WO2008140266A1 - Domain discovery, management and administration method and apparatus thereof - Google Patents

Domain discovery, management and administration method and apparatus thereof Download PDF

Info

Publication number
WO2008140266A1
WO2008140266A1 PCT/KR2008/002703 KR2008002703W WO2008140266A1 WO 2008140266 A1 WO2008140266 A1 WO 2008140266A1 KR 2008002703 W KR2008002703 W KR 2008002703W WO 2008140266 A1 WO2008140266 A1 WO 2008140266A1
Authority
WO
WIPO (PCT)
Prior art keywords
domain
parent
child
information
domains
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2008/002703
Other languages
French (fr)
Inventor
Hyon-Gon Choo
Jooyoung Lee
Jeho Nam
Jin-Woo Hong
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Electronics and Telecommunications Research Institute ETRI
Original Assignee
Electronics and Telecommunications Research Institute ETRI
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electronics and Telecommunications Research Institute ETRI filed Critical Electronics and Telecommunications Research Institute ETRI
Priority to EP08753499A priority Critical patent/EP2150908A1/en
Priority to CN200880024914.4A priority patent/CN101755266A/en
Publication of WO2008140266A1 publication Critical patent/WO2008140266A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication

Definitions

  • the present invention relates to a domain discovery, management and administration method and apparatus; and, more particularly, to a domain discovering method and apparatus, and a domain management and administration method and apparatus supporting mergence and split of domains.
  • Domain signifies a series of devices or a group of users sharing membership within a family or company.
  • Domain technology denotes technology for representing and managing such domains. With the domain technology, it is possible to manage a group of people or devices sharing access credential.
  • Digital rights management is a technology or service for protecting copyrights of digital contents.
  • the technology or service was used for preventing pay contents such as digital music, moving picture and electric book from being illegally copied.
  • pay contents such as digital music, moving picture and electric book from being illegally copied.
  • it is used to protect diverse kinds of digital contents, such as mobile contents, corporate confidential documents, and digital broadcasting.
  • digital rights management technology has expanded its area into collectively providing such diverse services as production, management and distribution of contents, charging fee, and settling payment.
  • Domain technology may take significant part of the digital rights management technology. Domain technology may help efficiently administrate licensing of digital contents, which makes the management easy and flexible, and it may provide effective digital content distribution methods .
  • a conventional technology reveals a method of generating a domain between a domain management device and a user terminal and managing the domain to manage users and user terminals.
  • the conventional technology has a shortcoming that it cannot effectively discover a domain and effectively manage a plurality of domains .
  • An embodiment of the present invention is directed to providing a method and apparatus for effectively discovering a domain and effectively managing a plurality of domains. To be specific, it provides an effective method for merging and splitting domains between domain management devices and user terminals.
  • a method for discovering a domain management device which includes: transmitting a discovery request message to a domain management device through a network; receiving a discovery response message to the discovery request message from the domain management device; and deciding a domain management device to be communicated with based on the discovery response message.
  • an apparatus for discovering a domain management device which includes: a communication unit for transmitting a discovery request message to a domain management device through a network and receiving a discovery response message to the discovery request message from the domaxn management device; and a domain management device deciding unit for deciding a domain management device to be communicated with based on the discovery response message.
  • a method for managing domains which includes: receiving a domain mergence request message for requesting to merge a plurality of domains from a domain administrator device; merging the domains based on the domain mergence request message; and transmitting a domain update message to related domain management devices in charge of managing domains involving in the domain mergence upon the domain mergence.
  • a domain management device which includes: a reception unit for receiving a domain mergence request message for requesting to merge a plurality of domains from a domain administrator device; a management unit for merging the domains based on the domain mergence request message; and a transmission unit for, upon the domain mergence, transmitting a domain update message to related domain management devices in charge of managing domains involving in the domain mergence .
  • a domain administration method of a domain administrator device which includes: transmitting a domain mergence request message for requesting to merge a plurality of domains to a domain management device; and merging the domains based on the domain mergence request message, and receiving a result of transmitting a domain update message to related domain management devices in charge of managing domains involving in the domain mergence upon the domain mergence from the domain management device.
  • a domain administrator device which includes: a transmission unit for transmitting a domain mergence request message for requesting to merge a plurality of domains to a domain management device; and a reception unit for merging the domains based on the domain mergence request message, and receiving a result of transmitting a domain update message to related domain management devices in charge of managing domains involving in the domain mergence upon the domain mergence from the domain management device.
  • a method for managing domains which includes: receiving a domain split request message for requesting to split a domain from a domain administrator device; and splitting the domain based on the domain split request message; and transmitting a domain update message to a related domain management device in charge of managing a domain obtained from the domain split upon the domain split.
  • a domain management device which includes: a reception unit for receiving a domain split request message for requesting to split a domain from a domain administrator device; and a management unit for splitting the domain based on the domain split request message; and a transmission unit for transmitting a domain update message to a related domain management device in charge of managing a domain obtained from the domain split upon the domain split.
  • a method for administrating domains which includes: transmitting a domain split request message for requesting to split a domain to a domain management device; and splitting the domain based on the domain split request message; and receiving a result of transmitting a domain update message to a related domain management device in charge of managing a domain involving in the domain split from the domain management device upon the domain split.
  • a domain administrator device which includes: a transmission unit for transmitting a domain split request message for requesting to split a domain to a domain management device; and a reception unit for splitting the domain based on the domain split request message and receiving a result of transmitting a domain update message to a related domain management device in charge of managing a domain involving in the domain split from the domain management device upon the domain split.
  • the present invention can effectively discover a domain and effectively manage a plurality of domains. To be specific, it can effectively merge or split domains between domain management devices and user terminals.
  • Fig. 1 is a flowchart showing a process of discovering a domain management device in accordance with an embodiment of the present invention.
  • Fig. 2 illustrates how messages are exchanged between a domain management device and a user terminal for discovering a domain management device in accordance with an embodiment of the present invention.
  • Fig. 3 is a flowchart describing domain mergence in accordance with an embodiment of the present invention.
  • Fig. 4 is a flowchart describing domain split in accordance with an embodiment of the present invention.
  • block diagrams of the present invention should be understood to show a conceptual viewpoint of an exemplary circuit that embodies the principles of the present invention.
  • all the flowcharts, state conversion diagrams, pseudo codes and the like can be expressed substantially in a computer-readable media, and whether or not a computer or a processor is described distinctively, they should be understood to express various processes operated by a computer or a processor.
  • Functions of various devices illustrated in the drawings including a functional block expressed as a processor or a similar concept can be provided not only by using hardware dedicated to the functions, but also by using hardware capable of running proper software for the functions.
  • a function When a function is provided by a processor, the function may be provided by a single dedicated processor, single shared processor, or a plurality of individual processors, part of which can be shared.
  • the element is cooperated with a proper circuit for performing the software.
  • the present invention defined by claims includes diverse means for performing particular functions, and the means are connected with each other in a method requested in the claims. Therefore, any means that can provide the function should be understood to be an equivalent to what is figured out from the present specification.
  • the present invention provides messages and protocol in support of a domain management device discovery function and domain mergence and split functions of a domain management device.
  • the present invention provides an effective domain management technology used between a domain management device and a user terminal and it also provides a flexible domain management technology of a hierarchical structure based on domain mergence and split technologies.
  • domain management device discovery and domain mergence and split of the domain management device will be described in detail.
  • Fig. 1 is a flowchart showing a process of discovering a domain management device in accordance with an embodiment of the present invention.
  • the domain management device discovering process will be described with reference to Fig. 1.
  • step SlOl when a domain management device discovery process is initiated, a terminal transmits a discovery request message in step S102.
  • "transmit" includes broadcasting, and the transmission of the discovery request message makes it possible to discover all available domain management devices or a domain management device in charge of managing a specific domain.
  • step S103 the terminal waits for a discovery response for the discovery request message for a predetermined time.
  • step S104 discovery responses to the discovery request message are received for a predetermined time.
  • the received discovery responses are analyzed and used to decide a domain management device suitable for communication.
  • the domain management device terminates the discovery process in step S106.
  • Fig. 2 illustrates how messages are exchanged between a domain management device and a terminal to discover a domain management device in accordance with an embodiment of the present invention.
  • the messages are exchanged between a terminal 201 and a domain management device 202.
  • the terminal 201 includes a user terminal and it signifies all types of devices that can make an access to a domain in connection with the domain management device 202 through a network.
  • Examples of the terminal 201 are a personal computer, a portable multimedia player (PMP), a mobile phone, an MP3 player and the like.
  • the domain management device 202 includes devices capable to manage domains. Examples of the domain management device 202 are a server of a broadcasting or contents service provider, a home server of a home network, a gateway, a set-top box and the like.
  • the domain management device 202 may be implemented as any types of devices connected to a network if they can manage domains. Also, it includes devices connected to a network can merge and split domains.
  • the domain management device 202 can manage domains with a hierarchy.
  • the word "hierarchy" signifies that a plurality of domains are in an inclusive relationship.
  • a discovering method for domain management device of the present invention includes transmitting a discovery request message to the domain management device through a network, receiving discovery response messages to the discovery request message from the domain management device, and deciding a domain management device to be communicated with based on the discovery response message.
  • the terminal 201 transmits a discovery request message to the domain management device 202 through a network.
  • the discovery request message may include domain identifier (ID) information, a device identifier information, or a user identifier information.
  • ID domain identifier
  • the word "transmitted” includes the meaning of broadcasting, which is a transmission scheme sending out signals to many and unspecified persons.
  • the terminal 201 receives a discovery response message from the domain management device 202.
  • the discovery response message is a response to the discovery request message and it may include identifier information, location information and status information of a responding domain management device 202 or domain identifier list information managed by a domain management device 202.
  • the terminal 201 may receive a plurality of discovery response messages from a plurality of domain management devices 202. It may also receive the discovery response messages for a predetermined time. Then, the terminal 201 analyzes information included in the received discovery response messages and decides a domain management device 202 which is appropriate for communication.
  • the domain management device 202 to be communicated with is decided based on whether there are discovery request message and/or whether the responding domain management device 202 can smoothly carry out communication currently.
  • the terminal 201 and the domain management device 202 authenticate each other in step 205.
  • the terminal 201 and the domain management device 202 may exchange messages for generation of a domain.
  • Discovery request messages may be used in different cases: when all available domain management devices 202 are to be discovered, when a domain management device 202 in charge of managing a specific domain is to be discovered, or when a specific domain management device 202 is to be discovered.
  • the terminal 201 does not specify a domain identifier and transmits a discovery request message through a network.
  • the domain management device 202 receives the discovery request message and makes a response including domain management device location information and information on a domain on operation.
  • the terminal 201 receives discovery response messages from domain management devices 202 for a predetermined time. After the predetermined time passes, the terminal 201 analyzes the discovery response messages and communicates with an appropriate domain management device.
  • a case where a domain management device 202 in charge of administrating a specific domain is to be discovered will be described.
  • the terminal 201 transmits a discovery request message while specifying a domain identifier.
  • the domain management device 202 receives the discovery request message and when it can manage one or more domains specified by domain identifiers in the discovery request message, it can make a response including domain management device location information and domain information.
  • the terminal 201 receives discovery response messages from the domain management devices 202 for a predetermined time. After the predetermined time passes, the terminal 201 analyzes the received discovery response messages and communicates with an appropriate domain management device. Lastly, a case where a specific domain management device 202 is to be discovered will be described. This case may be applied to checking the status of the specific domain management device 202.
  • the terminal 201 transmits a discovery request message to the specific domain management device 202.
  • the domain management device 202 receives the discovery request message and when the domain of the specific domain management device 202 is available, it can make a response including domain management device location information and domain information.
  • the terminal 201 receives discovery response messages from the domain management devices 202, which the terminal 201 has requested for discovery, for a predetermined time. After the predetermined time passes, the terminal 201 analyzes the received discovery response messages and communicates with an appropriate domain management device 202.
  • the discovery request (DiscoveryRequest ) message includes domain identifier (DomainID) , a domain management device identifier (DevicelD) , a user identifier (UserlD) .
  • DomainID domain identifier
  • DevicelD domain management device identifier
  • UserlD user identifier
  • the domain management device 202 which has received the discovery request message makes a response only when it manages one or more domains identified by domain identifiers in the discovery request message.
  • the domain management device which has received the discovery request message makes a response when the device specified in device identifier is managed as a domain member.
  • the domain management device which has received the discovery request message makes a response when the user is managed as a domain member.
  • An example of a discovery request message structure is shown as follows.
  • the discovery response message may include domain management device identifier (DomainManagerID) information, location of the domain management device (Location) information, domain identifier list (DomainID) information managed by the domain management device, and status information of the domain management device.
  • DomainManagerID domain management device identifier
  • Location location of the domain management device
  • DomainID domain identifier list
  • a domain management device discovering apparatus of the present invention includes a communication unit and a decision unit.
  • the communication unit transmits a discovery request message to the domain management device through a network and receives a discovery response message to the discovery request message from the domain management device.
  • the decision unit decides a domain management device to be communicated with based on the discovery response message.
  • the domain management device discovering apparatus may be the terminal 201 mentioned in the description of domain discovering method of the above domain management device.
  • the discovery request message may include domain identifier information, domain management device identifier information or user identifier information.
  • the discovery response message may include domain management device identifier information, domain management device location information, domain management device status information, or domain identifier list information managed by a domain management device.
  • the communication unit exchanges mutual authentication message with a decided domain management device, and the domain management device may be a device for managing domains hierarchically.
  • discovery request messages may be used in different cases: when all available domain management devices are to be discovered, when a domain management device in charge of managing a specific domain is to be discovered, or when a specific domain management device are to be discovered. Since these are already described in the above, further description on them will not be provided herein. Also, since the discovery of a domain management device, discovery request message, and a discovery response message were described in detail in the "1. METHOD FOR DISCOVERYING DOMAIN MANAGEMENT DEVICE," they will not be described herein.
  • More than two existing domains can be merged into one new domain through a domain mergence process.
  • the domain newly created through the domain mergence process includes more than two existing domains having a hierarchical relationship with each other.
  • Fig. 3 is a flowchart describing domain mergence in accordance with an embodiment of the present invention.
  • Domains are merged through message exchange between a domain administrator device 301 and a domain management device.
  • the domain administrator device 301 has a credential for administrating domains. It includes all other devices that are connected to the domain management device through a network and capable of accessing to a domain through the network.
  • the domain administrator device 301 may include user terminals, personal computers, portable multimedia players (PMP) , mobile phones, MP3 players and the like. Also, the domain administrator device 301 may administrate a plurality of user terminals. In this case, the domain administrator device 301 represents the user terminals and takes a credential for administrating domains.
  • PMP portable multimedia players
  • the domain management device includes devices that can perform a function of managing domains. Examples of the domain management device include a server of a broadcasting or contents service provider, a home server of a home network, a gateway, and a set-top box.
  • the domain management device includes all types of devices that can manage domains through a network. It also includes devices that can merge or split domains through a network.
  • the domain management device can manage domains with a hierarchy. Herein, the word "hierarchy" signifies that a plurality of domain are in an inclusive relationship .
  • the domain management device may be provided more than two 302 and 303. As shown in Fig. 3, when there are more than two domain management devices, one is a child domain management device 302 and the other is a parent domain management device 303. When there are two domains to be merged and the two domains are managed by one domain management device, the domain administrator device 301 exchanges messages with the domain management device. When the two domains are managed by different domain management devices 302 and 303, a step of exchanging messages between the child domain management device 302 and the parent domain management device 303 is further included.
  • a domain management method of the present invention includes receiving a domain mergence request message for requesting to merge a plurality of domains from a domain administrator device 301, merging the domains based on the domain mergence request message, and transmitting a domain update message upon the domain mergence to related domain management devices in charge of managing the domains involving in the domain mergence.
  • the domain management method may further include a step of performing mutual authentication with the domain administrator device 301.
  • the domain mergence includes a case where merging a plurality of domains are merged with a hierarchy.
  • the domains include a child domain and a parent domain.
  • the domain mergence step includes: checking whether the domain administrator device 301 has a credential over a child domain based on the domain mergence request message; deciding whether a parent domain and a child domain are merged based on domain management information of the child domain; transmitting an authentication message and a child domain connection message to the parent domain management device 303 in charge of managing the parent domain; receiving the a parent domain connection message from the parent domain management device 303; and adding the parent domain to a list of parent domains.
  • the domain mergence request message may include ID information and credential information of the parent and child domains.
  • the domain management information includes connected domain information, which may include hierarchical domain information.
  • the domain mergence step includes: checking whether the domain administrator device 301 has a credential over the child domain based on a domain mergence request message; deciding whether the parent domain and the child domain are merged based on domain management information of the parent and child domains; and adding the parent domain to a list of parent domains.
  • the domain mergence request message includes ID information and credential information of the parent and child domains.
  • the domain management information includes connected domain information, which may include hierarchical domain information.
  • the two domains include one which is a child domain and the other which is a parent domain.
  • the child domain management device 302 manages the child domain
  • the parent domain management device 303 manages the parent domain.
  • step 304 the domain administrator device 301 executes mutual authentication with the child domain management device 302.
  • the domain administrator device 301 transmits a domain mergence request (AddDomainRequest ) message to the child domain management device 302 in step 305.
  • the child domain management device 302 receives the domain mergence request message and checks whether the credential over a child domain specified upon request of the domain administrator device 301 is valid. When the credential is not valid, it transmits a "PERMISSION DENIED" message, which does not allow mergence between the domains, to the domain administrator device 301.
  • the child domain management device 302 checks whether the two domains to be merged can be merged.
  • Whether the domains can be merged or not can be decided based on whether a domain cycle is formed or not. It is decided that a domain cycle can be formed when a domain to be a parent domain is already designated as one among descendant domains of a domain to be a child domain or when a domain to be a child domain is already designated as one among ancestor domains of a domain to be a parent domain.
  • checking a hierarchical structure of domains is included.
  • domain mergence cannot be executed.
  • the child domain management device 302 transmits a "UNABLE TO PROCESS" message, which signifies that a corresponding process cannot proceed, to the domain administrator device 301.
  • the child domain management device 302 requests the parent domain management device 303 for authentication and executes mutual authentication.
  • the parent domain management device 303 checks domain credential and when the authentication is successful, it transmits a "OK" message, which signifies authentication success, to the child domain management device 302. If the parent domain management device 303 fails in the authentication, it transmits a "PERMISSION DENIED" message, which signifies authentication failure, to the child domain management device 302.
  • step 307 the child domain management device 302 transmits a child domain connection (ConnectChildDomain) message to the parent domain management device 303.
  • a child domain connection ConnectChildDomain
  • the parent domain management device 303 decides whether the child domain can be merged with the parent domain based on domain management information
  • the parent domain management device 303 adds the child domain to a child domain list of the parent domain.
  • the parent domain management device 303 transmits a "PERMISSION DENIED" message, which signifies that mergence is not allowed, to the child domain management device 302.
  • the parent domain management device 303 transmits a parent domain update (UpdateParentDomain) message to a domain management device in charge of managing a grand parent domain, which is a parent domain of the parent domain.
  • the parent domain management device 303 transmits a parent domain connection (ConnectParentDomain) message to the child domain management device 302.
  • the child domain management device 302 receives the parent domain connection (ConnectParentDomain) message, and adds a parent domain to the parent domain list of the child domain. when the child domain has more than one grand child domain, the child domain management device 302 transmits a child domain update (UpdateChildDomain) message to a domain management device in charge of managing a grand child domain, which is a child domain of the child domain.
  • ConnectParentDomain parent domain connection
  • UpdateChildDomain update
  • the child domain management device 302 transmits a domain mergence result to the domain administrator device 301.
  • the domain mergence When the domain mergence is successful, it transmits an "OK" message, which signifies that the domain mergence is successful, to the domain administrator device 301. Otherwise, when the domain mergence fails, it transmits a "PERMISSION DENIED" message, which signifies domain mergence failure.
  • the two domains may have a hierarchical structure of a child domain and a parent domain.
  • the child domain management device 302 and the parent domain management device 303 of Fig. 3 are one domain management device. Therefore, only the process of exchanging messages between the child domain management device 302 and the parent domain management device 303 is omitted.
  • the domain administrator device 301 performs mutual authentication with the domain management device.
  • the domain administrator device 301 transmits a domain mergence request (AddDomainRequest ) message to the domain management device in the step 305.
  • the domain management device receives the domain mergence request message and checks whether the credential over a child domain specified upon a request of the domain administrator device 301 is valid. When the credential is invalid, it transmits a "PERMISSION DENIED" message, which signifies mergence between domains is not allowed, to the domain administrator device 301.
  • the domain management device checks the statuses of the two domains to see if the two domains can be merged.
  • Whether the domains can be merged or not can be decided based on whether a domain cycle is formed or not. It is decided that a domain cycle can be formed when a domain to be a parent domain is already designated as one among descendant domains of a domain to be a child domain or when a domain to be a child domain is already designated as one among ancestor domains of a domain to be a parent domain.
  • checking a hierarchical structure of domains is included.
  • domain mergence cannot be executed.
  • the domain management device transmits an "UNABLE TO PROCESS" message, which signifies that a corresponding process cannot proceed, to the domain administrator device 301.
  • the domain management device decides whether the child domain can be merged with the parent domain based on domain management information (DomainManagelnfo) .
  • domain management information DomainManagelnfo
  • the domain management device adds the child domain to a child domain list of the parent domain and adds the parent domain to a parent domain list of the child domain.
  • the domain management device transmits a child domain update (UpdateChildDomain) message to a domain management device in charge of managing a grand parent domain, which is a parent domain of the parent domain. Also, when the child domain has more than one grand child domain, the domain management device transmits a parent domain update (UpdateParentDomain) message to a domain management device in charge of managing a grand child domain, which is a child domain of the child domain.
  • UpdateChildDomain a child domain update
  • UpdateParentDomain parent domain update
  • the domain management device transmits a domain mergence result to the domain administrator device 301.
  • the domain mergence When the domain mergence is successful, it transmits an "OK" message, which signifies that the domain mergence is successful, to the domain administrator device 301. Otherwise, when the domain mergence fails, it transmits a "PERMISSION DENIED" message, which signifies domain mergence failure.
  • the domain management information may include a related domain information (RelatedDomainlnfo) field to structurally represent parent domains and child domains.
  • the related domain information (RelatedDomainlnfo) is information on domains connected to a corresponding domain, and it may include a parent domain information list (ParentDomainlnfoList ) , which is a list of parent domains, and a child domain information list (ChildDomainlnfoList ) .
  • the parent domain information list includes information on parent domains and it may include one or more parent domain information (ParentDomainlnfo) .
  • the child domain information list includes information on child domains, and it may include one or more child domain information (ChildDomainlnfo) .
  • An example of domain management information structure is shown below.
  • the domain mergence request (AddDomainRequest) message is a message for merging two or more domains.
  • existing domains may be merged into a new domain or merged into a child domain of an existing domain.
  • the domain mergence request (AddDomainRequest) message may include a child domain ID information (ChildDomainID) field, a child domain credential information (ChildDomainCredentials) field, a parent domain ID information (ParentDomainID) field, and a parent domain credential information (ParentDomainCredentials) field.
  • the child domain ID information (ChildDomainID) is ID information of a child domain to be merged with a parent domain
  • the child domain credential information (ChildDomainCredentials) is credential information of a child domain to be merged with a parent domain
  • the parent domain ID information (ParentDomainID) is ID information of a parent domain to be merged with a child domain
  • the parent domain credential information (ParentDomainCredentials) is credential information of a parent domain to be merged with a child domain.
  • the domain connection message is used when the domain management devices for two domains to be merged are different.
  • the domain connection message may include a child domain connection
  • the child domain connection (ConnectChildDomain) message is transmitted from the child domain management device 302 to the parent domain management device 303.
  • the parent domain connection (ConnectParentDomain) message is transmitted from the parent domain management device 303 to the child domain management device 302.
  • the child domain connection (ConnectChildDomain) message may include a child domain information
  • the child domain information includes information on a child domain to be merged, and it may include a domain identifier, a list of devices or users included in a domain, a domain validity period, domain information included in the child domain and so forth.
  • the parent domain connection (ConnectParentDomain) message may include a parent domain information ( ParentDomainlnfo) field.
  • the parent domain information (ParentDomainlnfo) includes information on a parent domain to be merged, and it may include a domain identifier, a domain key, domain authentication information, a domain validity period, maximally allowed domain update frequency information, and grand parent domain information to which the parent domain belongs.
  • the following shows an example of a parent domain connection message structure.
  • the domain update message is transmitted to a device administrating a parent domain and a child domain of a corresponding domain to update the parent domain and the child domain, when information of the domain is changed through domain mergence, domain split, device addition, device deletion, user addition or user deletion.
  • the domain update message may include a child domain update (UpdateChildDomain) message and a parent domain update (UpdateParentDomain) message.
  • the child domain update (UpdateChildDomain) message is transmitted to a child domain administration device of the domain whose information is changed.
  • the parent domain update (UpdateParentDomain) message is transmitted to a parent domain administration device of the domain whose information is changed.
  • the child domain update (UpdateChildDomain) message may include a field for child domain credential information (ChildDomainCredentials) and a field for parent domain information (ParentDomainlnfo) .
  • the child domain credential information (ChildDomainCredentials) includes child domain administrator credential information
  • the parent domain information ( ParentDomainlnfo) may include informations such as a domain identifier, a domain key, domain authentication information, a domain validity period, maximally allowed domain update frequency information, and grand parent domain information to which the parent domain belongs.
  • the following shows an example of the child domain update (UpdateChildDomain) message structure.
  • the parent domain update (UpdateParentDomain) message may include a field for parent domain credential information (ParentDomainCredentials) and a field for child domain information (ChildDomainlnfo) .
  • the parent domain credential information (ParentDomainCredentials) includes parent domain administrator credential information, and the child domain information
  • ChildDomainlnfo may include informations such as a domain identifier, a list of devices and users included in a domain, a domain validity period, and information on domains that belong to the child domain.
  • the following shows an example of the parent domain update (UpdateParentDomain) message structure.
  • the domain management device of the present invention includes a reception unit, a management unit, and a transmission unit.
  • the reception unit receives a domain mergence request message requesting to merge a plurality of domains from a domain administrator device 301.
  • the management unit merges the domains based on the domain mergence request message.
  • the transmission unit transmits a domain update message to related domain management devices in charge of managing domains involving in the domain mergence.
  • the management unit can perform mutual authentication with the domain administrator device 301.
  • the domain mergence includes merging a plurality of domains with a hierarchy.
  • the domains include a child domain and a parent domain.
  • the management unit checks whether the domain administrator device 301 has a credential over the child domain based on the domain mergence request message, analyzes domain management information of the child domain to thereby decide whether the child domain is merged with the parent domain, and adds the parent domain to the parent domain list .
  • the transmission unit transmits an authentication message and a child domain connection message to the parent domain management device 303 in charge of managing the parent domain.
  • the reception unit receives the parent domain connection message from the parent domain management device 303.
  • the domain mergence request message includes ID information and credential information of the child domain and the parent domain.
  • the domain management information includes connected domain information, which may include hierarchical domain information.
  • the domains include a child domain and a parent domain.
  • the management unit checks whether the domain administrator device 301 has a credential over the child domain based on the domain mergence request message, analyzes domain management informations of the child domain and the parent domain to thereby decide whether the child domain is merged with the parent domain, and adds the parent domain to the parent domain list.
  • the domain mergence request message includes ID information and credential information of the parent and child domains.
  • the domain management information includes connected domain information, which may include hierarchical domain information.
  • the domain management method of the present invention includes transmitting a domain mergence request message for requesting to merge a plurality of domains to a domain management device; merging the domains based on the domain mergence request message; and receiving a result of transmitting a domain update message to related domain management devices in charge of managing domains involving in the domain mergence upon the domain mergence from the domain management device.
  • the domain administration method of the domain administrator device 301 may further include performing mutual authentication with the domain management device.
  • the domain mergence may include hierarchically merging a plurality of domains.
  • the domains include a child domain and a parent domain.
  • the domain mergence is performed by checking whether the domain administrator device 301 has a credential over the child domain based on the domain mergence request message; deciding whether the parent domain and the child domain are merged based on domain management information of the child domain; adding the parent domain to a parent domain list; transmitting an authentication message and a child domain connection message from the domain management device 302 to the parent domain management device 303 in charge of managing the parent domain; and receiving a parent domain connection message in the domain management device 302 from the parent domain management device 303.
  • the domain mergence request message may include ID information and credential information of the parent and child domains.
  • the domain management information includes connected domain information, which may include hierarchical domain information.
  • the domains include a child domain and a parent domain.
  • the domain mergence is performed by checking whether the domain administrator device 301 has a credential over the child domain based on a domain mergence request message; deciding whether the parent domain and the child domain are merged based on domain management information of the parent and child domains; and adding the parent domain to a list of parent domains.
  • the domain mergence request message includes ID information and credential information of the parent and child domains.
  • the domain management information includes connected domain information, which may include hierarchical domain information.
  • the domain administrator device 301 of the present invention includes a transmission unit and a reception unit.
  • the transmission unit transmits a domain mergence request message for requesting to merge a plurality of domains to a domain management device.
  • the reception unit merges a plurality of domains based on the domain mer ⁇ jence request message, and receives a result of transmitting a domain update message to related domain management devices in charge of managing domains involving in the domain mergence upon the domain mergence from the domain management device.
  • the domain administrator device 301 can perform mutual authentication with the domain management device.
  • the domain mergence includes merging a plurality of domains with a hierarchy.
  • the domains include a child domain and a parent domain.
  • the domain mergence is performed by checking whether the domain administrator device 301 has a credential over the child domain based on the domain mergence request message; deciding whether the parent domain and the child domain are merged based on domain management information of the child domain; adding the parent domain to a parent domain list; transmitting an authentication message and a child domain connection message from the domain management device 302 to the parent domain management device 303 in charge of managing the parent domain; and receiving the parent domain connection message in the domain management device 302 from the parent domain management device 303.
  • the domain mergence request message includes ID information and credential information of the parent and child domains.
  • the domain management information includes connected domain information, which may include hierarchical domain information.
  • the domains include a child domain and a parent domain.
  • the domain mergence is performed by checking whether the domain administrator device 301 has a credential over the child domain based on a domain mergence request message; deciding whether the parent domain and the child domain are merged based on domain management information of the parent and child domains; and adding the parent domain to a list of parent domains.
  • the domain mergence request message includes ID information and credential information of the parent and child domains.
  • the domain management information includes connected domain information, which may include hierarchical domain information.
  • Domain split divides one existing domain into two or more domains .
  • Fig. 4 is a flowchart describing domain split in accordance with an embodiment of the present invention.
  • Domain split is carried out through message exchange between a domain administrator device 401 and a domain management device.
  • the domain administrator device 401 has a credential for administrating domains and it includes all devices connected to the domain management device through a network and capable of accessing to a domain.
  • the domain administrator device 401 may include user terminals, personal computers, portable multimedia players (PMP), mobile phones, MP3 players and the like. Also, the domain administrator device 401 may administrate a plurality of user terminals. In this case, the domain administrator device 401 represents the user terminals and takes a credential for administrating domains .
  • the domain management device includes devices that can perform a function of managing domains. Examples of the domain management device include a server of a broadcasting or contents service provider, a home server of a home network, a gateway, and a set-top box.
  • the domain management device includes all types of devices that can manage domains through a network. It also includes devices that can merge or split domains through a network.
  • the domain management device can manage domains with a hierarchy. Herein, the word "hierarchy" signifies that a plurality of domain are in an inclusive relationship.
  • the domain management device may be provided more than two 402 and 403. As shown in Fig.
  • first domain management device 402 which may be referred to as a child domain management device
  • second domain management device 403 which may be referred to as a parent domain management device.
  • the domain administrator device 401 exchanges messages with the domain management device.
  • a step of exchanging messages between the first domain management device 402 and the second domain management device 403 is further included.
  • a domain management method and apparatus for splitting domains and a domain administration method and apparatus will be described in accordance with embodiments of the present invention.
  • a domain management method of the present invention includes receiving a domain split request message for requesting to split a plurality of domains from a domain administrator device 401, splitting the domains based on the domain split request message, and transmitting a domain update message upon the domain split to related domain management devices in charge of managing the domains involving in the domain split.
  • the domain management method may further include a step of performing mutual authentication with the domain administrator device 401.
  • the domains are connected with each other hierarchically, and the domain administrator device 401 can administrate a plurality of domains.
  • the domain split step includes: checking whether the domain administrator device 401 has a credential over a child domain based on the domain mergence request message; transmitting an authentication message and a domain split message to the parent domain management device 403 in charge of managing the parent domain; and deleting the parent domain from a list of parent domains.
  • the domain split request message may include ID information and credential information of the parent and child domains.
  • the domains include a child domain and a parent domain.
  • the domain split step includes: checking whether the domain administrator device 401 has a credential over the child domain based on a domain mergence request message; and deleting the parent domain from a list of parent domains.
  • the domain split request message includes ID information and credential information of the parent and child domains.
  • Two domains to be splitted include one which is a child domain and the other which is a parent domain of the child domain.
  • the child domain management device 402 manages the child domain
  • the parent domain management device 403 manages the parent domain.
  • the child domain and the parent domain are administrated by the domain administrator device 401.
  • step 404 the domain administrator device 401 executes mutual authentication with the child domain management device 402.
  • the domain administrator device 401 transmits a domain split request (LeaveDomainRequest ) message to the child domain management device 402 in step 405.
  • the child domain management device 402 receives the domain split request message and checks whether the credential over a child domain is valid. When the credential is not valid, it transmits a "PERMISSION DENIED" message, which does not allow domain mergence, to the domain administrator device 401.
  • the child domain management device 402 requests the parent domain management device 403 for authentication and performs mutual authentication in step 406.
  • the parent domain management device 403 checks the credential over the domain. When the authentication is successful, the parent domain management device 403 transmits an "OK" message, which signifies successful authentication, to the child domain management device 402, When the parent domain management device 403 fails in the authentication, it transmits a "PERMISSION DENIED" message, which signifies authentication failure, to the child domain management device 402.
  • the child domain management device 402 transmits a domain split ( DisconnectDomain) message to the parent domain management device 403 in step 307.
  • the parent domain management device 403 deletes the child domain from a child domain list of the parent domain.
  • the parent domain management device 403 transmits a parent domain update (UpdateParentDomain) message to a related domain management device in charge of managing a parent domain of the parent domain.
  • the parent domain management device 403 completes the domain split, -it transmits an "OK" message, which signifies confirmation of domain split, to the child domain management device 402.
  • the child domain management device 402 deletes the parent domain from a parent domain list of the child domain.
  • the child domain management device 402 transmits a child domain update (UpdateChildDomain) message to a related domain management device in charge of managing a grand child domain, which is a child domain of the child domain.
  • UpdateChildDomain UpdateChildDomain
  • the child domain management device 402 transmits a domain split result to the domain administrator device 401.
  • the domain split is successful, it transmits an "OK" message, which signifies successful domain split, to the domain administrator device 401.
  • the domain split fails, it transmits a "PERMISSION DENIED" message, which signifies domain split failure.
  • the child domain management device 402 and the parent domain management device 403 of Fig. 4 are one domain management device. Therefore, only the process of exchanging messages between the child domain management device 402 and the parent domain management device 403 is omitted.
  • the child domain and the parent domain are administrated by the domain administrator device 401.
  • the domain administrator device 401 performs mutual authentication with the domain management device.
  • the domain administrator device 401 transmits a domain split request message to the domain management device in the step 405.
  • the domain management device receives the domain split request message and checks whether the credential over a child domain specified upon a request of the domain administrator device 401 is valid. When the credential is invalid, it transmits a "PERMISSION DENIED" message, which signifies split between domains is not allowed, to the domain administrator device 401.
  • the domain management device When the domain mergence is available, the domain management device deletes the child domain from a child domain list of the parent domain and deletes the parent domain from a parent domain list of the child domain.
  • the domain management device transmits a parent domain update (UpdateParentDomain) message to a related domain management device in charge of managing a grand parent domain, which is a parent domain of the parent domain. Also, when the child domain has more than one grand child domain, the domain management device transmits a child domain update (UpdateChildDomain) message to a related domain management device in charge of managing a grand child domain, which is a child domain of the child domain.
  • a parent domain update (UpdateParentDomain) message
  • a related domain management device in charge of managing a grand parent domain, which is a parent domain of the parent domain.
  • UpdateChildDomain UpdateChildDomain
  • the domain management device transmits a domain split result to the domain administrator device 401.
  • the domain split When the domain split is successful, it transmits an "OK" message, which signifies that the domain split is successful, to the domain administrator device 401. Otherwise, when the domain split fails, it transmits a "PERMISSION DENIED" message, which signifies domain split failure.
  • the domain split request (LeaveDomainRequest ) message includes information on a child domain to be splitted from the parent domain.
  • the domain split message may include a field for child domain identifier
  • the child domain identifier is ID information of the child domain to be splitted from the parent domain, and the child domain credential information is credential information of the child domain to be splitted from the parent domain.
  • the parent domain identifier is ID information of the parent domain, which is a split target, and the parent domain credential information is credential information of the parent domain, which is the split target. The following shows an example of the domain split request message structure.
  • the child domain management device 402 transmits a domain split ( DisconnectDomain) message to the parent domain management device 403.
  • the following shows an example of the domain split message structure.
  • the domain management device of the present invention includes a reception unit, a management unit, and a transmission unit.
  • the reception unit receives a domain split request message requesting to split a domain from a domain administrator device 401.
  • the management unit splits the domains based on the domain split request message.
  • the transmission unit transmits a domain update message to related domain management devices in charge of managing domains obtained from the domain split.
  • the management unit can perform mutual authentication with the domain administrator device 401.
  • the domains obtained from the domain split are connected to each other with a hierarchy, and the domain administrator device 401 may administrate a plurality of domains.
  • the domains include a child domain and a parent domain.
  • the management unit checks whether the domain administrator device 401 has a credential over the child domain based on the domain mergence request message, and deletes the parent domain from a parent domain list.
  • the transmission unit transmits an authentication message and a domain split message to the parent domain management device 403 in charge of managing the parent domain.
  • the reception unit receives the parent domain connection message from the parent domain management device 303.
  • the domain split request message may include ID information and credential information of the child domain and the parent domain.
  • the domains include a child domain and a parent domain.
  • the management unit checks whether the domain administrator device 401 has a credential over the child domain based on the domain mergence request message, and deletes the parent domain from the parent domain list.
  • the domain split request message includes ID information and credential information of the parent and child domains. Since the domain management device of the present invention was described in the above description on the domain management method, detailed description on it will not be provided herein.
  • the domain management method of the present invention includes transmitting a domain split request message for requesting to split a domain to a domain management device; splitting the domain based on the domain split request message; and receiving from the domain management device a result of transmitting a domain update message to related domain management devices in charge of managing domains related to the splitted domains upon the domain split.
  • the domain administration method may further include performing mutual authentication with the domain management device.
  • the domains are connected to each other with a hierarchy and the domain administrator device 401 may administrate a plurality of domains.
  • the domains include a child domain and a parent domain.
  • the domain split is performed by checking whether the domain administrator device 401 has a credential over the child domain based on the domain split request message; transmitting an authentication message and a domain split message from the domain management device 402 to the parent domain management device 403 in charge of managing the parent domain; and deleting the parent domain from a parent domain list.
  • the domain split request message may include ID information and credential information of the parent and child domains.
  • the domains When a plurality of domains are managed by one domain management device, the domains include a child domain and a parent domain.
  • the domain split is performed by checking whether the domain administrator device 401 has a credential over the child domain based on a domain split request message; and deleting the parent domain from a list of parent domains.
  • the domain split request message includes ID information and credential information of the parent and child domains.
  • the domain administrator device 401 of the present invention includes a transmission unit and a reception unit .
  • the transmission unit transmits a domain split request message for requesting to split a domain to a domain management device.
  • the reception unit splits the domain based on the domain split request message, and receives a result of transmitting a domain update message to a related domain management device in charge of managing a domain involving in the domain split upon the domain split from the domain management device.
  • the domain administrator device 401 can perform mutual authentication with the domain management device.
  • the domains obtained from the domain split are connected to each other with a hierarchy, and the domain administrator device 401 can administrate a plurality of domains .
  • the domains include a child domain and a parent domain.
  • the domain split is performed by checking whether the domain administrator device 401 has a credential over the child domain based on the domain split request message; transmitting an authentication message and a domain split message from the domain management device 402 to the parent domain management device 403 in charge of managing the parent domain; and deleting the parent domain from a parent list.
  • the domain split request message includes ID information and credential information of the parent and child domains.
  • the technology of the present invention can efficiently discover, administrate, and manage domains, and it can be applied to a digital contents providing service .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

Disclosed are methods and apparatuses for domain discovery, management and administration. More particularly, this research discloses a domain discovering method and apparatus, and a domain management and administration method and apparatus for supporting mergence and split of domains. The method for discovering a domain management device includes: transmitting a discovery request message to a domain management device through a network; receiving a discovery response message to the discovery request message from the domain management device; and deciding a domain management device to be communicated with based on the discovery response message.

Description

DESCRIPTION
DOMAIN DISCOVERY, MANAGEMENT AND ADMINISTRATION METHOD AND
APPARATUS THEREOF
TECHNICAL FIELD
The present invention relates to a domain discovery, management and administration method and apparatus; and, more particularly, to a domain discovering method and apparatus, and a domain management and administration method and apparatus supporting mergence and split of domains.
This work was supported by the IT R&D program of MIC/IITA [2007-S-003-01, "Development of Protection Technology for Terrestrial DTV Program"].
BACKGROUND ART
Domain signifies a series of devices or a group of users sharing membership within a family or company. Domain technology denotes technology for representing and managing such domains. With the domain technology, it is possible to manage a group of people or devices sharing access credential.
As the Internet is popularly used and digital contents such as pictures, music, and moving pictures are freely distributed, the problems of illegal copy and unauthorized use of the digital contents emerge from behind the clouds. To cope with such problems, a concept of Digital Rights Management (DRM) was introduced. Digital rights management is a technology or service for protecting copyrights of digital contents. At the beginning, the technology or service was used for preventing pay contents such as digital music, moving picture and electric book from being illegally copied. Recently, it is used to protect diverse kinds of digital contents, such as mobile contents, corporate confidential documents, and digital broadcasting. At present, digital rights management technology has expanded its area into collectively providing such diverse services as production, management and distribution of contents, charging fee, and settling payment. As societies rapidly advance into information age and digital industry develops, the product values of digital contents increase and more significance is put on the management and administration of digital contents. Also, as digital convergence is applied to all industrial fields, the digital rights management is also combined with diverse communication networks such as the Internet, wireless network, and satellite network, or home appliances and communication devices and develops in complex forms. Domain technology may take significant part of the digital rights management technology. Domain technology may help efficiently administrate licensing of digital contents, which makes the management easy and flexible, and it may provide effective digital content distribution methods .
A conventional technology reveals a method of generating a domain between a domain management device and a user terminal and managing the domain to manage users and user terminals. However, the conventional technology has a shortcoming that it cannot effectively discover a domain and effectively manage a plurality of domains .
DISCLOStJRE TECHNICAL PROBLEM
An embodiment of the present invention is directed to providing a method and apparatus for effectively discovering a domain and effectively managing a plurality of domains. To be specific, it provides an effective method for merging and splitting domains between domain management devices and user terminals.
Other objects and advantages of the present invention can be understood by the following description, and become apparent with reference to the embodiments of the present invention. Also, it is obvious to those skilled in the art of the present invention that the objects and advantages of the present invention can be realized by the means as claimed and combinations thereof.
TECHNICAL SOLUTION
In accordance with an aspect of the present invention, there is provided a method for discovering a domain management device, which includes: transmitting a discovery request message to a domain management device through a network; receiving a discovery response message to the discovery request message from the domain management device; and deciding a domain management device to be communicated with based on the discovery response message.
In accordance with another aspect of the present invention, there is provided an apparatus for discovering a domain management device, which includes: a communication unit for transmitting a discovery request message to a domain management device through a network and receiving a discovery response message to the discovery request message from the domaxn management device; and a domain management device deciding unit for deciding a domain management device to be communicated with based on the discovery response message.
In accordance with another aspect of the present invention, there is provided a method for managing domains, which includes: receiving a domain mergence request message for requesting to merge a plurality of domains from a domain administrator device; merging the domains based on the domain mergence request message; and transmitting a domain update message to related domain management devices in charge of managing domains involving in the domain mergence upon the domain mergence.
In accordance with another aspect of the present invention, there is provided a domain management device, which includes: a reception unit for receiving a domain mergence request message for requesting to merge a plurality of domains from a domain administrator device; a management unit for merging the domains based on the domain mergence request message; and a transmission unit for, upon the domain mergence, transmitting a domain update message to related domain management devices in charge of managing domains involving in the domain mergence .
In accordance with another aspect of the present invention, there is provided a domain administration method of a domain administrator device, which includes: transmitting a domain mergence request message for requesting to merge a plurality of domains to a domain management device; and merging the domains based on the domain mergence request message, and receiving a result of transmitting a domain update message to related domain management devices in charge of managing domains involving in the domain mergence upon the domain mergence from the domain management device.
In accordance with another aspect of the present invention, there is provided a domain administrator device, which includes: a transmission unit for transmitting a domain mergence request message for requesting to merge a plurality of domains to a domain management device; and a reception unit for merging the domains based on the domain mergence request message, and receiving a result of transmitting a domain update message to related domain management devices in charge of managing domains involving in the domain mergence upon the domain mergence from the domain management device.
In accordance with another aspect of the present invention, there is provided a method for managing domains, which includes: receiving a domain split request message for requesting to split a domain from a domain administrator device; and splitting the domain based on the domain split request message; and transmitting a domain update message to a related domain management device in charge of managing a domain obtained from the domain split upon the domain split.
In accordance with another aspect of the present invention, there is provided a domain management device, which includes: a reception unit for receiving a domain split request message for requesting to split a domain from a domain administrator device; and a management unit for splitting the domain based on the domain split request message; and a transmission unit for transmitting a domain update message to a related domain management device in charge of managing a domain obtained from the domain split upon the domain split.
In accordance with another aspect of the present invention, there is provided a method for administrating domains, which includes: transmitting a domain split request message for requesting to split a domain to a domain management device; and splitting the domain based on the domain split request message; and receiving a result of transmitting a domain update message to a related domain management device in charge of managing a domain involving in the domain split from the domain management device upon the domain split.
In accordance with another aspect of the present invention, there is provided a domain administrator device, which includes: a transmission unit for transmitting a domain split request message for requesting to split a domain to a domain management device; and a reception unit for splitting the domain based on the domain split request message and receiving a result of transmitting a domain update message to a related domain management device in charge of managing a domain involving in the domain split from the domain management device upon the domain split.
The advantages, features and aspects of the invention will become apparent from the following description of the embodiments with reference to the accompanying drawings, which is set forth hereinafter. Also, when it is considered that detailed description on a related art may obscure a point of the present invention, the description will not be provided herein. Hereinafter, specific embodiments of the present invention will be described in detail with reference to the accompanying drawings.
ADVANTAGEOUS EFFECTS
The present invention can effectively discover a domain and effectively manage a plurality of domains. To be specific, it can effectively merge or split domains between domain management devices and user terminals.
BRIEF DESCRIPTION OF THE DRAWINGS
Fig. 1 is a flowchart showing a process of discovering a domain management device in accordance with an embodiment of the present invention. Fig. 2 illustrates how messages are exchanged between a domain management device and a user terminal for discovering a domain management device in accordance with an embodiment of the present invention.
Fig. 3 is a flowchart describing domain mergence in accordance with an embodiment of the present invention. Fig. 4 is a flowchart describing domain split in accordance with an embodiment of the present invention.
BEST MODE FOR THE INVENTION Following description exemplifies only the principles of the present invention. Even if they are not described or illustrated clearly in the present specification, one of ordinary skill in the art can embody the principles of the present invention and invent various apparatuses within the concept and scope of the present invention. The use of the conditional terms and embodiments presented in the present specification are intended only to make the concept of the present invention understood, and they are not limited to the embodiments and conditions mentioned in the specification. Also, all the detailed description on the principles, viewpoints and embodiments and particular embodiments of the present invention should be understood to include structural and functional equivalents to them. The equivalents include not only currently known equivalents but also those to be developed in future, that is, all devices invented to perform the same function, regardless of their structures.
For example, block diagrams of the present invention should be understood to show a conceptual viewpoint of an exemplary circuit that embodies the principles of the present invention. Similarly, all the flowcharts, state conversion diagrams, pseudo codes and the like can be expressed substantially in a computer-readable media, and whether or not a computer or a processor is described distinctively, they should be understood to express various processes operated by a computer or a processor.
Functions of various devices illustrated in the drawings including a functional block expressed as a processor or a similar concept can be provided not only by using hardware dedicated to the functions, but also by using hardware capable of running proper software for the functions. When a function is provided by a processor, the function may be provided by a single dedicated processor, single shared processor, or a plurality of individual processors, part of which can be shared.
The apparent use of a term, 'processor' , 'control' or similar concept, should not be understood to exclusively refer to a piece of hardware capable of running software, but should be understood to include a digital signal processor (DSP) , hardware, and ROM, RAM and non-volatile memory for storing software, implicatively . Other known and commonly used hardware may be included therein, too. In the claims of the present specification, an element expressed as a means for performing a function described in the detailed description is intended to include all methods for performing the function including all formats of software, such as combinations of circuits for performing the intended function, firmware/microcode and the like.
To perform the intended function, the element is cooperated with a proper circuit for performing the software. The present invention defined by claims includes diverse means for performing particular functions, and the means are connected with each other in a method requested in the claims. Therefore, any means that can provide the function should be understood to be an equivalent to what is figured out from the present specification.
The advantages, features and aspects of the invention will become apparent from the following description of the embodiments with reference to the accompanying drawings, which is set forth hereinafter. Also, when it is considered that detailed description on a related art may obscure a point of the present invention, the description will not be provided herein. Hereinafter, specific embodiments of the present invention will be described in detail with reference to the accompanying drawings .
The present invention provides messages and protocol in support of a domain management device discovery function and domain mergence and split functions of a domain management device. Particularly, the present invention provides an effective domain management technology used between a domain management device and a user terminal and it also provides a flexible domain management technology of a hierarchical structure based on domain mergence and split technologies. Hereinafter, domain management device discovery and domain mergence and split of the domain management device will be described in detail.
<METHOD FOR DISCOVERING DOMAIN MANAGEMENT DEVICE> Fig. 1 is a flowchart showing a process of discovering a domain management device in accordance with an embodiment of the present invention. The domain management device discovering process will be described with reference to Fig. 1. In step SlOl, when a domain management device discovery process is initiated, a terminal transmits a discovery request message in step S102. Herein, "transmit" includes broadcasting, and the transmission of the discovery request message makes it possible to discover all available domain management devices or a domain management device in charge of managing a specific domain. In step S103, the terminal waits for a discovery response for the discovery request message for a predetermined time. In step S104, discovery responses to the discovery request message are received for a predetermined time. The received discovery responses are analyzed and used to decide a domain management device suitable for communication. When the predetermined time passes in step S105, the domain management device terminates the discovery process in step S106. Hereinafter, a method and apparatus for discovering a domain management device will be described.
1. METHOD FOR DISCOVERYING DOMAIN MANAGEMENT DEVICE
Fig. 2 illustrates how messages are exchanged between a domain management device and a terminal to discover a domain management device in accordance with an embodiment of the present invention. The messages are exchanged between a terminal 201 and a domain management device 202.
The terminal 201 includes a user terminal and it signifies all types of devices that can make an access to a domain in connection with the domain management device 202 through a network. Examples of the terminal 201 are a personal computer, a portable multimedia player (PMP), a mobile phone, an MP3 player and the like.
The domain management device 202 includes devices capable to manage domains. Examples of the domain management device 202 are a server of a broadcasting or contents service provider, a home server of a home network, a gateway, a set-top box and the like. The domain management device 202 may be implemented as any types of devices connected to a network if they can manage domains. Also, it includes devices connected to a network can merge and split domains. The domain management device 202 can manage domains with a hierarchy. Herein, the word "hierarchy" signifies that a plurality of domains are in an inclusive relationship. A discovering method for domain management device of the present invention includes transmitting a discovery request message to the domain management device through a network, receiving discovery response messages to the discovery request message from the domain management device, and deciding a domain management device to be communicated with based on the discovery response message.
In step 203, the terminal 201 transmits a discovery request message to the domain management device 202 through a network. The discovery request message may include domain identifier (ID) information, a device identifier information, or a user identifier information. The word "transmitted" includes the meaning of broadcasting, which is a transmission scheme sending out signals to many and unspecified persons.
In step 204, the terminal 201 receives a discovery response message from the domain management device 202. The discovery response message is a response to the discovery request message and it may include identifier information, location information and status information of a responding domain management device 202 or domain identifier list information managed by a domain management device 202. The terminal 201 may receive a plurality of discovery response messages from a plurality of domain management devices 202. It may also receive the discovery response messages for a predetermined time. Then, the terminal 201 analyzes information included in the received discovery response messages and decides a domain management device 202 which is appropriate for communication. The domain management device 202 to be communicated with is decided based on whether there are discovery request message and/or whether the responding domain management device 202 can smoothly carry out communication currently. When the domain management device 202 to be communicated with is decided, the terminal 201 and the domain management device 202 authenticate each other in step 205. Herein, the terminal 201 and the domain management device 202 may exchange messages for generation of a domain.
Discovery request messages may be used in different cases: when all available domain management devices 202 are to be discovered, when a domain management device 202 in charge of managing a specific domain is to be discovered, or when a specific domain management device 202 is to be discovered.
First, a case where all available domain management devices 202 are to be discovered will be described. The terminal 201 does not specify a domain identifier and transmits a discovery request message through a network. The domain management device 202 receives the discovery request message and makes a response including domain management device location information and information on a domain on operation. The terminal 201 receives discovery response messages from domain management devices 202 for a predetermined time. After the predetermined time passes, the terminal 201 analyzes the discovery response messages and communicates with an appropriate domain management device. Next, a case where a domain management device 202 in charge of administrating a specific domain is to be discovered will be described. The terminal 201 transmits a discovery request message while specifying a domain identifier. The domain management device 202 receives the discovery request message and when it can manage one or more domains specified by domain identifiers in the discovery request message, it can make a response including domain management device location information and domain information. The terminal 201 receives discovery response messages from the domain management devices 202 for a predetermined time. After the predetermined time passes, the terminal 201 analyzes the received discovery response messages and communicates with an appropriate domain management device. Lastly, a case where a specific domain management device 202 is to be discovered will be described. This case may be applied to checking the status of the specific domain management device 202. The terminal 201 transmits a discovery request message to the specific domain management device 202. The domain management device 202 receives the discovery request message and when the domain of the specific domain management device 202 is available, it can make a response including domain management device location information and domain information. The terminal 201 receives discovery response messages from the domain management devices 202, which the terminal 201 has requested for discovery, for a predetermined time. After the predetermined time passes, the terminal 201 analyzes the received discovery response messages and communicates with an appropriate domain management device 202.
Hereinafter, a discovery request message and a discovery response message will be described. The discovery request (DiscoveryRequest ) message includes domain identifier (DomainID) , a domain management device identifier (DevicelD) , a user identifier (UserlD) . When the field of the domain identifier is not null, the domain management device 202 which has received the discovery request message makes a response only when it manages one or more domains identified by domain identifiers in the discovery request message. When the field of the device identifier is not null, the domain management device which has received the discovery request message makes a response when the device specified in device identifier is managed as a domain member. When the field of the user identifier is not null, the domain management device which has received the discovery request message makes a response when the user is managed as a domain member. An example of a discovery request message structure is shown as follows.
<element name="DiscoveryRequest" type="dmp- msdpχ:DiscoveryRequestType"/> <complexType name="DiscoveryRequestType">
<comp 1 exCont ent>
<extension base="msdp:DomainProtocolType">
<sequence minθccurs="θ" maxOccurs="unbounded">
<element name="Condition"> <comp 1 exType>
<choice minθccurs="θ" maxθccurs=" unbounded ">
<element ref="msd:DomainID"/>
<element ref="msd: Device ID" />
<element ref="msd:UserID"/> </choice>
</complexType>
</element>
</sequence>
</extension> </complexContent>
</complexType>
The discovery response message may include domain management device identifier (DomainManagerID) information, location of the domain management device (Location) information, domain identifier list (DomainID) information managed by the domain management device, and status information of the domain management device.
An example of a discovery response message structure is shown as follows. <element name="DiscoveryResponse" type="dmp-msdpx: DiscoveryResponseType"/>
<complexType name="DiscoveryResponseType"> <complexContent>
<extension base="rasdp: DomainProtocolType">
<sequence>
<element name="DomainManagerID" type="msd: DeviceID"/>
<element name="Location" type="anyURI" minOccurs="0"/> <element ref="msd: DomainID" maxOccurs="unbounded"/>
<attribute ref="msd: DomainID" maxOccurs="unbounded"/>
</sequence>
<attribute name="status" type="string" use="optional"/>
</extension> </complexContent>
</complexType>
2. APPARATUS FOR DISCOVERING DOMAIN MANAGEMENT DEVICE A domain management device discovering apparatus of the present invention includes a communication unit and a decision unit. The communication unit transmits a discovery request message to the domain management device through a network and receives a discovery response message to the discovery request message from the domain management device. The decision unit decides a domain management device to be communicated with based on the discovery response message. Herein, the domain management device discovering apparatus may be the terminal 201 mentioned in the description of domain discovering method of the above domain management device.
The discovery request message may include domain identifier information, domain management device identifier information or user identifier information.
The discovery response message may include domain management device identifier information, domain management device location information, domain management device status information, or domain identifier list information managed by a domain management device. The communication unit exchanges mutual authentication message with a decided domain management device, and the domain management device may be a device for managing domains hierarchically. discovery request messages may be used in different cases: when all available domain management devices are to be discovered, when a domain management device in charge of managing a specific domain is to be discovered, or when a specific domain management device are to be discovered. Since these are already described in the above, further description on them will not be provided herein. Also, since the discovery of a domain management device, discovery request message, and a discovery response message were described in detail in the "1. METHOD FOR DISCOVERYING DOMAIN MANAGEMENT DEVICE," they will not be described herein.
<MERGENCE OF DOMAINS>
More than two existing domains can be merged into one new domain through a domain mergence process. Herein, the domain newly created through the domain mergence process includes more than two existing domains having a hierarchical relationship with each other.
Fig. 3 is a flowchart describing domain mergence in accordance with an embodiment of the present invention. Domains are merged through message exchange between a domain administrator device 301 and a domain management device. The domain administrator device 301 has a credential for administrating domains. It includes all other devices that are connected to the domain management device through a network and capable of accessing to a domain through the network. The domain administrator device 301 may include user terminals, personal computers, portable multimedia players (PMP) , mobile phones, MP3 players and the like. Also, the domain administrator device 301 may administrate a plurality of user terminals. In this case, the domain administrator device 301 represents the user terminals and takes a credential for administrating domains.
The domain management device includes devices that can perform a function of managing domains. Examples of the domain management device include a server of a broadcasting or contents service provider, a home server of a home network, a gateway, and a set-top box. The domain management device includes all types of devices that can manage domains through a network. It also includes devices that can merge or split domains through a network. The domain management device can manage domains with a hierarchy. Herein, the word "hierarchy" signifies that a plurality of domain are in an inclusive relationship .
The domain management device may be provided more than two 302 and 303. As shown in Fig. 3, when there are more than two domain management devices, one is a child domain management device 302 and the other is a parent domain management device 303. When there are two domains to be merged and the two domains are managed by one domain management device, the domain administrator device 301 exchanges messages with the domain management device. When the two domains are managed by different domain management devices 302 and 303, a step of exchanging messages between the child domain management device 302 and the parent domain management device 303 is further included.
Hereinafter, a domain management method and apparatus for merging domains and a domain administration method and apparatus will be described in accordance with embodiments of the present invention.
1. DOMAIN MANAGEMENT METHOD WHEN DOMAINS ARE MERGrED
A domain management method of the present invention includes receiving a domain mergence request message for requesting to merge a plurality of domains from a domain administrator device 301, merging the domains based on the domain mergence request message, and transmitting a domain update message upon the domain mergence to related domain management devices in charge of managing the domains involving in the domain mergence.
The domain management method may further include a step of performing mutual authentication with the domain administrator device 301. Herein, the domain mergence includes a case where merging a plurality of domains are merged with a hierarchy. The domains include a child domain and a parent domain.
When a plurality of domains are managed by different domain management devices 301 and 302, the domain mergence step includes: checking whether the domain administrator device 301 has a credential over a child domain based on the domain mergence request message; deciding whether a parent domain and a child domain are merged based on domain management information of the child domain; transmitting an authentication message and a child domain connection message to the parent domain management device 303 in charge of managing the parent domain; receiving the a parent domain connection message from the parent domain management device 303; and adding the parent domain to a list of parent domains. The domain mergence request message may include ID information and credential information of the parent and child domains. The domain management information includes connected domain information, which may include hierarchical domain information.
When a plurality of domains are managed by one domain management device, the domain mergence step includes: checking whether the domain administrator device 301 has a credential over the child domain based on a domain mergence request message; deciding whether the parent domain and the child domain are merged based on domain management information of the parent and child domains; and adding the parent domain to a list of parent domains. The domain mergence request message includes ID information and credential information of the parent and child domains. The domain management information includes connected domain information, which may include hierarchical domain information. Hereinafter, detailed description will be provided.
First, a case where two domains to be merged with each other are managed by different domain management devices will be described. The two domains include one which is a child domain and the other which is a parent domain. In this case, the child domain management device 302 manages the child domain, and the parent domain management device 303 manages the parent domain.
In step 304, the domain administrator device 301 executes mutual authentication with the child domain management device 302. When the mutual authentication is completed, the domain administrator device 301 transmits a domain mergence request (AddDomainRequest ) message to the child domain management device 302 in step 305. The child domain management device 302 receives the domain mergence request message and checks whether the credential over a child domain specified upon request of the domain administrator device 301 is valid. When the credential is not valid, it transmits a "PERMISSION DENIED" message, which does not allow mergence between the domains, to the domain administrator device 301. The child domain management device 302 checks whether the two domains to be merged can be merged. Whether the domains can be merged or not can be decided based on whether a domain cycle is formed or not. It is decided that a domain cycle can be formed when a domain to be a parent domain is already designated as one among descendant domains of a domain to be a child domain or when a domain to be a child domain is already designated as one among ancestor domains of a domain to be a parent domain. Herein, checking a hierarchical structure of domains is included. When a domain cycle is formed, domain mergence cannot be executed. Thus, when a domain cycle is formed, the child domain management device 302 transmits a "UNABLE TO PROCESS" message, which signifies that a corresponding process cannot proceed, to the domain administrator device 301.
In step 306, the child domain management device 302 requests the parent domain management device 303 for authentication and executes mutual authentication. The parent domain management device 303 checks domain credential and when the authentication is successful, it transmits a "OK" message, which signifies authentication success, to the child domain management device 302. If the parent domain management device 303 fails in the authentication, it transmits a "PERMISSION DENIED" message, which signifies authentication failure, to the child domain management device 302.
In step 307, the child domain management device 302 transmits a child domain connection (ConnectChildDomain) message to the parent domain management device 303.
The parent domain management device 303 decides whether the child domain can be merged with the parent domain based on domain management information
(DomainManagelnfo) of the parent domain. When the domain mergence is available, the parent domain management device 303 adds the child domain to a child domain list of the parent domain. When the domain mergence is not available, the parent domain management device 303 transmits a "PERMISSION DENIED" message, which signifies that mergence is not allowed, to the child domain management device 302.
When the parent domain has more than one grand parent domain, the parent domain management device 303 transmits a parent domain update (UpdateParentDomain) message to a domain management device in charge of managing a grand parent domain, which is a parent domain of the parent domain. In step 308, the parent domain management device 303 transmits a parent domain connection (ConnectParentDomain) message to the child domain management device 302.
The child domain management device 302 receives the parent domain connection (ConnectParentDomain) message, and adds a parent domain to the parent domain list of the child domain. when the child domain has more than one grand child domain, the child domain management device 302 transmits a child domain update (UpdateChildDomain) message to a domain management device in charge of managing a grand child domain, which is a child domain of the child domain.
In step 309, the child domain management device 302 transmits a domain mergence result to the domain administrator device 301. When the domain mergence is successful, it transmits an "OK" message, which signifies that the domain mergence is successful, to the domain administrator device 301. Otherwise, when the domain mergence fails, it transmits a "PERMISSION DENIED" message, which signifies domain mergence failure.
Subsequently, a case where two domains to be merged are managed by one domain management device will be described. The two domains may have a hierarchical structure of a child domain and a parent domain. In this case, the child domain management device 302 and the parent domain management device 303 of Fig. 3 are one domain management device. Therefore, only the process of exchanging messages between the child domain management device 302 and the parent domain management device 303 is omitted.
In the step 304, the domain administrator device 301 performs mutual authentication with the domain management device. When the mutual authentication is completed, the domain administrator device 301 transmits a domain mergence request (AddDomainRequest ) message to the domain management device in the step 305. The domain management device receives the domain mergence request message and checks whether the credential over a child domain specified upon a request of the domain administrator device 301 is valid. When the credential is invalid, it transmits a "PERMISSION DENIED" message, which signifies mergence between domains is not allowed, to the domain administrator device 301. The domain management device checks the statuses of the two domains to see if the two domains can be merged. Whether the domains can be merged or not can be decided based on whether a domain cycle is formed or not. It is decided that a domain cycle can be formed when a domain to be a parent domain is already designated as one among descendant domains of a domain to be a child domain or when a domain to be a child domain is already designated as one among ancestor domains of a domain to be a parent domain. Herein, checking a hierarchical structure of domains is included. When a domain cycle is formed, domain mergence cannot be executed. Thus, when a domain cycle is formed, the domain management device transmits an "UNABLE TO PROCESS" message, which signifies that a corresponding process cannot proceed, to the domain administrator device 301.
The domain management device decides whether the child domain can be merged with the parent domain based on domain management information (DomainManagelnfo) . When the domain mergence is available, the domain management device adds the child domain to a child domain list of the parent domain and adds the parent domain to a parent domain list of the child domain.
When the parent domain has more than one grand parent domain, the domain management device transmits a child domain update (UpdateChildDomain) message to a domain management device in charge of managing a grand parent domain, which is a parent domain of the parent domain. Also, when the child domain has more than one grand child domain, the domain management device transmits a parent domain update (UpdateParentDomain) message to a domain management device in charge of managing a grand child domain, which is a child domain of the child domain.
In step 309, the domain management device transmits a domain mergence result to the domain administrator device 301. When the domain mergence is successful, it transmits an "OK" message, which signifies that the domain mergence is successful, to the domain administrator device 301. Otherwise, when the domain mergence fails, it transmits a "PERMISSION DENIED" message, which signifies domain mergence failure.
Hereinafter, messages exchanged with domain management information will be described in detail. The domain management information
(DomainManagelnfo) is information representing a hierarchical relationship among domains. The domain management information may include a related domain information (RelatedDomainlnfo) field to structurally represent parent domains and child domains. The related domain information (RelatedDomainlnfo) is information on domains connected to a corresponding domain, and it may include a parent domain information list (ParentDomainlnfoList ) , which is a list of parent domains, and a child domain information list (ChildDomainlnfoList ) . The parent domain information list includes information on parent domains and it may include one or more parent domain information (ParentDomainlnfo) . The child domain information list includes information on child domains, and it may include one or more child domain information (ChildDomainlnfo) . An example of domain management information structure is shown below.
<element name="DomainManagelnfo" type="dmp-msdx : DomainManagelnfoType" />
<complexType name="DomainManagelnfoType"> <complexContent>
<extension base="msd: DomainManagelnfoType"> <sequence>
<element ref="dmp-msdx: RelatedDomainlnfo" minOccurs="0"/> </sequence> </extension> </complexContent> </complexType>
<complexType name="DomainManageInfoType"> <complexContent> <extension base="insd: DomainBaseType"> <sequence>
<element ref="msd: DomainID"/> <element ref="msd: DACredentials" minOccurs="0"/>
<element ref="msd: DomainMembershipCredentials" minOccurs="0"/>
<choice minOccurs="0" maxθccurs="2">
<element ref="msd: User"/> <element ref="msd: Device"/> </choice> <element ref="msd: DomainKey"/>
<element name="Registration" type="dateTime"/>
<element name="Expiration" type="sx: Validity1!imeMetered"/>
</sequence> </extension> </complexContent> </complexType>
<element name="RelatedDomainInfo" type="dmp-msdx: RelatedDomainlnfoType"/>
<complexType name="RelatedDomainlnfoType"> <sequence>
<element ref="dmp-msdx: ParentDomainlnfoList" minOccurs="0" /> <element ref="dmp-msdx: ChildDomainlnfoList " minOccurs="0" />
</sequence> </complexType>
Meanwhile, the following shows an example of related domain information.
<element name="ParentDomainlnfoList" type="dmp-msdx: ParentDomainlnfoListType" /> <complexType name="ParentDomainInfoListType">
<sequence maxθccurs="unbounded">
<element ref="dmp-msdx: ParentDomainlnfo" />
</sequence>
</complexType> <element name="ChildDomainInfoList " type="dmp-msdx: ChildDomainlnfoListType" /> <complexType name="ChildDomainlnfoListType"> <sequence maxθccurs="unbounded"> <element ref="dmp-msdx: ChildDomainlnfo" /> </sequence> </complexType>
<element name="ParentDomainInfo" type="dmp-msdx: ParentDomainlnfoType"/>
<complexType name="ParentDomainInfoType"> <complexContent>
<extension base="msd: DomainBaseType">
< sec[uence>
<element ref="msd: DomainID" />
<element ref="msd: DomainKey" />
<element ref="msd: DomainMembershipCredentials" minOccurs="0"/>
<element ref="msd: Expiration" />
<element ref="msd:MaximumFrequencyOfUpdateDevice" minOccurs="0"/> <element ref="msd:MaximumFrequencyOfUpdateUser" minOccurs="0"/>
<element ref="dmp-msdx: ParentDomainlnfoList" minOccurs="0" />
</sequence> </extension> </complexContent> </complexType>
<element name="ChildDomainInfo" type="dmp- msdx:ChildDomainInfoType" />
<complexType name="ChildDomainInfoType">
<complexContent>
<extension base="msd: DomainBaseType">
<sequence> <element ref="msd: DomainID" />
<sequence>
<element ref="msd: DeviceIDList" minOccurs="0" />
<element ref="msd: UserIDList" minOccurs="0" />
</sequence> <element ref="msd: Expiration" />
<element ref="dmp-msdx: ChildDomainlnfoList" minOccurs="0" />
</sequence> </extension> </complexContent> </complexType>
Hereinafter, a domain mergence request
(AddDomainRequest ) message will be described. The domain mergence request (AddDomainRequest) message is a message for merging two or more domains. Upon the domain mergence request (AddDomainRequest) message, existing domains may be merged into a new domain or merged into a child domain of an existing domain. The domain mergence request (AddDomainRequest) message may include a child domain ID information (ChildDomainID) field, a child domain credential information (ChildDomainCredentials) field, a parent domain ID information (ParentDomainID) field, and a parent domain credential information (ParentDomainCredentials) field. The child domain ID information (ChildDomainID) is ID information of a child domain to be merged with a parent domain, and the child domain credential information (ChildDomainCredentials) is credential information of a child domain to be merged with a parent domain. The parent domain ID information (ParentDomainID) is ID information of a parent domain to be merged with a child domain, and the parent domain credential information (ParentDomainCredentials) is credential information of a parent domain to be merged with a child domain. The following shows an example of a domain mergence request message structure.
<element name="AddDomainRequest" type="dmp- msdpx : DomainRelationType"/>
<complexType name="DomainRelationType">
<complexContent> <extension base="msdp: DomainProtocolType">
<sequence>
<element name="ChildDomainID" type=="msd: DomainIDType"/>
<element name="ChildDomainCredentials" type=="msd:DomainCredentialType"/>
<elernent name="ParentDomainID" type="msd: DomainIDType"/> <element name="ParentDomainCredentials" type="msd: DomainCredentialType"/> </sequence> </extension>
</complexContent> </complexType>
The following shows an example of a domain connection message. The domain connection message is used when the domain management devices for two domains to be merged are different. The domain connection message may include a child domain connection
(ConnectChildDomain) message and a parent domain connection (ConnectParentDomain) message. The child domain connection (ConnectChildDomain) message is transmitted from the child domain management device 302 to the parent domain management device 303. The parent domain connection (ConnectParentDomain) message is transmitted from the parent domain management device 303 to the child domain management device 302.
The child domain connection (ConnectChildDomain) message may include a child domain information
(ChildDomainlnfo) field. The child domain information (ChildDomainlnfo) includes information on a child domain to be merged, and it may include a domain identifier, a list of devices or users included in a domain, a domain validity period, domain information included in the child domain and so forth. The following shows an example of a child domain connection message structure. <element name="ConnectChildDomain" type="dmp-msdpx: ConnectChildDomainType"/> <complexType name="ConnectChildDomainType"> <complexContent> <extension base="msdp: DomainProtocolType"> <sequence>
<element ref="dmp-msdx : ChildDomainlnfo" /> </sequence> </extension> </complexContent> </complexType>
The parent domain connection (ConnectParentDomain) message may include a parent domain information ( ParentDomainlnfo) field. The parent domain information (ParentDomainlnfo) includes information on a parent domain to be merged, and it may include a domain identifier, a domain key, domain authentication information, a domain validity period, maximally allowed domain update frequency information, and grand parent domain information to which the parent domain belongs. The following shows an example of a parent domain connection message structure.
<element name="ConnectParentDomain" type="dmp-msdpx : ConnectParentDomainType" /> <complexType name="ConnectParentDomainType"> <complexContent>
<extension base="msdp : DomainProtocolType"> <sequence>
<element name="ChildDomainID" type="msd: DomainIDType"/> <element ref="dmp-msdx: ParentDomainlnfo"/> </sequence> </extension>
</complexContent> </complexType>
Lastly, a domain update message will be described. The domain update message is transmitted to a device administrating a parent domain and a child domain of a corresponding domain to update the parent domain and the child domain, when information of the domain is changed through domain mergence, domain split, device addition, device deletion, user addition or user deletion. The domain update message may include a child domain update (UpdateChildDomain) message and a parent domain update (UpdateParentDomain) message. The child domain update (UpdateChildDomain) message is transmitted to a child domain administration device of the domain whose information is changed. The parent domain update (UpdateParentDomain) message is transmitted to a parent domain administration device of the domain whose information is changed. The child domain update (UpdateChildDomain) message may include a field for child domain credential information (ChildDomainCredentials) and a field for parent domain information (ParentDomainlnfo) . The child domain credential information (ChildDomainCredentials) includes child domain administrator credential information, and the parent domain information ( ParentDomainlnfo) may include informations such as a domain identifier, a domain key, domain authentication information, a domain validity period, maximally allowed domain update frequency information, and grand parent domain information to which the parent domain belongs. The following shows an example of the child domain update (UpdateChildDomain) message structure.
<element name="UpdateChildDomain" type="dmp-msdpx:UpdateChildDomainType"/> <complexType name="UpdateChildDomainType">
<complexContent>
<extension base="msdp : DomainProtocolType">
<sequence>
<element name="ChildDomainCredentials" type="msd: DomainCredentialType"/>
<element ref="dmp-msdx: ParentDomainlnfo"/>
</sequence>
</extension>
</complexContent> </complexType>
The parent domain update (UpdateParentDomain) message may include a field for parent domain credential information (ParentDomainCredentials) and a field for child domain information (ChildDomainlnfo) . The parent domain credential information (ParentDomainCredentials) includes parent domain administrator credential information, and the child domain information
(ChildDomainlnfo) may include informations such as a domain identifier, a list of devices and users included in a domain, a domain validity period, and information on domains that belong to the child domain. The following shows an example of the parent domain update (UpdateParentDomain) message structure.
<element name="UpdateParentDomain" type="dmp-msdpx: UpdateParentDomainType"/>
<complexType name="UpdateParentDomainType"> <complexContent>
<extension base="msdp: DomainProtocolType">
<sec[uence>
<element name=" ParentDomainCredentials" type="msd: DomainCredentialType"/> <element ref="dmp-msdx: ChildDomainlnfo"/>
</sequence>
</extension>
</complexContent>
</complexType>
2. DOMAIN MANAGEMENT DEVICE WHEN DOMAINS ARE MERGED
The domain management device of the present invention includes a reception unit, a management unit, and a transmission unit. The reception unit receives a domain mergence request message requesting to merge a plurality of domains from a domain administrator device 301. The management unit merges the domains based on the domain mergence request message. Upon the domain mergence, the transmission unit transmits a domain update message to related domain management devices in charge of managing domains involving in the domain mergence. The management unit can perform mutual authentication with the domain administrator device 301. Herein, the domain mergence includes merging a plurality of domains with a hierarchy.
When a plurality of domains are managed by different domain management devices 302 and 303, the domains include a child domain and a parent domain. The management unit checks whether the domain administrator device 301 has a credential over the child domain based on the domain mergence request message, analyzes domain management information of the child domain to thereby decide whether the child domain is merged with the parent domain, and adds the parent domain to the parent domain list . The transmission unit transmits an authentication message and a child domain connection message to the parent domain management device 303 in charge of managing the parent domain. The reception unit receives the parent domain connection message from the parent domain management device 303. Herein, the domain mergence request message includes ID information and credential information of the child domain and the parent domain. The domain management information includes connected domain information, which may include hierarchical domain information.
When a plurality of domains are managed by one domain management device, the domains include a child domain and a parent domain. The management unit checks whether the domain administrator device 301 has a credential over the child domain based on the domain mergence request message, analyzes domain management informations of the child domain and the parent domain to thereby decide whether the child domain is merged with the parent domain, and adds the parent domain to the parent domain list. Herein, the domain mergence request message includes ID information and credential information of the parent and child domains. The domain management information includes connected domain information, which may include hierarchical domain information.
Since the domain management device of the present invention was described in the above description on the domain management method, detailed description on it will not be provided herein.
3. DOMAIN MANAGEMENT METHOD WHEN DOMAINS ARE MERGED The domain management method of the present invention includes transmitting a domain mergence request message for requesting to merge a plurality of domains to a domain management device; merging the domains based on the domain mergence request message; and receiving a result of transmitting a domain update message to related domain management devices in charge of managing domains involving in the domain mergence upon the domain mergence from the domain management device. The domain administration method of the domain administrator device 301 may further include performing mutual authentication with the domain management device. Herein, the domain mergence may include hierarchically merging a plurality of domains.
When a plurality of domains are managed by different domain management devices 302 and 303, the domains include a child domain and a parent domain. The domain mergence is performed by checking whether the domain administrator device 301 has a credential over the child domain based on the domain mergence request message; deciding whether the parent domain and the child domain are merged based on domain management information of the child domain; adding the parent domain to a parent domain list; transmitting an authentication message and a child domain connection message from the domain management device 302 to the parent domain management device 303 in charge of managing the parent domain; and receiving a parent domain connection message in the domain management device 302 from the parent domain management device 303. The domain mergence request message may include ID information and credential information of the parent and child domains. The domain management information includes connected domain information, which may include hierarchical domain information. When a plurality of domains are managed by one domain management device, the domains include a child domain and a parent domain. The domain mergence is performed by checking whether the domain administrator device 301 has a credential over the child domain based on a domain mergence request message; deciding whether the parent domain and the child domain are merged based on domain management information of the parent and child domains; and adding the parent domain to a list of parent domains. Herein, the domain mergence request message includes ID information and credential information of the parent and child domains. The domain management information includes connected domain information, which may include hierarchical domain information.
Since the domain administration method of the present invention is described in the description on a relationship between the domain administrator device 301 and the domain management devices 302 and 303 with reference to Fig. 3, it will not be described herein.
4. DOMAIN ADMINISTRATOR DEVICE WHEN DOMAINS ARE COMBINED
The domain administrator device 301 of the present invention includes a transmission unit and a reception unit. The transmission unit transmits a domain mergence request message for requesting to merge a plurality of domains to a domain management device. The reception unit merges a plurality of domains based on the domain merςjence request message, and receives a result of transmitting a domain update message to related domain management devices in charge of managing domains involving in the domain mergence upon the domain mergence from the domain management device. The domain administrator device 301 can perform mutual authentication with the domain management device. Herein, the domain mergence includes merging a plurality of domains with a hierarchy.
When a plurality of domains are managed by different domain management devices 302 and 303, the domains include a child domain and a parent domain. The domain mergence is performed by checking whether the domain administrator device 301 has a credential over the child domain based on the domain mergence request message; deciding whether the parent domain and the child domain are merged based on domain management information of the child domain; adding the parent domain to a parent domain list; transmitting an authentication message and a child domain connection message from the domain management device 302 to the parent domain management device 303 in charge of managing the parent domain; and receiving the parent domain connection message in the domain management device 302 from the parent domain management device 303. The domain mergence request message includes ID information and credential information of the parent and child domains. The domain management information includes connected domain information, which may include hierarchical domain information.
When a plurality of domains are managed by one domain management device, the domains include a child domain and a parent domain. The domain mergence is performed by checking whether the domain administrator device 301 has a credential over the child domain based on a domain mergence request message; deciding whether the parent domain and the child domain are merged based on domain management information of the parent and child domains; and adding the parent domain to a list of parent domains. Herein, the domain mergence request message includes ID information and credential information of the parent and child domains. The domain management information includes connected domain information, which may include hierarchical domain information.
Since the domain administrator device of the present invention is described in the description on a relationship between the domain administrator device 301 and the domain management devices 302 and 303 with reference to Fig. 3, it will not be described herein.
<SPLIT OF DOMAINS>
Domain split divides one existing domain into two or more domains .
Fig. 4 is a flowchart describing domain split in accordance with an embodiment of the present invention.
Domain split is carried out through message exchange between a domain administrator device 401 and a domain management device.
The domain administrator device 401 has a credential for administrating domains and it includes all devices connected to the domain management device through a network and capable of accessing to a domain. The domain administrator device 401 may include user terminals, personal computers, portable multimedia players (PMP), mobile phones, MP3 players and the like. Also, the domain administrator device 401 may administrate a plurality of user terminals. In this case, the domain administrator device 401 represents the user terminals and takes a credential for administrating domains .
The domain management device includes devices that can perform a function of managing domains. Examples of the domain management device include a server of a broadcasting or contents service provider, a home server of a home network, a gateway, and a set-top box. The domain management device includes all types of devices that can manage domains through a network. It also includes devices that can merge or split domains through a network. The domain management device can manage domains with a hierarchy. Herein, the word "hierarchy" signifies that a plurality of domain are in an inclusive relationship. The domain management device may be provided more than two 402 and 403. As shown in Fig. 4, when there are more than two domain management devices, one is a first domain management device 402, which may be referred to as a child domain management device, and the other is a second domain management device 403, which may be referred to as a parent domain management device. When there are two domains to be merged and the two domains are managed by one domain management device, the domain administrator device 401 exchanges messages with the domain management device. When the two domains are managed by different domain management devices 402 and 403, a step of exchanging messages between the first domain management device 402 and the second domain management device 403 is further included. Hereinafter, a domain management method and apparatus for splitting domains and a domain administration method and apparatus will be described in accordance with embodiments of the present invention.
1. DOMAIN MANAGEMENT METHOD WHEN DOMAIN IS
SPLITTED
A domain management method of the present invention includes receiving a domain split request message for requesting to split a plurality of domains from a domain administrator device 401, splitting the domains based on the domain split request message, and transmitting a domain update message upon the domain split to related domain management devices in charge of managing the domains involving in the domain split. The domain management method may further include a step of performing mutual authentication with the domain administrator device 401. Herein, the domains are connected with each other hierarchically, and the domain administrator device 401 can administrate a plurality of domains.
When a plurality of domains are managed by different domain management devices 402 and 403, the domain split step includes: checking whether the domain administrator device 401 has a credential over a child domain based on the domain mergence request message; transmitting an authentication message and a domain split message to the parent domain management device 403 in charge of managing the parent domain; and deleting the parent domain from a list of parent domains. The domain split request message may include ID information and credential information of the parent and child domains.
When a plurality of domains are managed by one domain management device, the domains include a child domain and a parent domain. The domain split step includes: checking whether the domain administrator device 401 has a credential over the child domain based on a domain mergence request message; and deleting the parent domain from a list of parent domains. The domain split request message includes ID information and credential information of the parent and child domains.
First, a case where a plurality of domains are managed by different domain management devices will be described. Two domains to be splitted include one which is a child domain and the other which is a parent domain of the child domain. In this case, the child domain management device 402 manages the child domain, and the parent domain management device 403 manages the parent domain. The child domain and the parent domain are administrated by the domain administrator device 401.
In step 404, the domain administrator device 401 executes mutual authentication with the child domain management device 402.
When the mutual authentication is completed, the domain administrator device 401 transmits a domain split request (LeaveDomainRequest ) message to the child domain management device 402 in step 405. The child domain management device 402 receives the domain split request message and checks whether the credential over a child domain is valid. When the credential is not valid, it transmits a "PERMISSION DENIED" message, which does not allow domain mergence, to the domain administrator device 401.
The child domain management device 402 requests the parent domain management device 403 for authentication and performs mutual authentication in step 406. The parent domain management device 403 checks the credential over the domain. When the authentication is successful, the parent domain management device 403 transmits an "OK" message, which signifies successful authentication, to the child domain management device 402, When the parent domain management device 403 fails in the authentication, it transmits a "PERMISSION DENIED" message, which signifies authentication failure, to the child domain management device 402.
The child domain management device 402 transmits a domain split ( DisconnectDomain) message to the parent domain management device 403 in step 307.
The parent domain management device 403 deletes the child domain from a child domain list of the parent domain. When the parent domain includes more than on parent domain, the parent domain management device 403 transmits a parent domain update (UpdateParentDomain) message to a related domain management device in charge of managing a parent domain of the parent domain. When the parent domain management device 403 completes the domain split, -it transmits an "OK" message, which signifies confirmation of domain split, to the child domain management device 402. The child domain management device 402 deletes the parent domain from a parent domain list of the child domain. When the child domain has more than one grand child domain, the child domain management device 402 transmits a child domain update (UpdateChildDomain) message to a related domain management device in charge of managing a grand child domain, which is a child domain of the child domain.
In step 409, the child domain management device 402 transmits a domain split result to the domain administrator device 401. When the domain split is successful, it transmits an "OK" message, which signifies successful domain split, to the domain administrator device 401. When the domain split fails, it transmits a "PERMISSION DENIED" message, which signifies domain split failure. Subsequently, a case where two domains to be splitted are managed by one domain management device will be described. In this case, the child domain management device 402 and the parent domain management device 403 of Fig. 4 are one domain management device. Therefore, only the process of exchanging messages between the child domain management device 402 and the parent domain management device 403 is omitted. The child domain and the parent domain are administrated by the domain administrator device 401.
In the step 404, the domain administrator device 401 performs mutual authentication with the domain management device.
When the mutual authentication is completed, the domain administrator device 401 transmits a domain split request message to the domain management device in the step 405. The domain management device receives the domain split request message and checks whether the credential over a child domain specified upon a request of the domain administrator device 401 is valid. When the credential is invalid, it transmits a "PERMISSION DENIED" message, which signifies split between domains is not allowed, to the domain administrator device 401.
When the domain mergence is available, the domain management device deletes the child domain from a child domain list of the parent domain and deletes the parent domain from a parent domain list of the child domain.
When the parent domain has more than one grand parent domain, the domain management device transmits a parent domain update (UpdateParentDomain) message to a related domain management device in charge of managing a grand parent domain, which is a parent domain of the parent domain. Also, when the child domain has more than one grand child domain, the domain management device transmits a child domain update (UpdateChildDomain) message to a related domain management device in charge of managing a grand child domain, which is a child domain of the child domain.
In step 409, the domain management device transmits a domain split result to the domain administrator device 401. When the domain split is successful, it transmits an "OK" message, which signifies that the domain split is successful, to the domain administrator device 401. Otherwise, when the domain split fails, it transmits a "PERMISSION DENIED" message, which signifies domain split failure.
Hereinafter, the domain split request message and a domain split message will be described. The domain split request (LeaveDomainRequest ) message includes information on a child domain to be splitted from the parent domain. The domain split message may include a field for child domain identifier
(ChildDomainID) , a field for child domain credential information (ChildDomainCredentials) , a field for parent domain identifier (ParentDomainID) , or a field for parent domain credential information (ParentDomainCredentials) . The child domain identifier is ID information of the child domain to be splitted from the parent domain, and the child domain credential information is credential information of the child domain to be splitted from the parent domain. The parent domain identifier is ID information of the parent domain, which is a split target, and the parent domain credential information is credential information of the parent domain, which is the split target. The following shows an example of the domain split request message structure.
<element name="LeaveDomainRequest" type="dmp-msdpx : DomainRelationType" />
Subsequently, when the two domains to be splitted are managed by different domain management devices, the child domain management device 402 transmits a domain split ( DisconnectDomain) message to the parent domain management device 403. The following shows an example of the domain split message structure.
<element name="DisconnectDomain" type="dmp-msdpx: DomainRelationType "/>
Since domain management information, related domain information and domain split message were described in the above description on the domain mergence, they will not be described herein.
2. DOMAIN MANAGEMENT DEVICE WHEN DOMAIN IS SPLITTED The domain management device of the present invention includes a reception unit, a management unit, and a transmission unit. The reception unit receives a domain split request message requesting to split a domain from a domain administrator device 401. The management unit splits the domains based on the domain split request message. Upon the domain split, the transmission unit transmits a domain update message to related domain management devices in charge of managing domains obtained from the domain split. The management unit can perform mutual authentication with the domain administrator device 401. Herein, the domains obtained from the domain split are connected to each other with a hierarchy, and the domain administrator device 401 may administrate a plurality of domains. When a plurality of domains are managed by different domain management devices 402 and 403, the domains include a child domain and a parent domain. The management unit checks whether the domain administrator device 401 has a credential over the child domain based on the domain mergence request message, and deletes the parent domain from a parent domain list. The transmission unit transmits an authentication message and a domain split message to the parent domain management device 403 in charge of managing the parent domain. The reception unit receives the parent domain connection message from the parent domain management device 303. Herein, the domain split request message may include ID information and credential information of the child domain and the parent domain.
When a plurality of domains are managed by one domain management device, the domains include a child domain and a parent domain. The management unit checks whether the domain administrator device 401 has a credential over the child domain based on the domain mergence request message, and deletes the parent domain from the parent domain list. Herein, the domain split request message includes ID information and credential information of the parent and child domains. Since the domain management device of the present invention was described in the above description on the domain management method, detailed description on it will not be provided herein.
3. DOMAIN MANAGEMENT METHOD WHEN DOMAIN IS SPLITTED
The domain management method of the present invention includes transmitting a domain split request message for requesting to split a domain to a domain management device; splitting the domain based on the domain split request message; and receiving from the domain management device a result of transmitting a domain update message to related domain management devices in charge of managing domains related to the splitted domains upon the domain split. The domain administration method may further include performing mutual authentication with the domain management device. Herein, the domains are connected to each other with a hierarchy and the domain administrator device 401 may administrate a plurality of domains.
When a plurality of domains are managed by different domain management devices 402 and 403, the domains include a child domain and a parent domain. The domain split is performed by checking whether the domain administrator device 401 has a credential over the child domain based on the domain split request message; transmitting an authentication message and a domain split message from the domain management device 402 to the parent domain management device 403 in charge of managing the parent domain; and deleting the parent domain from a parent domain list. Herein, the domain split request message may include ID information and credential information of the parent and child domains.
When a plurality of domains are managed by one domain management device, the domains include a child domain and a parent domain. The domain split is performed by checking whether the domain administrator device 401 has a credential over the child domain based on a domain split request message; and deleting the parent domain from a list of parent domains. Herein, the domain split request message includes ID information and credential information of the parent and child domains.
Since the domain administration method of the present invention is described in the description on a relationship between the domain administrator device 401 and the domain management devices 402 and 403 with reference to Fig. 4 in accordance with the previous embodiment of the present invention, it will not be described herein.
4. DOMAIN ADMINISTRATOR DEVICE WHEN DOMAIN IS SPLITTED
The domain administrator device 401 of the present invention includes a transmission unit and a reception unit . The transmission unit transmits a domain split request message for requesting to split a domain to a domain management device. The reception unit splits the domain based on the domain split request message, and receives a result of transmitting a domain update message to a related domain management device in charge of managing a domain involving in the domain split upon the domain split from the domain management device. The domain administrator device 401 can perform mutual authentication with the domain management device. Herein, the domains obtained from the domain split are connected to each other with a hierarchy, and the domain administrator device 401 can administrate a plurality of domains . When a plurality of domains are managed by different domain management devices 402 and 403, the domains include a child domain and a parent domain. The domain split is performed by checking whether the domain administrator device 401 has a credential over the child domain based on the domain split request message; transmitting an authentication message and a domain split message from the domain management device 402 to the parent domain management device 403 in charge of managing the parent domain; and deleting the parent domain from a parent list. The domain split request message includes ID information and credential information of the parent and child domains.
Since the domain administrator device of the present invention is described in the description on a relationship between the domain administrator device 401 and the domain management devices 402 and 403 with reference to Fig. 4 according to the previously described embodiment of the present invention, it will not be described herein. The methods of the present invention described above can be realized as a program and stored in a computer-readable recording medium, such as CD-ROM, RAM, ROM, floppy disks, hard disks, magneto-optical disks and the like. While the present invention has been described with respect to the specific embodiments, it will be apparent to those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the following claims.
INDUSTRIAL APPLICABILITY
The technology of the present invention can efficiently discover, administrate, and manage domains, and it can be applied to a digital contents providing service .

Claims

WHAT IS CLAIMED IS
1. A method for discovering a domain management device, comprising: transmitting a discovery request message to a domain management device through a network; receiving a discovery response message to the discovery request message from the domain management device; and deciding a domain management device to be communicated with based on the discovery response message.
2. The method of claim 1, wherein the discovery request message includes domain identifier information.
3. The method of claim 1, wherein the discovery request message further includes device identifier information or user identifier information.
4. The method of claim 1, wherein the discovery response message includes identifier information, location information and status information of the domain management device, or domain identifier list information managed by the domain management device.
5. The method of claim 1, further comprising: performing mutual authentication with the decided domain management device, wherein the domain management device manages domains with a hierarchy.
6. An apparatus for discovering a domain management device, comprising: a communication unit for transmitting a discovery request message to a domain management device through a network and receiving a discovery response message to the discovery request message from the domain management device; and a decision unit for deciding a domain management device to be communicated with based on the discovery response message.
7. The apparatus of claim 6, wherein the discovery request message includes domain identifier information.
8. The apparatus of claim 7, wherein the discovery request message further includes device identifier information or user identifier information.
9. The apparatus of claim 6, wherein the discovery response message includes identifier information, location information and status information of the domain management device, or domain identifier list information managed by the domain management device.
10. The apparatus of claim 6, wherein the communication unit and the selected domain management device exchanges an authentication message with each other, wherein the domain management device is able to manage domains with a hierarchy.
11. A method for managing domains, comprising: receiving a domain mergence request message for requesting to merge a plurality of domains from a domain administrator device; merging the domains based on the domain mergence request message; and transmitting a domain update message to related domain management devices in charge of managing domains involving in the domain mergence .
12. The method of claim 1, further comprising: performing mutual authentication with the domain administrator device.
13. The method of claim 12, wherein the domain mergence is performed to merge the domains with a hierarchy.
14. The method of claim 13, wherein the domains include a child domain and a parent domain, and the domain mergence includes: checking whether the domain administrator device has the authority over the child domain based on the domain mergence request message; deciding whether the child domain and the parent domain are merged with each other based on domain information of the child domain; transmitting an authentication information and a child domain connection message to a parent domain management device in charge of managing the parent domain; receiving a parent domain connection message from the parent domain management device; and adding the parent domain to a parent domain list.
15. The method of claim 14, wherein the domain mergence request message includes identification (ID) information and credential information of the child and parent domains, and the domain management information includes connected domain information, which includes hierarchical domain information.
16. The method of claim 13, wherein the domains include a child domain and a parent domain, and the domain mergence includes: checking whether the domain administrator device has the authority over the child domain based on the domain mergence request message; deciding whether the child domain is merged with the parent domain based on domain management information of the child and parent domains; and adding the parent domain to a parent domain list.
17. The method of claim 16, wherein the domain mergence request message includes ID information and credential information of the child and parent domains, and the domain management information includes connected domain information, which includes hierarchical domain information.
18. A domain management device, comprising: a reception unit for receiving a domain mergence request message for requesting to merge a plurality of domains from a domain administrator device; a management unit for merge the domains based on the domain mergence request message; and a transmission unit for, upon the domain mergence, transmitting a domain update message to related domain management devices in charge of managing domains involving in the domain mergence.
19. The domain management device of claim 18, wherein the management unit performs mutual authentication with the domain administrator device.
20. The domain management device of claim 19, wherein the domain mergence is performed to merge the domains with a hierarchy.
21. The domain management device of claim 20, wherein the domains include a child domain and a parent domain, and the management unit checks whether the domain administrator device has an authority over the child domain based on the domain mergence request message, decides whether the child domain and the parent domain are merged with each other based on domain management information of the child domain, and adds the parent domain to a parent domain list; the transmission unit transmits an authentication message and a child domain connection message to a parent domain management device in charge of managing the parent domain; and the reception unit receives a parent domain connection message from the parent domain management device .
22. The domain management device of claim 21, wherein the domain mergence request message includes ID information and credential information of the child and parent domains, and the domain management information includes connected domain information, which includes hierarchical domain information.
23. The domain management device of claim 20, wherein the domains include a child domain and a parent domain, and the management unit checks whether the domain administrator device has the authority over the child domain based on the domain mergence request message, decides whether the child domain is merged with the parent domain based on domain management information of the child and parent domains, and adds the parent domain to a parent domain list.
24. The domain management device of claim 23, wherein the domain mergence request message includes ID information and credential information of the child and parent domains, and the domain management information includes connected domain information, which includes hierarchical domain information.
25. A domain management method of a domain administrator device, comprising: transmitting a domain mergence request message for requesting to merge a plurality of domains to a domain management device; and merging the domains based on the domain mergence request message, and receiving a result of transmitting a domain update message to related domain management devices in charge of managing domains involving in the domain mergence from the domain management device.
26. The domain management method of claim 25, further comprising: performing mutual authentication with the domain management device.
27. The domain management method of claim 26, wherein the domain mergence is performed to merge the domains with a hierarchy.
28. The domain management method of claim 27, wherein the domains include a child domain and a parent domain, and the domain mergence includes: checking whether the domain administrator device has the authority over the child domain based on the domain mergence reguest message; deciding whether the child domain and the parent domain are merged with each other based on domain management information of the child domain; adding the parent domain to a parent domain list; transmitting an authentication information and a child domain connection message to a parent domain management device in charge of managing the parent domain; and receiving a parent domain connection message from the parent domain management device.
29. The domain management method of claim 28, wherein the domain mergence request message includes ID information and credential information of the child and parent domains, and the domain management information includes connected domain information, which includes hierarchical domain information.
30. The domain management method of claim 27, wherein the domains include a child domain and a parent domain, and the domain mergence includes: checking whether the domain administrator device has authority over the child domain based on the domain mergence request message; deciding whether the child domain is merged with the parent domain based on domain management information of the child and parent domains; and adding the parent domain to a parent domain list.
31. The domain management method of claim 30, wherein the domain mergence request message includes ID information and credential information of the child and parent domains, and the domain management information includes connected domain information, which includes hierarchical domain information.
32. A domain administrator device, comprising: a transmission unit for transmitting a domain mergence request message for requesting to merge a plurality of domains to a domain management device; and a reception unit for merging the domains based on the domain mergence request message, and receiving a result of transmitting a domain update message to related domain management devices in charge of managing domains involving in the domain mergence upon the domain mergence from the domain management device.
33. The domain administrator device of claim 32, wherein mutual authentication with the domain management device is performed.
34. The domain administrator device of claim 33, wherein the domain mergence is performed to merge the domains with a hierarchy.
35. The domain administrator device of claim 34, wherein the domains include a child domain and a parent domain, and the domain mergence includes: checking whether the domain administrator device has the authority over the child domain based on the domain mergence request message; deciding whether the child domain and the parent dom≤iin are merged with each other based on domain management information of the child domain; adding the parent domain to a parent domain list; transmitting an authentication information and a child domain connection message from the domain management device to a parent domain management device in charge of managing the parent domain; and receiving a parent domain connection message from the parent domain management device.
36. The domain administrator device of claim 35, wherein the domain mergence request message includes ID information and credential information of the child and parent domains, and the domain management information includes connected domain information, which includes hierarchical domain information.
37. The domain administrator device of claim 34, wherein the domains include a child domain and a parent domain, and the domain mergence includes: checking whether the domain administrator device has the authority over the child domain based on the domain mergence request message; deciding whether the child domain is merged with the parent domain based on domain management information of the child and parent domains; and adding the parent domain to a parent domain list.
38. The domain administrator device of claim 37, wherein the domain mergence request message includes ID information and credential information of the child and parent domains, and the domain management information includes connected domain information, which includes hierarchical domain information.
39. A method for managing domains, comprising: receiving a domain split request message for requesting to split a domain from a domain administrator device; and splitting the domain based on the domain split request message; and transmitting a domain update message to a related domain management device in charge of managing a domain obtained from the domain split.
40. The method of claim 39, further comprising: performing mutual authentication with the domain administrator device.
41. The method of claim 40, wherein the domains are connected to each other with a hierarchy, and the domain administrator device administrates a plurality of domains .
42. The method of claim 41, wherein the domains include a child domain and a parent domain, and the domain split includes: checking whether the domain administrator device has the authority over the child domain based on the domain mergence request message; transmitting an authentication information and a domain split message to a parent domain management device in charge of managing the parent domain; and deleting the parent domain from a parent domain list.
43. The method of claim 42, wherein the domain split request message includes ID information and credential information of the child and parent domains.
44. The method of claim 41, wherein the domains include a child domain and a parent domain, and the domain split includes: checking whether the domain administrator device has the authority over the child domain based on the domain mergence request message; and deleting the parent domain from a parent domain list.
45. The method of claim 44, wherein the domain split request message includes ID information and credential information of the child and parent domains.
46. A domain management device, comprising: a reception unit for receiving a domain split request message for requesting to split a domain from a domain administrator device; and a management unit for splitting the domain based on the domain split request message; and a transmission unit for transmitting a domain update message to a related domain management device in charge of managing a domain obtained from the domain split .
47. The domain management device of claim 46, wherein the management unit performs mutual authentication with the domain administrator device.
48. The domain management device of claim 47, wherein the domains are connected to each other with a hierarchy, and the domain administrator device administrates a plurality of domains.
49. The domain management device of claim 48, wherein the domains include a child domain and a parent domain, and the management unit checks whether the domain administrator device has the authority over the child domain based on the domain mergence request message, and deletes the parent domain from a parent domain list, and the transmission unit transmits an authentication information and a domain split message to a parent domain management device in charge of managing the parent domain.
50. The domain management device of claim 49, wherein the domain split request message includes ID information and credential information of the child and parent domains.
51. The domain management device of claim 48, wherein the domains include a child domain and a parent domain, and the management unit checks whether the domain administrator device has the authority over the child domain based on the domain mergence request message and deletes the parent domain from a parent domain list.
52. The domain management device of claim 51, wherein the domain split request message includes ID information and credential information of the child and parent domains.
53. A method for administrating domains, comprising: transmitting a domain split request message for requesting to split a domain to a domain management device; and splitting the domain based on the domain split request message; and receiving a result of transmitting a domain update message to a related domain management device in charge of managing a domain involving in the domain split from the domain management device.
54. The method of claim 53, further comprising: performing mutual authentication with the domain management device.
55. The method of claim 54, wherein the domains are connected to each other with a hierarchy, and the domain administrator device administrates a plurality of domains .
56. The method of claim 55, wherein the domains include a child domain and a parent domain, and the domain split includes: checking whether the domain administrator device has the authority over the child domain based on the domain split request message; transmitting an authentication information and a domain split message to a parent domain management device in charge of managing the parent domain; and deleting the parent domain from a parent domain list.
57. The method of claim 56, wherein the domain split request message includes ID information and credential information of the child and parent domains.
58. The method of claim 55, wherein the domains include a child domain and a parent domain, and the domain split includes: checking whether the domain administrator device has the authority over the child domain based on the domain split request message; and deleting the parent domain from a parent domain list.
59. The method of claim 58, wherein the domain split request message includes ID information and credential information of the child and parent domains.
60. A domain administrator device, comprising: a transmission unit for transmitting a domain split request message for requesting to split a domain to a domain management device; and a reception unit for splitting the domain based on the domain split request message and receiving a result of transmitting a domain update message to a related domain management device in charge of managing a domain involving in the domain split from the domain management device .
61. The domain administrator device of claim 60, further performing mutual authentication with the domain management device.
62. The domain administrator device of claim 61, wherein the domains are connected to each other with a hierarchy, and the domain administrator device administrates a plurality of domains.
63. The domain administrator device of claim 62, wherein the domains include a child domain and a parent domain, and the domain split includes: checking whether the domain administrator device has the authority over the child domain based on the domain split request message; transmitting an authentication information and a domain split message to a parent domain management device in charge of managing the parent domain; and deleting the parent domain from a parent domain list.
64. The domain administrator device of claim 63, wherein the domain split request message includes ID information and credential information of the child and parent domains .
65. The domain administrator device of claim 62, wherein the domains include a child domain and a parent domain, and the domain split includes: checking whether the domain administrator device has the authority over the child domain based on the domain split request message; and deleting the parent domain from a parent domain list.
66. The domain administrator device of claim 65, wherein the domain split request message includes ID information and credential information of the child and parent domains.
PCT/KR2008/002703 2007-05-16 2008-05-15 Domain discovery, management and administration method and apparatus thereof Ceased WO2008140266A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP08753499A EP2150908A1 (en) 2007-05-16 2008-05-15 Domain discovery, management and administration method and apparatus thereof
CN200880024914.4A CN101755266A (en) 2007-05-16 2008-05-15 Domain discovery, management and administration method and apparatus thereof

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR20070047640 2007-05-16
KR10-2007-0047640 2007-05-16

Publications (1)

Publication Number Publication Date
WO2008140266A1 true WO2008140266A1 (en) 2008-11-20

Family

ID=40002404

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2008/002703 Ceased WO2008140266A1 (en) 2007-05-16 2008-05-15 Domain discovery, management and administration method and apparatus thereof

Country Status (4)

Country Link
EP (1) EP2150908A1 (en)
KR (1) KR20080101719A (en)
CN (2) CN101755266A (en)
WO (1) WO2008140266A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8370474B1 (en) * 2010-03-26 2013-02-05 Sprint Communications Company L.P. Arbitration server for determining remediation measures in response to an error message from a content provider
EP3211929A1 (en) * 2008-12-29 2017-08-30 Google Technology Holdings LLC Method of targeted discovery of devices in a network

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102882555B (en) * 2012-08-30 2015-04-08 华为技术有限公司 Domain access control method, domain searching method and communication apparatus

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020157002A1 (en) * 2001-04-18 2002-10-24 Messerges Thomas S. System and method for secure and convenient management of digital electronic content
WO2006107185A1 (en) * 2005-04-08 2006-10-12 Electronics And Telecommunications Research Intitute Domain management method and domain context of users and devices based domain system
WO2006109982A1 (en) * 2005-04-11 2006-10-19 Electronics And Telecommunications Research Intitute License data structure and license issuing method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7512788B2 (en) * 2002-12-10 2009-03-31 International Business Machines Corporation Method and apparatus for anonymous group messaging in a distributed messaging system
KR100708162B1 (en) * 2005-04-25 2007-04-16 삼성전자주식회사 Method for managing a domain and apparatus therefor

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020157002A1 (en) * 2001-04-18 2002-10-24 Messerges Thomas S. System and method for secure and convenient management of digital electronic content
WO2006107185A1 (en) * 2005-04-08 2006-10-12 Electronics And Telecommunications Research Intitute Domain management method and domain context of users and devices based domain system
WO2006109982A1 (en) * 2005-04-11 2006-10-19 Electronics And Telecommunications Research Intitute License data structure and license issuing method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CHOO H.G. ET AL.: "Proposal for New Domain Protocol Messages", THE DIGITAL MEDIA PROJECT, 14 May 2007 (2007-05-14), XP008122919, Retrieved from the Internet <URL:http://www.dmpf.org/open/index1000.html> *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3211929A1 (en) * 2008-12-29 2017-08-30 Google Technology Holdings LLC Method of targeted discovery of devices in a network
US9794083B2 (en) 2008-12-29 2017-10-17 Google Technology Holdings LLC Method of targeted discovery of devices in a network
US8370474B1 (en) * 2010-03-26 2013-02-05 Sprint Communications Company L.P. Arbitration server for determining remediation measures in response to an error message from a content provider

Also Published As

Publication number Publication date
EP2150908A1 (en) 2010-02-10
KR20080101719A (en) 2008-11-21
CN102355506A (en) 2012-02-15
CN101755266A (en) 2010-06-23

Similar Documents

Publication Publication Date Title
US7885871B2 (en) Method and system for managing DRM agent in user domain in digital rights management
US8533858B2 (en) Domain management method and domain context of users and devices based domain system
KR101819556B1 (en) Apparatus and method for supporting family cloud in cloud computing system
US8396220B2 (en) System and method of mobile content sharing and delivery in an integrated network environment
EP2018019B1 (en) Rights Object Acquisition Method and System
US20090265556A1 (en) Method and terminal for authenticating between drm agents for moving ro
JP5248505B2 (en) Control device, playback device, and authorization server
CN1933393B (en) Inter-entity coupling method, apparatus and system for content protection
EP1569415A2 (en) Information-processing method, information-processing apparatus and computer program
EP1571580A2 (en) Information processing apparatus, information processing method, and computer program
CN101542495B (en) Methods for delivering resources and methods for providing information
JP2004336619A (en) Device authentication system and device authentication method, communication device, and computer program
CN102142067A (en) Digital family network-based digital rights management system
JP2005242542A (en) Information processing apparatus, information processing method, and computer program
US20070110012A1 (en) Device and method for tracking usage of content distributed to media devices of a local area network
EP2150908A1 (en) Domain discovery, management and administration method and apparatus thereof
JP2006099415A (en) Content distribution system, content distribution method, equipment authentication server and method for controlling equipment authentication server
KR20110080490A (en) Authentication System for Mobile Terminal in IPTV Environment
WO2009104873A2 (en) Method and device for managing authorization of right object in digital rights management
CN101136751A (en) Method for importing digital rights management data to user domain
Keoh et al. An implementation experience of domain management in marlin
KR20090089522A (en) System and method for providing authentication service for media content distribution using digital media adapter
KR20100091135A (en) System and method for providing authentication service for media content distribution using digital media adapter
KR20070115574A (en) Data communication method
KR20110000718A (en) System and method for providing certification of media-contents distribution service using digital media adapters

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200880024914.4

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08753499

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2008753499

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE