In recent years, the number of content protection systems available has been growing rapidly. Some of these systems only protect the content against unauthorized copying, while others restrict the user's ability to access or use the content. These systems are often referred to as Digital Rights Management (DRM) systems.
Consumers want to enjoy content without hassle and with as few limitations as possible. They want to network their devices to enable all types of different applications and easily access any type of content. They also want to be able to share/transfer content in their home environment without limitations.
The concept of Authorized Domains (ADs) tries to find a solution to both serve the interests of the content owners (that want protection of their copyrights) and the content consumers (that want unrestricted use of the content). The basic principle is to have a controlled network environment in which content can be used relatively freely as long as it does not cross the border of the authorized domain. Typically, authorized domains are centered around the home environment, also referred to as home networks.
Of course, other contexts are also possible. A user could for example take a portable device for audio and/or video with a limited amount of content with him on a trip, and use it in his hotel room to access or download additional content stored on his personal audio and/or video system at home. Even though the portable device is outside the home network, it is a part of the user's authorized domain. In this way, an Authorized Domain (AD) is a system that allows access to content by devices in the domain, but not by any others.
Authorized domains need to address issues such as authorized domain identification, device check-in, device check-out, rights check-in, rights check-out, content check-in, content check-out, as well as domain management. For a more extensive introduction to the use of an Authorized Domain, etc., see S. A. F. A. van den Heuvel, W. Jonker, F. L. A. J. Kamperman, P. J. Lenoir, Secure Content Management in Authorised Domains, Philips Research, The Netherlands, IBC 2002 conference publication, pages 467-474, held at 12-16 Sep. 2002.
In certain architectures for Authorized Domains the entities, e.g. devices, in the domain share a symmetric Domain Key that is used, among other things, to create, access and/or authenticate objects such as content or licenses (rights objects) that are available in the domain. One example is version 2 of the Open Mobile Alliance's DRM Architecture: 5 Approved Version 2.0, OMA-AD-DRM-V2-0-20060303-A, 3 Mar. 2006, hereafter called OMA DRM v2 for short. This document is incorporated by reference into the present document. Another example is WO 20051088896.
In such architectures, the Domain Key cannot be made available to non-member entities since that would enable them to access protected objects even though they are not member of the domain. Still, it is desirable that certain non-member entities be enabled to create objects for use by entities in the domain. One could of course issue these non-member entities different keys, but that requires that each device in each domain holds copies of all of these keys.