CN101060395A - Forbid to distribute a great deal of unauthorized content in the closed content distribution system - Google Patents

Forbid to distribute a great deal of unauthorized content in the closed content distribution system Download PDF

Info

Publication number
CN101060395A
CN101060395A CN 200610072269 CN200610072269A CN101060395A CN 101060395 A CN101060395 A CN 101060395A CN 200610072269 CN200610072269 CN 200610072269 CN 200610072269 A CN200610072269 A CN 200610072269A CN 101060395 A CN101060395 A CN 101060395A
Authority
CN
China
Prior art keywords
content
safe processor
once
safe
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 200610072269
Other languages
Chinese (zh)
Inventor
普拉米拉·斯瑞尼瓦桑
约翰·普瑞森
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BROADON通信公司
BroadOn Communications Corp
Original Assignee
BroadOn Communications Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BroadOn Communications Corp filed Critical BroadOn Communications Corp
Priority to CN 200610072269 priority Critical patent/CN101060395A/en
Publication of CN101060395A publication Critical patent/CN101060395A/en
Pending legal-status Critical Current

Links

Images

Abstract

The invention discloses a method and system for transmitting authorized content from security server to remote terminal display device, wherein it comprises a content distribution system using cipher to mark one or more digital message, which can be verified before program runs or when loading content from external memory. To the network transmission, when total running time authorization fails, every data content uses a symmetric key for enciphering. Then, every duplicate sending to displayer is enciphered for two times. This invention improves the security.

Description

Forbid the unwarranted content in a large amount of distribution sealing content delivering systems
Invention field
The present invention relates to guarantee to seal the method for the authenticity of equipment execution content in the content delivering system.
Background of invention
The sealing content delivering system comprises end-to-end system, and described end-to-end system comprises publisher server, content distributing server and playback apparatus, and the content that can play in playback apparatus can be controlled fully by suitable safe practice.These safe practices make any unwarranted third party, difficult those contents that can play on playback apparatus of distribution.
In known computer system, can transmit content with encrypted form, therefore unwarranted recipient can not use these contents when not obtaining decruption key.During with encrypted form, can directly transmit content, perhaps by one or more intermediate server indirect communication contents as cache device by content server.From key server to and only to the recipient who authorizes, can transmit key separately.Usually, key is little more a lot of than content, so the recipient that key can be respectively each mandate encrypts, and does not need mass communication and computational resource.An effect that only key is passed to the recipient of mandate is to have only the recipient of those mandates can use content.Except key, the signature of secure Hash information (secure hash) or other affirmations also can be independent of content and be transmitted, such as from key server, also only issue the recipient of mandate, the recipient of those mandates can verify the authenticity of the content that they receive and decipher thus.
First problem of the prior art is, if original content cipher key is leaked (perhaps cracked or disclose with unauthorized ways by calculating), the third party might be with this encryption key distribution unauthorized content to playback apparatus, such as the encryption keys unauthorized content with leakage so.This usually is called as " content deception ".Can improve this problem by in encryption key, comprising secure Hash information.In these situations, playback apparatus is before playback, the fail-safe software of playback apparatus will load and identify full content, use the unwarranted content of leaking secret key encryption to be detected like this, and the fail-safe software of playback apparatus will refuse to play those unwarranted contents.
If to such an extent as to content enough must be stored in it (such as outside massage storage) on unsafe memory device greatly, and during playing, dynamically read described content once more from that unsafe memory device, second problem of the prior art will take place.In this case, even identified full content before playback, deception also can only provide relatively limited protection at content, because a seasoned assailant can replace the content that playback apparatus is got after authentication step is finished.
The possible solution of first of this problem is to give independent signature to each fraction content of never safety storage apparatus loading.This possible solution has reached the general objective that prevents every content deception separately, and inherent shortcoming is arranged simultaneously: in real system, when loading quantity was very huge, this technology may need very large calculating and information resources.
Second possible solution of this problem is that content server is encrypted its copy respectively for the specific authorized recipient of each copy of content.Thus, want to send the unwarranted distributor of content, must obtain to distribute to the specific key of each player to a large amount of players.This possible solution has reached the general objective that prevents the deception of single mandate recipient content, have inherent shortcoming simultaneously: encrypt each specific authorized recipient's copy of content (1), need take a large amount of computational resource of content server, (2) copy of content of encrypting separately for each specific authorized recipient is not easy by the server cache of centre, therefore needs the more substantial communication resource when content being distributed to the mandate recipient.
Therefore, it is very favorable providing a kind of technology that makes content can be safely offer secure playback equipment by authorized distributor.Advantageously, this technology will be set high relatively barrier to unauthorized distribution device distribution unauthorized content simultaneously, and described unauthorized content may be passed through the secure playback device plays.
Summary of the invention
The invention provides a kind of method and system, guarantee to seal the authenticity of equipment execution content in the dissemination system, wherein, content may be used dangerous equipment (as outside massage storage) to store and be loaded on the safety means and use, as carrying out and showing.This method and system comprises the authentication of the real-time cryptography intensity of (1) content, and (2) make the invalid technology of unwarranted issue of unreliable content, though the term of execution identify fully under infeasible relatively situation.
Be transferred to secure playback equipment after the content of safety is encrypted, described playback apparatus comprises some special and safe information at least, the content of described playback apparatus is encrypted in system once more, makes described secure playback equipment can preserve the specific safety copy of described content.In a preferred embodiment, this particularity comprises a kind of secret conversion (for example the encryption key once more of maintaining secrecy with a symmetry is encrypted) to this content-data, like this under the situation of not knowing described secret encryption key once more, the data of attempting to create that conversion almost are impossible.Fail-safe software in the equipment has guaranteed the mandatory of this particularization step and has had only this special content just to be played or to carry out.This makes undelegated user can not use this special safe copy easily, and makes undelegated distributor can not utilize the encryption key of leakage to distribute undelegated content to a large amount of playback apparatus.
In addition, the present invention also can be applicable to the controlled content delivering system of authority.Wherein, content server will send safe processor to the content that content key CK encrypts, permit server (license server) sends license file (license) to safe processor, described license file has used special private key for user UK to encrypt, then safe processor use unique secret once more encryption key SK content is encrypted once more.In one embodiment, a kind of public key cryptosyst is used in encryption and key management, and wherein each key comprises a pair of paired PKI K and corresponding private key K *, make security server can verify the authenticity of this content (by the content server mark) and this license file (by the permit server mark, as needs).This makes in the transmission of content between server and equipment encrypted, and exists a kind of security mechanism, by this security mechanism secure content Hash information and encryption key is communicated to equipment from server.
First aspect of the present invention comprises a plurality of signing messages in the License Info, they can be come into force when secure player is handled every content in real time, and signature list itself can be come into force before executable operations begins.
Second aspect of the present invention, secure player is carried out the encryption key once more that discriminated union obtains a secret reliably, use then a new secret once more encryption key come content is encrypted.Described content can be divided into polylith, can confirm every authenticity respectively.Every may be assigned with an independently content key CK iAnd signature, every is obtaining permitting the back just can be confirmed by secure player like this.In one embodiment, safe processor uses different secrets encryption key SK once more to each piece content iEncrypt again, certainly also may to full content use identical secret once more encryption key SK encrypt again.Because every blocks of data all uses common secret encryption key SK or secret separately encryption key SK once more once more iCarried out again encrypting, this make undelegated distributor just can not be easily with or even a undelegated content be distributed to a large amount of playback apparatus.This has just been avoided using a large amount of calculating and communication resources, load even be divided into a large amount of pieces because can with secret once more encryption key SK be decrypted and need not calculate respectively and verification again each piece.
The 3rd aspect of this invention can be in one or more place for the recipient who authorizes encrypts described content respectively, and described place comprises content server, intermediate server and the safe processor of authorizing the recipient.For example, but do not mean that by any way and limit, with one group of middle safety means or server independent described content is encrypted again of possibility after receiving content that the specific authorized recipient is relevant, make this group specific authorized recipient encrypt again this content with regard to not needing oneself from content server.In one embodiment, safety means or server did not damage the encryption copy that caches under the situation that a plurality of recipients verify the ability that it receives content sends to those recipients' described content in the advantage that neither loses this caches yet in the middle of its allowed.
The accompanying drawing summary
Fig. 1 has shown that comprises the block diagram of system that content and license file is sent to the distributing network of safe processor.
Fig. 2 has shown the flow chart that content and license file is sent to the distributing network of safe processor.
Detailed description of preferred embodiment
In this specification, the preferred embodiments of the present invention have been described, comprise preferred treatment step and data structure.Those skilled in the art will recognize, after poring over the application, need not too much experiment or further innovation, might use does not multiplely have specifically described other technology to realize embodiments of the invention, and these other technology will fall in the scope and spirit of the present invention.
Below term relate to or with reference to the many aspects of the present invention or embodiment.The purpose of the general meaning of each term is to describe, rather than in order to limit.
● application software described in term " content ", content of multimedia, and any rational combination or summary, or the like.Application software comprises any instruction or the parameter set that can be carried out by processor or explain.The notion of described application software is wide in range, and comprise following content at least: software or firmware program instructions, software or firmware program parameter value, can compile or pass through the source code of programming language interpreter interprets by the programming language compiler, be used to compile or the macrodefinition of interpreted programming language, receive and to the order or the request of its execution by application program, and any rational summary, or the like (computer program is used in arcade game (arcade game), perhaps when content be a series of film segments (or other audio-visual units) that are applied in the arcade game).Content of multimedia comprises any information or the parameter set that can present to the user.The notion of described content of multimedia is wide in range, and comprises following content at least: animation, the audiovisual film, static images, or sound, described content or be embedded in by software or firmware program instructions make an explanation and data presented in; Perhaps be embedded in the software or firmware program instructions that produces these data itself; Perhaps be embedded in the SGML of content of multimedia, for example DHTML, SGML, VRML, Macromedia Flash or the like; Order or request by application program reception and execution; And any rational summary; Or the like.
● phrase " secure playback equipment ", " secure player " and " safe processor " described any equipment that is used to explain described content, for example if application software then is performed, or if content of multimedia then is shown.The notion of described safe processor is wide in range, comprise general or special purpose computing equipment, it has some safe storages at least, can safety precaution from the observation of the equipment beyond the safe processor with swarm into, and it has some executable control devices at least, can prevent the content in the open safe storage of application software.In one embodiment, secure player comprises a built-in UID (unique identifier), and its own private/public key in a common key cryptosystem is right, therefore can communicate by letter with other device securities.Preferably, this safe processor has built-in fail-safe software, and described fail-safe software is not easy to be bypassed, perhaps can the similar fail-safe software of safe guidance the other technologies of the loading on the safety means (such as outside massage storage) never.
● phrase " content server " and " content distributing server " have been described any can use any type of as described herein transmission technology, with the equipment of delivery of content (or directly or indirectly) to secure player or safe processor, as mentioned above.The notion of described content handler is wide in range, not only comprises the server of memory contents, also comprises the equipment that can dynamically generate content, such as television camera, and video camera, web camera, and any rational summary; Or the like.Content server can comprise can produce the secure Hash information and the safety means of mark server any information of being distributed safely.
● phrase " intermediate server " has been described and anyly content can be forwarded to the equipment of safe processor from content server, and it uses any transmission method (as described below).In one embodiment, intermediate server may comprise, when content from content server when safe processor sends, can be saved to the buffer memory equipment of small part content in holder in a period of time at least.In one embodiment, subregion ground or the topological ground intermediate server that distributes, thus, comparatively safe processor is local intermediate server, can finish the service request to content server.
● any being used for from first equipment to second equipment described in phrase " transmission method ", for example from the content server to the safe processor, sends the method for information, for example sends content, partial content, license file or other information.The notion of described transmission method is wide in range, and comprises the transmission of electronic form, computer communication network for example, and special use or public switched network, and can be from the physical transfer of the medium of its perception information.Here and do not require that transmission method is similar, for example, a kind of transmission method can be in the different time, or for the different piece of transmission information in conjunction with, make up or unite utilization electronic communication and physical transfer.
● phrase " license file " and " License Info " have been described a kind of information, and described information safe enough player is confirmed the authenticity of content and used these contents.In one embodiment, License Info comprises the decruption key of at least one content and enough confirms the information (for example, secure Hash information or security signature) of content authenticity.In one embodiment, license file customizes separately for the recipient or the user of each mandate, although there are not special requirement in the context of the invention.
● any equipment that can carry (directly or indirectly) License Info described in phrase " permit server ".In one embodiment, permit server comprises online transaction server, described online transaction server can ask to propose the identity of the equipment of license request, and in response, can generate the data structure of pin marker, described data structure comprises the affirmation equipment identity information, content identity information and one group of content decryption key.
Scope and spirit of the present invention be not limited to these the definition in any, also be not limited to the object lesson of mentioning at this, on the contrary, the invention is intended to comprise the most general notion that embodies by these and other term.
System unit
Fig. 1 has shown that comprises the block diagram of system that content and license file is sent to the distributing network of safe processor.
System 100 comprises content server 110, one or more optional intermediate server 120, secure player 130, permit server 140 and communication systems 150.
Content server 110 comprises any equipment or system that can directly or indirectly the content bag 111 that comprises content 112 be sent to secure player 130.In one embodiment, content server 110 can comprise a server apparatus, described server apparatus can receive the request to content 112 from secure player 130, and the content 112 of utilizing communication system 150 transmissions to pack in content bag 111 responds these requests.Yet in the context of the present invention, the clear and definite request to content 112 to content server 110 receives from secure player 130 does not have special requirement.For instance, but do not mean that by any way and limit, content server 110 can according to the predetermined request of content 112, from secure player 130 with the request of external equipment, from the raw requests of secure player 130 or from request and any renewal thereof to content 112 of other equipment, and reasonably summarize, or the like, transmission comprises the content bag 111 of content 112, to secure player 130.
Permit server 140 comprises any equipment and system that can transmit the permission bag 141 that comprises license file 142 to secure player 130 directly or indirectly.In one embodiment, permit server 140 can comprise the equipment that is similar to content server 110.Yet, in the context of the present invention, content server 110 and permit server 140 are turned round under same or similar mode, do not have specific requirement.As an example, but do not mean and limit by any way that first kind of mode of content server 110 usefulness carried content bag 111, the permit server 140 usefulness second way are carried permission bag 141 simultaneously.
Those skilled in the art will recognize after poring over this application, but in the context of the present invention to content bag 111, content 112, permission bag 141, perhaps file 142 does not have the requirement of any particular form.As an example, but be not to limit by any way, the arbitrary unit in these unit can be represented by the one or more message in the bottom communication host-host protocol.As another example, but be not to limit by any way,, can represent by any one unit in the above unit is comprised or is incorporated in one group of message for the multiple unit of set transmission.Therefore, as an example, but not to limit by any way, content 112 can be distributed on the several separate message with the host-host protocol form of for example FTP or HTTP, perhaps, to be packaged as single permission bag 141 more than one license file 142, perhaps will be included in the single message more than one permission bag 141 host-host protocol form with for example FTP or HTTP.Those skilled in the art will recognize after poring over this application, in the context of the present invention host-host protocol do not had special requirement, host-host protocol might not be several specific protocols of being mentioned, can comprise the combination of other more agreements, transmission technology or important variant etc.
Intermediate server 120 comprises anyly can pass through one or more additional intermediate servers 120 directly or indirectly, the content bag 111 of content 112 is sent to the equipment and the system of secure player 130.Described intermediate server 120 can comprise the copy (or part of copy) that can preserve the content bag 111 that receives from one or more content servers 110 and cache device or other unloading equipment, for example network router that this copy (or part of copy) can be sent to one or more secure player 130.Described intermediate server 120 also can comprise the copy that can preserve the permission bag 141 that receives from one or more permit servers 140 and cache device or other unloading equipment that this copy can be sent to one or more secure player 130.To the path between content server 110 and the secure player 130, perhaps the path between permit server 140 and the secure player 130 does not have special requirement in the context of the present invention.
Communication system 150 comprise any can be between each unit of system 100 equipment or the subsystem or technology of transmission information (for example the content bag 111).In one embodiment, communication system 150 comprises the communication network that can carry out telecommunications to the content bag 111 that comprises content 112, for example the Internet, in-house network, extranets, VPN (virtual private network) (VPN), Local Area Network, wide area network (WAN), enterprise network, special use or public switched network or broadcast communication system.Yet, in the context of the present invention, be electronization operation whole or in part, not special requirement to communication system 150.As an example, but be not to limit by any way, communication system 150 can comprise the transmission of (to small part) physical media, coding has the content bag 111 of content 112 on the described physical media, for example CD-ROM drive burns a CD, DVD, floppy disk, portable hard drive, tape, paper tape, bar code bag, or any other media that can be discerned and explain by secure player 130.
Secure player 130 comprises the computing equipment that can carry out the following stated task, described task comprises and direct or indirect receive the content bag 111 that comprises content 112 and direct or indirect receive the permission bag 141 that comprises license file 142 from permit server 140 from content server 110.In one embodiment, secure player 130 comprises one as being incorporated into the safe processor described in the publication among the application, increases at least one auxiliary equipment 131 and external storage 132 alternatively.In one embodiment, external storage 132 can comprise RAM (random access memory), massage storage (for example disk, compact disk equipment), or some combinations or the like.
Those skilled in the art will recognize that after poring over this application special requirement content server 110, intermediate server 120 and permit server 140 are not actually autonomous device in the context of the present invention.As an example, but be not to limit by any way, content server 110 and permit server 140 can be same equipment, and this equipment not only serves as content server 110 but also serve as permit server 140.Those skilled in the art will recognize, after poring over this application, need not too much experiment or further innovation, and variant other of these ideas and further can be realized, so they also belong in the scope of the invention and the spirit.
Encrypt and encrypt again
Be kept at content bag 111 contents 112 in the content server 110, also may comprise other data (being called " content metadata " sometimes herein) about content, all are comprised the content bag 111 of content 112, use shared content key 113CK to encrypt.Thus, for common content 112, each content bag 111 comes down to identical, and described content bag 111 can be stored in one or more intermediate cache 120, so that what be implemented to secure player 130 is local transmission relatively, even secure player 130 is distributed comparatively widely.Therefore the content bag 111 that is kept in one or more intermediate cache 120 comprises same content 112, and same content metadata adopts same content key 113CK to encrypt.
As mentioned above, content bag 111 can make content bag 111 can be encoded in one or more files, message, track or other the separable information units by electronics or physical medium transmission, is sent out or is stored in computer equipment and the system.The part of content bag 111 or content 112 is called as content bag 111 " piece " or content 112 " piece " sometimes at this.
After poring over the application, those skilled in the art will recognize: in the context of the present invention, as will carrying out division, for content bag 111, perhaps content 112 piece that is divided into any particular type does not have special requirement.These pieces can be corresponding or correspond to available one or more secure Hash value 144SH iThe part 114 of the content 112 of (as described below) verification.As an example, but be not to limit by any way, content bag 111, perhaps content 112, can be according in the communication system 150 maximum constraints or other communication features that wraps size being come divided block.Those skilled in the art will recognize, after poring over the application, need not too much experiment or further innovation, and other in the scope of the invention and the spirit or further idea can be implemented.
The permission bag 141 that is stored in the permit server 140 comprises one or more license files 142, and each license file 142 is all specific to single group content 112 and single secure player 130, and it uses private key for user 143UK to encrypt.In an interchangeable embodiment, each license file 142 can belong to the common owner such as this group secure player 130 specific to the secure player 130 of one group of appointment, is arranged at common place, and common structure type is perhaps arranged.Each license file 142 comprises enough decodings and confirms content 112 believable information, may comprise also how other are about to protect content or how to allow secure player to use the information of content 112.In one embodiment, each license file 142 comprises the recipient UID (unique identification) that guides secure player 130, content key 113CK makes secure player 130 can confirm one or more secure Hash value 144SH of content 112 (at least the i part) authenticity i(being called secure Hash value set 144SH sometimes herein) and can differentiate permission bag 141 and the cryptosecurity signature in license file 142 sources.As an example, but be not to limit by any way, the cryptosecurity signature can comprise the process of use corresponding to the special-purpose permit server key LK* deciphering permission bag 141 of public permit server key LK, and described public permit server key is known for secure player 130.
After poring over the application, those skilled in the art will recognize, in the context of the invention, in order to send in communication system 150, also be possible with permitting bag 141 or license file 142 to be divided into piece.In one embodiment, can predict:, therefore do not need to be divided into piece and just can in communication system 150, send if permission bag 141 is less relatively.Yet those skilled in the art will recognize, after poring over the application, need not too much experiment or further innovation, just can realize permitting bag 141 or license file 142 to be divided into piece, and this also is to drop in the scope and spirit of the present invention.
Secure player 130 comprises at least some safe storages 133, and therefore, secure player 130 can be guaranteed in safe storage 133 information of preserving, can be from secure player 130 outsides, or obtained easily when secure player 130 allows not obtaining.In safe storage 133, secure player 130 comprises its distinctive individual consumer's private key 143UK at least.As response to permission bag 141, secure player 130 produces the 134SK of encryption key once more of a secret, preferred SK is specific to the independent combination of content bag 111 and permission bag 141, and preferred SK uses pseudorandom or stochastic technique to produce in safe processor.In order to begin for the first time to carry out (perhaps using) content bag 111, secure player 130 verification license files 142, and utilization individual consumer private key 143UK extraction content.The content key 113CK decryption content 112 that secure player 130 usefulness embed and calculate the cryptographic Hash of content, and be kept at cryptographic Hash (if existence) in the license file 142 relatively with the cryptographic Hash of the described content of verification.The new secret that produces of secure player 130 usefulness is encryption key 134SK once more, and encrypted content 112 once more.So produced once more encrypted packet 135, comprised content 112 and any content metadata encrypted with secret encryption key 134SK once more, and for follow-up operation (or purposes of other types), can be with secure Hash value 144SH verification.
In one embodiment, secure player 130 is preserved secret encryption key 134SK once more in its safe storage 133, make only to calculate the newly-generated secret correct decryption content 112 of particular safety player 130 of encryption key 134SK (differentiating content 112 backs) once more.
In another embodiment, secure player 130 is preserved inherent secret encryption key once more, and the secret of described inherence encryption key once more is used for encrypting row content encryption key once more.This row content encryption key once more is labeled, encrypts and be kept in the outside massage storage 132.Safety in closed system is not leaked, and perhaps under the situation that the ability of safe processor 130 verification contents 112 authenticities does not have to degenerate, outside massage storage 132 also may fail to survive to be replicated, to swarm into or disturb.
After poring over the application, those skilled in the art will recognize, in the context of the invention, it is possible that content 112 is transferred to secure player 113 with the form of individual part 114, each part uses content key 113CK to encrypt, and each part is used single secret encryption key 134SK or a plurality of secret encryption key 134SK once more once more j(secret encryption key 134SK once more wherein in the later case, jEach and every one body portion 114 of corresponding j) by secure player 130 it is encrypted again.As an example, but be not to limit by any way, content 112 can comprise Streaming Media, such as the audiovisual film that uses one or more auxiliary equipment 131 to play, and with Streaming Media with the stream sequence transmission of individual part 114 to secure player 130.In this case, though secure player 130 may not have can integrated acquisition full content 112, after poring over the application, those skilled in the art will recognize, this situation also drops in the scope and spirit of the present invention, need not too much experiment or further innovation, these notions of the present invention are still attainable.
In another embodiment, content 112 can be encrypted by independent and inequality ground in one or more places, and described place comprises for example content server 110, one or more intermediate servers 120, and perhaps secure player 130 is own.As an example, but be not to limit by any way, behind the equivalent of receiving once more encrypted permission (being included as the content key that intermediate equipment is encrypted) from content server 110, the middle security server 120 that is associated with one group of specific authorized user can be configured to separately described content 112 be encrypted once more, and this group specific authorized user need not themselves and encrypts described content 112 once more as a result.The method of this application safety intermediary does not comprise rewritable massage storage media at player device, or is of great use under the pretty troublesome situation of rewrite operation.
Encryption key management once more
Secure player 130 is in its safety and effectivity memory 133, for each group content 112 is preserved the independent secret that is associated with described content 112 encryption key 134SK once more.If the size of safe storage 133 is not enough to preserve all independent secrets encryption key 134SK once more, then secure player 130 comprises those bag of encryption key once more 136KP of the tabulation of encryption key once more 137 of secret encryption key 134SK once more separately with structure, and the described bag of encryption key once more 136KP itself uses new secret encryption key 134SK once more pEncrypt.Because the described bag of encryption key once more 136KP is with described new secret encryption key 134SK once more pEncrypt, so secure player 130 is externally preserved the encryption key of having encrypted the once more tabulation 137 among the described bag of the encryption key once more 136KP on the memory device 132, in its safe storage 133, preserve described new secret encryption key 134SK once more simultaneously p, and do not worry that anyone (comprising the user) can obtain any one the independent secret encryption key 134SK once more in the described encryption key once more tabulation 137.
If the off-capacity of safe storage 133 is to preserve described new secret encryption key 134SK once more simultaneously pWith the more secret separately that is associated with more contents 112 encryption key 134SK once more, then secure player 130 will be constructed second encryption key bag 136KP once more, described second once more encryption key bag 136KP comprise those separately second encryption key tabulations 137 once more of secret encryption key 134SK once more, described second once more encryption key bag 136KP with another new secret encryption key 134SK once more pEncrypt.After poring over the application, those skilled in the art will recognize that by the classification or the linear circulation of this technology, it is possible preserving this type of a large amount of arbitrarily secret separately encryption key 134SK once more.
Method of operation
Fig. 2 has shown the flow chart that content and license file is sent to the distributing network of safe processor
Method 200 is carried out by system 100.Though method 200 is described with serial mode, the flow point of method 200 and step are can be by associating or parallel separative element asynchronous or synchronously carry out with pipe method or other modes.There is not the described method 200 of special requirement to carry out, unless clear and definite indication is arranged with this specification listed flow point or the identical order of step.
Content delivery
In flow point 210, content server 110 is ready to content 112 is transferred to one or more secure player 130.
In optional step 211, content server 110 is divided into one or more part (not shown) with content 112.In the embodiment that omits this step, content 112 is considered to only be divided into single part.
In step 212, content server 110 calculates signature (such as the secure Hash value SH that is produced by the SHA-1 function for described each part of content 112 i).As an optional part in this step, content server 110 can be one group of secure Hash value SH iCalculate signature (such as the secure Hash value), the set of these signatures is included in this group secure Hash value SH iIn, as the part of aggregation security cryptographic Hash SH.
In step 213, content server 110 is determined content bags 111, and described content bag 111 comprises all parts of content 112, adds that the required information of those parts of any verification content 112 (calculates secure Hash value SH as each part as described in for content 112 i), described content bag 111 uses content key 113CK to encrypt.
In step 214, content server 110 is according to content key 113CK, the needed any information of described part (as their side-play amount and length) of content 112 will be differentiated, and the needed information of those parts of verification content 112 is (such as the secure Hash value SH that calculates for described each part of described content 112 i), be sent to permit server 140.As the part of this step, in one embodiment, content server 110 transmits these information by the security infrastructure that covers communication system 150 and gives permit server 140.
● as first example, but be not to limit by any way, content server 110 cryptographic system that uses public-key sends this information to permit server 140, wherein, the PKI that the signal that is transmitted uses the private key of content server 110 to carry out digital signature and usage license server 140 is encrypted.In one embodiment, permission bag self is safe (encrypted and signed), does not so just need to set up security infrastructure for transmission channel.
● as second example, but be not to limit by any way, content server 110 couriers safe in utilization are sent to permit server 140 with this information, and described safe courier is loaded with media, and described permit server 140 can therefrom be read described information.
In step 215, content server 110 uses communication system 150 and selectively uses intermediate server 120 that content bag 111 is sent to secure player 130.
The license file transmission
In flow point 220, permit server 140 is prepared license file 142 is transferred to one or more secure player 130.
In step 221, permit server 140 is determined single permission 142 information for the secure player of selecting 130.
In step 222, permit server 140 is determined permission bag 141, described permission bag 141 comprises the information (as the secure Hash value) that license file 142 and any checking license file 142 are required, the described permission bag 141 reciever public key encryption in the cryptographic system that uses public-key.In optional embodiment, can use and similarly share the cipher key calculation method.
In step 223, permit server 140 is license file 142 compute signature (as the secure Hash values, such as being produced by the SHA-1 function).
In step 224, permit server 140 will permit bag 142 to be sent to secure player 130.As the part of this step, in one embodiment, permit server 110 sends these information to secure player 130 by the security infrastructure that covers communication system 150.
● as first example, but be not to limit by any way, permit server 140 cryptographic system that uses public-key sends this information to secure player 130, and the private key of the information usage license server 140 that wherein will be transmitted carries out the PKI of digital signature and player safe in utilization 130 and encrypts.
● as second example, but be not to limit by any way, permit server 140 uses courier's transmission information to give secure player 130, and the courier is loaded with media, and secure player 130 can read information from described media like this.After poring over the application, those skilled in the art will recognize that it is safe that the courier needs not to be.
Encrypt once more
Player is the signature of verification permission bag on foundation of trust at first, and extracts content key from the permission bag.If do not encrypted once more before this content, that is, if unpromising this content is calculated secret encryption key once more before it, and being complementary in content Hash value or signature and the license file, so just the decision beginning is encrypted once more.
In flow point 230, secure player 130 is ready to encrypt once more for the content 112 that is kept on one or more External memory equipments 132.
In step 231, secure player 130 produces new secret encryption key 134SK once more, and preferably, described new secret encryption key 134SK once more is unique for the certain content of being encrypted once more 112.In interchangeable embodiment, wherein content 112 is divided into several, and secure player 130 can produce independent (new) secret encryption key 134SK once more for every i
In step 232, secure player 130 uses the described 134SK of encryption key once more that described content 112 is encrypted once more.In interchangeable embodiment, wherein content 112 is divided into several, and the independently secret that secure player 130 can be used each piece respectively is encryption key 134SK once more iEncrypt described content 112 once more.
In step 233, secure player 130 is externally stored the content 112 (being not the 134SK of encryption key once more of its secret) of encrypting once more in the memory 132, make the content 112 of encrypting once more have the possibility that is replicated, invades, distorts, but all these behaviors simultaneously all can not obtain original contents 112.
In step 234, secure player 130 connection relation between encrypted content 112 and the secret 134SK of encryption key once more once more is stored in the tabulation of encryption key once more 137 in the safe storage 133.
In step 235, if there are not in the safe storage 133 enough spaces to preserve all these connection relations between encrypted content 112 and the secret 134SK of encryption key once more once more, secure player 130 can store these connection relations in the external memory storage 132 into.Realize this step, secure player need be carried out following substep:
secure player 130 is created and is comprised or in conjunction with the bag of the encryption key once more 136KP of encryption key tabulation 137 once more.
secure player 130 is once more that encryption key bag 136KP produces (new) secret 134SKp of encryption key once more.In interchangeable embodiment, the secret of this uniqueness encryption key once more can be programmed from stochastic source (such as the actual hardware stochastic source) when chip production and write in this chip.
secure player 130 uses (new) secret 134SKp of encryption key once more to encrypted packet 136KP encryption once more.
● the 136KP of encrypted packet once more that secure player 130 will be encrypted is stored in the exterior storage 132, and encrypted packet 136KP and its independently secret connection relation between the encryption key 134SKp once more store in the safe storage 133 once more simultaneously.
Secure player 130 can repeat step 235 repeatedly as required, with all these once more the connection relation safety between encrypted content 112 and the secret 134SK of encryption key once more preserve (that is, having portion at least in the safe storage 133)
Content is used
In flow point 240, secure player 130 is ready to use content 112.
In step 241, secure player 130 obtains the content 112 of encryption once more from external memory storage 132.
In step 242, secure player 130 or from safe storage 133 or obtain once more connection relation between the 134SK of encryption key once more of encrypted content 112 and its secret from exterior storage 132 (if step 235 be performed more than once).
In step 243, the secret that secure player 130 is used once more encrypted content 112 encryption key 134SK once more is decrypted it, and moves content in safe processor or in the associated safe visual field.For instance, but be not to limit by any way, external equipment 131 (as runtime engine) can comprise arcade game equipment, audiovisual display apparatus or miscellaneous equipment.
In flow point 250, external equipment 131 has been consumed content 112, and secure player 130 can be labeled as it and consume, and perhaps writes down consumption status with the flag data structure.Described flag data structure can be stored in the mass storage, and it is read with License Info by secure player, thereby the qualification of content is used in decision during content release, and of this sort scheme can be used for implementing the limited permission schemes of broadcast.
Interchangeable embodiment
Although the present invention discloses preferred embodiment at this, many possible variations also drop in notion of the present invention, the scope and spirit.After poring over the application, those skilled in the art will recognize these variations.
After poring over the application, those skilled in the art will recognize that these alternate embodiments and variation are illustrative, rather than in order to limit by any way.

Claims (18)

1. method may further comprise the steps:
Safe processor receives encrypted content, and described safe processor contains some customized informations that are kept at safety wherein at least, and described safe processor can be explained described encrypted content, to be used for demonstration;
Described safe processor receives the license file of described encrypted content, and described license file comprises the decruption key of described encrypted content;
Described safe processor receives the information of the authenticity that is enough to the described encrypted content of verification;
Produce new key, described new key and the described encryption key in the described license file are irrelevant, and described new key is safe, can not be found outside described security server; With
Described security server uses described new key that described content is encrypted again.
2. the method for claim 1, wherein described at least reception encrypted content, receive license file or reception and be enough to carry out a step in the step of information of verification, comprise the step that transmission contains the physical media of readable information.
3. the method for claim 1, wherein before using described safe processor to explain described content, by the described step of encrypting described content once more of fail-safe software execution.
4. the method for claim 1, wherein before using described safe processor to explain described content, carry out the step of the described content authenticity of described checking.
5. the method for claim 1 may further comprise the steps: at least a portion of the described result who encrypts described content step once more can be found outside described security server by safe preservation.
6. method may further comprise the steps:
Safe processor receives encrypted content, and described safe processor contains some customized informations that are kept at safety wherein at least, and described safe processor can be explained described encrypted content, to be used for demonstration;
Content at least a portion of described content signature is carried out verification;
Described safe processor uses new key to encrypt described content once more, and described new key is safe, can not be found outside described security server; With
Do not needing to authorize once more or once more under the situation of the described encrypted content once more of authentication-access authority, explaining described encrypted content once more, showing being used for.
7. method may further comprise the steps:
Receive encrypted content in the safe processor, described safe processor contains some customized informations that are kept at safety wherein at least, and described safe processor can be explained described encrypted content, to be used for demonstration;
Described safe processor receives the license file of described encrypted content, and described license file comprises the decruption key of described encrypted content;
Described safe processor receives one group of information of the authenticity that is enough to verify described this part of encrypted content;
Produce new key, described new key is safe, can not be found outside described security server;
Described safe processor uses described new key that described content is encrypted once more; With
In response to request, verify the authenticity of described this part frequently once more to described this part of encrypted content in the described safe processor.
8. method may further comprise the steps:
Safe processor receives encrypted content from content server, and described safe processor contains some customized informations that are kept at safety wherein at least, and described safe processor can be explained described encrypted content, to be used for demonstration;
At (a) described safe processor, (b) described content server, perhaps in the equipment in (c) the 3rd secure medium, use new key to encrypt described content once more, described new key is safe, can outside described security server, not be found, and described new key is sent to receiving equipment safely; With
Described safe processor is explained described encrypted content once more, to be used for demonstration.
9. a method may further comprise the steps:
Safe processor receives the first group encryption content from content server, and described safe processor contains some customized informations that are kept at safety wherein at least, and described safe processor can be explained the described first group encryption content, to be used for demonstration;
In described safe processor or described content server, use first new key that the described first group encryption content is encrypted once more, described first new key is safe, can not be found outside described security server;
Safe processor receives from the content server second group encryption content, and described safe processor contains some customized informations that are kept at safety wherein at least, and described safe processor can be explained the described second group encryption content, to be used for demonstration;
In described safe processor or described content server, use second new key that the described second group encryption content is encrypted once more, described second new key is safe, can not be found outside described security server;
Preserve the connection relation between described first new key and the described first group encryption content, and the connection relation between described second new key and the described second group encryption content;
Described safe processor is explained described perhaps described of encrypting once more in second group of content in first group that encrypts once more at least, to be used for demonstration;
10. method as claimed in claim 9 may further comprise the steps:
Respond the 3rd secret key encryption information relevant with described connection relation, described the 3rd key is safe, can not be found outside described security server; With
Outside described safe processor, preserve the result of the step of encrypting the information relevant with described connection relation.
11. a method may further comprise the steps:
Receive one group of partial content and identify a group, each described evaluation Xiang Yuyi described partial content is relevant;
Before explaining or showing described part, read in a described part earlier;
The described evaluation item of response and described part correlation is identified described part; With
Respond described reading in and authentication step, explain or show described content.
12. method as claimed in claim 11, wherein, each of described part comprises the different masses of described content, and therefore the associating of described part just comprises described whole contents.
13. method as claimed in claim 11, wherein,
Each described evaluation item comprises the tag block with a described part correlation; With
Described authentication step comprises with the relevant evaluation item of described part verifies described part;
14. method as claimed in claim 11, wherein, described receiving step comprises a step that receives a described evaluation group from server trusty.
15. method as claimed in claim 11 may further comprise the steps:
Reception and described one group of evaluation item identifying that a group is relevant; With
Respond a described evaluation group, verify that described one group is identified item.
16. method as claimed in claim 15 wherein, receives a described step of group of identifying and comprises from the described evaluation of a server reception trusty group.
17. a method may further comprise the steps:
Safeguard the dissemination system of sealing, described sealing dissemination system comprises one group of equipment;
For each the described equipment that is included in the described sealing dissemination system is preserved at least one public code content key;
Forbid never being included in the equipment distributing contents of equipment in being included in described sealing dissemination system in the described sealing dissemination system;
Wherein, forbid that step comprises that requirement has the right to use at least one in the described public code content key, described public code content key is used for each and wishes equipment to the equipment distributing contents that is included in described sealing dissemination system.
18. a method may further comprise the steps:
Safety means receive one group of partial content and one group of evaluation item, and each described evaluation item is relevant with a described partial content;
At least verify a described part in explanation or before showing described part, with the described evaluation item of response with described part correlation; With
Preservation and explain or shows the state that described content is relevant, to respond in the described part group of having explained or show;
Be included in record security data element outside the described safety means in described preservation step, described secure data element is password-protected, can not obtained by outside the described safety means either party.
CN 200610072269 2006-04-17 2006-04-17 Forbid to distribute a great deal of unauthorized content in the closed content distribution system Pending CN101060395A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200610072269 CN101060395A (en) 2006-04-17 2006-04-17 Forbid to distribute a great deal of unauthorized content in the closed content distribution system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200610072269 CN101060395A (en) 2006-04-17 2006-04-17 Forbid to distribute a great deal of unauthorized content in the closed content distribution system

Publications (1)

Publication Number Publication Date
CN101060395A true CN101060395A (en) 2007-10-24

Family

ID=38866307

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200610072269 Pending CN101060395A (en) 2006-04-17 2006-04-17 Forbid to distribute a great deal of unauthorized content in the closed content distribution system

Country Status (1)

Country Link
CN (1) CN101060395A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102891754A (en) * 2012-10-10 2013-01-23 雷欧尼斯(北京)信息技术有限公司 Method and device for protecting network digital multimedia copyright

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102891754A (en) * 2012-10-10 2013-01-23 雷欧尼斯(北京)信息技术有限公司 Method and device for protecting network digital multimedia copyright
CN102891754B (en) * 2012-10-10 2015-04-08 雷欧尼斯(北京)信息技术有限公司 Method and device for protecting network digital multimedia copyright

Similar Documents

Publication Publication Date Title
US9607131B2 (en) Secure and efficient content screening in a networked environment
RU2449494C2 (en) Method of multimedia data protection
US9342701B1 (en) Digital rights management system and methods for provisioning content to an intelligent storage
US8646061B2 (en) Method and apparatus for transmitting rights object information between device and portable storage
EP1630998A1 (en) User terminal for receiving license
CN1934821A (en) Authentication between device and portable storage
US9047445B2 (en) Memory device and method for updating a security module
CA2683661A1 (en) Method and apparatus for delivering encoded content
CN101277181A (en) Dynamic multilayer encryption method for managing flow medium digital authority
CN104244026A (en) Secret key distribution device in video monitoring system
CN102461114A (en) Method for performing double domain encryption a memory device
US20170353745A1 (en) Secure media player
JP2011530197A (en) Method for preventing laundering and repackaging of multimedia content in a content distribution system
CN101471942B (en) Encryption device, decryption device, data delivery device and data receiving device
RU2010105036A (en) MAS CODE CHECK WITHOUT ITS DISCLOSURE
CN104966000A (en) Multimedia copyright protection method based on security engine
CN1675928A (en) Method for verifying validity of domestic digital network key
CN105191332A (en) Method and device to embed watermark in uncompressed video data
EP2503480A1 (en) Method and devices for secure data access and exchange
US20120284522A1 (en) Method and System for Securing Multimedia Data Streamed Over a Network
US20190147142A1 (en) Digital rights management for anonymous digital content sharing
CN101060395A (en) Forbid to distribute a great deal of unauthorized content in the closed content distribution system
AU2012227266B2 (en) Use of media storage structure with multiple pieces of content in a content-distribution system
CN109429106A (en) Program request movie theatre pro digital cinematographic projector broadcast control system
KR20200074835A (en) Video data protection system and method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication