CN101227271B - Method and apparatus for enciphering and deciphering of contents - Google Patents
Method and apparatus for enciphering and deciphering of contents Download PDFInfo
- Publication number
- CN101227271B CN101227271B CN2008100569074A CN200810056907A CN101227271B CN 101227271 B CN101227271 B CN 101227271B CN 2008100569074 A CN2008100569074 A CN 2008100569074A CN 200810056907 A CN200810056907 A CN 200810056907A CN 101227271 B CN101227271 B CN 101227271B
- Authority
- CN
- China
- Prior art keywords
- key
- content
- encryption
- decryption
- generation unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention relates to a method for encrypting contents, which comprises: arranging a foundation secret key, a content encryption secret key, a content additional mark and secret key strategies of a final encryption secret key, constructing the foundation secret key according to the secret key strategies of the foundation secret key, generating the content encryption secret key according to the foundation secret key and the secret key strategies of the content encryption secret key, generating content additional mark symbols according to the secret key strategies of the content encryption secret key, generating the final encryption secret key according to the content encryption secret key, the content additional mark symbols the final encryption secret key, and encrypting original texts into cryptograms. The invention also discloses a relative method for decrypting, an encryption device and a decryption device. The secret key strategies of the invention is flexible and changeable and does not need analyzing the type of concrete contents, which increases the processing efficiency and fully guarantees the safety of the contents since the cryptograms of the same content are not same.
Description
Technical field
The present invention relates to the encrypting and decrypting method and the device of Network Communicate Security technical field, particularly a kind of content.
Background technology
Along with wired and increase wireless network bandwidth, the continuous improvement of access conditions, be that the content application of representative is extensive day by day with picture, audio frequency, video, especially a good content more can cause and pays close attention to widely and propagate.For the possessory rights and interests of protecting intellectual property rights, how content to be encrypted, problems such as the rights of using control of being correlated with become one of focus gradually.
At present, standard, agreement and the standard of each main audio/video flow transmission to having in this respect relate to more.For example the ISO13818 of International Standards Organization " universal coding of information technology---moving image and audio signal thereof " series standard when describing MPTS in its first, has just been reserved the mechanism that condition inserts.At the beginning of 2004, this standard has increased the tenth part " intellectual property right management of MPEG2 and protection " again newly, so that framework and interface are provided for other intellectual property right management and guard method.The 13 part of another of International Standards Organization part audio frequency and video series standard ISO14496 " information technology---audio frequency and video object coding " has also defined " intellectual property right management and protection expansion ".And for example, internet stream media alliance (ISMA, InternetStreaming Media Alliance) has also issued encryption and authentication specifications when formulating Streaming Media transmission related specifications, the encryption equipment that meets ISMA standard Media Stream has been manufactured definition.One cover possesses the frame structure of interoperability but above-mentioned standard, agreement and standard major side overweight definition, and only is defined in specific streaming medium content, does not have versatility, and as for as the concrete grammar encrypted of appearance where internally, it is limited to touch upon.
Simultaneously, with relevant patent or the patent application of media contents security transmission some is arranged also.For example the patent No. has been described a kind of change key media stream privacy method for the European patent " Encryption processing for streaming media " of " EP 1195968A2 "; This method is done secure hash to the label in basic key and the media stream data bag; Obtain the encryption key of individual data bag; Because the label of packet is different, so the encryption key of different pieces of information bag is also different.And for example; The patent No. is that the international monopoly " Method and apparatus for two-level copy protection " of WO9744736A1 has just been described a kind of double-deck anti-copy method of encrypting; Its ground floor adopts single key handling, can adopt the encryption method of moderate strength to encrypt pending content; Its second layer is then handled to the key of preceding one deck, can adopt such as higher-strength methods such as asymmetric encryption aforementioned key is handled.Though above-mentioned patent does not relate to more specific details, only be Media Stream, and will resolve whole specific Media Stream to particular type, treatment effeciency is not very high, versatility is not strong.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of encrypting and decrypting method and device of content, highly versatile, and efficient is high.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of content encryption-decryption method, this method comprises:
A1, the key strategy of foundation key, contents encryption key, content attach identifier and final encryption key is set;
A2, according to the key constructing tactics foundation key of foundation key, generate contents encryption key according to the key strategy of foundation key, contents encryption key; Key strategy according to the content attach identifier generates the content attach identifier;
A3, generate final encryption key, and the content original text is encrypted as ciphertext according to the key strategy of contents encryption key, content attach identifier and final encryption key;
The key strategy of B1, the final encryption key that uses during according to content attach identifier, contents encryption key and encryption generates content decryption key;
B2, ciphertext is resolved to the content original text according to content decryption key.
Said foundation key is static keys or dynamic key.
Said dynamic key is changed foundation key for timing, or foundation key is changed in not timing.
A kind of content encryption-decryption system, this system comprises encryption device and decryption device; Wherein, encryption device comprises control unit, key generation unit, contents encryption key generation unit, content attach identifier generation unit, content encryption unit; Decryption device comprises content decryption key generation unit and content decryption unit,
Control unit is used to set the key strategy of key generation unit, contents encryption key generation unit, content attach identifier generation unit and content encryption unit;
The key generation unit is used for the key strategy formation base key according to foundation key;
The contents encryption key generation unit, the key strategy, the foundation key that are used for according to contents encryption key generate contents encryption key;
Content attach identifier generation unit is used for generating the content attach identifier according to the key strategy of content attach identifier;
Content encryption unit is used for the key strategy according to said final encryption key, said contents encryption key and said content attach identifier is generated final encryption key, and the content original text is encrypted as ciphertext;
The content decryption key generation unit, the key strategy of the final encryption key that uses when being used for according to the contents encryption key that obtains, content attach identifier and encryption generates content decryption key;
Content decryption unit, being used for according to said content decryption key is the content original text with decrypt ciphertext.
The key generation unit is by manual activation or triggering automatically.
The method that the present invention proposes is by metastable foundation key and the follow-up final encryption key of key constructing tactics that education is ordered to foundation key that changes flexibly; Need not to resolve the type of concrete content; Make treatment effeciency improve; Generate an extra content attach identifier simultaneously, make that the ciphertext behind the same content-encrypt is also different, fully guaranteed the fail safe of content.On key delivery, key adopts the encryption of higher-strength, and the transfer approach through safety is obtained by content recipient, has guaranteed the fail safe of key.
Description of drawings
Fig. 1 be in one embodiment of the present of invention the terminal to the process sketch map of download system request ciphertext;
Fig. 2 be in one embodiment of the present of invention the terminal to the process sketch map of authorization center request decruption key;
Fig. 3 is an encryption device sketch map of the present invention;
Fig. 4 is a decryption device sketch map of the present invention.
Embodiment
Basic thought of the present invention is: the key strategy according to application person is handled the foundation key that generates for the first time; Generate contents encryption key; Final encryption key through contents encryption key and content attach identifier combine is encrypted the content original text; Equally contents encryption key and content attach identifier are generated content decryption key during deciphering, do not preserve final encryption key in the promptly whole process, thereby guarantee the safety of ciphertext; And the needs that can adapt to different content have very strong versatility.
Mobile phone content to adopt Digital Right Management (DRM, Digital Right Management) technology is downloaded to example, and idiographic flow of the present invention is described.
Terminal downloads certain when adopting the content that Digital Right Management technology protects, process is as shown in Figure 1:
Step 101: content download request is sent to download system in the terminal.
Step 102: download system sends to authorization center and comprises raw content information and encrypt the content packaging request that the back content is deposited information.
Step 103: authorization center arrives Content Management System according to content packaging request structure content corresponding enciphering request.
Step 104: Content Management System sends the key register requirement according to the content-encrypt request that receives to key management system.
Step 105: key management system is confirmed the key strategy of foundation key, contents encryption key, content attach identifier according to demands of applications.For example, simple an application down, application person adopts the key strategy that self designs, and each several part key strategy is as shown in table 1:
| The key classification | The key strategy | For example |
| Foundation key | Adopt the user to generate 10 bit digital keys at random from editor's formula | 1002003004 |
| Contents encryption key | The foundation key front three is moved at last | 2003004100 |
| The content attach identifier | Generate the hybrid code of 3 bit digital letter at random | 5qt |
Table 1
Wherein, after the content attach identifier generates, send to the deciphering module of key management system simultaneously, contents encryption key and content attach identifier are preserved, in the response of key register requirement, carry contents encryption key and content attach identifier then.
Step 106: contents encryption key and content attach identifier that Content Management System returns according to the key register response of receiving from key management system; Contents encryption key and content attach identifier are simply merged; Generate final encryption key 20030041005qt; The content original text is encrypted as ciphertext, sends the content-encrypt response to authorization center after encryption is accomplished.In the present embodiment, key management system generates final encryption key the content original text is encrypted after, do not preserve final encryption key.
Step 107: authorization center receives the content-encrypt response back of Content Management System transmission and sends the content packaging response to download system.
Step 108: download system sends to the terminal to ciphertext.
When the user used content through the terminal, flow process was as shown in Figure 2:
Step 201: the content authorization requests is initiated to authorization center in the terminal.
Step 202: authorization center is constructed the key query requests according to the content authorization requests that receives, and sends to key management system.
Step 203: key management system is according to the key query requests of receiving; Inquiry content corresponding attach identifier 2003004100 and contents encryption key 5qt from database; Generate final encryption key 20030041005qt according to corresponding key strategy; Also be content decryption key simultaneously, and the returned content decruption key is given authorization center in the key query requests.
Step 204: after authorization center is received the key inquiry response, the structure authorization object, information such as authorization object content decruption key and content corresponding rights of using are to terminal returned content authorization response.
For guaranteeing the integrality and the reliability of communication information, the content authorization requests can utilize the private key at terminal to carry out digital signature; The content authorization response can utilize the private key of authorization center to carry out digital signature too.After the terminal obtains the authorization object and installation in the content authorization response, just can carry out decryption processing to ciphertext according to content decryption key, the content original text after obtaining deciphering is for use.
In addition, the foundation key in the step 105 can be static keys or dynamic key, and static keys promptly all adopts the same foundation key to the difference request of same content, and dynamic key promptly also adopts different foundation keys to the difference request of same content; As be dynamic key, substitute mode be regularly or not timing all can, regularly promptly set section sometime; Do not change foundation key in this time period; Through after this time period, the foundation key that more renews, when not timing promptly changes foundation key according to application person's demand decision; The key strategy can be set arbitrarily according to application person's needs, can be known AES, also can be the self-designed key algorithm of application person.
The corresponding device of above method comprises encryption device and decryption device, and encryption device is as shown in Figure 3, comprises control unit, key generation unit, contents encryption key generation unit, content attach identifier generation unit and content encryption unit,
Control unit is used to set the key strategy of key generation unit, contents encryption key generation unit, content attach identifier generation unit and content encryption unit, and each key strategy is sent to corresponding units;
The key generation unit is used for the key strategy formation base key according to foundation key, and sends to the contents encryption key generation unit;
The contents encryption key generation unit according to key strategy, the foundation key generation contents encryption key of contents encryption key, and sends to content encryption unit and decryption device;
Content attach identifier generation unit according to the key strategy generation content attach identifier of content attach identifier, and sends to content encryption unit and decryption device;
Content encryption unit according to the key strategy of final encryption key, generates final encryption key with contents encryption key and content attach identifier, and the content original text is encrypted as ciphertext.
Decryption device is as shown in Figure 4, comprises content decryption key generation unit and content decryption unit,
The content decryption key generation unit; The key strategy of content attach identifier that obtains according to the contents encryption key that obtains from the contents encryption key generation unit, from content attach identifier generation unit and the content encryption unit that obtains from control unit generates content decryption key and also sends to content decryption unit;
Content decryption unit is the content original text according to content decryption key with decrypt ciphertext.
The key generation unit can or impose a condition by manual activation, as triggers automatically after receiving key request; The formation base key can adopt general-purpose algorithm, like the KDF2 algorithm in the X9.44 standard, also can adopt the self-designed privately owned algorithm of application person.
The above is merely preferred embodiment of the present invention, is not to be used to limit protection scope of the present invention.
Claims (5)
1. a content encryption-decryption method is characterized in that, this method comprises:
A1, the key strategy of foundation key, contents encryption key, content attach identifier and final encryption key is set;
A2, according to the key constructing tactics foundation key of foundation key, generate contents encryption key according to the key strategy of foundation key, contents encryption key; Key strategy according to the content attach identifier generates the content attach identifier;
A3, generate final encryption key, and the content original text is encrypted as ciphertext according to the key strategy of contents encryption key, content attach identifier and final encryption key;
The key strategy of B1, the final encryption key that uses during according to content attach identifier, contents encryption key and encryption generates content decryption key;
B2, ciphertext is resolved to the content original text according to content decryption key.
2. content encryption-decryption method according to claim 1 is characterized in that, said foundation key is static keys or dynamic key.
3. content encryption-decryption method according to claim 2 is characterized in that, said dynamic key is changed foundation key for timing, or foundation key is changed in not timing.
4. a content encryption-decryption system is characterized in that, this system comprises encryption device and decryption device; Wherein, encryption device comprises control unit, key generation unit, contents encryption key generation unit, content attach identifier generation unit, content encryption unit; Decryption device comprises content decryption key generation unit and content decryption unit,
Control unit is used to set the key strategy of key generation unit, contents encryption key generation unit, content attach identifier generation unit and content encryption unit;
The key generation unit is used for the key strategy formation base key according to foundation key;
The contents encryption key generation unit, the key strategy, the foundation key that are used for according to contents encryption key generate contents encryption key;
Content attach identifier generation unit is used for generating the content attach identifier according to the key strategy of content attach identifier;
Content encryption unit is used for the key strategy according to final encryption key, said contents encryption key and said content attach identifier is generated final encryption key, and the content original text is encrypted as ciphertext;
The content decryption key generation unit, the key strategy of the final encryption key that uses when being used for according to the contents encryption key that obtains, content attach identifier and encryption generates content decryption key;
Content decryption unit, being used for according to said content decryption key is the content original text with decrypt ciphertext.
5. content encryption-decryption according to claim 4 system is characterized in that, the key generation unit is by manual activation or trigger automatically.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100569074A CN101227271B (en) | 2008-01-25 | 2008-01-25 | Method and apparatus for enciphering and deciphering of contents |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100569074A CN101227271B (en) | 2008-01-25 | 2008-01-25 | Method and apparatus for enciphering and deciphering of contents |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101227271A CN101227271A (en) | 2008-07-23 |
| CN101227271B true CN101227271B (en) | 2012-03-07 |
Family
ID=39859047
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008100569074A Expired - Fee Related CN101227271B (en) | 2008-01-25 | 2008-01-25 | Method and apparatus for enciphering and deciphering of contents |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101227271B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106936782A (en) * | 2015-12-30 | 2017-07-07 | 航天信息股份有限公司 | Encryption method and encryption device |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170126414A1 (en) * | 2015-10-28 | 2017-05-04 | Texas Instruments Incorporated | Database-less authentication with physically unclonable functions |
| CN105574441A (en) * | 2015-11-09 | 2016-05-11 | 北京中电华大电子设计有限责任公司 | Embedded firmware protection method and device |
| CN110876085A (en) * | 2018-09-03 | 2020-03-10 | 国家广播电视总局广播电视科学研究院 | Method, system and client for protecting multimedia content |
| CN117768245A (en) * | 2024-02-22 | 2024-03-26 | 暨南大学 | full-link data security protection method and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1195968A2 (en) * | 2000-07-26 | 2002-04-10 | RPK New Zealand Limited | Encryption processing for streaming media |
| CN1633778A (en) * | 2001-10-09 | 2005-06-29 | 高通股份有限公司 | Method and apparatus for security in a data processing system |
| CN1675878A (en) * | 2002-08-20 | 2005-09-28 | 皇家飞利浦电子股份有限公司 | Mobile network authentication for protecting stored content |
| CN1946018A (en) * | 2006-10-26 | 2007-04-11 | 中兴通讯股份有限公司 | Encrypting and de-encrypting method for medium flow |
-
2008
- 2008-01-25 CN CN2008100569074A patent/CN101227271B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1195968A2 (en) * | 2000-07-26 | 2002-04-10 | RPK New Zealand Limited | Encryption processing for streaming media |
| CN1633778A (en) * | 2001-10-09 | 2005-06-29 | 高通股份有限公司 | Method and apparatus for security in a data processing system |
| CN1675878A (en) * | 2002-08-20 | 2005-09-28 | 皇家飞利浦电子股份有限公司 | Mobile network authentication for protecting stored content |
| CN1946018A (en) * | 2006-10-26 | 2007-04-11 | 中兴通讯股份有限公司 | Encrypting and de-encrypting method for medium flow |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106936782A (en) * | 2015-12-30 | 2017-07-07 | 航天信息股份有限公司 | Encryption method and encryption device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101227271A (en) | 2008-07-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101491078B (en) | Method, apparatus and system for secure distribution of content | |
| US8332633B2 (en) | Encryption processing for streaming media | |
| CN101821746B (en) | Device and method for backup of rights objects | |
| Zou et al. | Phosphor: A cloud based DRM scheme with sim card | |
| US20080065548A1 (en) | Method of Providing Conditional Access | |
| DE602006008593D1 (en) | MANAGEMENT OF ACCESS TO MULTIMEDIA CONTENT | |
| CN104243439B (en) | Document transmission processing method, system and terminal | |
| US20170353745A1 (en) | Secure media player | |
| CN100426718C (en) | A secure transmission method for media content | |
| CN102684879A (en) | Method and system for remote bid opening and bid evaluation | |
| CN101227271B (en) | Method and apparatus for enciphering and deciphering of contents | |
| US8737622B2 (en) | Method for importing rights object and rights issuer | |
| US20120110335A1 (en) | Secure Association of Metadata with Content | |
| CN100461199C (en) | Method and device for encrypting and de-encrypting digital content | |
| CN102647393A (en) | Digital signage content piracy prevention method | |
| CN101145932B (en) | A realization method and system for program stream secret key in mobile multi-media broadcast service | |
| CN101521668B (en) | Method for authorizing multimedia broadcasting content | |
| US20070203843A1 (en) | System and method for efficient encryption and decryption of drm rights objects | |
| CN102917252A (en) | IPTV (internet protocol television) program stream content protection system and method | |
| CN101488850B (en) | Method for ciphering content of multimedia broadcast | |
| CN101500146A (en) | Digital television receiving control method and apparatus based on bi-directional network | |
| CN111541652B (en) | System for improving security of secret information keeping and transmission | |
| CN101325486A (en) | Method and apparatus for encapsulating field permission cryptographic key | |
| KR20130096575A (en) | Apparatus and method for distributing group key based on public-key | |
| Kim et al. | An efficient implementation of RC4 cipher for encrypting multimedia files on mobile devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120307 Termination date: 20170125 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |