This application claims the priority of Korean Patent Application No. 10-2003-0029144 filed on May 7, 2003 in the Korean Intellectual Property Office, the disclosure of which is incorporated herein in its entirety by reference.
1. Field of the Invention
The present invention relates to a method of authenticating a content provider and assuring content integrity, and more particularly, to a method of authenticating a content provider and assuring content integrity by which the content provider is authenticated and content integrity is assured upon download, exchange, or transfer of a variety of multimedia contents through a wired/wireless communication network.
2. Description of the Related Art
Recently, a variety of contents are distributed through wired/wireless communication networks, and development of a variety of techniques has been actively made to protect the copyrights of digital contents. A typical technique includes Digital Rights Management (DRM), for example, which encompasses DRM and Open Mobile Alliance (OMA) DRM v1.0 of Microsoft Corporation.
In a case where a user utilizing a device with the DRM function downloads packaged contents, sends such contents to a device of another user, or freely exchanges and sends them through a bulletin board or by e-mail via a wired/wireless communication network, there is a technique to assure the integrity of the contents sent.
FIG. 1 shows the configuration of conventional packaged contents 1. The contents 1 comprises an encrypted content portion 2, a header 3 including a variety of information on the relevant contents, and an electronic signature 4 made through hash coding of the header 3 of the contents 1. As shown in FIG. 1, the content portion 2 is encrypted and the header 3 includes the content provider's (CP's) name, a content ID, meta-information, the license provider's URL and the like. Here, a hash function is generally utilized in the electronic signature 4. The hash function can be described as a computationally effective function that performs mapping of an arbitrary-size binary string to a fixed-size binary string that is called a hash value. Such a hash function can be used to ensure data integrity in addition to its use for the electronic signature 4.
For example, when the contents 1 including the electronic signature 4, made through the beforehand hash coding of the header 3 of the contents 1, are downloaded, a hash function is then applied to the contents 1 and the electronic signature 4 is compared with a public key provided by the content provider so as to verify the electronic signature.
In such a case where a user downloads the packaged contents 1 from a content provider or receives them from another user through a wired/wireless communication network, the encrypted content portion 2 is transmitted together with the header 3 having the electronic signature 4 made through the beforehand hash coding of the header 3. Thus, the integrity of the packaged contents 1 is assured.
However, according to such related art, the electronic signature 4 is made through the hash coding of only the header 3. Thus, there is a problem in that the integrity of mutual connectivity of the encrypted content portion 2 and the header 3 cannot be assured.
Further, there are problems in that it is impossible to authenticate whether the received contents 1 were prepared by a legitimate content provider, and in that there is no way to acquire a public key certificate of a content provider required for verifying the integrity of the packaged contents 1.