초록 ▼

A system and method of providing domain management for content protection and security is disclosed. A secure device domain is generated to allow sharing of content among a plurality of consumer electronic devices. A domain management scheme for authenticating and managing consumer electronics devic

A system and method of providing domain management for content protection and security is disclosed. A secure device domain is generated to allow sharing of content among a plurality of consumer electronic devices. A domain management scheme for authenticating and managing consumer electronics devices in the secure device domain is provided.

대표청구항 ▼

1. A method of providing a secure device domain for sharing content among a plurality of consumer electronic devices, the method comprising: storing a domain certificate including a domain coordinator identifier, a domain coordinator public key, and a digital signature of the domain coordinator iden

1. A method of providing a secure device domain for sharing content among a plurality of consumer electronic devices, the method comprising: storing a domain certificate including a domain coordinator identifier, a domain coordinator public key, and a digital signature of the domain coordinator identifier and the domain coordinator public key in a memory of a first consumer electronics device;receiving a request from a second consumer electronics device to join the secure device domain;receiving data indicative of an approval of the request, wherein the data indicative of the approval of the request is received from a trusted party comprising a user of the second consumer electronics device;in response to the approval of the request, issuing, by a domain manager device, a device domain certificate for the device domain to the second consumer electronics device, the device domain certificate comprising the domain coordinator identifier, the domain coordinator public key, a device identifier of the second consumer electronics device, a device public key of the second consumer electronics device, and a digital signature of the domain coordinator identifier, the domain coordinator public key, the device identifier, and the device public key; andin response to the domain manager device being unavailable for providing approval for the second consumer electronics device to join the secure device domain, the first consumer electronics device issuing an extended domain certificate for the second consumer electronics device. 2. The method of claim 1, wherein the initial communication between the first consumer device and the second consumer device comprises clear text. 3. The method of claim 2, wherein the data indicative of the approval of the request comprises data inputted by the user. 4. The method of claim 3, wherein the data inputted by the user is inputted in response to a question presented to the user on a display. 5. The method of claim 3, wherein the data inputted by the user is generated when a button on the second consumer electronics device is pressed by the user. 6. The method of claim 1, further comprising creating a certificate revocation data structure comprising at least one device identifier of a device removed from the secure device domain, a device public key of the device removed from at least one of the secure device domain or the hash value of the public key, and a digital signature of the device identifier of the device removed from the secure device domain and the device public key of the device removed from the secure device domain. 7. The method of claim 6, further comprising storing a first maximal value indicative of a total number of device domain certificates which can be issued for the secure device domain and a second maximal value indicative of a total number of unrevoked certificates issued for the secure device domain. 8. The method of claim 1, further comprising: connecting to the second consumer electronics device after receiving the request from the second consumer electronics device to join the secure device domain;retrieving the device certificate from the second consumer electronics device; andverifying the authenticity of the device certificate. 9. The method of claim 8, further comprising: extracting the device identifier from the device certificate of the second consumer electronics device; anddisplaying the device identifier at the first consumer electronics device. 10. The method of claim 9, wherein the device identifier comprises at least one of a serial number and a MAC address of the second consumer electronics device. 11. The method of claim 9, wherein receiving data indicative of an approval of the request comprises receiving data indicative of a verification that the displayed device identifier is the device identifier of the second consumer electronics device. 12. The method of claim 11, wherein the received data comprises data generated in response to actuating a button on the first consumer electronics device. 13. The method of claim 12, wherein issuing the device domain certificate to the second consumer electronics device further comprises transmitting the device domain certificate over unencrypted wireless connection. 14. The method of claim 7, further comprising modifying the maximal value of unrevoked device domain certificates to reflect the issuance of the device domain certificate of the second consumer electronics device. 15. The method of claim 1, wherein the extended domain certificate comprising a device identifier and public key of the second consumer electronics device and device identifier and public key of the first consumer electronics device, wherein the second consumer electronics device is allowed to communicate with other devices within the domain based on the issued extended domain certificate. 16. The method of claim 1, wherein the first consumer electronics device lacks at least one of a keyboard and a mouse. 17. The method of claim 1, wherein the first consumer electronics device is a privileged device, and the device extended domain certificate comprising a device identifier and a public key of the second consumer electronics device and a device identifier and public key of the privileged device. 18. The method of claim 17, wherein the second electronics consumer device authenticates a third consumer electronics device via the device extended domain certificate. 19. The method of claim 18, the secure device domain includes a privileged domain certificate and a non-privileged device domain certificate. 20. The method of claim 19, wherein consumer electronics devices associated with the non-privileged device domain certificate are unable to issue extended domain certificates. 21. The method of claim 1, wherein the device identifier of the device domain certificate transmitted from the second consumer electronics device to the first consumer electronics device is modified in transit so that an encrypted value from the modified device domain certificate is distinguishable from an original encrypted value of the device domain certificate. 22. The method of claim 1, wherein the domain manager device is unavailable when it is turned off. 23. The method of claim 1, wherein the domain manager device comprises a disabled mobile device. 24. The method of claim 1, further comprising illuminating a light signal seeking confirmation from the trusted party that the device certificate is authentic. 25. The method of claim 24, further comprising selecting a button of the first consumer electronics device based on the light signal. 26. The method of claim 1, further comprising displaying a text message prompting confirmation from a user that the device certificate is authentic. 27. The method of claim 26, further comprising selecting a button or key of the first consumer electronics device based on the displayed text message. 28. The method of claim 1, wherein the secure device domain comprises a wireless local area network (WLAN). 29. The method of claim 28, wherein the WLAN comprises a home wireless network environment. 30. A method for authenticating a first consumer electronics device to a second consumer electronics device in a device domain having a plurality of consumer electronics devices, the method comprising: receiving a request from a second consumer electronics device to join the device domain;receiving data indicative of an approval of the request, wherein the data indicative of the approval of the request is received from a trusted party comprising a user of the second consumer electronics device;in response to the approval of the request, issuing, by a domain manager, a device domain certificate for the device domain to the second consumer electronics device;in response to the domain manager device being unavailable for providing approval for the second consumer electronics device to join the device domain, the first consumer electronics device issuing an extended domain certificate for the second consumer electronics device;receiving, at the first consumer electronics device, a device domain certificate from the second consumer electronics device;verifying, at the first consumer electronics device, a domain manager's signature of the received device domain certificate;comparing, by the first consumer electronics device, data extracted from the received device domain certificate to a certificate revocation list; andestablishing, by the first consumer electronics device, a connection with the second consumer electronics device if the data extracted from the device domain certificate is not found in the certificate revocation list. 31. The method of claim 30, further comprising blocking, by the first consumer electronics device, the connection with the second consumer electronics device if the data extracted from the device domain certificate is found in the certificate revocation list. 32. A system for providing a secure domain for sharing content among a plurality of consumer electronic devices, the system comprising: a hardware processor coupled to an electronic device configured for forming: a domain certificate data structure including a domain coordinator identifier, a domain coordinator public key, and a digital signature of the domain coordinator identifier and the domain coordinator public key;a device domain certificate data structure including the domain coordinator identifier, the domain coordinator public key, a device identifier, a device public key, and a digital signature of the domain coordinator identifier, the domain coordinator public key, the device identifier, and the device public key;a certificate revocation data structure comprising at least one device identifier of a device removed from the secure domain, a device public key of the device removed from the secure domain, and a digital signature of the device identifier of the device removed from the secure domain and the device public key of the device removed from the secure domain;a first maximal value data structure comprising a total number of device domain certificates which can be issued for the domain and a second maximal value data structure comprising a total number of unrevoked certificates issued for the domain, wherein the first maximal value is determined based on a function of the second maximal value; anda device extended domain certificate comprising a device identifier and a public key of a new consumer electronics device to the secure domain and a device identifier and public key of a privileged device for authenticating the new consumer electronics device,wherein a first consumer electronics device issues the device extended domain certificate for a second consumer electronics device in response to a domain manager device being unavailable for providing approval for the second consumer electronics device to join the secure device domain. 33. The system of claim 32, wherein the extended domain certificate comprising a device identifier and public key of the second consumer electronics device and device identifier and public key of the first consumer electronics device, wherein the second consumer electronics device is allowed to communicate with other devices within the domain based on the issued extended domain certificate. 34. A device for managing access to a consumer electronics device domain, comprising: a processor;domain management instructions stored on a non-transitory storage medium, which when executed by the processor cause the processor to execute the instructions to: receive a device certificate from a consumer electronics device to be added to the device domain;display a message on the device seeking confirmation from a user acting as a trusted party that the device certificate from the consumer electronics device is authentic;generate a device domain certificate in response to data input, the device domain certificate comprising data identifying the consumer electronics device domain and the device; andtransmit an extended domain certificate along with issuing the device domain certificate and a domain certificate for the consumer electronics device domain to the consumer electronics device;wherein a first consumer electronics device issues the extended domain certificate for a second consumer electronics device in response to a domain manager device being unavailable for providing approval for the second consumer electronics device to join the device domain. 35. The device of claim 34, wherein the received data input is received from the user acting as the trusted party and is input via a binary input mechanism on the device. 36. The device of claim 35, wherein the binary input mechanism is a button on the exterior of the device. 37. The device of claim 36, wherein the message seeking confirmation is displayed by flashing the button on the device. 38. The device of claim 37, wherein the device is one of a dedicated domain management device and a high definition television device. 39. The device of claim 37, wherein the device is a high definition television device. 40. A method of providing a secure device domain for sharing content among a plurality of consumer electronic devices, the method comprising: storing a domain certificate including a domain coordinator identifier, a domain coordinator public key, and a digital signature of the domain coordinator identifier and the domain coordinator public key in a memory of a first consumer electronics device;receiving a request from a second consumer electronics device to join the secure device domain;receiving data indicative of an approval of the request, wherein the data indicative of the approval of the request is received from a trusted party comprising a user of the second consumer electronics device;in response to the approval of the request, issuing, by a domain manager, a device domain certificate for the device domain to the second consumer electronics device, the device domain certificate comprising the domain coordinator identifier, a device identifier of the second consumer electronics device, and the signature of a hash value; andin response to the domain manager device being unavailable for providing approval for the second consumer electronics device to join the secure device domain, the first consumer electronics device issuing an extended domain certificate for the second consumer electronics device. 41. The method of claim 40, wherein the hash value comprises the hash of the concatenation of device identifier of the second consumer electronics device, the domain coordinator identifier, and a public key of the second consumer electronics device. 42. The method of claim 41, wherein the signature of the hash value is generated using a private key associated with the first consumer electronics device.