This application claims the priority of Korean Patent Application No. 2004-10409, filed on Feb. 17, 2004, in the Korean Intellectual Property Office, and U.S. Provisional Application No. 60/525,701 filed on Dec. 1, 2003 in the United States Patent and Trademark Office, the disclosures of which are incorporated herein by reference in their entirety.
1. Field of the Invention
The present invention relates to a method of joining a controlled device to a home network, and more particularly, to a method of joining a controlled device to a home network domain by using a smart card which contains information of the controlled device.
2. Description of the Related Art
In order to prevent the illegal reproduction or distribution of audio and video digital contents, various technologies for copyright protection have been suggested, which allow only specific devices to decrypt digital contents according to a predefined rule. Some of these technologies are digital video disc (DVD) content scrambling, content protection for recordable media (CPRM), digital transmission content protection (DTCP), high definition content protection (HDCP), content protection system architecture (CPSA), and digital rights management (DRM).
Also, technologies for protecting contents in a home network system have been suggested, such as the ‘xCP cluster protocol’ developed by IBM.
The xCP cluster protocol is a technology based on broadcast encryption and adopts a method of introducing a domain concept called a cluster and allows devices included in the cluster to freely use each other's contents.
FIG. 1 is a block diagram of a conventional home domain with a master-slave structure. FIG. 2 is a flowchart illustrating a process wherein a master device authenticates legality of a device intending to join a home domain. In FIG. 2, a process of building an authenticated home domain 100 with a master-slave structure on the basis of the xCP cluster protocol is described. The process is largely divided into a cluster generation process in step S210 and a device authentication process in step S220.
A first device 110, which is connected to a certain home network at first, generates a binding identification (IDb) of the home network in step S212. The IDb is a unique identifier set when the device is manufactured or set by a user. When the IDb is generated, a cluster identified by the IDb, i.e., a domain, is generated.
Each of devices 120, 130, and 140, which intend to use contents stored in the first device 110, extracts a media key (Km) from a media key block (MKB) using a device key in step S221. Each of the devices 120, 130, and 140 generates a secret key (Kp) using the extracted Km and a personal ID (IDp) in step S223. The devices 120, 130, and 140 request device authentication from the first device 110 in step S225. That is, each of the devices 120, 130, and 140 transmits the IDp, which is a personal unique identifier, ‘type’, which represents a type of each device, and h=MAC(IDp∥type)Kp, which is a hash value of the IDp and the type, obtained by using the Kp, to the first device 110, wherein MAC indicates a message authentication code.
The first device 110 obtains Kp′ using the Km and the IDp, compares a hash value h′=MAC(IDp∥type)Kp′ obtained using the Kp′ and the hash value h received from each of the devices 120, 130, and 140 and determines whether the hash values h and h′ are the same. If the hash values h and h′ are the same, the first device 110 transmits E(IDb)Kp, in which the IDb is encrypted using the Kp, and the IDp, which is a unique ID of each of the devices 120, 130, and 140, to the devices 120, 130, and 140 and adds the IDp in an authentication table (auth.tab). Each of devices 120, 130, and 140 extracts the IDb from the E(IDb)Kp received from the first device 110, and then the device authentication is accomplished in step S227.
Accordingly, the authenticated home domain 100, which includes a master device 110 and slave devices 120, 130, and 140, is built. After the authenticated home domain 100 is built, the slave devices 120, 130, and 140 can receive contents from the master device 110 and use them.
According to the xCP cluster protocol described above, all devices in a communication range can automatically join a domain through the authentication process as soon as the devices are physically connected to a master device without selecting the devices to be included in the domain. Therefore, if a user makes a mistake in connecting a device, that must not be in the domain, to the master device, in order to prevent the device from receiving contents from the master device, the user must disconnect the device from the master device. If the user wants to allow the device to legally join the domain, the user must connect the device to the master device again.
Furthermore, according to a conventional authenticated home domain building method, since only a master device can authenticate devices to be newly joined to the home domain and the devices to be newly joined to the home domain cannot authenticate the master device, the user cannot determine whether a device has been registered in the master device of the home domain.