1. Field of the Invention
The following description relates to digital rights management (DRM), and more particularly, to a method for joining a user domain based on DRM, and a method for exchanging information in the user domain.
2. Discussion of the Background
The Open Mobile Alliance (OMA), which is a standards group for the technology of mobile software application elements, has studied the standard of ‘OMA DRM extension for Secure Content Exchange’ (hereinafter, referred to as OMA DRM SCE), which is an extended version of the existing OMA DRM Version 2.0.
The OMA DRM SCE defines a method for allowing a user device to join a user domain through a domain enforcement agent (hereinafter, referred to as DEA), instead of through a rights issuer (RI).
FIG. 1 is a diagram illustrating a method for joining a user domain based on the OMA DRM Version 2.0.
FIG. 1 shows a 2-pass join domain protocol for allowing a user device compatible with the OMA DRM Version 2.0 to use a domain rights object (RO). This protocol is also described in U.S. patent application Ser. No. 11/841,190.
As illustrated in FIG. 1, the user device issues a request to a rights issuer for joining a user domain using the 2-pass domain join protocol. The rights issuer requests an Online Certificate Status Protocol (OCSP) responder to send information regarding the status of a certification of the user device. If information regarding the status of the certification of the user device is received, the rights issuer transmits a response to the user domain join request to the corresponding user device.
If the status of the certification is “good”, this means that the certification is available. If the status of the certification is “revoked”, this means that the certification has been revoked permanently or is temporarily unavailable. If the status of the certification is “unknown”, this means that information about the certification is unknown.
The rights issuer determines whether to allow the user device to join the user domain based on the status of the certification, and transmits a response to the user device according to the result of the determination. Through the user domain join procedure described above, the user device can use the domain rights object.
FIG. 2 is a diagram illustrating a method for allowing multiple user devices compatible with the OMA DRM Version 2.0 to use a domain rights object.
Referring to FIG. 2, user devices D1, D2 and D3 are registered with a rights issuer using a 4-pass registration protocol, and join a specific user domain using a 2-pass join domain protocol.
Then, the user device D1 acquires a rights object, including content and rights, from the rights issuer using a 2-pass rights object acquisition protocol, and transmits the rights object to the user devices D2 and D3 belonging to the same user domain as the user device D1. Accordingly, the user devices D2 and D3 can also use the rights object.
Meanwhile, to allow another user device D4 which has not joined the user domain to use the rights object transmitted to the user device D4 by the user device D1, the user device D4 should be registered with the rights issuer using the 4-pass registration protocol, and join the user domain using the 2-pass join domain protocol.
Meanwhile, according to the OMA DRM SCE (see FIG. 1 and FIG. 2) which is an extended version of existing OMA DRM Version 2.0, each user device can join a user domain through a domain enforcement agent (DEA) instead of a rights issuer.
However, if a user device joins a user domain using the 2-pass join domain protocol defined in the OMA DRM SCE, the following problems may occur.
First, if many user devices belonging to the same user domain perform security communications, authorization should be performed and a shared key should be set up between the user devices. However, if security communications are based on an existing authentication method such as OCSP, a large load may be applied to the user devices, and the communications security of members belonging to the same user domain may not be ensured.
Also, since information shared by two user devices is a domain rights object, and a domain key stored in the domain rights object is known to all members belonging to the same user domain, communications security may be difficult when encryption for communications between the two user devices is performed using the domain key.
Second, if security communications are performed between a user device and a DEA, since the user device and the DEA share no key information, there is the above-described problem that a new security session should be set up using an existing authentication method for encryption communications between the user device and the DEA.