1. Field of the Invention
The present invention relates to a method of checking revocation of a content device and transmitting data, and more particularly, to a method, system, and data server for checking revocation of a device and software and transmitting data, such as contents or a license, to a secure device and secure software whose keys are not leaked.
2. Description of the Related Art
As illegal copying of digital content in the digital content industry has recently increased, a variety of technologies for protecting digital content have been researched and developed. Such examples include a Conditional Access System (CAS) for protecting broadcasting contents, Digital Rights Management (DRM) for determining whether to allow digital content to be used according to rights regarding the digital content, and digital content protection technologies for storage media such as a Content Scrambling System (CSS), Content Protection For Recordable Media (CPRM), and an Advanced Access Content System (AACS).
Most content protection systems such as DRM, CAS, CSS, and the like, control the use of content based on encryption so that only an authorized user or device can use the content only by a permitted method. The content protection system encrypts content, distributes or sells the content, and protects the content by allowing only an authorized to can access a content key capable of decrypting the content.
FIG. 1 is a diagram illustrating a conceptual internal configuration of a conventional content device 100 playing contents by executing downloadable DRM software.
Here, it is possible to install different content protection systems in the content device 100, and in the case where an attempt is made to use content, the content device 100 has a structure in which the content is decrypted or the use of the content is controlled by executing content protection software such as DRM. There are various examples of the content device 100 including a digital television, a set top box, an MPEG Audio Layer-3 (MP3) player, a portable video player, a Digital Video Disc (DVD) player, a Blu-ray player, and the like.
The content device 100 includes a software execution unit 110, a playing/output unit 130 playing/outputting content, and a software storage unit 140 that is a storing medium capable of storing software. DRM software 120 executed in the software execution unit 110 includes a license processing unit 121 processing a content key or a license, and a content decryption unit 122 decrypting content secured by encryption.
The structure for using content protected by the DRM in the content device 100 will now be explained. When data such as content or a license is provided from outside the content device 100, and use of the content, such as playing of the content or transferring the content to an external device, is requested, the content device 100 executes the DRM software 120 for controlling the use of the content. The DRM software 120 executed in the software execution unit 110 interprets a license, in the license processing unit 121, for the usage rights of the content, and determines whether the content can be used. If use is permitted, the content is decrypted in the content decryption unit 122. The decrypted content is played or transferred to the external device via the playing/output unit 130. The above example of DRM software is given in order to explain about the present invention, but the content protection software may be other software content protection systems such as CAS software or other content protection software.
A conventional method of encrypting data is to encrypt data by using a secret key or a public key of another party, and to transmit the data. However, in the case of multimedia data having a huge amount of data, separate encryption of content by each user has very low efficiency since high-volume content is encrypted with keys that are always different. Thus, content protection systems mostly use a two-step encryption method in which one content key is used to encrypt the same content, and a user key respectively retained by each user is used to encrypt the one content key.
The user key uses a device key stored in various devices using contents, such as a digital television, a set-top box, an MP3 player, a portable video player, a DVD player, a Blu-ray player, and the like.
Meanwhile, before encrypting data by using the user key and transmitting the data, there is a preceding procedure in which a device key is checked to determine whether the device key has been leaked, so as to ensure security.
Generally, a certification authority (CA) may ensure user integrity of a public key included in a certificate. However, in the case where a private key corresponding to the public key included in the certificate is leaked, stolen, or lost, it may cause serious problems. That is, a malicious user who obtained the private key via wrongful means may disguise oneself as a rightful user. In other words, a malicious user B who obtained a private key of a user A may pretend to be the user A by using a name and a public key of the user A, and may obtain various important items of data. In such a case, a reliable party trusting a certificate may be damaged. Thus, when a key compromise such as a leakage of a private key occurs, damage due to the leakage of the private key has to be prevented by making a certificate related to a corresponding public key invalid so that another user cannot use the certificate. For prevention purposes, a CA may revoke certificates related to a public key corresponding to a damaged private key, and may register the certificates in a Certificate Revocation List (CRL), thereby informing all reliable parties.
Therefore, conventionally, a server providing data keeps the CRL related to a device key used as a user key, and when the server receives a request for data such as content or a license from a certain device in which a key has been leaked, the server checks security of the device by scanning the CRL, and then transmits the data.
However, in a downloadable DRM software environment such as a Personal Computer (PC) in which a content protection system is provided in the form of software or firmware so that the content protection system can be installed in a device via downloading, a user wishing to use desired content allows a content protection system applied to the desired content to be liberally installed in the user's device in the form of software, and then used. By doing so, various contents can be used without considering kinds of content protection systems. Therefore, not only a device but also security of such DRM software has to be ensured.