1. Field of the Invention
The present invention relates to digital rights management (DRM), and particularly, to a method for securely issuing a rights object to a memory card in a DRM environment.
2. Background of the Invention
Digital Rights Management (DRM) is a technology for safely protecting and systematically managing a rights object for digital contents (e.g., music, movies, literature, images, etc.). DRM prevents unauthorized and/or illegal copying of digital contents. DRM also provides for the acquisition of rights object (RO) for DRM contents, production and distribution of DRM contents, and protection and management for a series of usage processes.
FIG. 1 shows a general structure of a conventional DRM system.
The conventional DRM system controls how a user receives and processes received digital contents in accordance with a RO given to the user. In this respect, the contents provider is an entity corresponding to a contents issuer (CI) 30 and/or a rights issuer (RI) 40.
The CI 30 issues protected contents (referred to hereinafter as ‘DRM contents’ (or ‘digital contents’)) by using a particular coding key to protect the contents from viewing or processing by a non-authorized user, and the RI 40 issues the RO required for allowing use of the DRM contents.
A terminal 10 includes a DRM agent. The DRM agent receives DRM contents from the CI 30, receives a RO with respect to the contents from the RI 40, and interprets permission and/or constraint included in the RO to control the use of the DRM contents by the corresponding terminal.
In general, the RO is coded by a public key of a particular terminal, so arbitrary terminal other than a terminal having a private key cannot decode or use the DRM contents related to the RO.
Thus, in a conventional DRM system, even though the RO and its associated DRM contents are copied into a mobile memory card such as a multimedia card and the like, an arbitrary terminal other than a particular terminal for which the RO has been properly issued cannot read the DRM contents from the memory card. That is, the RO is dependent upon the particular terminal.
In addition, in the conventional DRM system, because the RO is issued for the particular terminal, if the memory card stores the RO and its DRM contents, only the particular terminal properly having the issued RO can read the DRM contents and the RO from the SRM. Thus, only the particular terminal properly having the issued RO can use the DRM contents.
Also, in the conventional DRM system, the RI 40 cannot issue a RO with respect to the DRM contents to the memory card. Thus, the memory card cannot have the RO in its name.
Further, in the conventional DRM system, the RI 40 can neither know a trust anchor negotiated between the DRM agent of the terminal and the memory card nor ID of the memory card. Thus, the memory card, cannot have the RO in its name.
FIG. 2 shows problems according to the related art.
As shown in FIG. 2, the CI 30 issues contents to a first terminal 11. The RI 40 issues RO with respect to the contents to the first terminal 11. The terminal 11 exports the RO and copies the RO into the memory card 15.
Accordingly, although the user of the first terminal 11 hands over the memory card 15, to a second terminal 12, the second terminal 12 cannot use the contents in the memory card 15 because the RO in the memory card 15 is issued to the first terminal 11.