1. Field of the Invention
The present invention relates to a method of managing devices in a domain of a home network, and more particularly, to a home network system allowing a user to directly connect or disconnect member devices in a domain using a user interface and to effectively control a status change of the member devices in the domain and a management method therefor.
2. Description of the Related Art
Home network technologies for protecting contents on a home network, such as ‘SmartRight’ by Thomson corporation, ‘open conditional content access management (OCCAM)’ by Sysco corporation, and ‘xCP cluster protocol’ by IBM, have been recently suggested.
The SmartRight is a method of placing a smart card including a public key certificate in each device in a home network and generating a key for the home network by exchanging the certificates between devices using the smart card.
The OCCAM is a method by which devices in a home network use contents using a unique ticket of each of the contents.
The xCP cluster protocol, a technology based on broad encryption, is a method of using a domain concept called a cluster and freely using contents among devices included in the cluster.
FIG. 1 is a block diagram illustrating a conventional home domain structure.
Referring to FIG. 1, an authenticated home domain 100 includes a master device 110 and a plurality of slave devices 120 through 140. A domain is managed between the master device 110 and the plurality of slave devices 120 through 140.
A content reproducing process based on the xCP cluster protocol will now be described with reference to FIG. 2.
FIG. 2 is a flowchart illustrating a content reproducing process based on the xCP cluster protocol according to a conventional master-slave structure.
Referring to FIG. 2, the content reproducing process is largely divided into a cluster generation process in step S200, a device authentication process in step S210, a content encryption process in step S220, and a content decryption process in step S230, and operates as follows.
A server, which is initially linked to a home network, generates a binding identification (IDb) of the home network in step S200. Here, the IDb can be a unique identifier set when the server was manufactured or a unique identifier set by a user. When the IDb is generated, a cluster idetified by the IDb is generated.
A device, which intends to use contents stored in the server, extracts a media key (Km) from a media key block (MKB) using its own device key set in step S212. The device generates a personal key (Kp) using the extracted Km and a personal ID (IDp) in step S214. The device requests device authentication from the server to be authenticated as a member device in step S216. That is, the device transmits the IDp, which is a personal unique identifier, a ‘type’, which is a type identifier representing a type of the device, and a value h=MAC(IDp∥type)Kp, which is a hash value of the IDp and the type, to a device authentication server in the cluster or outside the cluster.
The server obtains a value Kp′ using the Km and the IDp, compares a hash value h′=MAC(IDp∥type)Kp′ obtained using the value Kp′ and the hash value h received from the device, and determines whether the hash values h and h′ are the same. If the hash values h and h′ are the same, the server transmits a value E(IDb)Kp, in which the IDb is encrypted using the Kp, and the IDp to the device and adds the IDp in its own authentication table (auth.tab). The device extracts the IDb from the value E(IDb)Kp received from the server, and then the device authentication is accomplished in step S218.
After the device authentication is accomplished, the server encrypts a content to be transmitted to the device in step S220. First, the server generates a binding key (Kb) using the IDb, auth.tab, and Km in step S222, wherein Kb=H[IDb⊕H[auth.tab],Km].
The server encrypts the content using a title key (Kt) to protect the content in step S224. Usage rule (UR) information including copy control information, information whether transferring is permitted, usage rights, and license effective period is contained in each content. The server encrypts the UR information and the Kt using the Kb such as E(Kt⊕H[UR])Kb in step S226.
The device receives the auth.tab from the server, extracts the Kb from Kb=H[IDb⊕H[auth.tab],Km] using the extracted Km and IDb in step S232, extracts the Kt from E(Kt⊕H[UR])Kb in step S234, and decrypts the content received from the server using the extracted Kt in step S236.
According to the xCP cluster protocol described above, all devices in a communication range can automatically join a domain without selection or definition of the devices to be included in the domain. Also, whenever each device newly generates a Kb, the device must receive an auth.tab from a server and perform a computation. Therefore, it is necessary to determine member devices of a home domain under control of a user and protect contents more securely by building the home domain to be independent from the outside.
Lately, a method of managing a home network using a universal plug and play (UPnP) infrastructure has been suggested. The UPnP is generally a standardized function to recognize computer peripherals connected to a general use computer. Furthermore, the UPnP is being improved as a network middleware standard, by which home alliances and wireless devices besides the computer peripherals can automatically be recognized when they are connected to a network. Also, since the UPnP uses a conventional standard Internet protocol, the UPnP can be smoothly integrated in a conventional network and does not rely on a special operating system or physical medium. However, since a method of managing a domain using the UPnP is not known yet, it is necessary to develop a method of effectively managing a domain using the UPnP.