초록 ▼

Disclosed are a method, a system and a terminal apparatus for reproducing content purchased by a user in a plurality of terminals. To this end, a Right Object (RO) is received through an authentication process for content and a service registration process, and is stored in a User Identity Module (U

Disclosed are a method, a system and a terminal apparatus for reproducing content purchased by a user in a plurality of terminals. To this end, a Right Object (RO) is received through an authentication process for content and a service registration process, and is stored in a User Identity Module (UIM). If the UIM is used, a user can use corresponding content in a plurality of terminals through one-time registration. Accordingly, the user having completed the registration can reproduce content in multiple terminals owned by the user based on user identification by means of a license acquired through the registration regardless of a specific terminal, instead of reproducing the content only in a single terminal to which a license has been bound.

대표청구항 ▼

What is claimed is: 1. A method for reproducing equal content in at least one terminal by generally authenticating a service provider, a terminal and a User identity Module (UIM), the method comprising the steps of: performing, by the terminal and the UIM, mutual authentication through the service

What is claimed is: 1. A method for reproducing equal content in at least one terminal by generally authenticating a service provider, a terminal and a User identity Module (UIM), the method comprising the steps of: performing, by the terminal and the UIM, mutual authentication through the service provider, thereby acquiring an encryption key shared between the terminal and the UIM; after the authentication, performing by the UIM registration to acquire a group key from the service provider; if the registration is completed, transferring by the UIM a service join request message to the service provider through the terminal, thereby joining a service; and if encrypted content is transferred from the terminal to the service provider after joining the service, decrypting and reproducing the encrypted content utilizing the shared encryption key. 2. The method as claimed in claim 1, wherein the authentication is performed based on public key-based authentication or symmetric key-based authentication. 3. The method as claimed in claim 2, wherein the authentication comprises: transferring by the service provider an authentication request message to the UIM through the terminal; performing verification for an authentication response message received in response to the authentication request message, performing the authentication for the terminal and the UIM, and generating and transmitting an authentication result message; and performing the mutual authentication by the terminal and the UIM by means of the authentication result message. 4. The method as claimed in claim 3, further comprising, in the symmetric key-based authentication: if the authentication request message is transferred to the UIM, inserting by the UIM information obtained by performing a Message Authentication Code (MAC) operation utilizing a symmetric key of the UIM in the authentication request message, thereby generating the authentication response message; and if the generated authentication response message is transferred to the terminal, adding by the terminal identification information of the terminal to the authentication response message, and transmitting information obtained by performing a MAC operation, together with the authentication response message. 5. The method as claimed in claim 3, further comprising, in the public key-based authentication: if the authentication request message is transferred to the UIM, inserting by the UIM information obtained by performing a MAC operation utilizing a symmetric key of the UIM in the authentication request message, thereby generating the authentication response message; and if the generated authentication response message is transferred to the terminal, adding by the terminal identification information of the terminal to the authentication response message, and transmitting information obtained by signing an electronic signature to the service provider, together with the authentication response message. 6. The method as claimed in claim 3, wherein the step of generating and transmitting the authentication result message comprises: generating and transmitting the authentication result message including both information, which is obtained by encrypting the shared encryption key generated by the service provider to be used between the terminal and the UIM, and information, which is obtained by encrypting a new shared session key generated between the service provider and the UIM utilizing a shared key between the service provider and the UIM. 7. The method as claimed in claim 3, further comprising: when the UIM verifies the received authentication result message, confirming and verifying time information and MAC operation information within the authentication result message; if the verification is successful, determining if the authentication of the terminal is a success or a failure; and if the authentication of the terminal is successful, acquiring a shared session key with the service provider from the authentication result message. 8. The method as claimed in claim 1, wherein the step of performing the registration comprises: if a registration trigger message is received from the service provider after the authentication, receiving by the UIM the registration trigger message through the terminal; transferring a registration request message to the service provider through the terminal in response to the registration trigger message; and if a registration response message is received from the service provider through the terminal in response to the registration request message, acquiring the group key utilizing a shared session key with the service provider, which is obtained in the authentication. 9. The method as claimed in claim 1, wherein the step of joining the service comprises: transferring by the UIM the service join request message to the service provider through the terminal; receiving a service join response message from the service provider in response to the service join request message; and acquiring a key utilizing the group key, which is obtained in the registration, from the received service join response message. 10. The method as claimed in claim 9, wherein the service key is for encrypting a traffic key having actually encrypted content. 11. The method as claimed in claim 1, wherein the step of decrypting and reproducing the encrypted content comprises: after joining the service, receiving by the terminal a message from the service provider and transferring the received message to the UIM, wherein the message is obtained by encrypting a traffic key, which actually encrypts the content, utilizing service key; decrypting by the UIM the traffic key utilizing the service key, there by acquiring a traffic key; encrypting the traffic key utilizing the shared encryption key, and transferring the encrypted traffic key to the terminal; and acquiring by the terminal the traffic key utilizing the shared encryption key, and decrypting and reproducing the encrypted content provided from the service provider utilizing the acquired traffic key. 12. The method as claimed in claim 1, further comprising when the UIM is inserted into a different terminal, performing by the terminal and the UIM the mutual authentication again through the service provider in order to acquire an equal shared encryption key between the different terminal and the UIM. 13. The method as claimed in claim 1, further comprising: if a service termination request is received from a user, transferring a service termination beginning message by the terminal to the UIM; if a service termination request message is received, transferring the service termination request message to the service provider, wherein the service termination request message is generated by adding identification information of the UIM and result information of a MAC operation to the service termination beginning message; receiving a service termination confirmation message from the service provider, wherein the service termination confirmation message includes results obtained by performing a termination procedure for a predetermined service; and transferring the service termination confirmation message to the UIM, receiving verification results from the UIM, and performing service termination. 14. A system for reproducing equal content in at least one terminal by generally authenticating a service provider, a terminal and a User Identity Module (UIM), the system comprising: the service provider for performing authentication for the terminal and the UIM, performing a registration process for allowing the UIM to be used in said at least one terminal, reporting results for a service join request from the UIM through the terminal, and encrypting and providing corresponding content in service joining; the terminal for transferring a message exchanged between the service provider and the UIM, acquiring a shared encryption key with the UIM through the authentication, and decrypting and reproducing the encrypted content, which is provided according to the service joining, utilizing the shared encryption key; and the UIM for acquiring both the shared encryption key with the terminal and a shared session key with the service provider through the authentication, and providing the terminal with an encryption key for decrypting the encrypted content. 15. The system as claimed in claim 14, wherein the authentication is performed based on public key-based authentication or symmetric key-based authentication. 16. A terminal apparatus for reproducing equal content in at least one terminal by generally authenticating a service provider, a terminal and a User Identity Module (UIM), the terminal apparatus comprising: a Digital Rights Management (DRM) module for managing registration, service joining, and use of content; a communication module for receiving a message from the service provider, and transmitting a response message to the service provider in response to reception of the message; an interface module for transferring the message received through the communication module to the UIM, and receiving a response message corresponding to the transferred message from the UIM; and an authentication module for acquiring a shared encryption key with the UIM by performing authentication for the UIM, and decrypting encrypted content, which is provided according to the service joining, utilizing the shared encryption key. 17. The terminal apparatus as claimed in claim 16, further comprising an application module for receiving decrypted content from the DRM module and reproducing the decrypted content. 18. The terminal apparatus as claimed in claim 16, wherein the authentication module comprises: an authentication manager module for managing an authentication function, and performing message generation and verification; an encryption/decryption module for executing encryption and decryption operations; a digital signature module for signing an electronic signature; a Message Authentication Code (MAC) module for executing a MAC operation; and a secure storage module for storing an encryption key, wherein all of the encryption/decryption module, the digital signature module, the MAC module and the secure storage module correspond to submodules of the authentication manager. 19. The terminal apparatus as claimed in claim 16, wherein the DRM module comprises: a registration module for executing operations according to a registration procedure; a rights management module for managing interpretation and use of a Right Object (RO) acquired in the service joining a key stream management module for executing decryption of an encrypted traffic key utilizing a service key; and a content decryption module for executing decryption of encrypted content utilizing the traffic key. 20. A content reproduction method in a system for reproducing equal content in at least one terminal by generally authenticating a service provider, a terminal and a User Identity Module (UIM), the content reproduction method comprising the steps of: acquiring, by the terminal, a second encryption key KUT between the terminal and the UIM from an authentication message including a procedure for encrypting the second encryption key KUT with a first encryption key KT between the terminal and the service provider, by using the first encryption key KT; acquiring, by the UIM, the second encryption key KUT and a shared session key KUS between the UIM and the service provider from an authentication message including a procedure for encrypting the second encryption key KUT and the shared session key KUS with a third encryption key KU between the UIM and the service provider, by using the third encryption key KU; and decrypting, by the UIM, an encrypted group key GK included in a registration response message by using the acquired shared session key KUS, and decrypting content encrypted with a traffic key TK by using the decrypted group key GK. 21. The content reproduction method of claim 20, wherein the decrypting of the encrypted content comprises: decrypting, by the UIM, a service key SK used to encrypt the traffic key TK by using the group key GK; acquiring the traffic key TK by decrypting the encrypted traffic key TK by using the service key SK; and decrypting the encrypted content by using the acquired traffic key TK.