1. Field of the Invention
The present invention relates to a digital right management (DRM) system. More particularly, the present invention relates to a rights objects acquisition method of a mobile terminal in a digital right management system that is capable of delivering multiple rights objects to a mobile terminal simultaneously.
2. Description of the Related Art
With the recent tendency toward digital convergence, mobile terminals are evolving into multifunctional devices. For example, the functionality of mobile terminals now may include capabilities such as MP3 players and digital broadcast players by incorporating MP3 and digital broadcast tuner modules. Such multimedia-enabled mobile terminals may also support various multimedia services, such as wireless Internet access, online games, Music On Demand (MOD), and Video On Demand (VOD). The ongoing diversification of the mobile services and the terminal capabilities continue to expand the utilizations of mobile terminals. The mobile content business has also expanded to include enabling the provision of various types of mobile contents including ringtones, motion pictures, music files, and games, many of which are valuable copyrighted materials. Since these mobile contents are typically delivered to end users as pay contents, there is a need to protect the contents from theft and prying eyes.
Digital Rights Management (DRM) now plays an ever-increasing role to protect the pay contents from mobile terminal service providers and used in mobile terminals from piracy and illegal copying. DRM is specifically provides a controlled consumption of digital contents, such as documents, audio files including voice and music files and ring tones, video files, and games to protect the intellectual property right of the authors and the content providers.
Although DRM content object can be freely downloaded, it is useless to a user without a usage right, because without the corresponding Rights Object (RO), the material cannot be accessed since the DRM content objects are encrypted with a specific license key.
The RO is a container used in the Open Mobile Alliance (OMA) DRM system, which is an open DRM standard invented by the Open Mobile Alliance, for carrying the license key to decrypt the corresponding DRM object. The RO is issued by a Right Issuer (RI) and purchased by the end user. Since the digital content and corresponding RO are delivered in a detached manner (typically separately), the usage of the downloaded content is restricted to the user acquiring the corresponding RO. The RO is a collection of Permission, Constraints, and other attributes that define under what circumstances access is granted to a particular user, and what usages are defined for, DRM content object. Typically, the usage constraints include Count, DateTime, Interval, Timed-Count, Accumulated, and Individual. The constraints are stored in a specific field of the RO.
For example, the RO may specify the usage for an MP3 file with the count constraint value set to “10”. In this case, the MP3 file can be played 10 times and the count is decremented by 1 each time the MP3 file is played. If the count reaches “0”, the usage right on the MP3 file is exhausted. In order to maintain the usage right on the MP3 file, the corresponding RO should be updated.
FIGS. 1a and 1b are diagrams illustrating RO delivery procedures in conventional OMA DRM systems.
In FIGS. 1a and 1b, a mobile terminal 101 transmits a content request message (105) to content server 102, and the content server 102 transmits a corresponding content in response to the content request message 106. In a case where the requested content is a DRM protected content, the content is encrypted with an encryption key and with a scheme specified by the DRM, and transmitted in a DRM format having the constraints (e.g., usage rule, the number of times to be played, and duration). If a user request for acquiring the license for the downloaded content is detected, the mobile terminal 101 transmits a license request message 107 to a Right Issuer (RI) 103, and the RI 103 transmits the corresponding license 108 to the mobile terminal 101 in response to the license request message. Here, the license is a usage right on the content which includes a decryption key and usage constraint information. In the case of a DRM content object, the mobile terminal 101 should acquire the usage right for consuming the content. Accordingly, the RI 103 checks whether the identity of the user of the mobile terminal 101 is valid. If it is determined that the user is valid, the RI 103 transmits the license to the mobile terminal 101. If the license is received from the RI 103, the mobile terminal 101 is capable of playing/accessing the content by using the license. Typically, the decryption key and usage constraint information are extracted from the license by a DRM client application installed in the mobile terminal 101. The content is decrypted by using the decryption key and played under the usage constraints specified in the license.
FIG. 1a shows an OMA DRM version 1.0 system in which the DRM RO containing a non-encrypted content encryption key (CEK) is delivered from the RI server 103 to the mobile terminal 101. In the OMA DRM version 1.0 system, there are serious shortcomings in that the content can be acquired and distributed by an unauthorized user who obtained the DRM Content Format (DCF) and RO (i.e., the license of the corresponding DRM content), simultaneously.
FIG. 1b shows an OMA DRM version 2.0 system in which an authentication authority 104 (for example, Content Management Licensing Administrator: CMLA) is introduced. The CMLA 104 transfers the content encryption keys CEK 109 and 110, which are encrypted with a public key, to the mobile terminal 101 and the RI 103, respectively, and the RI 103 transfers the RO contained the encrypted CEK to the mobile terminal 101. Accordingly, in the OMA DRM version 2.0 system, the content can be decrypted only in the mobile terminal 101 having the CEK, resulting in reinforcement of usage right protection.
In the conventional OMA DRM version 2.0 system, however, each content is individually protected by one RO, whereby the RO acquisition process, especially when acquiring multiple ROs, is laborious and time-consuming. For example, extending the validity of a number of ROs for expired MP3, video, and game files requires multiple RO purchasing processes, resulting a great degree of user inconvenience. Thus, there is a need in the art for a more user convenient method that provides effective protection of content.