Abstract: Disclosed is a method of recording and storing a broadcast content received for mobile broadcast services in a transmitting-end level. A broadcast receiving terminal includes a type of the key profile in the header of the recorded file for the particular broadcast content, the CIEK which is used in encrypting the broadcast content and encrypted with the second layer encryption key, and the acquisition information on the second layer encryption key. The acquisition information on the second layer encryption key is included in a corresponding field of the header according to the type of the used profile. As in the SRTP and IPSec, a recorded file format in the transmitting-end level recording is the PDCF. Information associated with the encryption of the encrypted broadcast content is stored in the OMA DRM common header box (ohdr box) of the PDCF recorded file.

Abstract: A method for changing a subscription status of a service in a mobile communication system, and a system thereof. A method is provided for changing a subscription status of a service by a terminal in a mobile communication system. The method includes transmitting a pause request message, in which a pause period of the subscription status is included, to a network entity; receiving, from the network entity, a pause response message including therein a possible pause period for the pause period included in the pause request message, and a trigger for changing validity for a Long-term Key stored in the terminal; and changing validity for the Long-term Key using the trigger for the possible pause period included in the pause response message.

Abstract: A method and a non-volatile memory apparatus for cloning prevention is provided. The non-volatile memory apparatus includes an Enhanced Media Identification (EMID) area, which is located in a specific area of the non-volatile memory, and stores an EMID for identifying the non-volatile memory; and an EMID encoder for modifying the EMID by a preset operation in conjunction with an arbitrary value.

Abstract: An encryption key distribution method for service and content protection in a mobile broadcasting system, and a system for the same which includes generating, by a network, a first encryption key when the broadcast service is first provided; transmitting a generalized rights object message, which includes identification information for identifying the generated first encryption key, to the terminal; generating a second encryption key before the lifetime of the first encryption key expires; and transmitting the generalized rights object message, which includes identification information for identifying the generated second encryption key, to the terminal.

Abstract: A user playing a media file having ads on a playback device is able to automatically skip the ads during playback depending on the user's subscription level, as indicated in a user license or user account information. Whether an ad is automatically skipped may depend not only on the user license but also on attributes of the ad. An ad may have a skip-level which indicates the “importance” of the ad. If the advertiser wants to ensure that the ad will be seen and not be automatically skipped by a media playback unit, it can pay a higher price for the ad and the ad will be assigned a higher skip-level value. On the user subscription side, a user who wants to avoid ads may pay a higher subscription fee and have a user license that determines, via an auto-skip level value (“user level”), how many ads the user can automatically skip during playback of the media file. With a higher the auto-skip level value, the user is able to automatically skip more ads on the playback device.

Abstract: A method and system is provided for sharing a service guide or a service guide fragment in a mobile broadcast system supporting a mobile broadcast service. A Broadcast Service Provisioning Client Function (BSP-C) sends a request for the service guide or service guide fragment to a Broadcast Service Provisioning Management Function (BSP-M). The BSP-M transmits the service guide or service guide fragment to the BSP-C if the BSP-M has the service guide or service guide fragment.

Abstract: A method and apparatus for managing digital rights using a portable storage device are provided. The method includes a device performing primary authentication together with a license provider and establishing primary security association, the device performing secondary authentication together with the portable storage device and establishing secondary security association, receiving a license from the license provider, and transmitting the license to the portable storage device.

Abstract: Disclosed is an inter-entity coupling method for service protection in a broadcast environment including a terminal and a broadcast network, which includes a Broadcast Service Application (BSA), a Broadcast Service Distribution (BSD) and a Broadcast Service Management (BSM) function. The method includes executing enrollment and service joining procedures for the terminal, wherein the terminal acquires a group key in the enrollment procedure and acquires a Rights Object (RO) for the service in the service joining procedure; receiving a message including a traffic key in the terminal; acquiring the traffic key from the message using the RO; receiving an encrypted service encrypted by the BSD in the terminal; and decrypting the encrypted service using the traffic key in the terminal.

Abstract: A method of updating software of terminals in a mobile broadcast system is provided. The method includes creating an update command for terminals of a particular model, the update command including update information; and broadcasting the created update command. The update information includes software version information and at least one of terminal manufacturer information and terminal model information. Further, the method may further include, before broadcasting the created update command, forcibly requiring terminals subscribe to an update service; and creating and broadcasting an update file for terminals of the particular model from among the forcibly subscribed terminals. The software of the terminals may be firmware.

Abstract: A method for authentication, by a host device, of a storage device having a plurality of unit storage areas comprises acquiring information on the distribution of locations of defect referenceive areas to be used for uniquely identifying the storage device, sampling the unit storage areas of the storage device, identifying the distribution of locations of physically defective areas among the sampled areas, determining the similarity between the acquired distribution of locations and the identified distribution of location, and authenticating the storage device according to the result of the determination.

Abstract: A method and apparatus for providing a broadcast service in a communication system is provided. The method includes creating a seed key pair including a first key and a second key, transmitting the seed key pair to a terminal to which the broadcast service is to be provided, creating a certain number of encryption keys using the seed key pair, the certain number corresponding to a lifetime of the seed key pair, encrypting broadcast service data for the lifetime using the encryption keys, and broadcasting the encrypted broadcast service data.

Abstract: A method and apparatus for using a non-volatile storage device includes reading device identification information from the non-volatile storage device, application identification information corresponding to a content application related to a type of content to be protected or utilized among a plurality of content applications is acquired, usage identification information is generated using the device identification information and the application identification information, and protecting or utilizing content using the usage identification information.

Abstract: A method and system for registration with a broadcast server is provided. A request from a smartcard terminal for registration is received and the smartcard terminal is authenticated based on the request. Further, A specific key material, Ks_NAF, is generated in response to the request. At least one of registering the smartcard terminal with the Internet Protocol (IP) multimedia subsystem (IMS) server and with the broadcast server simultaneously, and registering the smartcard terminal with the IMS server and subsequently with the broadcast server through the IMS server, is performed. At least one of notifying the IMS server of status of the registration by the broadcast server, and notifying the broadcast server of the status of the registration by the IMS server, is performed.

Abstract: A storage device for protecting content, includes a Secure Area (SA) area in which a decryption key needed to decrypt encrypted content is stored, and access to which is available to a host device that has passed authentication using a secure authentication protocol. The storage device stores a security information file for mapping control information for controlling usage of the encrypted content and the decryption key to the encrypted content.

Abstract: Disclosed herein is a method and system for registering and verifying a smart card certificate for users moving between public key infrastructure domains, which allows a user moving between domains to have a smart card certified in a terminal located in an external domain other than a home domain. According to the present invention, when a user wants his/her own smart card to be certified in a terminal of an external domain, a certification authority of the external domain can certify the smart card using a certificate stored in the smart card and signed electronically by a certification authority of a home domain. Additionally, a new certificate issued by the certification authority of the external domain is stored in the certified smart card, so that a certificate of the moving user can be verified regardless of domains and a new certificate of a moved domain can be easily obtained.

Abstract: Disclosed is an inter-entity coupling method for protecting content in a broadcast environment including a broadcast network and a terminal, the broadcast network having a Broadcast Service Application (BSA), a Broadcast Service Distribution (BSD), and a Broadcast Service Management (BSM), the inter-entity coupling method including performing, by the terminal, a registration process for obtaining a group key for the terminal; after the registration process is completed, performing, by the terminal, a service joining process for requesting service joining, and receiving, by the terminal, a Rights Object (RO) about the content from a message, which is received in response to the request, based on the obtained group key; obtaining a traffic key by using the RO, if a traffic key message is received after the service joining process is completed; receiving encrypted content in the terminal; and decrypting the encrypted content by using the traffic key.

Abstract: Provided is a method for delivering all or part of a rights object (RO) of a user associated with the content to other users. The method includes creating a rights object to be transmitted to a second user within a limit of the rights object held by the first user, and forwarding the created rights object to the second user. The method allows each user to share its own RO with other users within the limit of the RO without server authentication.

Abstract: Methods and apparatus are provided for providing a DRM service by a user terminal apparatus consuming DRM content in a service environment that provides the DRM content using a plurality of incompatible DRM systems. A license corresponding to the DRM content is acquired from a service providing apparatus that provides the DRM content. It is determined whether the license is a common license having a common DRM interface format. The common DRM interface format of the common license is converted to a format of a first DRM system installed in the user terminal apparatus, when the license is the common license. The license having the format of the first DRM system is applied in reproducing the DRM content. The common license is provided from the service providing apparatus to the user terminal apparatus through a common DRM interface when the service providing apparatus does not support the first DRM system.

Abstract: Disclosed is a DRM Proxy Server Agent (DRM PSA), which converts a format of a DRM system into a format recognizable in a user terminal when the user terminal and a service provider do not use the same type of DRM system. The user terminal downloads the DRM PSA from the service provider and installs the DRM PSA in the user terminal. Through the download and installation of the DRM PSA, the user terminal can use various DRM systems provided by the service provider regardless of the type of DRM system installed in the user terminal.

Abstract: An authentication apparatus includes a data storage unit for storing authentication apparatus identification information, an interface unit for connecting to a host device through a first interface, and an authentication processor that executes an authentication process using the authentication apparatus identification information stored in the data storage unit. The authentication processor executes the authentication process upon receipt of an authentication request signal from the host device through the interface unit, and outputs an authentication response signal including data indicative of a result of the authentication process to the host device via the interface unit. The authentication request signal is for requesting authentication of a data storage device connected to the host device through a second interface.