Abstract: A storage controller and a storage system comprising the same are provided. Provided is a device security manager configured to set a first device security zone to allow a first tenant to access first tenant data stored in a non-volatile memory, receive access information from a host device and writing the received access information in a mapping table, wherein the access information includes a first host memory address in which the first tenant data is stored in the host device, a first namespace identifier for identifying the first tenant data stored in the non-volatile memory, a first logic block address corresponding to the first namespace identifier, and an encryption key, encrypt the first tenant data by using the encryption key, and write the encrypted first tenant data in the first device security zone of the non-volatile memory.

Abstract: A storage controller and a storage system comprising the same are provided. Provided is a device security manager configured to set a first device security zone to allow a first tenant to access first tenant data stored in a non-volatile memory, receive access information from a host device and writing the received access information in a mapping table, wherein the access information includes a first host memory address in which the first tenant data is stored in the host device, a first namespace identifier for identifying the first tenant data stored in the non-volatile memory, a first logic block address corresponding to the first namespace identifier, and an encryption key, encrypt the first tenant data by using the encryption key, and write the encrypted first tenant data in the first device security zone of the non-volatile memory.

Abstract: A storage device having improved security reliability includes a non-volatile memory, and a storage controller configured to control an operation of the non-volatile memory, generate a key material, receive a key identification (ID) from a firmware, determine whether a salt value matching the key ID is stored in the non-volatile memory, generate a private key using the salt value stored in the non-volatile memory and the key material in response to determining that the salt value matching the key ID is stored in the non-volatile memory, and, in response to determining that the sale value matching the key ID is not stored in the non-volatile memory, receive a salt value from the firmware and generate the private key using the salt value from the firmware and the key material, and store the salt value used for generating the private key in the non-volatile memory.

Abstract: A security chip and an application processor may be included in a device configured to engage in encrypted communications with an external client, including public key infrastructure communications, in an environment where a certificate authority is absent. The security chip may provide the application processor with a device public key from among a pair of device keys related to public key infrastructure communications, receive a request from the application processor to generate a digital signature on a certificate form including the device public key, provide the application processor with a digital signature generated based on an encryption operation using a certificate authority private key, and receive and store a certificate including the digital signature from the application processor.

Abstract: An electronic device includes a biometric sensor configured to generate biometric data by sensing a biometric characteristic and to encrypt the biometric a near field communication (NFC) controller configured to perform a near field communication, and a secure storage device coupled to the NFC controller, and configured to receive the encrypted biometric data from the biometric sensor through an internal communications channel, which may include an application processor and the NFC controller, and to store the biometric data by decrypting the encrypted biometric data.

Abstract: A security chip and an application processor may be included in a device configured to engage in encrypted communications with an external client, including public key infrastructure communications, in an environment where a certificate authority is absent. The security chip may provide the application processor with a device public key from among a pair of device keys related to public key infrastructure communications, receive a request from the application processor to generate a digital signature on a certificate form including the device public key, provide the application processor with a digital signature generated based on an encryption operation using a certificate authority private key, and receive and store a certificate including the digital signature from the application processor.

Abstract: An electronic device includes a biometric sensor configured to generate biometric data by sensing a biometric characteristic and to encrypt the biometric a near field communication (NFC) controller configured to perform a near field communication, and a secure storage device coupled to the NFC controller, and configured to receive the encrypted biometric data from the biometric sensor through an internal communications channel, which may include an application processor and the NFC controller, and to store the biometric data by decrypting the encrypted biometric data.

Abstract: Provided is a method for managing an authorization of digital rights, the method performed by a first server and comprising: receiving from a second server a drop domain authorization trigger message for an initiation of an authorization protocol to cease creating a domain rights object (RO) for a domain for which the first server has an authorization to create the domain RO, the trigger message including information on the domain; the domain being managed by the second server and the authorization being obtained by the first server from the second server checking status of the authorization; transmitting to the second server, a drop domain authorization request message including the ID of the domain; and receiving from the second server, a drop domain authorization response message including a status element indicating a result of processing of the request message based on content included in the request message.

Abstract: A method of receiving, by a memory card, a rights object (RO) from a rights issuer (RI) via a terminal. The method includes: receiving from the terminal, a provisioning setup request message including information about a size of rights to be installed in the memory card; checking whether there is a space in the memory card for the rights; transmitting, to the terminal, a provisioning setup response message including a status indicating a result of processing the provisioning setup request message; and receiving, from the terminal, a rights provisioning request message for installing the rights into the memory card, the rights provisioning request message including rights information. The rights information is based on rights being extracted from a RO response message if a device identifier (ID) in the RO response message matches an ID of the memory card which is different from an ID of the terminal.

Abstract: An apparatus and method for transferring a Rights Object (RO) for a content between devices via a server, wherein a sending device converts a first RO taken by itself to encode into a second RO, and sends an RO move request message including the second RO to the server, whereas the server converts the second RO included in the RO move request message into a third RO and transfers the third RO to a receiving device, whereby the receiving device receives the third RO from the server for installation, wherein the sending device deletes or modifies the first RO at an appropriate time point.

Abstract: Disclosed is a method of receiving by a terminal a rights object (RO) from a rights issuer (RI) on behalf of a memory card, the method including, receiving, by the terminal, a trigger message for RO acquisition from the rights issuing server, comparing, by the terminal, trust anchor and ID of the memory card in a list included in the trigger message with a trust anchor and ID of the memory card within a context of the terminal, transmitting, by the terminal, a RO request message to the rights issuing server if the trust anchor and the ID of the memory card within the context are consistent with those within the list according to the comparison result, and receiving, by the terminal, a RO response message including a protected RO from the rights issuing server.

Abstract: A method of receiving, by a memory card, a rights object (RO) from a rights issuer (RI) via a terminal. The method includes: receiving from the terminal, a provisioning setup request message including information about a size of rights to be installed in the memory card; checking whether there is a space in the memory card for the rights; transmitting, to the terminal, a provisioning setup response message including a status indicating a result of processing the provisioning setup request message; and receiving, from the terminal, a rights provisioning request message for installing the rights into the memory card, the rights provisioning request message including rights information. The rights information is based on rights being extracted from a RO response message if a device identifier (ID) in the RO response message matches an ID of the memory card which is different from an ID of the terminal.

Abstract: Disclosed is a method and apparatus for managing rights object of SRM in a digital rights management system. The method for managing rights object bound to the SRM, comprises: transmitting ROAP trigger from a rights issuer to a terminal; transmitting an RO request message from the terminal to the rights issuer and transmitting a response message to the RO request message from the rights issuer to the terminal; and transmitting the rights object included in the response message from a DRM agent of the terminal to a DRM agent of the SRM and installing the rights object in the SRM. Accordingly, the SRM can receive its own rights object from the rights issuer through the terminal.

Abstract: A method, device and system for stably issuing a rights object (RO) to a memory, namely, an SRM, via a terminal. When RO has been issued to the memory card, namely, to the SRM, by using the stable procedure, the RO can be compatible with a different terminal that does not support the stable procedure, whereby the RO can be completely used by the different terminal.

Abstract: Disclosed is domain upgrade method in Digital Rights Management (DRM) capable of reducing network resources by simplifying signal procedures at the time of transferring changed domain keys. A device joining after domain upgrade is provided with only a domain key of a domain generation after the domain upgrade, but is not provided with a domain key of the previous domain generation. Accordingly, even if the joining device is mal-operated or is hacked, contents before upgrade are prevented from being illegally used or leaking out.

Abstract: A terminal and method and system for processing SUPL are discussed. According to one embodiment, the invention provides a method of processing a SUPL request for a terminal that has performed roaming, the method comprising: receiving a SUPL INIT message from a home SLP entity, the SUPL INIT message including an indicator that indicates whether a home SLP entity uses a proxy mode or a non-proxy mode; checking the indicator to determine whether the home SLP operates in the proxy mode or the non-proxy mode; and selectively performing authentication with the home SLP entity based on the checking result indicating whether the home SLP entity operates in the proxy mode or the non-proxy mode.

Abstract: A method for managing a specific domain (or user domain), for example leaving the domain by a specific device after fully returning a Rights Object (RO) taken by the specific device, instead of deactivating the RO, when leaving the specific domain, the method in which the device desiring to leave the specific domain moves its RO to another device desiring to join the specific domain and thereafter leaves the specific domain under the control of a Domain Authority/Domain Enforcement Agent (DA/DEA).

Abstract: A terminal and method and system for processing SUPL are discussed. According to one embodiment, the invention provides a method of processing a SUPL request for a terminal that has performed roaming, the method comprising: receiving a SUPL INIT message from a home SLP entity, the SUPL INIT message including an indicator that indicates whether a home SLP entity uses a proxy mode or a non-proxy mode; checking the indicator to determine whether a first message or a second message should be transmitted to the home SLP entity; and transmitting the first message or the second message to the home SLP entity according to a result of the checking step.

Abstract: When a SET receives a positioning service from a V-SLP by performing a roaming from a H-SLP to the V-SLP in a SUPL-based positioning system, only a new TLS connection is generated using an abbreviated handshake protocol without generating a new TLS session after the roaming. That is, when opening a TLS session for ensuring security in a SUPL-based positioning method, in particular, when opening a new TLS session between the V-SLP (V-SPC) and the SET after opening the TLS session between the H-SLP and the SET, the key information having used in the previous TLS session is provided to the V-SLP to set a new TLS connection, thereby reducing a load of an entire system.

Abstract: A method and system for managing at least one DRM agent intending to join or leave a user domain in a Digital Rights Management (DRM) is provided, in which a Domain Enforcement Agent (DEA) manages the joining and leaving of the DRM agent resident in a home network it manages, and a Domain Authority (DA) provides a domain key to a DRM agent joining the user domain.