TREA

Method and apparatus for local domain management using device with local authority module

Follow

Information

  • Patent Application
  • 20070234432
  • Publication Number
    20070234432
  • Date Filed
    August 29, 2006
    19 years ago
  • Date Published
    October 04, 2007
    18 years ago
Information
Abstract
A method and device for local domain management are provided and include a local domain authority device. The local domain authority (LDA) device includes a location limited channel (LLC) interface for transmitting and receiving information of devices which are positioned within a limited location and a (LDA) module for authenticating a device which is selected as a member of a domain from the devices, transmitting device authentication information corresponding to the domain, to the authenticated device via the LLC interface, and registering the authenticated device as a member of the domain. The method and device provide an easy and secure means for domain management.
Description

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other exemplary objects, features and advantages of certain exemplary embodiments of the present invention will become more apparent from the following detailed description, taken in conjunction with the accompanying drawings, in which:



FIG. 1 is a diagram illustrating a connection between a rights issuing server and a user device which is selected as an LDA device according to an exemplary embodiment of the present invention;



FIG. 2 is a flowchart illustrating a domain creation method according to an exemplary embodiment of the present invention;



FIG. 3 is a flowchart illustrating a method of adding a device to a domain according to an exemplary embodiment of the present invention;



FIG. 4 is a flowchart illustrating a method of deleting a device from a domain according to an exemplary embodiment of the present invention; and



FIG. 5 is a flowchart illustrating a method of deleting a domain according to an exemplary embodiment of the present invention.


Claims
  • 1. A local domain authority device, comprising: a location limited channel (LLC) interface for transmitting and receiving information of at least one device which is positioned within a limited location; anda local domain authority (LDA) module for authenticating the at least one device which is selected as a member of a domain of devices, transmitting device authentication information corresponding to the domain to the authenticated device via the LLC interface, and registering the authenticated device as a member of the domain.
  • 2. The local domain authority device of claim 1, wherein the LLC interface receives a device identifier and a device public key certificate for the at least one device which is positioned within the limited location.
  • 3. The local domain authority device of claim 1, wherein the LLC interface transmits and receives information for a plurality of devices which are positioned within a limited location and further wherein the LLC interface receives a device identifier and a device public key certificate for each of the devices which are positioned within the limited location.
  • 4. The local domain authority device of claim 1, wherein the LDA module provides a user with device information of the at least one device which is positioned in the limited location, and receives a selection regarding the at least one device to be registered as a member of the domain from the user.
  • 5. The local domain authority device of claim 1, wherein the LLC interface transmits and receives information for a plurality of devices which are positioned within a limited location and further wherein the LDA module provides a user with device information of the each of the devices which are positioned in the limited location, and receives a selection regarding each of the devices to be registered as a member of the domain from the user.
  • 6. The local domain authority device of claim 1, wherein the LDA module registers the selected device to a local revocation list, if the authentication of the selected device fails.
  • 7. The local domain authority device of claim 1, wherein the LLC interface transmits and receives information for a plurality of devices which are positioned within a limited location and further wherein the LDA module registers each of the selected devices to a local revocation list, if the authentication of the selected devices fails.
  • 8. The local domain authority device of claim 1, wherein the device authentication information comprises a signature which is signed with an LDA private key of the local domain authority device with respect to at least one of: a domain-based device identifier which is assigned to the authenticated device;an LDA identifier which is assigned to the LDA device by a rights issue server; anda hash value of a device public key certificate of the authenticated device.
  • 9. The local domain authority device of claim 1, wherein the device authentication information comprises at least one of: an LDA public key of the local domain authority device;a domain-based device identifier; andan LDA identifier.
  • 10. The local domain authority device of claim 1, wherein the device authentication information comprises at least one of: domain information about the domain;an encrypted key which is encrypted with a public key of the authenticated device with respect to a domain private key of the domain; anda domain public key certificate of the domain.
  • 11. The local domain authority device of claim 1, wherein the LDA module registers the authenticated device as a member of the domain by registering the authenticated device to a domain member list which is maintained in the LDA device.
  • 12. The local domain authority device of claim 11, wherein the domain member list stores device authentication information and a device identifier of a member of the domain.
  • 13. The local domain authority device of claim 12, wherein the LDA module, in response to a request for deleting a first device as a member of the domain, deletes the first device from the domain member list, and transmits a request for deleting device authentication information corresponding to the domain, to the first device.
  • 14. The local domain authority device of claim 12, wherein the LDA module registers the one or more authenticated device as a member of the domain, and transmits a domain-based device identifier assigned to the authenticated device and a device public key certificate of the authenticated device, to a rights issuing server.
  • 15. The local domain authority device of claim 14, wherein the LDA module transmits a device identifier of a first device to the rights issuing server, when the first device is deleted as a member of the domain.
  • 16. The local domain authority device of claim 1, wherein the LDA module transmits at least one of a device identifier of the LDA device, a device public key certificate of the LDA device, and domain information to the rights issuing server, in response to a receipt of the domain information about creation of the domain from a user.
  • 17. The local domain authority device of claim 1, wherein the LDA module receives at least one of a domain private key of the domain, an LDA public key, an LDA private key, an LDA public key certificate, and domain credentials from a rights issuing server.
  • 18. The local domain authority device of claim 17, wherein the domain credentials comprise a domain public key, the domain private key, and a domain public key certificate.
  • 19. The local domain authority device of claim 1, wherein the LDA, in response to a request for deleting the domain, deletes devices which are registered as members of the domain, from the domain, and deletes domain information of the domain which is stored in the LDA module.
  • 20. A domain management method, comprising: receiving information of at least one device, which is positioned within a limited location from a local domain authority (LDA) device, at the LDA device;authenticating a device which is selected as a member of a domain of devices;transmitting device authentication information corresponding to the domain, to the authenticated device; andregistering the authenticated device as a member of the domain.
  • 21. The method of claim 20, wherein the receiving the information comprises receiving information of the at least one device which is positioned within the limited location via a location limited channel (LLC) interface.
  • 22. The method of claim 21, wherein the receiving of the information comprises receiving a device identifier and a device public key certificate of the at least one device which is positioned in the limited location from the LDA device, via the LLC interface.
  • 23. The method of claim 21, wherein information is received from a plurality of devices and further wherein the receiving of the information comprises receiving a device identifier and a device public key certificate of each of the plurality of devices which is positioned in the limited location from the LDA device, via the LLC interface.
  • 24. The method of claim 20, wherein the authenticating of the selected device further comprises: providing a user with information of the at least one device positioned within the limited location; andreceiving a selection on the device to be registered as a member of the domain, from the user.
  • 25. The method of claim 20, wherein the authenticating of the selected device further comprises: verifying a device public key certificate of the selected device in the LDA device.
  • 26. The method of claim 20, wherein the authenticating of the selected device further comprises: determining whether the selected device is registered in a local revocation list of the LDA device; andregistering the selected device in the local revocation list, when the authentication of the selected device fails.
  • 27. The method of claim 20, wherein the authenticating of the selected device further comprises: verifying a device public key certificate of the selected device in a rights issuing server.
  • 28. The method of claim 20, wherein the authenticating of the selected device further comprises: determining whether the selected device is registered in a global revocation list of a right issuer server;registering the selected device in the global revocation list, when the authentication of the selected device fails; andrequesting the LDA device to update a local revocation list of the LDA device.
  • 29. The method of claim 20, wherein the device authentication information comprises a signature which is signed with an LDA private key of the LDA device with respect to at least one of: a domain-based device identifier which is assigned to the authenticated device;an LDA identifier which is assigned to the LDA device by a rights issuing server; anda hash value of a device public key certificate of the authenticated device.
  • 30. The method of claim 29, wherein the device authentication information comprises an LDA public key of the LDA module.
  • 31. The method of claim 29, wherein the device authentication information further comprises domain credentials.
  • 32. The method of claim 31, wherein the domain credentials comprises at least one of: domain information about the domain;an encrypted key which is encrypted with a public key of the authenticated device with respect to a domain private key of the domain; anda domain public key certificate of the domain.
  • 33. The method of claim 32, wherein the domain information includes a domain name of the domain.
  • 34. The method of claim 20, wherein the registering of the authenticated device comprises registering the authenticated device in a domain member list which is maintained in the LDA device.
  • 35. The method of claim 34, wherein the domain member list comprises device authentication information and device identification information of at least one member of the domain.
  • 36. The method of claim 34, further comprising: receiving a request for deleting a first device as a member of the domain;deleting the first device from the domain member list; andtransmitting a request for deleting device authentication information corresponding to the domain to the first device.
  • 37. The method of claim 20, further comprising: transmitting at least one of a domain-based device identifier assigned to the authenticated device and a device public key certificate of the authenticated device to a rights issuing server.
  • 38. The method of claim 37, further comprising: transmitting a device identifier of a first device to the rights issuing server, when the first device is deleted as a member of the domain.
  • 39. A domain management method, comprising: creating a domain in a local domain authority (LDA) device; andreceiving information of at least one device positioned in a limited location from the LDA device via a location limited channel (LLC) interface, and registering at least one selected device corresponding to the at least one device as a member of the domain.
  • 40. The method of claim 39, wherein the creating of the domain further comprises: receiving domain information of the domain from a user;transmitting the domain information and a device identifier of the LDA device to a rights issuing server; andreceiving a domain private key of the domain from the rights issuing server.
  • 41. The method of claim 40, wherein the domain information includes a domain name of the domain.
  • 42. The method of claim 40, wherein the transmitting of the domain information and a device identifier of the LDA device further comprises: transmitting a device public key certificate of the LDA device to the rights issuing server.
  • 43. The method of claim 40, wherein the receiving of the domain private key further comprises: receiving at least one of an LDA public key, an LDA private key, an LDA public key certificate, and domain credentials from the rights issuing server.
  • 44. The method of claim 43, wherein the domain credentials comprises at least one of a domain public key, the domain private key and a domain public key certificate.
  • 45. The method of claim 43, further comprising: verifying the device identifier of the LDA device and the device public key certificate of the LDA device that the rights issuing server receives from the LDA device;assigning an LDA identifier to the LDA device at the rights issuing server; andtransmitting the assigned LDA identifier from the rights issuing server to the LDA device.
  • 46. The method of claim 40, further comprising: transmitting a domain policy corresponding to the domain from the LDA device to the rights issuing server.
  • 47. The method of claim 46, wherein the domain policy includes information about a maximum number of devices that can be included in the domain.
  • 48. A domain management method, comprising: receiving a device public key certificate of a local domain authority (LDA) device, a device identifier of the LDA device, and domain information corresponding to a domain to be created, from the LDA device;verifying the device public key and the device identifier; andtransmitting a domain public key, a domain public key certificate, and a domain private key corresponding to the domain, to the LDA device.
  • 49. A computer-readable medium having embodied thereon a computer program for a method of managing a domain, the computer program comprising: a first set of instructions for receiving information of at least one device, which is positioned within a limited location from a local domain authority (LDA) device, at the LDA device;a second set of instructions for authenticating the at least one device which is selected as a member of a domain from the at least one device;a third set of instructions for transmitting device authentication information corresponding to the domain, to the authenticated device; anda fourth set of instructions for registering the authenticated device as a member of the domain.
  • 50. The computer-readable medium of claim 49, wherein the first set of instructions comprises instructions for receiving information of the at least one device which is positioned within the limited location via a location limited channel (LLC) interface.
  • 51. The computer readable medium of claim 49 wherein the first set of instructions comprises instructions for receiving information of a plurality of devices and further wherein the first set of instructions comprises instructions for receiving information of each of the devices which is positioned within the limited location via a location limited channel (LLC) interface.
  • 52. The computer-readable medium of claim 49, wherein the first set of instructions comprises instructions for receiving a device identifier and a device public key certificate of the at least one device which is positioned in the limited location from the LDA device, via the LLC interface.
  • 53. The computer readable medium of claim 49 wherein the first set of instructions comprises instructions for receiving information of a plurality of devices and further wherein the first set of instructions comprises instructions for receiving a device identifier and a device public key certificate of each of the plurality of devices which is positioned in the limited location from the LDA device, via the LLC interface.
  • 54. The computer-readable medium of claim 49, wherein the second set of instructions for authenticating the at least one selected device further comprises: a fifth set of instructions for providing a user with information of the at least one device positioned within the limited location; anda sixth set of instructions for receiving a selection on the device to be registered as a member of the domain, from the user.
  • 55. The computer-readable medium of claim 49, wherein the second set of instructions for authenticating a selected device further comprises: a seventh set of instructions for verifying a device public key certificate of the selected device in the LDA device.
  • 56. The computer-readable medium of claim 49, wherein the second set of instructions for authenticating at least one selected device further comprises: an eighth set of instructions for determining whether the selected device is registered in a local revocation list of the LDA device; anda ninth set of instructions for registering the selected at least one device in the local revocation list, when the authentication of the selected device fails.
  • 57. The computer-readable medium of claim 49, wherein the second set of instructions for authenticating one or more selected device further comprises: a tenth set of instructions for verifying a device public key certificate of the selected device in a rights issuing server.
  • 58. The computer-readable medium of claim 49, wherein the second set instructions for authenticating one or more selected device further comprises: an eleventh set of instructions for determining whether the selected device is registered in a global revocation list of a right issuer server;a twelfth set of instructions for registering the selected device in the global revocation list, when the authentication of the selected device fails; anda thirteenth set of instructions for requesting the LDA device to update a local revocation list of the LDA device.
  • 59. The computer-readable medium of claim 49, wherein device authentication information comprises a signature which is signed with an LDA private key of the LDA device with respect to at least one of: a domain-based device identifier which is assigned to the authenticated device;an LDA identifier which is assigned to the LDA device by a rights issuing server; anda hash value of a device public key certificate of the authenticated device.
  • 60. The computer-readable medium of claim 59, wherein the device authentication information comprises an LDA public key of the LDA module.
  • 61. The computer-readable medium of claim 59, wherein the device authentication information further comprises domain credentials.
  • 62. The computer-readable medium of claim 61, wherein the domain credentials comprises at least one of: domain information about the domain;an encrypted key which is encrypted with a public key of the authenticated device with respect to a domain private key of the domain; anda domain public key certificate of the domain.
  • 63. The computer-readable medium of claim 62, wherein the domain information includes a domain name of the domain.
  • 64. The computer-readable medium of claim 49, wherein the fourth set of instructions for registering of the authenticated device comprises a fourteenth set of instructions for registering the authenticated device in a domain member list which is maintained in the LDA device.
  • 65. The computer-readable medium of claim 64, wherein the domain member list comprises device authentication information and device identification information of at least one member of the domain.
  • 66. The computer-readable medium of claim 64, further comprising: a fifteenth set of instructions for receiving a request for deleting a first device as a member of the domain;a sixteenth set of instructions for deleting the first device from the domain member list; anda seventeenth set of instructions for transmitting a request for deleting device authentication information corresponding to the domain to the first device.
  • 67. The computer-readable medium of claim 49, further comprising: an eighteenth set of instructions for transmitting at least one of a domain-based device identifier assigned to the authenticated device and a device public key certificate of the authenticated device to a rights issuing server.
  • 68. The computer-readable medium of claim 67, further comprising: a nineteenth set of instructions for transmitting a device identifier of a first device to the rights issuing server, when the first device is deleted as a member of the domain.
Priority Claims (1)
Number Date Country Kind
10-2006-0028369 Mar 2006 KR national