1. Field of the Invention
The present invention relates generally to a mobile communication system, and in particular, to a system and method for acquiring a Terminal Binding Key (TBK) by a terminal in a mobile communication system.
2. Description of the Related Art
Smartcard Profile of Open Mobile Alliance (OMA) Broadcast version 1.0 (BCAST v1.0) standard, which is a Mobile Broadcast (BCAST) technology for a mobile communication system, uses Digital Rights Management (DRM)-related information so that broadcast services and contents can be used in security terminals using a smartcard. Use of the smartcard enables Rights Portability. The term ‘Rights Portability’ as used herein means a function of storing the DRM-related information in a smartcard such as Universal Subscribe Identity Module (USIM) card and User Identity Module (UIM) card, thereby making it possible for multiple terminals to play back the broadcast contents to which the user has previously subscribed. That is, the Rights Portability function allows several terminals to utilize broadcast services and contents subscribed by the user, using the DRM-related information such as Terminal Binding Key (TBK), stored in the smartcard.
A description will now be made of a method in which a security terminal uses broadcast services and contents using the TBK in the DRM-related information.
The TBK, an encryption key that a terminal is issued after it has successfully achieved an authentication process with a BCAST Subscription Management (BSM), is used for encrypting a Traffic Encryption Key (TEK). The TEK is an encryption key used for encrypting broadcast services and contents (hereinafter, ‘services’ for short). Therefore, only the terminal having the TBK can decrypt the TEK, and decrypt the encrypted services from the decrypted TEK, thus playing back the services.
With reference to FIG. 1, a description will now be made of a method in which the currently available terminal (hereinafter, ‘first terminal’) performs an authentication process with a BSM in order to be issued the above-stated TBK using a smartcard, thus to receive services.
FIG. 1 is a diagram illustrating a method in which the conventional terminal performs an authentication process with a BSM to receive services.
Referring to FIG. 1, in step 110, a first terminal 103 receives a service guide including service-related information and parameters from a BSM 101 that manages subscriber's subscription information for reception of BCAST services. In step 115, the first terminal 103 performs GBA_U through an interactive connection with the BSM 101. The GBA_U is an authentication technique between a terminal and a smartcard, defined in 3GPP TS 33.220. Thereafter, in step 120, the first terminal 103 acquires from the BSM 101 a Long-Term Key Message (LTKM) in which Service Encryption Key (SEK)/Service Authentication Key (SAK) or Program Encryption Key (PEK)/Program Authentication Key (PAK) are included. In step 125, the first terminal 103 sends the acquired LTKM to a smartcard 105.
In step 130, the first terminal 103 acquires a TBK through an interactive connection with the BSM 101. That is, the BSM 101 and the first terminal 103 establish an authentication and security channel through a Secure Hypertext Transfer Protocol (HTTPS). Further, the first terminal 103 sends a first terminal's identifier BCAST_Client_ID to the BSM 101 through the channel. After receiving the BCAST_Client_ID, the BSM 101 performs terminal security verification based on the BCAST_Client_ID, and issues a TBK according to the verification result. The BSM 101 sends the issued TBK to the first terminal 103 through the channel. Thus, the first terminal 103 can acquire a TBK.
In step 135, the BSM 101 generates a Short-Term Key Message (STKM) completed by digital-signing a STKM composed of other parameters including the encrypted TEK, using the SAK, and sends the generated STKM to the first terminal 103. In step 140, the first terminal 103 sends the received STKM to the smartcard 105. In step 145, the smartcard 105 detects a TEK from the received SKTM, and sends the detected TEK to the first terminal 103. In step 150, the first terminal 103 can receive the encrypted services and contents transmitted from the BSM 101, using the TEK.
Since the TEK extracted in step 145 was encrypted by the TBK, TBK decryption is achieved only in the authenticated terminal that has been having the TBK.
Since the BSM 101 sends the determined TBK to the first terminal 103 as described above, a new terminal (hereinafter, ‘second terminal’) that the user has newly gotten, cannot play back the services to which the user has previously subscribed. Therefore, the second terminal should perform a process of subscribing again to the previously subscribed services.
Therefore, there is a need for a scheme in which when a user replaces a first terminal with a second terminal, the second terminal can also acquire the TBK that the first terminal could acquire, in order to play back the previously subscribed services.