The notion of Authorized Domain (AD) has been defined recently as a set of devices belonging to members of a same household for receiving, storing or consuming contents. In this context, household should not be viewed as a single location (the main home). An Authorized Domain can indeed include devices located in a vacation home, in a car or even hand-held devices.
FIG. 1 illustrates an example of Authorized Domain 1 comprising a set of devices located in the main house 2: a digital television 21, a personal computer 23, a game console 24 and a storage unit 22; another digital television 31 located in a second house 3; mobile devices such as a Personal Digital Assistant 41 and a portable player 42 which can be brought outside the house and a mobile device 51 located in a car 5 (e.g. portable video player). Contents can be delivered to devices of the Authorized Domain in several ways: it can be a broadcast content received via an antenna 6 for example; it can be a broadband, on-demand content received via an open network such as Internet 7 or it can be a content stored on a medium such as optical disc 8.
Several groups (e.g. the TV-Anytime Forum or DVB-CPT—Digital Video Broadcasting Content Protection Technical sub-group of the DVB organization) have worked in the past years on Authorized Domain notion. Implementation solutions have also been proposed by the industry such as the SmartRight™ proposal (information about which can be found at www.smartright.org).
Within an Authorized Domain, devices are often distinguished depending on the role they play regarding the content. In the SmartRight™ system for example, the content enters the Authorized Domain via an Access Device (also called Acquisition Device), it is stored within a Storage Entity and consumed or exported by a Presentation Device. Similar functional entities are defined in the DVB-CPCM System (“CPCM” standing for “Content Protection & Copy Management”), currently specified by the DVB-CPT, and are illustrated in FIG. 2.
In FIG. 2, an Input Content 110, delivered by a content provider, enters in an Authorized Domain 100 via an Acquisition Point 101. This entity performs some actions on the Input Content to obtain a content 120 specific to the Authorized Domain. This AD specific Content 120 can be stored within the Authorized Domain by a Storage Entity 102 to be later consumed. It can be processed by a Processing Entity 103 (e.g. to perform a compression to transfer the content to a low-resolution device). Finally this AD specific Content can be consumed via a Consumption Point 104 where the content is rendered (e.g. in the form of sound and images) to a user to obtain what is called a Consumed Content 130. The AD specific Content can also be exported via an Export Point 105 to obtain an Exported Content 140 which is no more protected by the Authorized Domain rules and preferably protected by another system. It is of course possible to implement two or more of the previously mentioned functionalities in a single appliance (e.g. a set-top box having an internal hard disk drive is at the same time an Acquisition Point and a Storage Entity; an Integrated Digital Television with an analog output is a Consumption Point and an Export Point).
It is to be noted that an AD specific Content is bound to the Authorized Domain in which this content has been obtained, if such a binding is required by the content provider (in usage rights attached to the Input Content for example). This means that such AD specific Content can be consumed in every Consumption Point of the Authorized Domain but cannot be consumed in any device of a different Authorized Domain.
Authorized Domain management is therefore very important to limit the size and/or extent of the Authorized Domain. Users would indeed have interest in unlimited Authorized Domain in order to be able to share their contents with others but content providers require that the size of an Authorized Domain be limited to the needs of members of a single household only.
A basic solution would be to limit the total number of devices within an Authorized Domain but it is difficult to estimate the ‘normal’ number of devices for a single household. In addition, counting only the number of devices would have undesirable side effects. For example, two storage entities of 1 MByte each (e.g. USB keys) would be counted as two devices whereas one storage entity of 10 GBytes (e.g. hard disk drive) would count only for one device.
There is therefore a need for a secure solution to limit the size/extent of an Authorized Domain which would be transparent and unnoticed by a majority of honest users but which would prevent rogue users to circumvent it.