In recent years, the number of different types of content protection systems has been growing at a rapid pace. Some of these systems only protect the content against illegal copying. Other systems are prohibiting the user from getting access to the content. The first category is referred to as Copy Protection (CP) systems. CP systems have traditionally been the main focus for consumer electronics (CE) equipment. This type of content protection can typically be implemented in an inexpensive manner, and does not require bidirectional interaction with the content provider. Some examples are the Content Scrambling System (CSS), the protection system of DVD ROM discs and DTCP (a protection system for IEEE 1394 connections). The second category of systems, relating to prohibiting access, is known under several names. In the TV broadcast world, these systems are generally known as conditional access (CA) systems, whereas on the Internet they are generally known as digital rights management (DRM) systems.
A home network can be defined as a set of devices that are interconnected using a network technology (e.g., Ethernet, IEEE 1394, BlueTooth, 802.11b, 802.11g, etc.). Although network technology allows the different devices to communicate, this is not enough to enable devices to interoperate. For interoperability, devices need to be able to discover and address the functions present in the other devices in the network. This functionality is provided by home networking middleware. Examples of home networking middleware are Jini, HAVi, UPnP, and AVC.
The concept of authorized domains aims at finding a solution to both serve the interests of the content owners (who want their copyrights protected) and of the content consumers (who want unrestricted use of the content). The basic principle is to have a controlled network environment, also referred to as an authorized domain. Content can be used relatively freely, but only within the authorized domain. Typically, authorized domains are centered on the home environment or home networks. Of course, other scenarios are also possible. A user could, for example, take with him/her on a trip a portable device for rendering audio and/or video stored at the device, and also use it in his/her hotel room to access or download additional content stored at his/her personal audio/video system at home. Although the portable device is geographically outside the home network, it stays functionally a part of this user's authorized domain. In this way, an authorized domain is a system that allows access to content by devices belonging to the domain, but not by any other devices.
For a more extensive introduction to the use of an authorized domain, etc., see for example S. A. F. A. van den Heuvel, W. Jonker, F. L. A. J. Kamperman, P. J. Lenoir, Secure Content Management in authorized domains, Philips Research, The Netherlands, IBC 2002 conference publication, pages-474, held at 12-16 Sep. 2002.
Various proposals exist that implement the concept of authorized domains to some extent.
One type of known implementation is a device-based authorized domain. Examples of such systems are SmartRight (Thomson Multimedia), xCP, and Netdigital rights managementNetDRM (Matshushita). A further example of a device-based authorized domain is discussed in, e.g., WO 03/098931 of Philips Electronics, also published as US 20050210261, herein incorporated by reference.
A typical device-based authorized domain is formed by a specific set of devices and by content. Only a device of this specific set is allowed to access, use, etc., the content of that domain. There is no distinction between different users of the same specific set of devices in the same domain.
A drawback of device-based authorized domain systems is that they typically do not provide the flexibility that a user wants or needs, because the user is restricted to a particular and limited set of devices. In this way, the user is not allowed to exercise the rights, which the user has obtained, anytime and anywhere he/she chooses. For example, if a user is visiting a friend's house he/she cannot have access, from the friend's devices, to the user's legally purchased content. The devices at the friend's are typically not included in the particular and limited set of devices that together form the domain comprising this specific user's content.
Another type of known implementation is a person-based authorized domain. Here, the domain is based on persons (instead of on devices, as in device-based authorized domains discussed above) and on content. An example of such a system is described in, e.g., WO 04/038568, also published as US 20060021065, herein incorporated by reference. In the system described, content is tied to persons who have been grouped into a domain.
In a typical person-based authorized domain, access can be had to content bound to that authorized domain. However, only a specific and limited set of users is allowed the access. These users may employ any compliant device. Domain management in a person-based authorized domain is in general easier than in a device-based authorized domain.
However, person-based systems require person identification, which is not always convenient for, or preferred by, their users. Further, a visitor to the home of an authorized user may want to access the user's content. As he/she does not have a personal identifier for that domain, it is not possible for him/her to access the content. It is preferred that devices in the home belonging to the domain enable the visitor to access the content of that domain.
Therefore, there is a need for a hybrid authorized domain, which has aspects in common with a person-based domain as well as with a device-based domain. Such a hybrid domain intends to combine the advantages of both. A hybrid person-based and device-based authorized domain is proposed in WO 05/010879, filed in the U.S. Ser. No. 10/565,663 and incorporated herein by reference. In this document, an authorized domain is disclosed that combines two different approaches in order to define an authorized domain. The connecting part between the device-approach and the person-approach is a so-called Domain Identifier. The devices are preferably grouped together via a domain-devices certificate (DDC); the persons are preferably separately grouped via a domain-users certificate (DUC); and content is directly or indirectly linked to a person.
However, when content is imported from, e.g., a delivery digital rights management system and/or a CA system, into this authorized domain (an action typically performed via a device), it is not directly clear to which person the content has to be allocated. In other words, at the moment of import, the system needs additional information about the person with whom the content is to be linked.
Therefore, there is a need for a simple method of creating an authorized domain wherein the additional information required upon importing content is easily and/or directly obtainable. This is achieved with the authorized domain proposed in WO 05/093544, incorporated herein by reference. In this publication, a method of generating an authorized domain is proposed with following characteristics: a domain identifier is selected uniquely identifying the authorized domain; a user is bound to the domain identifier; a content item is bound to the user; and a device is bound to the user. Rather than binding each of the content items, each of the devices and each of the users to an authorized domain, only users are bound to an authorized domain, and content items and devices are bound in turn to users.
As discussed above, different authorized domains are distinguished by their domain configuration and policy. For example, the authorized domain can be defined as a set of, say, at most ten devices linked to a single domain identifier, which is linked to a maximum of, say, five user accounts to which an unlimited set of content is bound. In addition to the maximum number of devices and accounts, policies may include frequency limitations, allowing a limited number of configuration changes per unit of time, or proximity controls that restrict certain content or domain functions to certain locations.