1. Field of the Invention
Apparatuses and methods consistent with the present invention relate to content use using digital rights management (DRM), and more particularly, to generating a rights object (RO) by reauthorization.
2. Description of the Related Art
In a related art DRM system, a content provider or a right issuer (RI) encrypts and then transmits content in order to control the use of content. Also, an RO, including a usage rule of the corresponding content, is issued in order to protect the rights of an author. Accordingly, a DRM device is designed to forcibly follow the usage rule included in the RO.
FIG. 1 is a diagram illustrating the generation and distribution of an RO of related art content. Devices D1, D2, D3, and D4 inside a domain each undergo a registration procedure by the corresponding service provider in order to register as a member in the domain. Accordingly, the devices D1, D2, D3, and D4 can share content and an RO between other devices. Here, one representative device D1 can share content and the RO from the other devices with the remaining devices D2, D3, and D4 by transmitting the content and the RO. Then, the remaining devices D2, D3, and D4 rely on the received content and the RO, using information from the service provider, and use the received content and the RO.
A method of sharing rights information, i.e., an RO, of the content using the domain is performed as shown in FIG. 1.
First, four devices are included in one domain and, in a domain technology based on a server, a content server includes a route certificate and a service provider certificate, for generating an encrypted content, a encryption key for using the encrypted content, and an RO including a usage rule. The route certificate is a certificate from a certificate issuer for checking an authorization system. The service provider certificate is a certificate in which a public key of the service provider is authorized by the certificate issuer.
Referring to FIG. 1, the devices D1, D2, and D3 are registered with the RI and participate in the domain in operation S1. The device D1 obtains content an RO from the RI in operation S2 and transmits the obtained content and RO to the devices D2 and D3 in operation S3. Meanwhile, even when the device D1 transmits the contents and RO to the device D4 in operation S4, since the device D4 has not yet been registered with the RI, a process of registering with the RI and joining the domain is required.
Processes of generating the RO of the encrypted content will now be described in detail. The service provider generates the encrypted content and RO using a content packaging process. The RO includes a content encryption key (CEK), which encrypts the content, and a usage rule. While generating the RO, important information, such as the CEK, or the like, is encrypted using a key of the device D1, which requested the content. Accordingly, a key for deciphering the content can be obtained only by the device D1 using its own key, and thus, only the device D1 can use the content.
Also, the RO is signed by a private key and the device D1 confirms the signature of the RI using the route certificate owned by the device D1 itself. If the signature of the RI is incorrect, the device D1 is unable to use the corresponding RO.
Processes of using generated content and RO will now be described. In order for a device, which received the content and RO, to use the corresponding content, the device should check a signature of an RI on the received RO, decipher a rights encryption key (REK) of the RO, and decipher a CEK using the REK. Then, the content is deciphered using the CEK in order to use the content according to a usage rule owned by the RO.
As described above, in a re-distribution based on a server, the RO should be re-issued by the RI for the re-distribution.
Accordingly, when the content is re-distributed using a local domain manager, the following problems may occur. First, when the local domain manager changes a key included in the RO issued to itself, into a domain key in order to share the key with other devices inside the domain, the signature of the service provider is no longer effective. As a result, the service provider loses the authority to control the content changed by the local domain manager, and thus, unauthorized content can be distributed.
Second, the service provider is unable to determine a domain arbitrarily formed by the local domain manager, and is thus unable to determine in which domain content is used, which devices use the content, under what constraints is the content used, or the like.
Third, the devices (including a rendering device) in the domain should know a public key of the local domain manager in order to use the received content and RO, and should verify the validity of the certificate from the local domain manager every time. That is, when the local domain manager is hacked, unlimited re-distribution of the content may occur.
Moreover, in an Open Mobile Alliance (OMA) DRM environment, each device receives an RO, signed with a key of the RI, from the RI in order to be able to use the content. Accordingly, each device can authorize the received RO using the key of the RI that it owns itself. That is, all devices should have the key of the RI.