Abstract: Provided are a method of tracing a device key in a user key management system using a hierarchical hash chain broadcast encryption scheme (HBES) algorithm, a user key management system for executing the method of tracing a device key, and a computer program for executing the method of tracing a device key. The method of tracing a device key of an illegal decoder in a user key management system for broadcast encryption includes: tracing a device key using a binary search; and revoking the traced device key. The technology according to the present invention can be applied to prevent exposure of the device keys to hacking. The present invention provides a method of tracing which can be applied to an HBES algorithm structure.

Abstract: Provided is a method of transmitting content keys to nodes arranged in a hierarchical structure which includes a plurality of node groups each including a predetermined number of the nodes. In this method, revoke information that includes identifiers of revoked node groups in the hierarchical structure, the total number of independent revoked nodes, and identifiers of the independent revoked nodes is generated. The revoked node groups are node groups consisting of only revoked nodes, and the independent revoked nodes are revoked nodes not belonging to any of the revoked node groups. Then, encrypted content keys are obtained by encrypting content keys using broadcast encryption, by using an encryption key set that has a form that cannot be generated using a decryption key set that the revoked nodes possess, and a set of encrypted content keys is generated. Thereafter, the revoke information and the set of the encrypted content keys are transmitted to all of the nodes arranged in the hierarchical structure.

Abstract: Provided are a method of generating a firmware update file which restrictively allows a firmware update for a corresponding hardware model, and a method and apparatus for updating firmware using the firmware update file. By generating a data body including program codes of firmware to be updated, generating a data header including model codes of a hardware device to which the data body is applied, and generating the firmware update file by combining the data body and the data header, the firmware update may be restricted for a corresponding model of a hardware device by using the firmware update file so that firmware of other models of hardware devices may not be updated, an integrity check may be performed using a digital signature when the firmware is updated.

Abstract: Provided are a method and apparatus for controlling transmission of content data. In the method, a communication channel is initially established to transmit the content data, the content data is transmitted through the established communication channel, verification is performed a plurality of times to determine whether the content data is transmitted within an acceptable transmission range, and whether to continue the transmission of the content data is determined according to the verification result. Accordingly, when a client moves to a location outside a predetermined acceptable transmission range in a wireless environment, a server stops transmission of the content data. In addition, content data can be continuously transmitted regardless of interference caused by a temporary obstacle between a server and a client.

Abstract: Provided is a method of limiting updating of firmware by distinguishing between model code that represents a group of hardware having firmware program codes are compatible with each other and model code that identifies each hardware belonging to the group. The method includes generating a data body having firmware program code that is to be updated; generating a data header having model code of hardware to which the data body is to be applied, wherein the hardware model code comprises first model code representing a group of hardware having firmware program codes are compatible with each other and second model code identifying each hardware belonging to the group; and generating a firmware update file by combining the data body and the data header.

Abstract: A method and an apparatus for providing content encrypted in a broadcast encryption scheme to a plurality of devices in a local network are provided. The method includes: storing a minimal number of keys needed by the devices to decode the encrypted content among a plurality of keys that can be used in the predetermined encryption scheme; and transmitting the stored keys to the devices. Accordingly, it is possible for a local server having a small storage capacity to provide the encrypted content to the devices by storing only the minimal number of keys needed by the devices to decode the encrypted content.

Abstract: A method and apparatus for encrypting or decrypting digital content are provided. In the method, a binding range is selected from a plurality of binding ranges of content use based on license information of the content, and the content is encrypted based on the selected binding range so that the content can be used only within the selected binding range. Accordingly, it is possible to limit content use to a plurality of binding ranges of use of the content, using license information of the content.

Abstract: A method of measuring round trip time (RTT) and a proximity checking method using the same. The method of measuring RTT includes: transmitting a hashed second random number and starting the RTT measurement; and receiving a hashed first random number from a device that received the hashed second random number and ending the RTT measurement, thereby greatly reducing repetitive encryption and decryption operations in the proximity check using a repetitive RTT measurement.

Abstract: A revocation key determining method for content protection. The revocation key determining method includes: identifying at least one of a plurality of groups on the basis of a structure in which groups, each consisting of nodes to which key sets for content protection are respectively assigned, are hierarchically arranged in a tree form; and detecting whether nodes belonging to the group are respectively revoked.

Abstract: A method and apparatus of protecting digital content within a domain is provided. if a device registered with a domain withdraws from the domain, a domain key used in the domain before withdrawal of the device is updated to a domain key which cannot be used by the device; and the domain key not exposed to the device is transmitted to a plurality of devices currently registered with the domain so that only the currently registered devices have the most recent domain key. Therefore, devices not registered with the domain and devices which previously registered with the home domain but withdrawn from the home domain can be prevented from using digital content currently shared within the domain. In addition, registered devices that withdraw from the home domain may use digital content legitimately downloaded from the home domain before they withdrew from the domain.

Abstract: A method and apparatus for managing digital content, which can detect the leakage of an encryption key when the encryption key used for encrypting the digital content is leaked or cracked. When the encrypted digital content is decrypted by an illegal device, a module linked with the encrypted digital content is automatically driven and a digital content managing apparatus is then notified that the encrypted digital content has been decrypted by the illegal device such that the digital content managing apparatus can change the encryption key. Thus, it is possible to prevent the digital content from being continuously leaked due to the use of the same encryption key for encrypting subsequent digital content.

Abstract: A method of and apparatus for encrypting and/or decrypting content according to broadcast encryption scheme. The decryption method includes: determining whether or not a revoked device among devices that have licenses for predetermined content is present; and according to the determination result, selectively decrypting a content key encrypted by using a key to prevent the revoked device from decrypting the predetermined content. By doing so, an unnecessary encryption process and decryption process that occur when there is no revoked device are avoided.

Abstract: A method of measuring round trip time (RTT) includes: chain-hashing at least one random number to create a plurality of hash values; (b) transmitting one of the created hash values to a device and starting to measure RTT of the device; and (c) receiving from the device a response to the transmitted hash value and ending the RTT measurement, thereby performing a more effective proximity check than a conventional proximity check requiring encryptions and decryptions of several tens of times through several thousands of times.

Abstract: A method of packaging broadcast contents are provided. The method includes: extracting a copy control bit from input broadcast contents and determining whether the broadcast contents will be stored after being encrypted based on the extracted copy control bit; creating usage rule information which includes an encryption method of the broadcast contents if it is determined that the broadcast contents will be stored after being encrypted; extracting the copy control bit from each new broadcast content sequentially input and detecting broadcast contents which include copy control bits indicating that the broadcast contents will be stored without being encrypted; and encrypting the input broadcast contents through the broadcast contents before the detected broadcast contents using the encryption method and packaging and storing the encrypted broadcast contents and the usage rule information.

Abstract: A method of backing up domain information relating to the construction of a domain is provided. In the method, the domain information is encrypted and the encrypted domain information is stored in a predetermined storage device in the domain the encrypted domain information to the predetermined storage device, thereby securely backing up the domain information without the help of an external network. Accordingly, even when the existing domain server malfunctions, a new domain server is capable of obtaining the domain information.

Abstract: Provided is a method of controlling content access in a home network. The method includes: (a) defining a predetermined sub group and allocating a sub group key for the sub group; and (b) checking whether a user belongs to the sub group and transmitting the sub group key to a user device requested by the user, wherein the user device obtains an encrypted content key using a domain key and the sub group key. Since a content key is twice encrypted using a domain key and a sub group key and transmitted to a user device, it is possible to provide authorized content access to a user.

Abstract: A key management, user registration and deregistration for a digital rights management (DRM) system in a home network, using a hierarchical node topology. In the key management, node information is generated by allocating a pair of keys (a public key and a private key) to each node. A node tree is made by generating link information using the pair of keys and a content key. The link information is delivered from an upper node to a lower node using the node tree. The link information is obtained by encrypting a private key of a ‘TO’ node using a public key of a ‘FROM’ node. Accordingly, it is possible to realize a DRM system that protects content and easily accomplishes a binding mechanism and a revocation mechanism.

Abstract: A method of generating usage rule information for a broadcast channel. The method includes receiving content and a broadcast flag via the broadcast channel, creating content usage rule information to allow all operations relating to use of the content when the broadcast flag is off, and creating usage rule information to forbid copying of the content when the broadcast flag is on.

Abstract: A method of managing a home network key in a home network environment, which has a key management server for managing the home network key and a plurality of home network devices, includes: allowing a home network device to generate device unique information and to transmit the device unique information to the key management server; allowing the key management server to generate a parameter for generating the home network key by using the device unique information and to transmit the parameter to the home network device; and allowing the home network device to generate the home network key by using the parameter. The generated home network key being independent of the device unique information.

Abstract: A bidding method including: (a) generating a first bidding function value using an initial bidding price of a first bidder; (b) transmitting the first bidding function value to a successful bidding decider; (c) transmitting a second bidding function value of a second bidder to the first bidder; (d) transmitting a final bidding price of the first bidder and a final bidding price of the second bidder to the successful bidding decider; (e) determining a successful bidding price by comparing the final bidding price of the first bidder and the final bidding price of the second bidder; and (f) verifying whether or not the successful bidding price was manipulated