WO2006062358A1 - Method of revoking public key of content privider - Google Patents

Method of revoking public key of content privider Download PDF

Info

Publication number
WO2006062358A1
WO2006062358A1 PCT/KR2005/004191 KR2005004191W WO2006062358A1 WO 2006062358 A1 WO2006062358 A1 WO 2006062358A1 KR 2005004191 W KR2005004191 W KR 2005004191W WO 2006062358 A1 WO2006062358 A1 WO 2006062358A1
Authority
WO
WIPO (PCT)
Prior art keywords
content
content provider
public key
user device
signature value
Prior art date
Application number
PCT/KR2005/004191
Other languages
French (fr)
Inventor
Chi-Hurn Kim
Yong-Kuk You
Su-Hyun Nam
Original Assignee
Samsung Electronics Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020040112241A external-priority patent/KR100823254B1/en
Application filed by Samsung Electronics Co., Ltd. filed Critical Samsung Electronics Co., Ltd.
Priority to JP2007545378A priority Critical patent/JP2008523703A/en
Priority to EP05821074A priority patent/EP1820296A1/en
Publication of WO2006062358A1 publication Critical patent/WO2006062358A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution

Definitions

  • the present invention relates to a method of revoking content authority using a revocation list, and more particularly, to a method of revoking a public key of a content provider in a system in which a certifying authority certifies the public key of the content provider and the content provider transmits content to a user using the certified public key.
  • Content is provided from a content manufacturer to a content provider, and the content provider transmits the content to a user device.
  • the content manufacturer is a studio
  • the content provider is an Internet business firm or a disc manufacturing company that changes the content into mass media files and distributes them to a user device.
  • the user device is designed to determine whether the content provider is an authorized content provider and to reproduce the content after the content provider is determined to be an authorized content provider. This is because a content right may be terminated at the expiration of a contract or a content provider may try to disguise himself or herself as another content provider.
  • a method of determining whether a content provider is an authorized content provider includes user authentication that determines whether the content provider is a revoked content provider and whether the content provider disguises himself or herself as another content provider.
  • the former is performed using a revocation list and the latter is performed using an electronic signature.
  • FIG. 1 is a flowchart of a conventional method of revoking content authority.
  • FIG. 2 is a diagram illustrating a structure of a revocation list used in the method of FIG. 1.
  • a certificate authority CA makes a certificate C_CA_CP that certifies a CP public key PK_CP of a content provider CP and transmits a certificate to the CP (operation 110).
  • the certificate C_CA_CP includes a signature value Sl generated by electronically signing the public key PK_CP using a private key SK_CA, and the public key PK_CP.
  • the certificate C_CA_CP may be expressed as follows:
  • the content provider generates content Cont and a certificate C_CP_UD that certifies the content Cont and transmits them to a user device UD (operation 120).
  • the CP certificate C_CP_UD includes the certificate C_CA_CP, and a signature value S2 generated by electronically signing the content Cont using a private key SK_CP of the content provider.
  • the certificate C_CP_UD may be expressed as follows:
  • the user device UD extracts the signature values Sl and S2 and the public key PK_CP from the certificate C_CP_UD (operation 130).
  • the user device UD determines whether the certificate C_CP_UD is revoked by checking whether a revocation list RL includes the public key PK_CP extracted in operation 130 (operation 140).
  • the revocation list may include a public key PK_CP of a revoked content provider.
  • the method proceeds to operation 150, and otherwise, the method proceeds to operation 170.
  • the user device UD determines whether verification of the content
  • the verification function V() is expressed as follows:
  • the user device UD determines whether verification of the public key
  • the verification function V() is expressed as follows:
  • the user device UD determines the content provider CP as a revoked content provider when the public key PK_CP extracted in operation 130 is included in the revocation list, or as a content provider who disguises himself or herself as another content provider when verification is determined to fail in operation 150 or 160. In these cases, the user device UD rejects reproduction of the content Cont.
  • the certificate authority CA transmits its certificate C_CA_CP to the content provider CP
  • the content provider CP transmits the first content Cont_l to the user device UD using the certificate C_CP_UD of the content provider CP
  • a revocation list RL stored in the user device UD is updated to include the certificate C_CP_UD at a time tl
  • the content provider CP transmits second content Cont_2 to the user device UD using the revoked certificate C_CP_UD.
  • the user device UD performs user authentication, which is described with reference to FIG. 1, for both the first and second contents Cont_l and Cont_2 using the revoked certificate C_CP_UD, and thus cannot reproduce both the first content Cont_l, and the second content Cont_2 transmitted after the time tl.
  • the content provider CP is revoked for only a business reason, it is unreasonable to prevent the user device UD from using the first content Cont_l transmitted to the user device UD from the content provider CP before the time tl when the content provider CP was revoked. Disclosure of Invention
  • the present invention provides a method of authenticating a content provider, which allows reproduction of content transmitted from the content provider before the content provider is revoked and a certificate of the revoked content provider cannot be updated, and revoking the content provider using the same.
  • the present invention it is possible to allow a user device to identify content that must not be revoked by transmitting to the user device a revocation list which includes a time when content authority is revoked, and an exception list. Accordingly, it is possible to prevent rightly obtained content from being revoked.
  • FIG. 1 is a flowchart of a conventional method of revoking content authority
  • FIG. 2 is a diagram illustrating a structure of a revocation list used in the method of
  • FIG. 1 A first figure.
  • FIG. 3 is a flowchart of a method of revoking content authority according to an embodiment of the present invention.
  • FIG. 4 is a diagram illustrating a structure of a revocation list used in the method of
  • FIG. 3
  • FIG. 5 is a flowchart of a method of revoking content authority according to another embodiment of the present invention.
  • FIG. 6 is a diagram illustrating a structure of a revocation list used in the method of
  • FIG. 5 A first figure.
  • FIG. 7 is a flowchart of a method of revoking content authority according to yet another embodiment of the present invention.
  • FIG. 8 is a diagram illustrating a structure of a revocation list used in the method of
  • the method includes the user device determining whether the predetermined content is revoked by comparing a time when a signature of the public key is generated with a time when the public key is revoked. Accordingly, it is possible to allow the user device to identify content that must not be revoked according to the time when the public key is revoked and a revocation list which includes an exception list, thereby preventing rightly obtained content from being revoked.
  • the present invention introduces two methods of preventing improper revocation of content authority.
  • a revocation list is made to include information regarding a time when the content authority is revoked.
  • the revocation list includes a content identifier for identifying the content of which content authority must not be revoked.
  • a signature value of a certificate authority that the first method requires is different from that of the certificate authority that the second method requires.
  • a certificate authority inserts information regarding a time when a signature of the certificate authority is made into a certificate to be provided to a content provider.
  • a revocation list which is to be transmitted to a user device includes both a public key of a content provider to be revoked and information regarding a time when the public key is revoked.
  • the user device determines whether each content authority must be revoked, according to the time when the signature is made and the time when the public key is revoked.
  • a certificate authority inserts a content identifier to be signed into a certificate of the certificate authority to be provided to a content provider.
  • a revocation list which is to be transmitted to a user device, includes both a public key of a content provider to be revoked, and an exception list specifying an identifier of content that must not be revoked.
  • the user device determines whether each content authority must be revoked, using the content identifier and the exception list.
  • FIGS. 3 and 5 illustrate embodiments of the first method according to the present invention
  • FIG. 7 illustrates an embodiment of the second method according to the present invention.
  • FIG. 3 is a flowchart of a method of revoking content authority Cont according to one embodiment of the present invention.
  • FIG. 4 is a diagram illustrating a structure of a revocation list RL used in the method of FIG. 3.
  • a certificate authority CA makes a certificate C_CA_CP certifying a public key of a content provider CP and transmits it to the content provider CP (operation 310).
  • the certificate C_CA_CP includes the time Ts, the public key PK_CP, and a signature value Sl generated by electronically signing a public key PK_CP of the content provider CP and a time Ts using a private key SK_CA of the certificate authority CA.
  • the time Ts denotes a time when the signature value S 1 is obtained.
  • the method of FIG. 3 is different from that of FIG. 1 in that the signature value S 1 is obtained by electronically signing both the public key PK_CP of the content provider CP and the time Ts.
  • the certificate C_CA_CP is expressed as follows:
  • the content provider CP makes the content Cont and a certificate C_CP_UD certifying the content Cont and transmits them to a user device UD (operation 320).
  • the certificate C_CP_UD includes the certificate C_CA_CP of the certificate authority CA, and a signature value S2 generated when the content Cont is electronically signed using a private key SK_CP of the content provider CP.
  • [48] S(SK_CA, TsllPK_CP)IITsllPK_CPIIS(SK_CP, Cont) ... (6)
  • the user device UD extracts the signature values Sl and S2, the time Ts, and the public key PK_CP of the content provider CP from the certificate C_CP_UD
  • the user device UD checks whether the revocation list RL includes the public key PK_CP extracted in operation 130 (operation 340). If the public key PK_CP is not included, the method proceeds to operation 360, and otherwise, the method proceeds to operation 350. [51] Referring to FIG. 4, the revocation list RL used in the method of FIG. 3 lists the public key PK_CP of a revoked content provider and a time Tr when the public key
  • PK_CP is revoked.
  • the revocation list RL is safely transmitted from the certificate authority CA or a third authority to the user device UD.
  • the user device UD determines whether the time Ts extracted in operation 330 is earlier than the time Tr listed in the revocation list RL (operation 350). If the time Ts is earlier than the time Tr, the method proceeds to operations 360 and 370, and otherwise, the method proceeds to operation 380. [53] In operations 360 and 370, whether the public key PK_CP is valid and whether the time Ts has been modified are determined.
  • the user device UD determines whether verification of the content Cont succeeds or fails by inputting the signature value S2 and the public key PK_CP of the content provider CP and the content Cont into a verification function V() (operation 360). That is, whether the content Cont is signed using the private key SK_CP is verified.
  • the verification function V() is expressed as follows:
  • the user device UD determines whether the public key PK_CP is valid and whether the time Ts is modified by inputting the signature value Sl, the public key
  • the signature value Sl is obtained by electronically signing both the public key PK_CP and the time Ts.
  • the user device UD does not authenticate the content provider CP as an authorized content provider, and rejects reproduction of the content Cont (operation 380). That is, the user device UD determines the content provider CP as a revoked content provider when it is determined in operation 340 that the public key PK_CP is included in the revocation list RL and it is determined in operation 350 that the time Ts is later than the time Tr; determines that the content provider CP disguises himself or herself as another content provider when it is determined in operation 360 that verification fails; and determines that the time Tr is altered when it is determined in operation 370 that verification fails. In these cases, the user device UD rejects production of the content Cont.
  • the user device UD can distinguish between a time Ts_A when a signature is generated when content Cont_A is transmitted from a content provider CPl, and a time Ts_B when a signature is generated when content Cont_B is transmitted from the content provider CPl. Accordingly, the user device UD can selectively determine whether each content authority is revoked.
  • the time Ts is included in the signature value Sl of the certificate authority CA in operation 310, and verified when the signature value Sl is verified in operation 370. If the user device UD arbitrarily changes the time Ts transmitted in operation 310, verification in operation 370 will fail. Therefore, the user device UD should be prevented from changing the time Ts, and the security of content in the method of FIG. 3 should be protected.
  • verification of the public key PK_CP may be omitted.
  • the user device UD can manipulate the time Ts.
  • operation 340 to determine whether the public key PK_CP is revoked may be performed after verifying the public key PK_CP (operations 360 and 370). That is, according to the present invention, the order of performing operations 340, 350, and 370 can be changed.
  • the method of FIG. 3 is a two-step process in which the certificate authority CA authenticates the content provider CP.
  • an upper certificate authority may further authenticate the certificate authority CA.
  • the present invention further includes an operation in which the upper certificate authority issues a certificate certifying the certificate authority CA using an electronic signature, and an operation in which the user device UD verifies a signature value of the upper certificate authority.
  • FIG. 5 is a flowchart of a method of revoking content authority Cont according to another embodiment of the present invention.
  • FIG. 6 is a diagram illustrating a structure of a revocation list RL used in the method of FIG. 5.
  • a certificate authority CA generates a certificate C_CA_CP certifying a public key PK_CP of a content provider CP and transmits it to the content provider CP (operation 510).
  • the certificate C_CA_CP includes a signature value Sl which is obtained by electronically signing a content identifier ID-Cont, a time Ts when the signature S 1 is generated, and the public key PK_CP using a private key SK_CA of the certificate authority CA; the content identifier ID_Cont, the time Ts, and the public key PK_CP.
  • the method of FIG. 5 is different from that of FIG. 1 in that the signature value S 1 is obtained by electronically signing the public key PK_CP of the content provider CP, the content identifier ID_Cont, and the time Ts.
  • the certificate C_CA_CP is expressed as follows:
  • [68] S(SK_CA, ID_ContllTsllPK_CP)IIID_ContllTsllPK_CP ... (9)
  • the content provider CP makes content Cont and a certificate C_CP_UD certifying the content Cont and transmits them to a user device UD (operation 520).
  • the certificate C_CP_UD includes the certificate C_CA_CP, and a signature value S2 obtained by electronically signing the content Cont using the private key SK_CP of the content provider CP.
  • the certificate C_CP_UD is expressed as follows:
  • the user device UD extracts the signature value Sl, the content identifier
  • the user device UD determines whether the revocation list RL includes the public key PK_CP extracted in operation 530 (operation 540). If the public key PK_CP is not included, the method proceeds to operation 560, otherwise, the method proceeds to operation 550.
  • the revocation list RL used in the method of FIG. 5 includes the public key PK_CP of the revoked content provider CP, a time Tr when the public key PK_CP is revoked, and a content revocation list RL_C_Rev.
  • the user device UD determines whether the time Ts extracted in operation
  • the user device UD determines whether the content revocation list
  • RL C Rev of the revocation list RL includes the content identifier ID Cont extracted in operation 530 (operation 555).
  • the method proceeds to operation 580, and otherwise, the method proceeds to operation
  • the user device UD determines whether the public key PK_CP of the content provider CP is valid and whether the content identifier ID_Cont or the time Ts has been altered by inputting the signature value Sl, and the public key PK_CA of the certificate authority CA, the content identifier ID_Cont extracted in operation 530, the time Ts, and the public key PK_CP of the content provider CP into the verification function V() (operation 570).
  • the verification function V() is given by Equation (12).
  • the signature value Sl is obtained by electronically signing the public key PK_CP of the content provider CP, the content identifier ID_Cont, and the time Ts.
  • V(Sl, PK_CA, ID_ContllTsllPK_CP) V(S(SK_CA, ID_ContllTsllPK_CP),
  • ID_ContllTsllPK_CP Success or Fail ... (12)
  • the user device UD does not authenticate the content provider CP as an authorized content provider and rejects reproduction of the content Cont. More specifically, the user device UD determines that the content provider CP is a revoked content provider when it is determined in operation 540 that the public key PK_CP is included in the revocation list RL and it is determined in operation 550 that the time Ts is later than the time Tr, determines that the content provider CP disguises himself or herself as another content provider when the verification in operations 560 and 570 fails, and determines that the content identifier ID_Cont or the time Ts has been altered when the verification in operation 570 fails. In these cases, the user device UD rejects reproduction of the content Cont. [86] In the method of FIG. 5, a content identifier to be revoked is included in a revocation list, thereby allowing precise selection of an object to be revoked.
  • a user device is capable of selectively determining whether each content authority is to be revoked, based on a comparison between a time when a signature is generated and a time when a public key of a content provider is revoked.
  • the content identifier ID_Cont and the time Ts are included in the signature value Sl of the certificate authority CA in operation 510, and the content identifier ID_Cont and the time Ts are verified when the signature value S 1 is verified in operation 570. Accordingly, the user device UD cannot manipulate the content identifier ID_Cont and the time Ts, thereby increasing the security for the method of FIG. 5.
  • FIG. 7 is a flowchart of a method of revoking content authority Cont according to yet another embodiment of the present invention.
  • FIG. 8 is a diagram illustrating a structure of a revocation list RL used in the method of FIG. 7.
  • a certificate authority CA makes a certificate C_CA_CP certifying a public key PK_CP of a content provider CP and transmits it to the content provider CP (operation 710).
  • the certificate C_CA_CP includes a signature value Sl obtained by electronically signing the public key PK_CP and a content identifier ID_Cont of the content provider CP using a private key SK_CA of the certificate authority CA; the content identifier ID_Cont; and the public key PK_CP of the content provider CP.
  • the method of FIG. 7 is different from that of FIG. 1 in that the signature value S 1 is obtained by electronically signing the public key PK_CP and the content identifier ID_Cont.
  • the certificate C_CA_CP is expressed as follows:
  • the content provider CP makes a content Cont and a certificate C_CP_UD certifying the content Cont and transmits them to the user device UD (operation 720).
  • the certificate C_CP_UD includes the certificate C_CA_CP, and a signature value S2 generated by electronically signing the content Cont using a private key SK_CP of the content provider CP.
  • the certificate C_CP_UD is expressed as follows:
  • [96] S(SK_CA, ID_ContllPK_CP)IIID_ContllPK_CPIIS(SK_CP, Cont) ... (14)
  • the user device UD extracts the signature value Sl, the content identifier
  • the user device UD determines whether the revocation list RL includes the public key PK_CP of the content provider CP extracted in operation 730 (operation 740). When the public key PK_CP is not included, the method proceeds to operation 760, and otherwise, the method proceeds to operation 750.
  • the revocation list RL used in the method of FIG. 7 includes the public key PK_CP of a revoked content provider and an exception list RL_C_nonRev.
  • the exception list RL_C_nonRev lists a content identifier of content that is not revoked although the public key PK_CP of the content provider CP who provides the content is included in the revocation list RL.
  • the user device UD determines whether the content identifier ID_Cont extracted in operation 730 is included in the exception list RL_C_nonRev of the revocation list RL (operation 750). If the content identifier ID_Cont is included, the method proceeds to operations 760 and 770, and otherwise, the method proceeds to operation 780.
  • the user device UD determines whether verification of the content Cont succeeds or fails by inputting the signature value S2 and the public key PK_CP of the content provider CP, and the content Cont into a verification function V() (operation 760). That is, whether the content Cont is signed using the private key SK_CP is verified.
  • the verification function V() is given by:
  • the user device UD determines whether the public key PK_CP of the content provider CP is valid and whether the content identifier ID_Cont has been altered by inputting the signature value S 1 and the public key PK_CA of the certificate authority CA, the content identifier ID_Cont extracted in operation 730, and the public key PK_CP into the verification function V() (operation 770).
  • the verification function V() is given by Equation (16).
  • the signature value Sl is obtained by electronically signing both the public key PK_CP of the content provider CP and the content identifier ID_Cont.
  • V(S 1 , PK_CA, ID_ContllPK_CP) V(S(SK_CA, ID_ContllPK_CP),
  • the user device UD does not authenticate the content provider CP as an authorized content provider and rejects reproduction of the content Cont. More specifically, the user device UD determines the content provider CP to be a revoked content provider when it is determined in operation 740 that the public key PK_CP is included in the revocation list RL and it is determined in operation 750 that the content identifier ID_Cont is not included in the exception list RL_C_nonRev, determines the content provider CP to disguise himself or herself as another content provider when the verification fails in operations 760 and 770, and determines that the content identifier ID_Cont has been altered when the verification fails in operation 770. In these cases, the user device UD rejects reproduction of the content Cont.
  • a revocation list additionally includes a content identifier of content that is not revoked although a public key of a content provider who provides the content is included in the revocation list. Accordingly, the user device can identify an object to be revoked, and thus, it is possible to prevent a properly authorized content from being revoked.
  • the content identifier ID_Cont is included in the signature value Sl of the certificate authority CA in operation 710, and verified when the signature value S 1 is verified in operation 770. Therefore, the user device UD cannot alter the content identifier ID_Cont, thereby increasing the security for the method of FIG. 7.
  • a method of revoking a public key of a content provider according to the present invention can be realized as a computer program. Codes and code segments of the computer program can be easily inferred by computer programmers in the art.
  • the computer program may be stored in a computer readable medium. When the computer program is read and executed by a computer, the method is realized.
  • the computer readable medium may be any medium, such as a magnetic recording medium, an optical recording medium, or a carrier wave.

Abstract

A method of revoking a public key of a content provider is provided. In a system in which a certificate authority certifies the public key of the content provider and the content provider transmits predetermined content to a user device using the certified public key, the method includes the user device determining whether the predetermined content is revoked by comparing a time when a signature of the public key is generated with a time when the public key is revoked. Accordingly, it is possible to allow the user device to identify content that must not be revoked according to the time when the public key is revoked and a revocation list which includes an exception list, thereby preventing rightly obtained content from being revoked.

Description

Description METHOD OF REVOKING PUBLIC KEY OF CONTENT
PROVIDER
Technical Field
[1] The present invention relates to a method of revoking content authority using a revocation list, and more particularly, to a method of revoking a public key of a content provider in a system in which a certifying authority certifies the public key of the content provider and the content provider transmits content to a user using the certified public key.
Background Art
[2] Content is provided from a content manufacturer to a content provider, and the content provider transmits the content to a user device. For instance, the content manufacturer is a studio, and the content provider is an Internet business firm or a disc manufacturing company that changes the content into mass media files and distributes them to a user device.
[3] The user device is designed to determine whether the content provider is an authorized content provider and to reproduce the content after the content provider is determined to be an authorized content provider. This is because a content right may be terminated at the expiration of a contract or a content provider may try to disguise himself or herself as another content provider.
[4] A method of determining whether a content provider is an authorized content provider, i.e., a method of authenticating the content provider, includes user authentication that determines whether the content provider is a revoked content provider and whether the content provider disguises himself or herself as another content provider. The former is performed using a revocation list and the latter is performed using an electronic signature.
[5] FIG. 1 is a flowchart of a conventional method of revoking content authority. FIG.
2 is a diagram illustrating a structure of a revocation list used in the method of FIG. 1.
[6] Referring to FIG. 1, a certificate authority CA makes a certificate C_CA_CP that certifies a CP public key PK_CP of a content provider CP and transmits a certificate to the CP (operation 110). The certificate C_CA_CP includes a signature value Sl generated by electronically signing the public key PK_CP using a private key SK_CA, and the public key PK_CP. The certificate C_CA_CP may be expressed as follows:
[7] C_CA_CP = S1IIPK_CP = S(SK_CA, PK_CP)IIPK_CP ... (1)
[8] Next, the content provider generates content Cont and a certificate C_CP_UD that certifies the content Cont and transmits them to a user device UD (operation 120). The CP certificate C_CP_UD includes the certificate C_CA_CP, and a signature value S2 generated by electronically signing the content Cont using a private key SK_CP of the content provider. The certificate C_CP_UD may be expressed as follows:
[9] C_CP_UD = C_CA_CPIIS2
[10] = S1IIPK_CPIIS2
[11] = S(SK_CA, PK_CP)IIPK_CPIIS(SK_CP, Cont) ... (2)
[12] Next, the user device UD extracts the signature values Sl and S2 and the public key PK_CP from the certificate C_CP_UD (operation 130).
[13] Next, the user device UD determines whether the certificate C_CP_UD is revoked by checking whether a revocation list RL includes the public key PK_CP extracted in operation 130 (operation 140). As illustrated in FIG. 2, the revocation list may include a public key PK_CP of a revoked content provider. When the revocation list does not include the public key PK_CP, the method proceeds to operation 150, and otherwise, the method proceeds to operation 170.
[14] In operations 150 and 160, user authentication in which the validity of the public key PK_CP is checked.
[15] Specifically, the user device UD determines whether verification of the content
Cont succeeds or fails by inputting the signature value S2 and the public key PK_CP of the content provider CP, and the content Cont into a verification function V() (operation 150). That is, whether the content Cont has been signed using the private key SK_CP is verified. In this case, the verification function V() is expressed as follows:
[16] V(S2, PK_CP, Cont) = V(S(SK_CP, Cont), PK_CP, Cont) = Success or Fail ... (3)
[17] When the verification succeeds, the method proceeds to operation 160, and otherwise, the method proceeds to operation 170.
[18] Specifically, the user device UD determines whether verification of the public key
PK_CP succeeds or fails by inputting the signature value S 1 and the public key PK_CA of the certificate authority CA, and the public key PK_CP of the content provider CP into the verification function V() (operation 160). That is, it is determined whether the public key PK_CP has been signed using the private key SK_CP of the certificate authority CA. In this case, the verification function V() is expressed as follows:
[19] V(Sl, PK_CA, PK_CP) = V(S(SK_CA, PK_CP), PK_CA, PK_CP) = Success or
Fail ... (4)
[20] Next, if the user device UD does not authenticate the content provider CP as an authorized content provider the user device rejects reproduction of the content Cont (operation 170). That is, the user device UD determines the content provider CP as a revoked content provider when the public key PK_CP extracted in operation 130 is included in the revocation list, or as a content provider who disguises himself or herself as another content provider when verification is determined to fail in operation 150 or 160. In these cases, the user device UD rejects reproduction of the content Cont.
[21] However, in the method of FIG. 1, when the user device UD was in an offline state when the content provider CP was revoked and thus did not substitute a new certificate for a certificate of content received before the content provider CP was revoked, the user device UD cannot reproduce all content Cont received from the content provider CP.
[22] It is assumed that the certificate authority CA transmits its certificate C_CA_CP to the content provider CP, the content provider CP transmits the first content Cont_l to the user device UD using the certificate C_CP_UD of the content provider CP, a revocation list RL stored in the user device UD is updated to include the certificate C_CP_UD at a time tl, and the content provider CP transmits second content Cont_2 to the user device UD using the revoked certificate C_CP_UD.
[23] In this case, the user device UD performs user authentication, which is described with reference to FIG. 1, for both the first and second contents Cont_l and Cont_2 using the revoked certificate C_CP_UD, and thus cannot reproduce both the first content Cont_l, and the second content Cont_2 transmitted after the time tl. However, if the content provider CP is revoked for only a business reason, it is unreasonable to prevent the user device UD from using the first content Cont_l transmitted to the user device UD from the content provider CP before the time tl when the content provider CP was revoked. Disclosure of Invention
Technical Solution
[24] The present invention provides a method of authenticating a content provider, which allows reproduction of content transmitted from the content provider before the content provider is revoked and a certificate of the revoked content provider cannot be updated, and revoking the content provider using the same.
Advantageous Effects
[25] According to the present invention, it is possible to allow a user device to identify content that must not be revoked by transmitting to the user device a revocation list which includes a time when content authority is revoked, and an exception list. Accordingly, it is possible to prevent rightly obtained content from being revoked.
[26] Further, according to the present invention, it is possible to prevent a user device from counterfeiting or altering a content identifier or a time when a signature of a certificate authority is generated by generating a signature value of the certificate authority to include the content identifier or the time when the signature is generated. [27] While this invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Description of Drawings
[28] FIG. 1 is a flowchart of a conventional method of revoking content authority;
[29] FIG. 2 is a diagram illustrating a structure of a revocation list used in the method of
FIG. 1;
[30] FIG. 3 is a flowchart of a method of revoking content authority according to an embodiment of the present invention;
[31] FIG. 4 is a diagram illustrating a structure of a revocation list used in the method of
FIG. 3;
[32] FIG. 5 is a flowchart of a method of revoking content authority according to another embodiment of the present invention;
[33] FIG. 6 is a diagram illustrating a structure of a revocation list used in the method of
FIG. 5;
[34] FIG. 7 is a flowchart of a method of revoking content authority according to yet another embodiment of the present invention; and
[35] FIG. 8 is a diagram illustrating a structure of a revocation list used in the method of
FIG. 7.
Best Mode
[36] In a system in which a certificate authority certifies the public key of the content provider and the content provider transmits predetermined content to a user device using the certified public key, the method includes the user device determining whether the predetermined content is revoked by comparing a time when a signature of the public key is generated with a time when the public key is revoked. Accordingly, it is possible to allow the user device to identify content that must not be revoked according to the time when the public key is revoked and a revocation list which includes an exception list, thereby preventing rightly obtained content from being revoked.
Mode for Invention
[37] The present invention introduces two methods of preventing improper revocation of content authority. In the first method, a revocation list is made to include information regarding a time when the content authority is revoked. In the second method, the revocation list includes a content identifier for identifying the content of which content authority must not be revoked. A signature value of a certificate authority that the first method requires is different from that of the certificate authority that the second method requires.
[38] More specifically, in the first method, a certificate authority inserts information regarding a time when a signature of the certificate authority is made into a certificate to be provided to a content provider. Next, a revocation list, which is to be transmitted to a user device includes both a public key of a content provider to be revoked and information regarding a time when the public key is revoked. Lastly, the user device determines whether each content authority must be revoked, according to the time when the signature is made and the time when the public key is revoked.
[39] In the second method, a certificate authority inserts a content identifier to be signed into a certificate of the certificate authority to be provided to a content provider. Next, a revocation list, which is to be transmitted to a user device, includes both a public key of a content provider to be revoked, and an exception list specifying an identifier of content that must not be revoked. Lastly, the user device determines whether each content authority must be revoked, using the content identifier and the exception list.
[40] Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.
[41] FIGS. 3 and 5 illustrate embodiments of the first method according to the present invention, and FIG. 7 illustrates an embodiment of the second method according to the present invention.
[42] In detail, FIG. 3 is a flowchart of a method of revoking content authority Cont according to one embodiment of the present invention. FIG. 4 is a diagram illustrating a structure of a revocation list RL used in the method of FIG. 3.
[43] Referring to FIG. 3, a certificate authority CA makes a certificate C_CA_CP certifying a public key of a content provider CP and transmits it to the content provider CP (operation 310). The certificate C_CA_CP includes the time Ts, the public key PK_CP, and a signature value Sl generated by electronically signing a public key PK_CP of the content provider CP and a time Ts using a private key SK_CA of the certificate authority CA. The time Ts denotes a time when the signature value S 1 is obtained. The method of FIG. 3 is different from that of FIG. 1 in that the signature value S 1 is obtained by electronically signing both the public key PK_CP of the content provider CP and the time Ts. The certificate C_CA_CP is expressed as follows:
[44] C_CA_CP = SlllTsllPK_CP = S(SK_CA, TsllPK_CP)IITsllPK_CP ... (5)
[45] Next, the content provider CP makes the content Cont and a certificate C_CP_UD certifying the content Cont and transmits them to a user device UD (operation 320). The certificate C_CP_UD includes the certificate C_CA_CP of the certificate authority CA, and a signature value S2 generated when the content Cont is electronically signed using a private key SK_CP of the content provider CP. The certificate C_CP_UD is expressed as follows: [46] C_CP_UD = C_CA_CPIIS2
[47] = SlllTsllPK_CPIIS2
[48] = S(SK_CA, TsllPK_CP)IITsllPK_CPIIS(SK_CP, Cont) ... (6)
[49] Next, the user device UD extracts the signature values Sl and S2, the time Ts, and the public key PK_CP of the content provider CP from the certificate C_CP_UD
(operation 330). [50] Next, the user device UD checks whether the revocation list RL includes the public key PK_CP extracted in operation 130 (operation 340). If the public key PK_CP is not included, the method proceeds to operation 360, and otherwise, the method proceeds to operation 350. [51] Referring to FIG. 4, the revocation list RL used in the method of FIG. 3 lists the public key PK_CP of a revoked content provider and a time Tr when the public key
PK_CP is revoked. The revocation list RL is safely transmitted from the certificate authority CA or a third authority to the user device UD. [52] The user device UD determines whether the time Ts extracted in operation 330 is earlier than the time Tr listed in the revocation list RL (operation 350). If the time Ts is earlier than the time Tr, the method proceeds to operations 360 and 370, and otherwise, the method proceeds to operation 380. [53] In operations 360 and 370, whether the public key PK_CP is valid and whether the time Ts has been modified are determined. [54] The user device UD determines whether verification of the content Cont succeeds or fails by inputting the signature value S2 and the public key PK_CP of the content provider CP and the content Cont into a verification function V() (operation 360). That is, whether the content Cont is signed using the private key SK_CP is verified. In this case, the verification function V() is expressed as follows:
[55] V(S2, PK_CP, Cont) = V(S(SK_CP, Cont), PK_CP, Cont) = Success or Fail ... (7)
[56] If the verification succeeds, the method proceeds to operation 370, and otherwise, the method proceeds to operation 380. [57] The user device UD determines whether the public key PK_CP is valid and whether the time Ts is modified by inputting the signature value Sl, the public key
PK_CA of the certificate authority CA, the time Ts extracted from operation 330, and the public key PK_CP of the content provider CP into the verification function V()
(operation 370). In this case, the verification function V() is given by Equation (8).
Unlike in the method of FIG. 1, the signature value Sl is obtained by electronically signing both the public key PK_CP and the time Ts. [58] V(Sl, PK_CA, TsllPK_CP) = V(S(SK_CA, TsllPK_CP), PK_CA, TsllPK_CP) =
Success or Fail ... (8) [59] The user device UD does not authenticate the content provider CP as an authorized content provider, and rejects reproduction of the content Cont (operation 380). That is, the user device UD determines the content provider CP as a revoked content provider when it is determined in operation 340 that the public key PK_CP is included in the revocation list RL and it is determined in operation 350 that the time Ts is later than the time Tr; determines that the content provider CP disguises himself or herself as another content provider when it is determined in operation 360 that verification fails; and determines that the time Tr is altered when it is determined in operation 370 that verification fails. In these cases, the user device UD rejects production of the content Cont.
[60] In operation 350, when the time Ts is earlier than the time Tr, the public key
PK_CP is not revoked and the method proceeds to operation 360 even if the public key PK_CP is included in the revocation list RL. In other words, the user device UD can distinguish between a time Ts_A when a signature is generated when content Cont_A is transmitted from a content provider CPl, and a time Ts_B when a signature is generated when content Cont_B is transmitted from the content provider CPl. Accordingly, the user device UD can selectively determine whether each content authority is revoked.
[61] In the method of FIG. 3, the time Ts is included in the signature value Sl of the certificate authority CA in operation 310, and verified when the signature value Sl is verified in operation 370. If the user device UD arbitrarily changes the time Ts transmitted in operation 310, verification in operation 370 will fail. Therefore, the user device UD should be prevented from changing the time Ts, and the security of content in the method of FIG. 3 should be protected.
[62] Alternatively, verification of the public key PK_CP (operations 360 and 370) may be omitted. However, in this case, the user device UD can manipulate the time Ts.
[63] Alternatively, operation 340 to determine whether the public key PK_CP is revoked may be performed after verifying the public key PK_CP (operations 360 and 370). That is, according to the present invention, the order of performing operations 340, 350, and 370 can be changed.
[64] The method of FIG. 3 is a two-step process in which the certificate authority CA authenticates the content provider CP. However, according to the embodiments of the present invention, an upper certificate authority may further authenticate the certificate authority CA. In this case, the present invention further includes an operation in which the upper certificate authority issues a certificate certifying the certificate authority CA using an electronic signature, and an operation in which the user device UD verifies a signature value of the upper certificate authority.
[65] FIG. 5 is a flowchart of a method of revoking content authority Cont according to another embodiment of the present invention. FIG. 6 is a diagram illustrating a structure of a revocation list RL used in the method of FIG. 5.
[66] Referring to FIG. 5, a certificate authority CA generates a certificate C_CA_CP certifying a public key PK_CP of a content provider CP and transmits it to the content provider CP (operation 510). The certificate C_CA_CP includes a signature value Sl which is obtained by electronically signing a content identifier ID-Cont, a time Ts when the signature S 1 is generated, and the public key PK_CP using a private key SK_CA of the certificate authority CA; the content identifier ID_Cont, the time Ts, and the public key PK_CP. The method of FIG. 5 is different from that of FIG. 1 in that the signature value S 1 is obtained by electronically signing the public key PK_CP of the content provider CP, the content identifier ID_Cont, and the time Ts. The certificate C_CA_CP is expressed as follows:
[67] C_CA_CP = SlllID_ContllTsllPK_CP
[68] = S(SK_CA, ID_ContllTsllPK_CP)IIID_ContllTsllPK_CP ... (9)
[69] Next, the content provider CP makes content Cont and a certificate C_CP_UD certifying the content Cont and transmits them to a user device UD (operation 520). The certificate C_CP_UD includes the certificate C_CA_CP, and a signature value S2 obtained by electronically signing the content Cont using the private key SK_CP of the content provider CP. The certificate C_CP_UD is expressed as follows:
[70] C_CP_UD = C_CA_CPIIS2
[71] = SlllID_ContllTsllPK_CPIIS2
[72] = S(SK_CA, ID_ContllTsllPK_CP)IIID_ContllTsllPK_CPIIS(SK_CP, Cont) ... (10)
[73] Next, the user device UD extracts the signature value Sl, the content identifier
ID_Cont, the time Ts, the public key PK_CP of the content provider CP, and the signature value S2 from the certificate C_CP_UD (operation 530).
[74] Next, the user device UD determines whether the revocation list RL includes the public key PK_CP extracted in operation 530 (operation 540). If the public key PK_CP is not included, the method proceeds to operation 560, otherwise, the method proceeds to operation 550.
[75] Referring to FIG. 6, the revocation list RL used in the method of FIG. 5 includes the public key PK_CP of the revoked content provider CP, a time Tr when the public key PK_CP is revoked, and a content revocation list RL_C_Rev.
[76] Next, the user device UD determines whether the time Ts extracted in operation
530 is earlier than the time Tr (operation 550). If the time Ts is earlier than the time Tr, the method proceeds to operation 555, otherwise, the method proceeds to operation 580.
[77] Next, the user device UD determines whether the content revocation list
RL C Rev of the revocation list RL includes the content identifier ID Cont extracted in operation 530 (operation 555). When the content identifier ID_Cont is included, the method proceeds to operation 580, and otherwise, the method proceeds to operation
560. [78] In operations 560 and 570, whether the public key PK_CP is valid and whether the user device UD changed the content identifier ID_Cont and the time Ts are determined. [79] The user device UD determines whether verification of the content Cont succeeds or fails by inputting the signature value S2 and the public key PK_CP of the content provider CP, and the content Cont into a verification function V() (operation 560).
That is, whether the content Cont is signed using the private key SK_CP of the content provider CP is verified. In this case, the verification function V() is expressed as follows: [80] V(S2, PK_CP, Cont) = V(S(SK_CP, Cont), PK_CP, Cont) = Success or Fail ...
(H)
[81] If the verification succeeds, the method proceeds to operation 570, and otherwise, the method proceeds to operation 580.
[82] Next, the user device UD determines whether the public key PK_CP of the content provider CP is valid and whether the content identifier ID_Cont or the time Ts has been altered by inputting the signature value Sl, and the public key PK_CA of the certificate authority CA, the content identifier ID_Cont extracted in operation 530, the time Ts, and the public key PK_CP of the content provider CP into the verification function V() (operation 570). The verification function V() is given by Equation (12). Unlike the method in FIG. 1, the signature value Sl is obtained by electronically signing the public key PK_CP of the content provider CP, the content identifier ID_Cont, and the time Ts.
[83] V(Sl, PK_CA, ID_ContllTsllPK_CP) = V(S(SK_CA, ID_ContllTsllPK_CP),
PK_CA,
[84] ID_ContllTsllPK_CP) = Success or Fail ... (12)
[85] In operation 580, the user device UD does not authenticate the content provider CP as an authorized content provider and rejects reproduction of the content Cont. More specifically, the user device UD determines that the content provider CP is a revoked content provider when it is determined in operation 540 that the public key PK_CP is included in the revocation list RL and it is determined in operation 550 that the time Ts is later than the time Tr, determines that the content provider CP disguises himself or herself as another content provider when the verification in operations 560 and 570 fails, and determines that the content identifier ID_Cont or the time Ts has been altered when the verification in operation 570 fails. In these cases, the user device UD rejects reproduction of the content Cont. [86] In the method of FIG. 5, a content identifier to be revoked is included in a revocation list, thereby allowing precise selection of an object to be revoked.
[87] Similarly in the method of FIG. 3, according to the method of FIG. 5, a user device is capable of selectively determining whether each content authority is to be revoked, based on a comparison between a time when a signature is generated and a time when a public key of a content provider is revoked.
[88] Also, in the method of FIG. 5, the content identifier ID_Cont and the time Ts are included in the signature value Sl of the certificate authority CA in operation 510, and the content identifier ID_Cont and the time Ts are verified when the signature value S 1 is verified in operation 570. Accordingly, the user device UD cannot manipulate the content identifier ID_Cont and the time Ts, thereby increasing the security for the method of FIG. 5.
[89] FIG. 7 is a flowchart of a method of revoking content authority Cont according to yet another embodiment of the present invention. FIG. 8 is a diagram illustrating a structure of a revocation list RL used in the method of FIG. 7.
[90] Referring to FIG. 7, a certificate authority CA makes a certificate C_CA_CP certifying a public key PK_CP of a content provider CP and transmits it to the content provider CP (operation 710). The certificate C_CA_CP includes a signature value Sl obtained by electronically signing the public key PK_CP and a content identifier ID_Cont of the content provider CP using a private key SK_CA of the certificate authority CA; the content identifier ID_Cont; and the public key PK_CP of the content provider CP. The method of FIG. 7 is different from that of FIG. 1 in that the signature value S 1 is obtained by electronically signing the public key PK_CP and the content identifier ID_Cont. The certificate C_CA_CP is expressed as follows:
[91] C_CA_CP = SlllID_ContllPK_CP
[92] = S(SK_CA, ID_ContllPK_CP)IIID_ContllPK_CP ... (13)
[93] Next, the content provider CP makes a content Cont and a certificate C_CP_UD certifying the content Cont and transmits them to the user device UD (operation 720). The certificate C_CP_UD includes the certificate C_CA_CP, and a signature value S2 generated by electronically signing the content Cont using a private key SK_CP of the content provider CP. The certificate C_CP_UD is expressed as follows:
[94] C_CP_UD = C_CA_CPIIS2
[95] = SlllID_ContllPK_CPIIS2
[96] = S(SK_CA, ID_ContllPK_CP)IIID_ContllPK_CPIIS(SK_CP, Cont) ... (14)
[97] Next, the user device UD extracts the signature value Sl, the content identifier
ID_Cont, the public key PK_CP of the content provider CP, and the signature value S2 from the certificate C_CP_UD (operation 730).
[98] Next, the user device UD determines whether the revocation list RL includes the public key PK_CP of the content provider CP extracted in operation 730 (operation 740). When the public key PK_CP is not included, the method proceeds to operation 760, and otherwise, the method proceeds to operation 750.
[99] Referring to FIG. 8, the revocation list RL used in the method of FIG. 7 includes the public key PK_CP of a revoked content provider and an exception list RL_C_nonRev. The exception list RL_C_nonRev lists a content identifier of content that is not revoked although the public key PK_CP of the content provider CP who provides the content is included in the revocation list RL.
[100] Next, the user device UD determines whether the content identifier ID_Cont extracted in operation 730 is included in the exception list RL_C_nonRev of the revocation list RL (operation 750). If the content identifier ID_Cont is included, the method proceeds to operations 760 and 770, and otherwise, the method proceeds to operation 780.
[101] In operations 760 and 770, whether the public key PK_CP is valid and whether the user device UD modified the content identifier ID_Cont are determined.
[102] The user device UD determines whether verification of the content Cont succeeds or fails by inputting the signature value S2 and the public key PK_CP of the content provider CP, and the content Cont into a verification function V() (operation 760). That is, whether the content Cont is signed using the private key SK_CP is verified. The verification function V() is given by:
[103] V(S2, PK_CP, Cont) = V(S(SK_CP, Cont), PK_CP, Cont) = Success or Fail ...
(15)
[104] When the verification succeeds, the method proceeds to operation 770, and otherwise, the method proceeds to operation 780.
[105] The user device UD determines whether the public key PK_CP of the content provider CP is valid and whether the content identifier ID_Cont has been altered by inputting the signature value S 1 and the public key PK_CA of the certificate authority CA, the content identifier ID_Cont extracted in operation 730, and the public key PK_CP into the verification function V() (operation 770). The verification function V() is given by Equation (16). Unlike in the method of FIG. 1, the signature value Sl is obtained by electronically signing both the public key PK_CP of the content provider CP and the content identifier ID_Cont.
[106] V(S 1 , PK_CA, ID_ContllPK_CP) = V(S(SK_CA, ID_ContllPK_CP),
PK_CA,ID_ContllPK_CP)
[107] = Success or Fail ... (16)
[108] In operation 780 the user device UD does not authenticate the content provider CP as an authorized content provider and rejects reproduction of the content Cont. More specifically, the user device UD determines the content provider CP to be a revoked content provider when it is determined in operation 740 that the public key PK_CP is included in the revocation list RL and it is determined in operation 750 that the content identifier ID_Cont is not included in the exception list RL_C_nonRev, determines the content provider CP to disguise himself or herself as another content provider when the verification fails in operations 760 and 770, and determines that the content identifier ID_Cont has been altered when the verification fails in operation 770. In these cases, the user device UD rejects reproduction of the content Cont.
[109] According to the method of FIG. 7, a revocation list additionally includes a content identifier of content that is not revoked although a public key of a content provider who provides the content is included in the revocation list. Accordingly, the user device can identify an object to be revoked, and thus, it is possible to prevent a properly authorized content from being revoked.
[110] Also, in the method of FIG. 7, the content identifier ID_Cont is included in the signature value Sl of the certificate authority CA in operation 710, and verified when the signature value S 1 is verified in operation 770. Therefore, the user device UD cannot alter the content identifier ID_Cont, thereby increasing the security for the method of FIG. 7.
[I l l] A method of revoking a public key of a content provider according to the present invention can be realized as a computer program. Codes and code segments of the computer program can be easily inferred by computer programmers in the art. The computer program may be stored in a computer readable medium. When the computer program is read and executed by a computer, the method is realized. The computer readable medium may be any medium, such as a magnetic recording medium, an optical recording medium, or a carrier wave.
[112] While this invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims

Claims
[1] L A method of revoking a public key of a content provider in a system in which a certificate authority certifies the public key of the content provider and the content provider transmits predetermined content to a user device using the certified public key, the method comprising determining whether the predetermined content is revoked in the user device by comparing a time when a signature of the public key is generated with a time when the public key is revoked.
[2] 2. The method of claim 1, further comprising:
(a) the certificate authority electronically signing a time when the predetermined content is electronically signed and the public key of the content provider, and transmitting the result of signing to the content provider; and
(b) the content provider electronically signing the predetermined content and transmitting the predetermined content to the user device.
[3] 3. The method of claim 2, further comprising (c) the user device verifying the public key of the content provider and the time when the signature is generated.
[4] 4. The method of claim 3, wherein (a) comprises:
(al) generating a signature value of the certificate authority by electronically signing the public key of the content provider and the time when the signature is generated, using a private key of the certificate authority; (a2) transmitting the signature value of the certificate authority, the time when the signature is generated, and the public key of the content provider to the content provider.
[5] 5. The method of claim 4, wherein (b) comprises:
(bl) generating a signature value of the content provider by electronically signing the predetermined content using a private key of the content provider; and
(b2) transmitting the signature value of the certificate authority, the time when the signature is generated, the public key of the content provider, and the signature value of the content provider to the user device.
[6] 6. The method of claim 5, wherein (c) comprises:
(cl) determining whether the predetermined content is signed using the private key of the content provider by verifying the signature value of the content provider; and
(c2) determining whether the public key of the content provider is valid and whether the time when the signature is generated is manipulated by verifying the signature value of the certificate authority.
[7] 7. The method of claim 6, wherein (cl) comprises (cl 1) determining whether the predetermined content is signed using the private key of the content provider by verifying the signature value of the content provider by inputting the signature value and the public key of the content provider and the predetermined content into a verification function.
[8] 8. The method of claim 6, wherein (c2) comprises (cl2) determining whether the public key of the content provider is valid and whether the time when the signature is generated is manipulated by inputting the signature value and the public key of the certificate authority, the time when the signature is generated, and the public key of the content provider into the verification function.
[9] 9. A method of revoking a public key of a content provider in a system in which a certificate authority certifies the public key of the content provider and the content provider transmits predetermined content to a user device using the c ertified public key, the method comprising the user device determining whether the predetermined content is revoked based on whether a content identifier of the predetermined content is included in an exception list which lists content identifiers of contents that must not be revoked.
[10] 10. The method of claim 9, further comprising:
(a) the certificate authority electronically signing a content identifier of the predetermined content and the public key of the content provider and transmitting the signed content identifier and the public key to the content provider; and
(b) the content provider electronically signing the predetermined content and transmitting the predetermined content to the user device.
[11] 11. The method of claim 10, further comprising (c) the user device verifying the public key of the content provider and the content identifier.
[12] 12. The method of claim 11, wherein (a) comprises:
(al) generating a signature value of the certificate authority by electronically signing the public key of the content provider and the content identifier using a private key of the certificate authority;
(a2) transmitting the signature value of the certificate authority, the content identifier, and the public key of the content provider to the content provider.
[13] 13. The method of claim 12, wherein (b) comprises:
(bl) generating a signature value of the content provider by electronically signing a private key of the content provider; and
(b2) transmitting the signature value of the certificate authority, the content identifier, the public key of the content provider, and the signature value of the content provider to the user device.
[14] 14. The method of claim 13, wherein (c) comprises: (cl) determining whether the predetermined content is signed using the private key of the content provider by verifying the signature value of the content provider; and
(c2) determining whether the public key of the content provider is valid and whether the content identifier is manipulated by verifying the signature value of the certificate authority.
[15] 15. The method of claim 14, wherein (cl) comprises (cl 1) determining whether the predetermined content is signed using the private key of the content provider by verifying the signature value of the content provider by inputting the signature value and the public key of the content provider, and the predetermined content into a verification function.
[16] 16. The method of claim 14, wherein (c2) comprises (cl2) determining whether the public key of the content provider is valid and whether the content identifier is manipulated by inputting the signature value and the public key of the certificate authority, the content identifier, and the public key of the content provider into the verification function.
[17] 17. A computer readable recording medium having embodied thereon a computer program for executing the method of claim 1.
PCT/KR2005/004191 2004-12-10 2005-12-08 Method of revoking public key of content privider WO2006062358A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2007545378A JP2008523703A (en) 2004-12-10 2005-12-08 How to release authority of content provider public key
EP05821074A EP1820296A1 (en) 2004-12-10 2005-12-08 Method of revoking public key of content privider

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US63457504P 2004-12-10 2004-12-10
US60/634,575 2004-12-10
KR10-2004-0112241 2004-12-24
KR1020040112241A KR100823254B1 (en) 2004-12-10 2004-12-24 Method for revoking a public key of content provider

Publications (1)

Publication Number Publication Date
WO2006062358A1 true WO2006062358A1 (en) 2006-06-15

Family

ID=36578144

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2005/004191 WO2006062358A1 (en) 2004-12-10 2005-12-08 Method of revoking public key of content privider

Country Status (2)

Country Link
EP (1) EP1820296A1 (en)
WO (1) WO2006062358A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2196939A1 (en) * 2007-10-02 2010-06-16 Panasonic Corporation Copyright protection system, reproduction device, and reproduction method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020095579A1 (en) * 1997-06-05 2002-07-18 Hiroshi Yoshiura Digital data authentication method
US20040037424A1 (en) * 2002-06-24 2004-02-26 International Business Machines Corporation Information distribution and processing

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020095579A1 (en) * 1997-06-05 2002-07-18 Hiroshi Yoshiura Digital data authentication method
US20040037424A1 (en) * 2002-06-24 2004-02-26 International Business Machines Corporation Information distribution and processing

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2196939A1 (en) * 2007-10-02 2010-06-16 Panasonic Corporation Copyright protection system, reproduction device, and reproduction method
EP2196939A4 (en) * 2007-10-02 2015-04-29 Panasonic Ip Man Co Ltd Copyright protection system, reproduction device, and reproduction method

Also Published As

Publication number Publication date
EP1820296A1 (en) 2007-08-22

Similar Documents

Publication Publication Date Title
US11743054B2 (en) Method and system for creating and checking the validity of device certificates
US10361867B2 (en) Verification of authenticity of a maintenance means connected to a controller of a passenger transportation/access device of a building and provision and obtainment of a license key for use therein
KR20100091257A (en) An entity bidirectional authentication method and system
EP2332091A1 (en) Method and means for digital authentication of valuable goods
WO2008004525A1 (en) Information processing device, information recording device, information processing system, program update method, program, and integrated circuit
US20090106548A1 (en) Method for controlling secured transactions using a single physical device, corresponding physical device, system and computer program
JP2007104657A (en) Apparatus and method for executing security function using smart card
EP3966997B1 (en) Methods and devices for public key management using a blockchain
US20020194479A1 (en) Method of protecting a microcomputer system against manipulation of data stored in a storage assembly of the microcomputer system
JP5183517B2 (en) Information processing apparatus and program
US20230412400A1 (en) Method for suspending protection of an object achieved by a protection device
US20060129827A1 (en) Method of revoking public key of content provider
JP2009003501A (en) Onetime password authentication system
US8646099B2 (en) Midlet signing and revocation
WO2006062358A1 (en) Method of revoking public key of content privider
CN109672526B (en) Method and system for managing executable program
US8844047B2 (en) Secure programming of vehicle modules
CN114036490A (en) Security authentication method for calling plug-in software interface, USBKey driving device and authentication system
JP2006050355A (en) Data reproducing apparatus, data reproducing method and data reproducing program
CN113641986B (en) Method and system for realizing alliance chain user private key hosting based on SoftHSM
CN116189340A (en) Entrance guard management method, system, device and medium based on PKI security authentication
CN106375340B (en) Method and system for improving certificate verification security
CN117692185A (en) Electronic seal using method and device, electronic equipment and storage medium
Steel Towards a formal security analysis of the Sevecom API
Pohlmann et al. Embedded PKI in industrial facilities

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KN KP KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2005821074

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 200580042210.6

Country of ref document: CN

Ref document number: 2007545378

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

WWP Wipo information: published in national office

Ref document number: 2005821074

Country of ref document: EP