1. Field of the Invention
The present invention relates to digital rights management (DRM) technology, and more particularly, to a technique for authentication between a device and a portable storage for DRM.
2. Description of the Related Art
Recently, digital rights management (DRM) has been actively researched and developed. Commercial services using DRM are increasingly being used. DRM needs to be used because of the following various characteristics of digital content. That is to say, unlike analog data, digital content can be copied without loss and can be easily reused, processed, and distributed, and only a small amount of cost is needed to copy and distribute the digital content. However, a large amount of cost, labor, and time are needed to produce the digital content. Thus, when the digital content is copied and distributed without permission, a producer of the digital content may lose his/her profit, and his/her enthusiasm for creation may be discouraged. As a result, development of digital content business may be hampered.
There were several efforts to protect digital content. Conventionally, digital content protection has concentrated on preventing unauthorized access to digital content, such that only those people who have paid are allowed to access the digital content.
Thus, people who paid to access the digital content are allowed to access the unencrypted digital content, while people who did not pay are not allowed to access the digital content. In this case, when a person who paid intentionally distributes the digital content to other people, however, these other people can use the digital content without paying. To solve this problem, DRM was introduced. In DRM, any one is allowed to freely access encoded digital content, but a license referred to as a rights object is needed to decode and execute the digital content. Accordingly, the digital content can be more effectively protected by using DRM.
The concept of digital rights management (DRM) will be described with reference to FIG. 1. DRM relates to management of contents (hereafter, referred to as encrypted contents) protected using a method such as encryption or scrambling, and rights objects allowing access to the encrypted contents.
Referring to FIG. 1, a DRM system includes users 110 and 150 wanting to access content protected by DRM, a contents issuer 120 issuing content protected through DRM, a rights issuer 130 issuing a rights object containing a right to access the content, and a certification authority 140 issuing a certificate.
In operation, the user 110 can obtain desired content from the contents issuer 120 in an encrypted format protected by DRM. The user 110 can obtain a license to play the encrypted content from a rights object received from the rights issuer 130. Then, the user 110 can play the encrypted content. Since encrypted contents can be circulated or distributed freely, the user 110 can freely transmit the encrypted content to the user 150. The user 150 needs the rights object to play the encrypted content. The rights object can be obtained from the rights issuer 130. Meanwhile, the certification authority 140 issues a certificate indicating that the contents issuer 120 is authentic and the users 110 and 150 are proper users. The certificate may be embedded into devices used by the users 110 and 150 when the devices are manufactured and may be reissued by the certification authority 140 after a predetermined duration has expired.
As described above, DRM protects the profits of those producing or providing digital contents and thus may be helpful in promoting the growth of the digital content industry. However, there is inconvenience practically although a rights object or encrypted content can be transferred between the users 110 and 150 using mobile devices. Rights objects and encrypted contents can be easily moved between devices when a portable storage is used. In this situation, authentication is needed as a precondition for enabling safe data transmission between a device and a portable storage intermediating between devices.