主权项 |
1. A method, comprising:
receiving, in one of a rights issuer (RI) or a local rights manager (LRM), a rights object encryption key (REK) and an encrypted REK from an entity, wherein the entity generates the REK and, to facilitate maintaining security with regard to a user domain key, the one of the RI or the LRM is not permitted access to the user domain key; and based at least in part on the REK, generating a user domain rights object (RO) that includes a user domain authorization and the encrypted REK, wherein the user domain authorization identifies a user domain and the one of the RI or the LRM, the user domain authorization is associated with the user domain and the user domain key, the encrypted REK is derived from the REK by using the user domain key, and the generated user domain rights object is communicated to a device via one of a SCE-conformant DRM Agent, an RO acquisition protocol, and an out-of-band manner. |