CN101227271A - Method and apparatus for enciphering and deciphering of contents - Google Patents
Method and apparatus for enciphering and deciphering of contents Download PDFInfo
- Publication number
- CN101227271A CN101227271A CNA2008100569074A CN200810056907A CN101227271A CN 101227271 A CN101227271 A CN 101227271A CN A2008100569074 A CNA2008100569074 A CN A2008100569074A CN 200810056907 A CN200810056907 A CN 200810056907A CN 101227271 A CN101227271 A CN 101227271A
- Authority
- CN
- China
- Prior art keywords
- key
- content
- encryption
- generation unit
- foundation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention relates to a method for encrypting contents, which comprises: arranging a foundation secret key, a content encryption secret key, a content additional mark and secret key strategies of a final encryption secret key, constructing the foundation secret key according to the secret key strategies of the foundation secret key, generating the content encryption secret key according to the foundation secret key and the secret key strategies of the content encryption secret key, generating content additional mark symbols according to the secret key strategies of the content encryption secret key, generating the final encryption secret key according to the content encryption secret key, the content additional mark symbols the final encryption secret key, and encrypting original texts into cryptograms. The invention also discloses a relative method for decrypting, an encryption device and a decryption device. The secret key strategies of the invention is flexible and changeable and does not need analyzing the type of concrete contents, which increases the processing efficiency and fully guarantees the safety of the contents since the cryptograms of the same content are not same.
Description
Technical field
The present invention relates to the encrypting and decrypting method and the device of Network Communicate Security technical field, particularly a kind of content.
Background technology
Along with wired and increase wireless network bandwidth, the continuous improvement of access conditions, be that the content application of representative is extensive day by day with picture, audio frequency, video, especially a good content more can cause and pays close attention to widely and propagate.For the possessory rights and interests of protecting intellectual property rights, how content to be encrypted, problems such as the rights of using control of being correlated with become one of focus gradually.
At present, standard, agreement and the standard of each main audio/video flow transmission to having in this respect relate to more.For example the ISO13818 of International Standards Organization " universal coding of information technology---moving image and audio signal thereof " series standard when describing transport stream in its first, has just been reserved the mechanism that condition inserts.At the beginning of 2004, this standard has increased the tenth part " intellectual property right management of MPEG2 and protection " again newly, so that provide framework and interface for other intellectual property right management and guard method.The 13 part of another of International Standards Organization part audio frequency and video series standard ISO14496 " information technology---audio frequency and video object coding " has also defined " intellectual property right management and protection expansion ".And for example, internet stream media alliance (ISMA, InternetStreaming Media Alliance) has also issued encryption and authentication specifications when formulating Streaming Media transmission related specifications, the encryption equipment that meets ISMA standard Media Stream has been manufactured definition.One cover possesses the frame structure of interoperability but above-mentioned standard, agreement and standard mainly lay particular emphasis on definition, and only is defined in specific streaming medium content, does not have versatility, and as for as the concrete grammar encrypted of appearance where internally, it is limited to touch upon.
Simultaneously, relevant with the media contents security transmission patent or patent application also have some.For example the patent No. has been described a kind of change key media stream privacy method for the European patent " Encryption processing for streaming media " of " EP 1195968A2 ", this method is done secure hash to the label in basic key and the media stream data bag, obtain the encryption key of individual data bag, because the label difference of packet, so the encryption key of different pieces of information bag is also different.And for example, the patent No. is that the international monopoly " Method and apparatus for two-level copy protection " of WO9744736A1 has just been described a kind of double-deck anti-copy method of encrypting, its ground floor adopts single key handling, can adopt the encryption method of moderate strength to encrypt pending content; Its second layer is then handled at the key of preceding one deck, can adopt such as higher-strength methods such as asymmetric encryption aforementioned key is handled.Though above-mentioned patent does not relate to more specific details, only be Media Stream, and will resolve whole specific Media Stream at particular type, treatment effeciency is not very high, versatility is not strong.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of encrypting and decrypting method and device of content, highly versatile, efficient height.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of content enciphering method, this method comprises:
A1, the key strategy of foundation key, contents encryption key, content additional identification and final encryption key is set;
A2, according to the key constructing tactics foundation key of foundation key, generate contents encryption key according to the key strategy of foundation key, contents encryption key; Key strategy according to the content attach identifier generates the content attach identifier;
A3, generate final encryption key, and the content original text is encrypted as ciphertext according to the key strategy of contents encryption key, content attach identifier and final encryption key.
Described foundation key is static keys or dynamic key.
Described dynamic key is changed foundation key for timing, or foundation key is changed in not timing.
A kind of contents decryption method, this method comprises:
B1, according to the key strategy of content attach identifier, contents encryption key, final encryption key, generate content decryption key;
B2, ciphertext is resolved to the content original text according to content decryption key.
A kind of content-encrypt device, this device comprise control unit, key generation unit, contents encryption key generation unit, content additional identification generation unit and content encryption unit,
Control unit is used to set the key strategy of key generation unit, contents encryption key generation unit, content additional identification generation unit and content encryption unit;
The key generation unit is used for the key strategy formation base key according to described foundation key;
The contents encryption key generation unit, the key strategy, the foundation key that are used for according to described contents encryption key generate contents encryption key;
Content additional identification generation unit is used for generating the content attach identifier according to the key strategy of described content additional identification;
Content encryption unit is used for the key strategy according to described final encryption key, described contents encryption key and described content attach identifier is generated final encryption key, and the content original text is encrypted as ciphertext.
The key generation unit is by manual activation or triggering automatically.
A kind of decryption device, described decryption device comprises content decryption key generation unit and content decryption unit,
The content decryption key generation unit is used for the key strategy according to the contents encryption key, content attach identifier and the content encryption unit that obtain, generates content decryption key;
Content decryption unit, being used for according to described content decryption key is the content original text with decrypt ciphertext.
The method that the present invention proposes is by metastable foundation key and the flexible follow-up final encryption key of key constructing tactics that education is ordered to foundation key that changes, need not to resolve the type of concrete content, make treatment effeciency improve, generate an extra content attach identifier simultaneously, make that the ciphertext behind the same content-encrypt is also different, fully guaranteed the fail safe of content.On cipher key delivery, key adopts the encryption of higher-strength, and the transfer approach by safety is obtained by content recipient, has guaranteed the fail safe of key.
Description of drawings
Fig. 1 be in one embodiment of the present of invention terminal to the process schematic diagram of download system request ciphertext;
Fig. 2 be in one embodiment of the present of invention terminal to the process schematic diagram of authorization center request decruption key;
Fig. 3 is an encryption device schematic diagram of the present invention;
Fig. 4 is a decryption device schematic diagram of the present invention.
Embodiment
Basic thought of the present invention is: the key strategy according to application person is handled the foundation key that generates for the first time, generate contents encryption key, final encryption key by contents encryption key and the combination of content additional identification is encrypted the content original text, equally contents encryption key and content attach identifier are generated content decryption key during deciphering, be not preserve final encryption key in the whole process, thereby guarantee the safety of ciphertext, and the needs that can adapt to different content have very strong versatility.
Download to example with the mobile phone content that adopts Digital Right Management (DRM, Digital Right Management) technology, idiographic flow of the present invention is described.
Terminal downloads certain when adopting the content that Digital Right Management technology protects, process as shown in Figure 1:
Step 101: terminal sends content download request to download system.
Step 102: download system sends to authorization center and comprises raw content information and encrypt the content packaging request that the back content is deposited information.
Step 103: authorization center is encrypted according to content packaging request structure content corresponding and is asked Content Management System.
Step 104: Content Management System sends the key register requirement according to the content-encrypt request that receives to key management system.
Step 105: key management system is determined the key strategy of foundation key, contents encryption key, content additional identification according to demands of applications.For example, simple an application down, application person adopts the key strategy that self designs, and each several part key strategy is as shown in table 1:
| The key classification | The key strategy | For example |
| Foundation key | Adopt the user to generate 10 bit digital keys at random from editor's formula | 1002003004 |
| Contents encryption key | The foundation key front three is moved at last | 2003004100 |
| The content additional identification | Generate the hybrid code of 3 bit digital letters at random | 5qt |
Table 1
Wherein, after the content additional identification generates, send to the deciphering module of key management system simultaneously, contents encryption key and content attach identifier are preserved, in the response of key register requirement, carry contents encryption key and content attach identifier then.
Step 106: contents encryption key and content additional identification that Content Management System returns according to the key registration response of receiving from key management system, contents encryption key and content additional identification are simply merged, generate final encryption key 20030041005qt, the content original text is encrypted as ciphertext, sends the content-encrypt response to authorization center after encryption is finished.In the present embodiment, key management system generates final encryption key the content original text is encrypted after, do not preserve final encryption key.
Step 107: the content-encrypt response back that authorization center receives the Content Management System transmission sends the content packaging response to download system.
Step 108: download system sends to terminal to ciphertext.
When the user uses content by terminal, flow process as shown in Figure 2:
Step 201: terminal is initiated the content authorization requests to authorization center.
Step 202: authorization center is constructed the key query requests according to the content authorization requests that receives, and sends to key management system.
Step 203: key management system is according to the key query requests of receiving, inquiry content corresponding additional identification 2003004100 and contents encryption key 5qt from database, generate final encryption key 20030041005qt according to corresponding key strategy, also be content decryption key simultaneously, and the returned content decruption key is given authorization center in the key query requests.
Step 204: after authorization center is received the key inquiry response, the structure authorization object, information such as authorization object content decruption key and content corresponding rights of using are to terminal returned content authorization response.
For guaranteeing the integrality and the reliability of communication information, the content authorization requests can utilize the private key of terminal to carry out digital signature; The content authorization response can utilize the private key of authorization center to carry out digital signature too.Terminal just can be decrypted processing to ciphertext according to content decryption key after obtaining authorization object and installation in the content authorization response, and the content original text after obtaining deciphering is for use.
In addition, the foundation key in the step 105 can be static keys or dynamic key, and static keys promptly all adopts the same foundation key to the difference request of same content, and dynamic key promptly also adopts different foundation keys to the difference request of same content; As be dynamic key, substitute mode be regularly or not timing all can, regularly promptly set section sometime, do not change foundation key in this time period, through after this time period, the foundation key that more renews, when not timing promptly changes foundation key according to application person's demand decision; The key strategy can be set arbitrarily according to application person's needs, can be known cryptographic algorithm, also can be the self-designed key algorithm of application person.
The device of above method correspondence comprises encryption device and decryption device, and encryption device comprises control unit, key generation unit, contents encryption key generation unit, content additional identification generation unit and content encryption unit as shown in Figure 3,
Control unit is used to set the key strategy of key generation unit, contents encryption key generation unit, content additional identification generation unit and content encryption unit, and each key strategy is sent to corresponding units;
The key generation unit is used for the key strategy formation base key according to foundation key, and sends to the contents encryption key generation unit;
The contents encryption key generation unit according to key strategy, the foundation key generation contents encryption key of contents encryption key, and sends to content encryption unit and decryption device;
Content additional identification generation unit according to the key strategy generation content attach identifier of content additional identification, and sends to content encryption unit and decryption device;
Content encryption unit according to the key strategy of final encryption key, generates final encryption key with contents encryption key and content attach identifier, and the content original text is encrypted as ciphertext.
Decryption device comprises content decryption key generation unit and content decryption unit as shown in Figure 4,
The content decryption key generation unit, the key strategy of content attach identifier that obtains according to the contents encryption key that obtains from the contents encryption key generation unit, from content additional identification generation unit and the content encryption unit that obtains from control unit generates content decryption key and also sends to content decryption unit;
Content decryption unit is the content original text according to content decryption key with decrypt ciphertext.
The key generation unit can or impose a condition by manual activation, as triggers automatically after receiving key request; The formation base key can adopt general-purpose algorithm, as the KDF2 algorithm in the X9.44 standard, also can adopt the self-designed privately owned algorithm of application person.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.
Claims (7)
1. a content enciphering method is characterized in that, this method comprises:
A1, the key strategy of foundation key, contents encryption key, content additional identification and final encryption key is set;
A2, according to the key constructing tactics foundation key of foundation key, generate contents encryption key according to the key strategy of foundation key, contents encryption key; Key strategy according to the content attach identifier generates the content attach identifier;
A3, generate final encryption key, and the content original text is encrypted as ciphertext according to the key strategy of contents encryption key, content attach identifier and final encryption key.
2. content enciphering method according to claim 1 is characterized in that, described foundation key is static keys or dynamic key.
3. content enciphering method according to claim 2 is characterized in that, described dynamic key is changed foundation key for timing, or foundation key is changed in not timing.
4. a contents decryption method is characterized in that, this method comprises:
B1, according to the key strategy of content attach identifier, contents encryption key, final encryption key, generate content decryption key;
B2, ciphertext is resolved to the content original text according to content decryption key.
5. a content-encrypt device is characterized in that, this device comprises control unit, key generation unit, contents encryption key generation unit, content additional identification generation unit and content encryption unit,
Control unit is used to set the key strategy of key generation unit, contents encryption key generation unit, content additional identification generation unit and content encryption unit;
The key generation unit is used for the key strategy formation base key according to described foundation key;
The contents encryption key generation unit, the key strategy, the foundation key that are used for according to described contents encryption key generate contents encryption key;
Content additional identification generation unit is used for generating the content attach identifier according to the key strategy of described content additional identification;
Content encryption unit is used for the key strategy according to described final encryption key, described contents encryption key and described content attach identifier is generated final encryption key, and the content original text is encrypted as ciphertext.
6. content-encrypt device according to claim 5 is characterized in that, the key generation unit is by manual activation or triggering automatically.
7. a decryption device is characterized in that, described decryption device comprises content decryption key generation unit and content decryption unit,
The content decryption key generation unit is used for the key strategy according to the contents encryption key, content attach identifier and the content encryption unit that obtain, generates content decryption key;
Content decryption unit, being used for according to described content decryption key is the content original text with decrypt ciphertext.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100569074A CN101227271B (en) | 2008-01-25 | 2008-01-25 | Method and apparatus for enciphering and deciphering of contents |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100569074A CN101227271B (en) | 2008-01-25 | 2008-01-25 | Method and apparatus for enciphering and deciphering of contents |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101227271A true CN101227271A (en) | 2008-07-23 |
| CN101227271B CN101227271B (en) | 2012-03-07 |
Family
ID=39859047
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008100569074A Expired - Fee Related CN101227271B (en) | 2008-01-25 | 2008-01-25 | Method and apparatus for enciphering and deciphering of contents |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101227271B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105574441A (en) * | 2015-11-09 | 2016-05-11 | 北京中电华大电子设计有限责任公司 | Embedded firmware protection method and device |
| CN106778205A (en) * | 2015-10-28 | 2017-05-31 | 德州仪器公司 | Verified with the no data storehouse of physics unclonable function |
| CN110876085A (en) * | 2018-09-03 | 2020-03-10 | 国家广播电视总局广播电视科学研究院 | Method, system and client for protecting multimedia content |
| CN117768245A (en) * | 2024-02-22 | 2024-03-26 | 暨南大学 | full-link data security protection method and system |
| CN117768245B (en) * | 2024-02-22 | 2024-05-10 | 暨南大学 | Full-link data security protection method and system |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106936782A (en) * | 2015-12-30 | 2017-07-07 | 航天信息股份有限公司 | Encryption method and encryption device |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| NZ506002A (en) * | 2000-07-26 | 2003-01-31 | Rpk New Zealand Ltd | Encryption processing for streaming media by assigning tag value, creating packet key, encrypting data and adding tag value |
| US7352868B2 (en) * | 2001-10-09 | 2008-04-01 | Philip Hawkes | Method and apparatus for security in a data processing system |
| CN1675878A (en) * | 2002-08-20 | 2005-09-28 | 皇家飞利浦电子股份有限公司 | Mobile network authentication for protecting stored content |
| CN1946018B (en) * | 2006-10-26 | 2011-01-19 | 中兴通讯股份有限公司 | Encrypting and de-encrypting method for medium flow |
-
2008
- 2008-01-25 CN CN2008100569074A patent/CN101227271B/en not_active Expired - Fee Related
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778205A (en) * | 2015-10-28 | 2017-05-31 | 德州仪器公司 | Verified with the no data storehouse of physics unclonable function |
| CN105574441A (en) * | 2015-11-09 | 2016-05-11 | 北京中电华大电子设计有限责任公司 | Embedded firmware protection method and device |
| CN110876085A (en) * | 2018-09-03 | 2020-03-10 | 国家广播电视总局广播电视科学研究院 | Method, system and client for protecting multimedia content |
| CN117768245A (en) * | 2024-02-22 | 2024-03-26 | 暨南大学 | full-link data security protection method and system |
| CN117768245B (en) * | 2024-02-22 | 2024-05-10 | 暨南大学 | Full-link data security protection method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101227271B (en) | 2012-03-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101491078B (en) | Method, apparatus and system for secure distribution of content | |
| EP2044568B1 (en) | Method and apparatus for securely moving and returning digital content | |
| KR101366243B1 (en) | Method for transmitting data through authenticating and apparatus therefor | |
| CN101719910B (en) | Terminal equipment for realizing content protection and transmission method thereof | |
| CN101821746B (en) | Device and method for backup of rights objects | |
| CN102802036B (en) | System and method for identifying digital television | |
| Tan et al. | Comments on “dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks” | |
| CN101977190B (en) | Digital content encryption transmission method and server side | |
| CN101019370A (en) | Method of providing conditional access | |
| CN102100031A (en) | Apparatus and method for providing a security service in a user interface | |
| US20170353745A1 (en) | Secure media player | |
| CN100426718C (en) | A secure transmission method for media content | |
| KR100826522B1 (en) | Apparatus and method for dynamic ciphering in mobile communication system | |
| CN104243439A (en) | File transfer processing method and system and terminals | |
| CN102111681B (en) | Key system for digital television broadcast condition receiving system | |
| US8737622B2 (en) | Method for importing rights object and rights issuer | |
| CN101350917B (en) | Method and system for managing digital video copyright | |
| CN1946018B (en) | Encrypting and de-encrypting method for medium flow | |
| CN102647393B (en) | Digital signage content piracy prevention method | |
| CN101227271B (en) | Method and apparatus for enciphering and deciphering of contents | |
| CN101145932B (en) | A realization method and system for program stream secret key in mobile multi-media broadcast service | |
| CN101521668B (en) | Method for authorizing multimedia broadcasting content | |
| CN102917252A (en) | IPTV (internet protocol television) program stream content protection system and method | |
| CN101488850B (en) | Method for ciphering content of multimedia broadcast | |
| CN111541652B (en) | System for improving security of secret information keeping and transmission |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120307 Termination date: 20170125 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |