Method, system, and data server for checking revocation of content device and transmitting data

US 8,347,404 B2
Filed: 11/15/2007
Issued: 01/01/2013
Est. Priority Date: 06/22/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method of checking revocation of a content device and transmitting data, the method comprising:

receiving authentication information of a device requesting transmission of data, and authentication information of digital rights management (DRM) software that authorizes access of the data in the device;

checking revocation of the device and the DRM software, based on the received authentication information,wherein the checking of the revocation further comprises;

checking a device Certification Revocation List (CRL) related to a certificate of the device, where the CRL comprises a device identifier, a device public key, and a digital signature for the device and wherein the received authentication information of the device is compared with at least one of the device identifier, the device public key, and the digital signature for each of devices identified in the CRL; and

checking a software revocation list (SRL) separate from the CRL and related to a certificate of the DRM software, where the SRL comprises a software identifier, a software public key, and a digital signature for the DRM software and wherein the received authentication information of the DRM software is compared with at least one of the software identifier, the software public key, and the digital signature for each of the DRM software identified in the SRL;

authenticating the device based on the checking of the CRL;

authenticating the DRM software based on the separate checking of the SRL; and

transmitting the data to the device, when the device and the DRM software are not revoked and the authentication of the device and the DRM software succeeds.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of checking revocation of a device and software, and transmitting data to a secure device and secure software whose keys have not been leaked is provided. The method includes receiving authentication information of a device requesting transmission of data, and authentication information of software accessing the data in the device; checking revocation of the device and the software, based on the received authentication information; and transmitting the data to the software of the device, when the device and the software are not revoked as a result of the checking. By doing so, during transmission of data, such as content or a license, it is possible to check security of a device and software being executed in the device, so that the data can be more safely transmitted.

41 Citations

View as Search Results

18 Claims

1. A method of checking revocation of a content device and transmitting data, the method comprising:
- receiving authentication information of a device requesting transmission of data, and authentication information of digital rights management (DRM) software that authorizes access of the data in the device;
  
  checking revocation of the device and the DRM software, based on the received authentication information,wherein the checking of the revocation further comprises;
  
  checking a device Certification Revocation List (CRL) related to a certificate of the device, where the CRL comprises a device identifier, a device public key, and a digital signature for the device and wherein the received authentication information of the device is compared with at least one of the device identifier, the device public key, and the digital signature for each of devices identified in the CRL; and
  
  checking a software revocation list (SRL) separate from the CRL and related to a certificate of the DRM software, where the SRL comprises a software identifier, a software public key, and a digital signature for the DRM software and wherein the received authentication information of the DRM software is compared with at least one of the software identifier, the software public key, and the digital signature for each of the DRM software identified in the SRL;
  
  authenticating the device based on the checking of the CRL;
  
  authenticating the DRM software based on the separate checking of the SRL; and
  
  transmitting the data to the device, when the device and the DRM software are not revoked and the authentication of the device and the DRM software succeeds.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the received authentication information of the device is provided in a certificate,wherein the certificate of the device comprises the device identifier, the device public key, and the digital signature which is a digital signature of a Certification Authority (CA), andwherein the received authentication information of the DRM software comprises the software identifier, version information of the DRM software, and the digital signature for the DRM software which is a digital signature of the CA.
  - 3. The method of claim 2, wherein the checking the SRL further comprises checking version information of the DRM software against version information for each of said certificate stored in the SRL.
  - 4. The method of claim 3, wherein the authenticating of at least one of the device and the DRM software is performed by a Challenge-Response (C-R) method, and comprises:
    - generating a random number value and transmitting the random number value;
      
      receiving a return value, wherein the return value is the random number value encrypted with a private key of the device;
      
      decrypting the received return value with a public key of the device comprised in the certificate; and
      
      comparing the decrypted return value with the random number value, and authenticating the device.
  - 5. The method of claim 4, wherein when the DRM software is installed or executed in the device, the method further comprises authenticating the DRM software by using a digital signature of a CA related to execution codes of the DRM software.
  - 6. The method of claim 1, wherein the certificate of the DRM software further comprises version information of the DRM software, andwherein the checking the SRL further comprises checking the version information of the DRM software, and checking the revocation of the DRM software having the version indicated by the version information in the SRL.
  - 7. The method of claim 6, wherein the authenticating of at least one of the device and the DRM software is performed by a Challenge-Response (C-R) method, and comprises:
    - generating a random number value and transmitting the random number value;
      
      receiving return values, wherein the return values are the random number value respectively encrypted with private keys of the device and the DRM software;
      
      decrypting the received return values with the device public key and the certificate of the DRM software; and
      
      comparing the decrypted return values with the random number value, andauthenticating the device and the DRM software based on the comparing.
  - 8. The method of claim 7, wherein the authenticating of at least one of the device and the DRM software further comprises exchanging a session key for using a secure session for transmitting the data.
  - 9. The method of claim 6, wherein the device provides a system call function encrypting the random number value with the private key of the device, according to a request of the DRM software.

10. A transmission system, having a first device and a second device, which checks revocation of the first device and which transmits data to the first device, the transmission system comprising:
- the first device which transmits a request signal of data transmission, authentication information of the first device, and authentication information of a digital rights management (DRM) software which authorizes access to the data in the first device; and
  
  the second device which receives the transmitted authentication information, authenticating the device and the DRM software, and as a result of checking the revocation of the first device and the DRM software and the authentication of the device and the DRM software, when the first device and the DRM software are not revoked and when the authentication of the device and the DRM software succeeds, transmits the data to the first device,wherein the checking of the revocation further comprises;
  
  checking a device Certification Revocation List (CRL) related to a the certificate of the first device, where the CRL comprises a device identifier, a device public key, and a digital signature for the device and wherein the received authentication information of the first device is compared with at least one of the device identifier, the device public key, and the digital signature for each of devices identified in the CRL; and
  
  checking a software revocation list (SRL) separate from the CRL and related to a certificate of the DRM software, where the SRL comprises a software identifier, a software public key, and a digital signature for the DRM software and wherein the received authentication information of the DRM software is compared with at least one of the software identifier, the software public key, and the digital signature for each of the DRM software identified in the SRL;
  
  wherein the authentication further comprises the second device authenticating the first device based on the checking the CRL, and wherein the second device authenticates the DRM software based on the separate checking of the SRL.
- View Dependent Claims (11, 12, 13)
- - 11. The transmission system of claim 10, wherein:
    - the second device generates a random number value by a Challenge-Response (C-R) method and transmits the random number value,the first device receives the random number value, respectively encrypts the random number value with private keys of the first device and the DRM software, thereby generating return values, and transmits return values, andthe second device receives the return values, decrypts the return values with the device public key of the first device and the certificate of the DRM software, compares the decrypted return values with the random number value, and authenticates the first device and the DRM software based on the comparison.
  - 12. The transmission system of claim 10, wherein the received authentication information of the first device is provided in a certificate,wherein the certificate of the first device comprises the device identifier, the device public key, and the digital signature which is a digital signature of a Certification Authority (CA);
    - andwherein the received authentication information of the DRM software comprises the software identifier and version information of the DRM software, and the digital signature for the DRM software which is a digital signature of the CA.
  - 13. The transmission system of claim 12, wherein the checking the SRL further comprises checking version information of the DRM software against version information for each of said certificate stored in the SRL.

14. A data server for checking revocation of a content device and transmitting data, the data server comprising:
- an authentication information reception unit configured to receive authentication information of a device requesting transmission of data, and authentication information of a digital rights management (DRM) software which authorizes access to the data in the device;
  
  a revocation verification unit configured to check revocation of the device and the DRM software, based on the received authentication information; and
  
  a data transmission unit configured to transmit the data to the device, when the device and the DRM software are not revoked as a result of the check,wherein the checking of the revocation further comprises;
  
  checking a device Certification Revocation List (CRL) related to a certificate of a device, where the CRL comprises a device identifier, a device public key, and a digital signature for the device and wherein the received authentication information of the device is compared with at least one of the device identifier, the device public key, and the digital signature for each of devices identified in the CRL; and
  
  checking a software revocation list (SRL) separate from the CRL and related to a certificate of the DRM software, where the SRL comprises a software identifier, a software public key, and a digital signature for the DRM software and wherein the received authentication information of the DRM software is compared with at least one of the software identifier, the software public key, and the digital signature for each of the DRM software identified in the SRL;
  
  wherein an authentication unit is configured to authenticate the device based on the checking the CRL and configured to authenticate the DRM software based on the separate checking of the SRL, and when the authentication of the device and the authentication of the DRM software succeeds, the data transmission unit transmits the data to the DRM software of the device for the authentication of the data by the DRM software,wherein the data server is configured to implement the authentication information reception unit, the revocation verification unit, the data transmission unit and the authentication unit.
- View Dependent Claims (15, 16, 17)
- - 15. The data server of claim 14, wherein the received authentication information of the device is provided in a certificate,wherein the certificate of the device comprises the device identifier, and the device public key, and the digital signature which is a digital signature of a Certification Authority (CA);
    - andwherein the received authentication information of the DRM software comprises the software identifier and version information of the DRM software, and the digital signature for the DRM software which is a digital signature of the CA.
  - 16. The data server of claim 15, wherein the revocation verification unit checks the SRL comprising version information of the DRM software and the CRL comprising version information of the device, and determines the revocation of the device and determines the revocation of the DRM software separately based on the version information indicated in the respective SRL and CRL.
  - 17. The data server of claim 14, wherein the authentication unit is performed by a Challenge-Response (C-R) method, and comprises:
    - a random number generation unit which generates a random number value and transmitting the random number value;
      
      a reception unit which receives return values, wherein the return values are the random number value respectively encrypted with private keys of the device and the DRM software; and
      
      a determination unit which decrypts the received return values with the device public and a certificate of the DRM software, and which compares the return values with the random number value,wherein the data server is configured to implement the random number generation unit, the reception unit, and the determination unit.

18. A non-transitory computer readable recording medium having recorded thereon a program for executing a method of checking revocation of a content device and transmitting data, the method comprising:
- receiving authentication information of a device requesting transmission of data, and authentication information of a digital right management (DRM) software accessing the data in the device;
  
  checking revocation of the device and the DRM software, based on the received authentication information,wherein the checking of the revocation further comprises;
  
  checking a device Certification Revocation List (CRL) related to at-he certificate of the device, where the CRL comprises a device identifier, a device public key, and a digital signature for the device and wherein the received authentication information of the device is compared with at least one of the device identifier, the device public key, and the digital signature for each of devices identified in the CRL; and
  
  checking a software revocation list (SRL) separate from the CRL and related to a certificate of the DRM software, where the SRL comprises a software identifier, a software public key, and a digital signature for the DRM software and wherein the received authentication information of the DRM software is compared with at least one of the software identifier, the software public key, and the digital signature for each of the DRM software identified in the SRL;
  
  authenticating the device based on the checking the CRL;
  
  authenticating the DRM software based on the separate checking of the SRL; and
  
  transmitting the data to the device, when the device and the DRM software are not revoked and the authentication of the device and the DRM software succeeds.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Lee, Choong-hoon, You, Yong-kuk, Yao, Jun
Primary Examiner(s)
KOSOWSKI, CAROLYN M

Application Number

US11/940,498
Publication Number

US 20100023760A1
Time in Patent Office

1,874 Days
Field of Search

726/29, 713/158
US Class Current

726/29
CPC Class Codes

G06F 21/10 Protecting distributed prog...

G06F 2221/2129 Authenticate client device ...

Method, system, and data server for checking revocation of content device and transmitting data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method, system, and data server for checking revocation of content device and transmitting data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links