right domain with the original DRM and domain with the target DRM.

The process 230 adaptation metadata converts the metadata into the appropriate predefined neutral format. In this embodiment, the Dublin core (the set of elements of the Dublin Core metadata) can be used as a neutral metadata format. Alternatively, the metadata is not included in the Dublin core, can also be defined in the extended XML format for expressing Dublin core. The metadata in the extended XML can be detected spiral is owned by DRM client. Neutral metadata can be added or omitted depending on the policy or the availability of metadata domain with the original DRM and domain with the target DRM.

Figure 3 shows the structure of content data in a neutral format according to an exemplary variant of implementation of the present invention. As shown in figure 3, the structure of the content data in a neutral format can be adapted to communicate between domains with different DRM. The data structure of the content may be composed of parts 310 of the header and the main body 320. In part 310 of title - version-neutral format, header length, the value of a hash function computed on the basis of the header 310 and 320, the encryption key resource (or content), the type of encryption algorithm used to encrypt resources, digital signature, where the main part (i.e. resources, rights expression and metadata), and so on, for Example, AES-128 can be used as the encryption algorithm of resources, and SHA-1 can be used as the hash algorithm to create a hash function. However, the fields in the header 310 is not limited to such fields, and some of them may change, or new fields may be added by agreement between the devices DRM format.

The main part 320 contains the encrypted resources in its self is m neutral format, the expression of rights in its own neutral format and metadata in its own neutral format that were created through a process 200 of adaptation of the content. In one embodiment, the predefined neutral format rights expression can be MPEG-21 REL and predefined neutral format metadata can be meta tag Dublin core.

Figure 4 shows the main components of the original DRM client (A DRM) and the target DRM client (DRM B) to export/import the content according to an exemplary variant of implementation of the present invention. As shown in figure 4, A DRM - DRM B client 400a and 400b may be a data processing system that can create, manage, export, import, and/or perform the content in appropriate formats. For example, clients A and DRM DRM B may include PC, PDA, cell phone, etc.

DRM A client 400a includes uncompressing module 410a for extracting A DRM-formatted content in pure resources, the expression of the rights and metadata; module 420a export/import to export/import the content from/to other DRM client (for example, DRM B client 400b); and packing module 430a for packing pure resources, metadata, and rights expression into A DRM-formatted content. In one embodiment, uncompressing module 410a Prov is lose has or not A DRM formatted contents of the authorization to be exported to other DRM client, such as DRM-client B, and then decompresses only the content that is authorized to be exported.

Specifically, the module 420a export/import can include the submodule 421a export and submodule 422a import. The submodule 421a export packaging net resources, metadata, and rights expression, which were extracted from A DRM-formatted content uncompressing module 410a, neutral-formatted contents and transmits (or exports) its target DRM client, i.e. the DRM client B 400b. The submodule 422a import takes (imports) neutral-formatted contents from the DRM client B and then extracts the pure resources, metadata, and rights expression. In addition, the submodule 421a export can authenticate the target DRM client. Also, to safely export the contents, he can authenticate the module export/import in the target DRM client.

Packing module 430a is to pack clean resources, metadata, and rights expression extracted by the module 422a import A DRM-formatted content.

DRM-client B 400b has essentially the same configuration as the DRM client A 400a, and thus its description is omitted. Drawings designed in order to help the understanding of the concept of export/import in accordance with the present invention and should not be construed as limiting the physical configuration of the present invention. For example, figure 4 shows that the modules 420a and 420b export/import are installed on the DRM client A 400a and DRM client B 400b, respectively, but the modules export/import can be implemented as an independent device (e.g., the server export/import), separate from the DRM client. In addition, although figure 4 shows that the content is exchanged between two different DRM clients, you can easily understand that the content can be exchanged between many different DRM clients, using the structure of neutral data format.

Figure 5 is a diagram illustrating the authentication process software export/import according to an exemplary variant of implementation of the present invention. Software export/import source and software export/import purposes, which are separately installed in different DRM clients authenticate each other for security purposes before key exchange or communication with each other. Also must be confirmed, tampered with or not both of them. As shown in figure 5, the authentication between software export/import can be performed using server certification authority (CA).

6 is a diagram illustrating the process of key exchange between the module-source export/import and the target module export/import according to note is momu variant implementation of the present invention. When they send and receive messages, the messages must be encrypted for secure communication against interception or attacks. Please note that the authentication software export/import and devices must be made in advance.

As the exchange of the encryption key of the content (granted) in pure text format between the two modules is unsafe, can be considered the following two ways: currency granted 610 certificate-based and mechanism-shared key to generate the same key on both sides without key exchange, such as the Diffie-Hellman.

7 is a diagram illustrating the authentication process device according to an exemplary variant of implementation of the present invention. The authentication device exists in order to check whether the authorized target PAV device to perform the imported content. In this embodiment, the authentication device is performed on the basis of the access control list for export/import. Because the process of export/import exists to share content on domains with different DRM, the process must be controlled depending on the policies of the business and/or technical requirements. In one embodiment, (source) module 710 export/import DRM client is A first require (target) module 720 import export for device certificate device 740 with DRM format B, connected to the module 730 I/O device. Assume that the device certificate has been inserted into the device. (Target) module 720 export/import then transmits the device certificate (or ID) of the device 740 with DRM format B (source) module 710 export/import. (Source) module 710 export/import authenticates the device, checking device certificate using the access control list for export/import. In another embodiment, instead of the device certificate can be used the device ID that was assigned by the authentication server device (not shown)to authenticate the device.

In the access control list for export/import for each access control lists, whether it be exported/imported. The access controls may include devices from different vendors, models or versions and/or software DRM from different suppliers, models or versions. The access control list for export/import can be downloaded from the linked server and updated periodically or not periodically. Alternatively, the module export/import can access a linked server to refer to the list during the authentication process.

Fig on the it shows a scheme which more specifically illustrates the process of export/import between different DRM clients according to an exemplary variant of implementation of the present invention. For convenience, it is assumed that the content is exported from (source) DRM client A 400a (target) DRM client B 400b.

Purchase contents: (1)

(1) DRM client A 400a buys and downloads A DRM-formatted content from the service provider (server) DRM content. In this embodiment, before exporting downloaded A DRM-formatted content (source) DRM client A checks whether it is authorized to be exported on the basis of expression rights in the content.

Authentication software: (2)

(2) For the secure exchange of content authentication takes place between the original module 420a export/import DRM client and A target module 420b export/import DRM client B.

Authentication device: (3)~(6)

(3) the source Module export/import requires the device ID format DRM B connected to the DRM client B through the target module 420b export/import.

(4) the Target module 420b export/import then sends the device ID of the source module 420a export/import.

(5)-(6) the Source module 420a export/import authenticate the device with DRM format B-based access control list for export/import. The key exchange between m the module export/import: (7)

(7) For the security key can be exchanged between the source and target modules 420a and 420b export/import.

Export/import: (8)~(12)

(8) Uncompressing module 410a DRM client unpacks A DRM A-formatted content in the clear resources, metadata, and rights expression and then sends them to the input module 420a export/import.

(9) the Source module 420a export/import packages pure resources, metadata, and rights expression into a neutral format through the process and sends it to the target module 420b export/import.

(10) Target module 420b export/import takes neutral-formatted contents and extracts resources, metadata, and rights expression. He then sends the results to the packing module 430b.

(11) Packing module 430b then packages in DRM B-formatted content, which is performed by the device with DRM format B, and sends it to the module I/O devices.

(12) Module I/O device sends its device with DRM format B.

The present invention may be provided in the form of computer code stored on computer-readable recording media, such as floppy disks, hard drives, CD-ROM, flash memory, PROM, RAM, ROM and magnetic tape, which can be implemented on one or more different types of products. The computer code may be apison programming language, such as C, C++ or JAVA.

As described above, the present invention provides the structure of the content with a neutral format for exchanging content between devices with different DRM format and method of export/import and the device that uses it. According to the present invention, by exchanging the contents of different DRM formats can be supported by the use of different content, thereby satisfying the requirements of the users, the convenience of users increases, and the practical use of content also increases.

Although exemplary embodiments of the present invention have been described with reference to the attached drawings, the present invention is not limited to these options for implementation, and specialists in the field of machinery should be clear that many modifications and changes may be made without departure from the spirit and purpose of the present invention.

1. Device to export the content formatted according to the given DRM (digital rights management), in the target DRM device with a different DRM format that contains:
means for extracting the content formatted according to the given DRM in the clear resources, metadata and representation rights;
means for converting each of the extracted net resources, metadata, and represent the effect to rights in their preferred neutral format, respectively;
the means for forming a neutral-formatted contents by combining the converted resources, metadata, and represent the rights and adding predetermined header information and
means for transmission to neutral-formatted contents of the target DRM device.

2. The device according to claim 1, further containing a means for identifying, authorized or not the content is formatted according to the given DRM for exporting.

3. The device according to claim 1 in which the said means of converting includes means for encrypting resources using a predefined encryption algorithm and paste the content encryption key in a predetermined neutral-formatted representation.

4. The device according to claim 3, in which a predefined encryption algorithm resource includes AES-128.

5. The device according to claim 1, in which the predefined neutral format rights is MPEG-21 REL.

6. The device according to claim 1, in which the predefined neutral format metadata format is the Dublin core.

7. The device according to claim 1, in which the metadata is not included in the predefined neutral format, defined in the extended XML format f is the RIAT Dublin core.

8. The device according to claim 1, additionally containing encryption tool to encrypt the neutral-formatted contents.

9. The device according to claim 8 in which the said means of encryption encrypts the neutral-formatted contents by using the encryption algorithm of the public key infrastructure (PKI).

10. The device according to claim 9, in which the said means of encryption calculates the value of the hash function on the neutral-formatted contents, writes the value of the hash function in the field, the hash function header, digitally signs the hash function using the private key and writes a digitally signed value of the hash functions in the digital signature field of the header.

11. The device according to claim 9, further containing a means for transmitting the encryption key resource that is encrypted by using the public key of the target device, the target DRM device.

12. The device according to claim 7 in which the said means of encryption encrypts the neutral-formatted content based on the encryption shared key.

13. The device according to claim 1, further containing a means of authentication device for authenticating a device, which is connected with the target DRM device to execute the contents.

14. The device according to item 13, in which mentioned among the STV authentication device authenticates the device, checking the device certificate that has been inserted into the device using the control list export/import, provided the linked server.

15. The device according to item 12, in which the said means of authenticating device authenticates the device by checking the device ID that has been assigned to the device by the authentication server device, using the control list export/import, provided the linked server.

16. Device to import a predefined neutral-formatted contents of a domain with the given DRM, containing:
extracting means for extracting pure resources, metadata and representation rights from a predetermined neutral-formatted contents and
packing means for packing the extracted net resources, metadata and representation rights in the content formatted according to the given DRM and content formatted according to the given DRM is different DRM devices in the domain with the specified DRM.

17. The device according to clause 16, in which the aforementioned extracting means includes means encryption neutral-formatted contents.

18. Device to export and import content that contains:
means for extracting the content in its own DRM-fo the Mat in pure resources, metadata and representation rights;
means for converting each of the extracted net resources, metadata and representation rights in their preferred neutral format, respectively;
the means for forming a neutral-formatted contents by combining the converted resources, metadata and representation rights and by adding predetermined header information;
means for transmission to neutral-formatted contents of a domain with a different DRM;
means for extracting pure resources, metadata, and represent the rights of the neutral-formatted contents transmitted from a domain with a different DRM; and
means for packaging the extracted resources, metadata and representation rights in the content in its own DRM format.

19. How to export content, formatted according to the given DRM in the target DRM device with a different DRM format containing the time that
unpack the contents, formatted according to the given DRM in the clear resources, metadata and representation rights;
convert each extracted net resources, metadata and representation rights in its own predefined neutral format, respectively;
form the neutral-formatted contents by combining transformations is consistent resources metadata and the representation of rights and by adding predetermined header information; and
pass neutral-formatted contents of the target DRM device.

20. The method according to claim 19, further containing a phase in which determine is authorized or not the content is formatted according to the given DRM to be exported.

21. The method according to claim 19, in which the said conversion step includes a stage on which encrypts resources using a predefined encryption algorithm and insert the encryption key in a predetermined neutral-formatted representation.

22. How to import a predefined neutral-formatted contents of a domain with the given DRM containing phases in which
extract pure resources, metadata and representation rights from a predetermined neutral-formatted contents and pack the extracted net resources, metadata and representation rights in the content formatted according to the given DRM;
the contents, formatted according to the given DRM is different DRM devices in the domain with the specified DRM.

23. How to export and import content containing phases in which
unpack the contents, formatted according to specified the OMA DRM in the clear resources, metadata and representation rights;
convert each extracted net resources, metadata and representation rights in their own preferred neutral format, respectively;
form the neutral-formatted contents by combining the converted resources, metadata and representation rights and by adding predetermined header information;
pass neutral-formatted contents of a domain with a different DRM;
extract pure resources, metadata and representation rights of the neutral-formatted contents transmitted from a domain with a different DRM; and
Packed extracted pure resources, metadata and representation rights in the content that is formatted with this DRM.

24. System for sharing content between the first DRM device and the second DRM device, each of which belongs to domains with different DRM referred to the first DRM device includes
uncompressing tool for extracting content formatted according to the first DRM in the clear resources, metadata and representation rights;
converting means for converting each of the pure resources, metadata and representation rights in its own predefined neutral format, respectively;
forming means DL is the formation of the neutral-formatted contents, combining the converted resources, metadata and representation rights, adding to it a predefined header information; and
transmitting means for transmission to the neutral-formatted contents mentioned second DRM device; and
referred to the second DRM device includes
extracting means for extracting pure resources, metadata, and represent the rights of the neutral-formatted contents transmitted from the first DRM device; and
packing means for packing the extracted net resources, metadata and representation rights in the content formatted according to the second DRM.

25. The system of paragraph 24, where the mentioned extraction tool mentioned first DRM device authenticates mentioned importing tools mentioned second DRM device before passing the neutral-formatted contents mentioned second DRM device.

26. System A.25, where authentication is performed by the server of the certification body.



 

Same patents:

FIELD: information technology.

SUBSTANCE: present invention relates to the identification of an executable file, or another beneficiary for determining the credibility of the resource object so that this object can provide a resource for the executable file. Resource is received from the resource provider for a resource requester, which functions on a computer device. The resource requester has an associated identifier descriptor. The identifier descriptor includes information related to security, giving the environment in which the resource requester operates. An identification code (ID code) is generated in accordance with loaded resource requester and the loaded identifier descriptor, based on the loaded resource requester and the loaded identification code. The resource provider makes sure that the calculated id-Code in request for a resource coincides with one of one or more valid id-Codes for the identified resource requester, so as conclude, that resource requester and identifier descriptor can be trusted, and the resource provider responds to the request by providing the resource requester with the resource.

EFFECT: invention can increase the credibility of executable files, or other recipient of the resource by the resource providers.

36 cl, 4 dwg

FIELD: physics, computation technology.

SUBSTANCE: invention concerns method and device of digital rights management. When authorisation on server is not accessible, operations with minimised risk are allowed by implementation of internal authorisation scheme. Authorisation method for operation to be performed on digital element involves definition of first operation group members including first predetermined group of operations on digital element, and second operation group including second predetermined group of operations on digital elements; comparison of predetermined operation to be performed on digital element to operations included in each indicated operation group; external authorisation with access to authorising server if operation belongs to first operation group; internal authorisation by device if operation belongs to second operation group; and authorisation of operation to be performed on digital element if one of listed authorisations brings positive result.

EFFECT: enhanced security level of operations with digital content.

13 cl, 5 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention is related to protection systems. Unit of protection and method realise requests for data from USB device or other similar device, at that protected component may realise protected communication to device without variation of underlying USB bus protocol, or device, even where software that controls the bus is not trusted. Protection unit (physically separated or integrated in device or concentrator) intercepts data transmitted from device into protected component in response to request for data. Signal of data reception confirmation unavailability is transmitted into protected component, and data are coded. The following request for data is intercepted, and coded data are sent in response. Confirmation of data reception from protected component in device is allowed to reach the device. In order to process request for installation, permit command that contains coded and decoded installation command is sent to protection unit. If coding is checked successfully, then installation command sent to device (via protection unit), is allowed to reach the device.

EFFECT: provision of improved protection.

32 cl, 6 dwg

FIELD: physics; computer engineering.

SUBSTANCE: present invention pertains to authentication of applications. Identifier of the corresponding distributor is retrieved from meta data applications. Certificates are received. Each certificate contains one or more identifiers of corresponding distributors. The above mentioned identifiers are retrieved from certificates and certificates are chosen, based on comparison of identifiers, retrieved from meta data applications and certificates, such that, the relationship between the identifier and the distributor is controlled so that, certificates could be used only for identifying applications, distributed by identified distributors.

EFFECT: provision for selecting a certificate for authenticating an application, linked to a distributor.

15 cl, 4 dwg

FIELD: physics; computer engineering.

SUBSTANCE: present invention pertains to control of generation of cryptographic keys in an information media, comprising a party which generates the key and distributes the key information for the party using the key. Through a given unilateral function of deriving keys, a relationship between key generations is determined, which is such that, earlier generation of keys can be more efficiently derived from later generation, but not the opposite. Each time, when necessary, the party using the key iteratively receives the given unilateral function of deriving keys for outputting the key information of at least, one previous key generation from the key information of new key generation. That way, memory requirements for the party using the key can considerably be reduced.

EFFECT: protection of data during recording.

32 cl, 6 dwg

FIELD: physics; computer engineering.

SUBSTANCE: present invention pertains to the architecture and method of establishing a secure multimedia channel for content delivery. The computer device has a secure multimedia channel for delivering content from a source to a receiver. In the secure channel, the multimedia base provides a secure environment in the computer device and comprises a common infrastructure of key components, processing content from any specified source and delivering the processed content to any specified receiver, and also comprises a policy implementation unit, providing for compliance with policy on behalf of the source. The policy corresponds to the content from the source and comprises rules and requirements for accessing the content and its playback. The multimedia base provides for secure transmission of content through the computer device and allows for arbitrary processing of protected content in the computer device.

EFFECT: increased security of content from unauthorised use.

23 cl, 6 dwg

FIELD: information technologies.

SUBSTANCE: invention can be used in system of the forced performance of requirements which provides access possibility to the enciphered digital content on a computing mechanism only according to parametres the certain rights of the license got by the user of digital contents. The first confidential builder on the first computing mechanism carries out cryptographic, an estimate and the forced performance of requirements and forcedly contacts it, the first certificate of the user device corresponding to the first computing mechanism, forcedly contacts the user. Accordingly, the second confidential builder on the second computing mechanism carries out cryptographic processing, an estimate and the forced performance of requirements and forcedly contacts it, the second certificate of the user device corresponding to the second computing mechanism, also forcefully contacts the user. The first competent builder gains contents for reproduction on the first computing mechanism by means of the first certificate of the user device and the license, and the second confidential builder gains contents for reproduction on the second computing mechanism by means of the second certificate of the user device and the same license.

EFFECT: prevention of non-authorised duplication of digital content by the user related to the digital license and having of some computing mechanisms.

16 cl, 6 dwg

FIELD: physics, computer technology.

SUBSTANCE: invention concerns digital rights management system. (DRM) features multiple DRM servers with DRM functionality, and incoming server DRM-I is registered in the system by registration server DRM-R, so that incoming server DRM-I should be a trust server in this system. DRM-I server sends registration request to DRM-R server including representative identification data and public key (PU-E). DRM-R server checks validity of representative identification data, and if the request can be met, DRM-R server generates digital registration certificate by (PU-E) for DRM-I server for registration of DRM-I server in DRM system. Just registered DRM-I server with generated registration certificate can use it for delivery of documents with DRM in DRM system.

EFFECT: possible controlled reproduction or replay of arbitrary digital content forms in medium where documents are shared by a definite group of users.

74 cl, 17 dwg

FIELD: physics, computer technology.

SUBSTANCE: invention deals with data protection systems. Certificate-based encryptation mechanism failing to envisage the client source computer access to the whole of the certificate corresponding to the client target computer during encryptation of the e-message to be transferred to the client target computer. Instead the client source computer addresses the certificate server a request for but part of the certificate. The certificate part referred to contains encryptation information but may fail to include (completely or partly) the certificate self-checking information. The certificate server preferably carries out any check of the certificate authenticity before transfer of encryptation information to the client source computer which enables obviation of the need to specifically perform certificate authenticity check with the client source computer especially if the certificate server has been checked for trustworthiness with the client source computer.

EFFECT: reduction of amount of memory and processor resources used for certificate-based encryptation as well as minimisation of requirements to the width of band between certificate server and client source device.

36 cl, 8 dwg

FIELD: physics.

SUBSTANCE: invention is related to methods of usage data collection for television broadcast receivers. Method of usage data collection from broadcast receiver is suggested, whereat receiver is arranged to detect and save such usage data. Method involves representation (16, 18) of confidentiality policy to receiver that identifies not only the usage data subjected to collection, but also preset usage of such data. On receiver interactive or automatic determination (22) whether received policy of confidentiality is acceptable is carried out. If yes, receiver picks up (30) usage data identified in confidentiality policy from storage, and sends them (28) to sender of confidentiality policy.

EFFECT: increased confidentiality of usage of information about habits of users viewing.

15 cl, 3 dwg

FIELD: information technology.

SUBSTANCE: present invention relates to the identification of an executable file, or another beneficiary for determining the credibility of the resource object so that this object can provide a resource for the executable file. Resource is received from the resource provider for a resource requester, which functions on a computer device. The resource requester has an associated identifier descriptor. The identifier descriptor includes information related to security, giving the environment in which the resource requester operates. An identification code (ID code) is generated in accordance with loaded resource requester and the loaded identifier descriptor, based on the loaded resource requester and the loaded identification code. The resource provider makes sure that the calculated id-Code in request for a resource coincides with one of one or more valid id-Codes for the identified resource requester, so as conclude, that resource requester and identifier descriptor can be trusted, and the resource provider responds to the request by providing the resource requester with the resource.

EFFECT: invention can increase the credibility of executable files, or other recipient of the resource by the resource providers.

36 cl, 4 dwg

FIELD: physics, computation technology.

SUBSTANCE: invention concerns method and device of digital rights management. When authorisation on server is not accessible, operations with minimised risk are allowed by implementation of internal authorisation scheme. Authorisation method for operation to be performed on digital element involves definition of first operation group members including first predetermined group of operations on digital element, and second operation group including second predetermined group of operations on digital elements; comparison of predetermined operation to be performed on digital element to operations included in each indicated operation group; external authorisation with access to authorising server if operation belongs to first operation group; internal authorisation by device if operation belongs to second operation group; and authorisation of operation to be performed on digital element if one of listed authorisations brings positive result.

EFFECT: enhanced security level of operations with digital content.

13 cl, 5 dwg

FIELD: information technologies.

SUBSTANCE: data of serial interface for detection of dual-in-line memory module (DIMM) presence in electronically erasable programmable read-only memory (EEPROM) is encoded using closed key of motherboard with which this dual-in-line memory module (DIMM) is to be used, so that only basic input-output system (BIOS) of specified motherboard could decode presence detection serial (SPD) interface data to complete downloading.

EFFECT: improving protection of computer system integrity by blocking the use of memory modules retrieved from original motherboard in another motherboard.

15 cl, 2 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention is related to protection systems. Unit of protection and method realise requests for data from USB device or other similar device, at that protected component may realise protected communication to device without variation of underlying USB bus protocol, or device, even where software that controls the bus is not trusted. Protection unit (physically separated or integrated in device or concentrator) intercepts data transmitted from device into protected component in response to request for data. Signal of data reception confirmation unavailability is transmitted into protected component, and data are coded. The following request for data is intercepted, and coded data are sent in response. Confirmation of data reception from protected component in device is allowed to reach the device. In order to process request for installation, permit command that contains coded and decoded installation command is sent to protection unit. If coding is checked successfully, then installation command sent to device (via protection unit), is allowed to reach the device.

EFFECT: provision of improved protection.

32 cl, 6 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention is related to methods and devices for performance of operation requested by user over content element. Invention is intended for authorization of operation requested by the first user over content element on the basis of user right. User right may identify the first user or second user and authorise performance of requested operation by user over content element. If user right identifies the second user, then operation is authorised on reception of information on relation of the user right of the first user and user right of the second user. It is preferable that information consists of one or more domain certificates that identify the first and second users as members of one and the same authorised domain. It is preferable that right for content is used, which permits the operation, at that user right authorises performance of right for content by the second user.

EFFECT: provides control of rights for content for groups of people on the basis of persons, not devices.

19 cl, 3 dwg

FIELD: physics; computer engineering.

SUBSTANCE: present invention pertains to control of generation of cryptographic keys in an information media, comprising a party which generates the key and distributes the key information for the party using the key. Through a given unilateral function of deriving keys, a relationship between key generations is determined, which is such that, earlier generation of keys can be more efficiently derived from later generation, but not the opposite. Each time, when necessary, the party using the key iteratively receives the given unilateral function of deriving keys for outputting the key information of at least, one previous key generation from the key information of new key generation. That way, memory requirements for the party using the key can considerably be reduced.

EFFECT: protection of data during recording.

32 cl, 6 dwg

FIELD: physics, computer facilities.

SUBSTANCE: invention concerns an information processing device, system and method of updating of the software. When user computer 103 sends the identifier of the user to central computer 102, central computer 102 orders to user computer 103 to gain the URL-address of field of 104 storages of modules which corresponds to the identifier of the user and stores modules which the user should gain. User computer 103 provides access to field of storage of modules by means of the URL-address, gains the list of modules, and compares the list to modules which are placed by the current moment on it, and the solution on makes, whether it is necessary to gain modules. If the solution on necessity of reception of modules, the user computer 103 recurringly is accepted access provides to field of storage of modules and gains the module.

EFFECT: simple and convenient updating of the software and simultaneous decrease of load on users, suppliers of the software and the central computer.

11 cl, 17 dwg

FIELD: physics, computer technology.

SUBSTANCE: invention concerns network management, particularly system and method of principal identification in network environment. Improved network architecture applies superauthorised unit holding identification data catalogue for forwarding request identification tasks to logical input of relevant authorised units. Identification tasks can be implemented by authorised units over name space boundaries if superauthorised unit prescribes so, resulting in principal account transition without account ID change. Version of invention implementation identification data catalogue containing a list connecting account identifiers to the relevant identifying authorised units.

EFFECT: possible transition of principals over security boundaries without changing account identifiers and resource protection level.

25 cl, 8 dwg

FIELD: physics, computer technology.

SUBSTANCE: invention concerns method of first radio communication network (WLAN) user identification and payment charging for services of communication between user device (laptop) and first radio communication network (WLAN), involving use of mobile radio communication system including mobile station (MS) and mobile radio communication network (PLMN). User and/or mobile station (MS) identification data is transmitted by user device (laptop) from first radio communication network (WLAN) to mobile radio communication network (PLMN), or mobile station (MS) sends information request signal to mobile radio communication network (PLMN) for access to first radio communication network (WLAN). In response, mobile radio communication network (PLMN) sends charged short message to mobile station (MS), containing information on access to first radio communication network (WLAN). Payment charging for communication between user device (laptop) and first radio communication network (WLAN) is performed by charging for short message in mobile radio communication system.

EFFECT: possible user identification and payment charging for the use of first radio communication network (WLAN) without involving new equipment and additional investments.

8 cl, 3 dwg

FIELD: physics, computer technology.

SUBSTANCE: invention concerns digital rights management system. (DRM) features multiple DRM servers with DRM functionality, and incoming server DRM-I is registered in the system by registration server DRM-R, so that incoming server DRM-I should be a trust server in this system. DRM-I server sends registration request to DRM-R server including representative identification data and public key (PU-E). DRM-R server checks validity of representative identification data, and if the request can be met, DRM-R server generates digital registration certificate by (PU-E) for DRM-I server for registration of DRM-I server in DRM system. Just registered DRM-I server with generated registration certificate can use it for delivery of documents with DRM in DRM system.

EFFECT: possible controlled reproduction or replay of arbitrary digital content forms in medium where documents are shared by a definite group of users.

74 cl, 17 dwg

FIELD: engineering of devices and methods for using server for access to processing server, which performs given processing.

SUBSTANCE: for this in accordance to method reservation is requested, reservation is confirmed, authentication information included in reservation information is stored, service is requested on basis of authentication information, server utilization is authenticated and server is utilized on basis of authentication result, while on stage of reservation confirmation device for controlling reservation transfers reservation setting information, and on stage of authentication server utilization is only confirmed when authentication information matches authentication information transferred from user terminal. Device contains receiving means, information generation device and transmitting means.

EFFECT: creation of method for using server, device for controlling server reservation and means for storing a program, capable of providing multiple users with efficient utilization of functions of processing server with simultaneous decrease of interference from unauthorized users without complicated processing or authentication operations.

6 cl, 51 dwg

Up!