IEC TS 62579:2010 pdf – Multimedia home server systems – Conceptual model for domain management.
Acquired content (C) can be bound to a device (D), an authorized domain (AD) or a user entity/identity (P). For content that is bound to a device, only the particular device is permitted to use it. An authorized domain (AD) can consist of many devices, hence by binding content to an AD simplifies the content authorization usage as only a single binding is needed to enable multiple devices that are members of the AD to access the contents. Furthermore, content can be bound to a user entity where it is purchased through a user account. Similarly, a user entity or identity (P) can be linked to multiple authorized domains or multiple devices. This allows for more flexibility in that the contents can be played by all devices that are bound to the user entity, i.e., enabling the user’s owned devices to play the purchased content. This also enables the user remote access to his own contents regardless of his location as long as the device playing the content is bound to the user entity/identity (P). Conceptually, the user entity/identity is perceived as a domain that groups a set of devices together based on the identity of the user. Users can also share their contents with each other through binding of their respective identity (P) to a common authorized domain (AD). Conversely, they can unshare their contents by explicitly removing the binding of their identities from the common domain. This enables the users to keep track of their rights in an effective manner.
An authorized domain (AD) typically refers to the service provider managed domain in which the service provider or the content provider maintains the domain membership. However, there can also be a local domain (LAD) in that its membership is governed by an independent domain management service, or the consumers themselves. A LAD’s membership can also be maintained through proximity checks, e.g., devices should be in close proximity with the local domain management server.
This abstract domain model serves as the reference model for implementing a domain management system. A wide variety of implementations can be derived from this abstract model (c.f. Clause 5). As mentioned previously, the main advantage of having a domain is the efficient management of devices. When a license is bound to a domain, devices can be easily added or removed from the domain without affecting the rights of accessing the content, which implies that, by adding a new device into the domain, it is automatically authorized to use the contents, while removing the device from the domain is equivalent to revoking its rights of accessing the contents. Since this abstract domain model is a general description which covers concepts among the domain, it is not necessary to achieve all features described here. Each DRM system would be a subset of this model. The following subclauses describe examples of each DRM system as subsets of this abstract domain model.
5 Reference models
5.1 General
This subclause describes various domain models that can be derived from the abstract domain model defined in 4.4.
5.2 Basic model
5.2.1 Overview of basic model
The basic model is characterized by whether an external entity controls domain membership statements or not. The basic model is classified into RI management domain model and autonomous domain model. Either model is adopted whenever a domain is applied.
5.2.2 RI management domain model Definition of RI management domain model
In this model, RI recognizes the domain membership state of the devices all of the time. According to the necessary conditions of connecting to RI, we classify RI management domain into five types (,,, and Domain assumed in ARIB TR-B27
Contents are bound to an authorized domain (AD) by the RI and they cannot be bound to devices directly. Devices can be part of the AD after they have obtained necessary information for the AD from the right issuer directly via network or broadcast. For example, a user can request for his device’s domain membership via telephone, postcard and website in order to obtain the domain ID and the corresponding domain key. Upon joining the AD, the device is allowed to share contents or a part of the associated usage rules with other devices in the same AD, as shown in Figure 9.