CN101252432B - Field managing server and system, digital authority managing method based on field - Google Patents
Field managing server and system, digital authority managing method based on field Download PDFInfo
- Publication number
- CN101252432B CN101252432B CN 200710179936 CN200710179936A CN101252432B CN 101252432 B CN101252432 B CN 101252432B CN 200710179936 CN200710179936 CN 200710179936 CN 200710179936 A CN200710179936 A CN 200710179936A CN 101252432 B CN101252432 B CN 101252432B
- Authority
- CN
- China
- Prior art keywords
- certificate
- territory
- decruption key
- key
- deciphering
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 230000006855 networking Effects 0.000 abstract 1
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000008676 import Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 239000012467 final product Substances 0.000 description 1
Images
Abstract
The invention discloses a domain-based digital right managing method, a domain management server and a domain management system. To solve the problem that a License decryption key cipher-text can not be used and copied among intra-domain devices, a device mark set is used to calculate and obtain a domain public-key through an encryption algorithm of multi-element encryption and single-element decryption; the License decryption key cipher-text is obtained by encrypting the License decryption key; any domain device can use the mark of the device to recover the License decryption key, but the non-domain devices can not. As the encryption algorithm of multi-element encryption and single-element decryption is used, the domain public-key is calculated from the device mark set to protect the License key and the License decryption key cipher-text can be shared by any domain device; therefore, the License decryption key can only be used among the intra-domain devices and the problem that networking devices can not conveniently obtain the License decryption key is solved.
Description
Technical field
The invention belongs to DRM (digital right management) digital right management system field, particularly a kind of digital authority managing method, field managing server and system based on the territory.
Background technology
User's ease for use of DRM is to hinder the very big obstacle of DRM extensive use always, and this obstacle largely is embodied in because encrypted content makes things convenient on the sharing problem with the many equipment of user that the binding of equipment brings.Therefore solution based on territory (be about to many equipment of user even many equipment of multi-user and be considered as a territory) has appearred.
But there is following problem in existing scheme based on the territory: the License in the certificate of territory (use certificate) decruption key ciphertext can not be used by the equipment room copy in the territory, obtains License decruption key ciphertext for inconvenient networked devices and makes troubles.
Summary of the invention
For the License decruption key ciphertext that solves in the certificate of territory can not be used by the equipment room copy in the territory, obtain the problem that License decruption key ciphertext is made troubles for inconvenient networked devices, the embodiment of the invention provides a kind of digital authority managing method of sharing based on the territory certificate, comprising:
Field managing server is set up the territory, generate to use the certificate decruption key, and two users' equipment joins in the territory at least; Field managing server obtains the customer equipment identification collection, and described customer equipment identification collection is the set that joins the customer equipment identification of the whole subscriber equipmenies in the territory; Field managing server calculates the territory PKI by the cryptographic algorithm and the customer equipment identification collection of the plain deciphering of multielement ciphering unit, only uses the algorithm of one of them element deciphering when the cryptographic algorithm of the plain deciphering of described multielement ciphering unit uses a plurality of elements to decipher when encrypting;
Field managing server adopts the territory public key encryption to use the certificate decruption key to obtain using certificate decruption key ciphertext, and sends to subscriber equipment;
Arbitrary subscriber equipment in the territory is according to its customer equipment identification, and deciphering uses certificate decruption key ciphertext to obtain using the certificate decruption key.
The embodiment of the invention also provides a kind of Digital Right Management field managing server based on the territory simultaneously, and comprising: module is set up in the territory: be used to set up the territory, generate and use the certificate decruption key, and two users' equipment join in the territory at least; The identification sets acquisition module: be used to obtain the customer equipment identification collection, described customer equipment identification collection is the set that joins the customer equipment identification of the whole subscriber equipmenies in the territory; Territory PKI computing module: be used for calculating the territory PKI, only use the algorithm of one of them element deciphering when the cryptographic algorithm of the plain deciphering of described multielement ciphering unit uses a plurality of elements to decipher when encrypting by cryptographic algorithm and customer equipment identification collection by the plain deciphering of multielement ciphering unit;
Decruption key encrypting module: be used to adopt the territory public key encryption to use the certificate decruption key to obtain using certificate decruption key ciphertext, and send to subscriber equipment.
The embodiment of the invention also provides a kind of digital right management system based on the territory simultaneously, comprise: the territory that is positioned at field managing server is set up module, identification sets acquisition module, territory PKI computing module and decruption key encrypting module and is positioned at the decruption key deciphering module of subscriber equipment;
Module is set up in the territory: be used to set up the territory, generate and use the certificate decruption key, and two users' equipment join in the territory at least; The identification sets acquisition module: be used to obtain the customer equipment identification collection, described customer equipment identification collection is the set that joins the customer equipment identification of the whole subscriber equipmenies in the territory; Territory PKI computing module: be used for calculating the territory PKI, only use the algorithm of one of them element deciphering when the cryptographic algorithm of the plain deciphering of described multielement ciphering unit uses a plurality of elements to decipher when encrypting by cryptographic algorithm and customer equipment identification collection by the plain deciphering of multielement ciphering unit; Decruption key encrypting module: be used to adopt the territory public key encryption to use the certificate decruption key to obtain using certificate decruption key ciphertext, and send to subscriber equipment;
The decruption key deciphering module: the arbitrary subscriber equipment that is used for the territory is according to its customer equipment identification, and deciphering uses certificate decruption key ciphertext to obtain using the certificate decruption key.
The specific embodiments that is provided by the invention described above as can be seen, just because of cryptographic algorithm by the plain deciphering of multielement ciphering unit, directly utilize the identification information computational fields PKI of each subscriber equipment in the territory, and then utilize this public key encryption License decruption key, obtain the solution of License decruption key ciphertext, make equipment can use identification information in arbitrary territory own recover the License decruption key, must territory equipment then.Cryptographic algorithm by the plain deciphering of multielement ciphering unit, the identification information computational fields PKI of each member device is encrypted the License decruption key in the territory, guaranteed that License decruption key ciphertext can copy use by equipment room in the territory, solved the problem that inconvenient networked devices obtains the inconvenience of License decruption key ciphertext.
Description of drawings
Fig. 1 is a DRM entire system structure chart;
Fig. 2 is the first embodiment method flow diagram provided by the invention;
Fig. 3 is the second embodiment method flow diagram provided by the invention;
Fig. 4 is the 3rd an embodiment field managing server structure chart provided by the invention;
Fig. 5 is the 4th an embodiment system construction drawing provided by the invention.
Embodiment
DRM entire system structure as shown in Figure 1, comprise License server (use certificate server), content server, field managing server and subscriber equipment, connect by network between them, wherein subscriber equipment comprises the PC and the portable reader of user's first, the notebook computer of user's second.Wherein field managing server is used to realize the territory management function, comprises generation, renewal of foundation, renewal, the territory PKI in territory etc.Described field managing server needs and can carry out communication with the license server.This field managing server can be independent of the DRM system, and provides believable territory management service to one or more DRM system.
First embodiment provided by the invention is a kind of digital authority managing method of sharing based on the territory certificate, and method flow comprises as shown in Figure 2:
Step 101: field managing server receives the newly-built territory request that user's first proposes by its PC, and produce a unique domain identifier domain1 (if field managing server only manage a territory then do not need domain identifier), and generate anti-one-way function chain at random, therefrom take out the License decruption key LKey1 of first number, produce corresponding License encryption key LPKey1 according to LKey1 as this territory.Then further according to setting up corresponding territory rule with user's negotiation, as: the user device quantity that allows to add the territory be 4, the change number of times is 3, the gadget number is 2 or the like.
Field managing server is after receiving the request of newly-built territory, for user's first is distributed user name a: userl and a password: 123456, and this newly-built territory operation also can be finished when the user adds equipment to territory for the first time.
Generate anti-one-way function chain at random, therefrom take out the License decruption key LKey1 of first number as this territory, just generate the preferred scheme of License decruption key LKey1, also can adopt alternate manner to generate the License decruption key in the present embodiment, as: generate a key at random as License decruption key LKey1, produce corresponding License encryption key LPKey1 according to LKey1 equally.
Step 102: PC and portable reader registration (by user characteristics equipment, as smart card etc.) to field managing server, is promptly carried out to send and added the territory request.Field managing server joins PC and portable reader in the domain1 territory.The sign skeyi (i=1) of the PC that will produce according to the mainboard of PC number, CPU number and hard reel number during registration sends to field managing server, with the sign skeyi (i=2) of portable reader, sends to field managing server simultaneously.
During concrete enforcement, user's first is inputed user name by the registration software on the PC: userl, with corresponding password: 123456, request adds the domain1 territory with PC, management server checking user name userl and password 123456 by after PC is joined in the domain1 territory, and the domain identifier domain1 in domain1 territory is informed PC.
Add in the process in territory, the portable reader that user's first is not easy to network, with the trade mark agency of PC as portable reader, input user name by the registration software on the PC: userl, with corresponding password: 123456, request adds the domain1 territory with PC agency's portable reader, perhaps the portable reader that is not easy to network for user's first can produce a ticket, by PC ticket is submitted to, replace register requirement, belong to prior art as for specific implementation method, repeat no more herein by ticket.
Add in the process in territory, field managing server is after receiving that PC and portable reader add the territory request, verify whether this request satisfies the territory rule, as whether having reached the number of devices upper limit 4 that the territory allows, because PC and portable reader are respectively the equipment that first and second application adds the territory, judge that they satisfy rule and carry out subsequent step again.
Step 103: field managing server determines that identification sets is: skeyi (i=1,2).
Step 104: field managing server calculates territory PKI Skey1 by the cryptographic algorithm and the skeyi (i=1,2) of the plain deciphering of multielement ciphering unit.The cryptographic algorithm of the plain deciphering of multielement ciphering unit is preferably used complete public key broadcasts cryptographic algorithm in the present embodiment.Use a plurality of elements when the cryptographic algorithm of the plain deciphering of multielement ciphering unit is encrypted exactly and only use one of them element deciphering when deciphering,, only use during deciphering that A, B or C are one of any to be decrypted as using A, B and three aes encryptions of C.Typical algorithm is complete public key broadcasts cryptographic algorithm.
Step 105: field managing server adopts Skey1 to encrypt LKey1 and obtains the LKey1 ciphertext.
Step 106: field managing server is made territory certificate v1.0 according to the LKey1 ciphertext, and certificate v1.0 sends to PC with the territory, comprises LKey1 ciphertext etc. among the certificate v1.0 of territory.
Step 107:PC machine obtains LKey1 according to skeyi (i=1) deciphering LKey1 ciphertext.
The territory certificate v1.0 that PC can passive acceptance domain management server sends during concrete enforcement in the above-mentioned steps, and deciphering LKey1 ciphertext obtains LKey1, PC can also initiatively be downloaded territory certificate v1.0 from field managing server, and deciphering LKey1 ciphertext obtains LKey1, for the portable reader preceding step roughly the same, just in step 106, can obtain the LKey1 ciphertext by the mode of the LKey1 ciphertext that obtains of copy PC and (can certainly not copy the LKey1 ciphertext that PC obtains, but directly use LKey1 ciphertext on the PC by linking to each other with PC, as long as can reach share the purpose used just can).User ID skeyi (i=2) the deciphering LKey1 ciphertext by portable reader obtains LKey1 in the step 107 afterwards.Certainly portable reader also can pass through PC link field management server (or alternate manner link field management server), obtains territory certificate v1.0 in the mode of downloading.
Second embodiment provided by the invention is a kind of digital authority managing method of sharing based on the territory certificate, method flow as shown in Figure 2, wherein step 201-step 207 is identical with step 101-step 107 among the embodiment one, also comprises:
Step 208: user's first is bought through content key Ckey encrypted digital content document 1 from content server by PC and is obtained content ciphertext 1.This step is as long as carried out before step 209.
Step 209: user's first sends to the License server by PC and obtains content key Ckey request, and acquisition request is carried the use certificate (being License) of Ckey, is used for deciphering and uses digital content document 1.
Step 210:License server obtains territory, PC place is asked in domain identifier from the Ckey request to user's first according to this.
Step 211: user's first sends domain identifier domain1 (domain identifier domain1 also can together send, and then step 210 and step 211 can be omitted) by PC to the License server when asking license.
Step 212:License server to the License encryption key in field managing server request domain1 territory (License encryption key and decruption key can be identical-use symmetric encryption method, also can be different-use asymmet-ric encryption method).
Step 213: field managing server is informed the License server with the License encryption key LPKey1 in domain1 territory.(this step also can comprise the checking to the License server)
Step 214:License server is encrypted Ckey according to LPKey1 and is constituted the Ckey ciphertext, obtains the use certificate license (comprising the Ckey ciphertext) of document 1.
Step 215:License server returns to PC with the use certificate license of document 1.
Step 216:PC machine obtains Ckey by LKey1 deciphering Ckey ciphertext.
Step 217:PC machine obtains digital content document 1 by Ckey decryption content ciphertext 1.
For the portable reader preceding step roughly the same, PC freely copies license to the portable reader use in the step 215, or portable reader passes through PC.Need not portable reader like this and obtain new license again.
Further in said process, when subscriber equipment adds the territory, at first judge whether it is joining request of gadget, through judging that PC and portable reader are not gadgets, the skeyi (i=1) of PC is saved in the field managing server database, and related with domain identifier domain1.Then according to the identification sets skeyi (i=1 in domain1 territory, 2) and fully the public key broadcasts cryptographic algorithm calculates corresponding public key Skey1, and then obtain the License decruption key ciphertext in domain1 territory, generation comprises the territory certificate v1.0 of information such as License decruption key ciphertext and domain identifier domain1, and certificate v1.0 returns to PC with the territory.
Further, user's first also has one not to be that the PDA of gadget wishes to add this territory, need redefine the customer equipment identification collection, the customer equipment identification collection that redefines, the customer equipment identification collection that the customer equipment identification skeyi (i=3) of PDA then redefines is: skeyi (i=1,2,3), according to skeyi (i=1,2,3) utilize complete public key broadcasts cryptographic algorithm to recalculate corresponding territory PKI Skey2, this moment, License decruption key Lkey1 did not do renewal, utilized territory PKI Skey2 to encrypt Lkey1 and obtained new License decruption key ciphertext.This PDA can directly copy PC is obtained document 1 by the License server use certificate 1icense.Use the new License decruption key ciphertext of skeyi (i=3) deciphering to obtain LKey1, obtain document 1 afterwards.The adding of PDA can not bring any influence to the use of PC and portable reader.Further, the portable reader of user's first withdraws from the territory, the customer equipment identification collection that redefines, the customer equipment identification collection that redefines is: skeyi (i=1,3), according to skeyi (i=1,3) utilize complete public key broadcasts cryptographic algorithm to recalculate corresponding territory PKI Skey3, next number (second) of choosing corresponding anti-one-way function chain is as new License decruption key Lkey2 and replace existing License decruption key Lkey1, all the other steps and said process roughly the same repeat no more herein.Owing to adopt the mode of anti-one-way function chain to obtain Lkey2, so Lkey2 can decipher LPKey1, can also continue deciphering to the Ckey ciphertext that obtains before like this and use.If adopt the mode of a key that generate at random as License decruption key LKey1, then field managing server need together send to PDA with former License decruption key LKey1 and newly-generated License decruption key LKey2, and PDA just can decrypted original License encryption key LKey1 like this.
Because withdrawing from of portable reader will cause License decruption key Lkey1 to be updated to Lkey2, for upgrading the digital content document 2 use license that the back produces, License decruption key ciphertext among the old territory certificate v1.0 can not be suitable for, PC will be reminded, this PC finishes the renewal of territory certificate automatically, is updated to v2.0.PDA can import new authentication v2.0 by the mode of copy.Cause confusion for fear of mutual importing of new and old certificate, the new and old of certificate determined by version number's (v1.0 is an old edition this shop, and v2.0 is a new version number).When importing certificate, territory certificate v2.0 covering domain certificate v1.0.Promptly under the situation of existing territory certificate v2.0, territory certificate v1.0 can not import.
Further, if user's first is also in the PC online with other people, user's first informs that this PC of field managing server is a gadget, then produce a temporary credentials with time restriction, use the customer equipment identification skeyi (i=4) of interim PC to encrypt the interim ciphertext of existing Lkey1 generation License decruption key, and will comprise that the temporary credentials of the interim ciphertext of License decruption key returns to interim PC.Interim PC obtains Lkey1 according to the interim ciphertext of skeyi (i=4) deciphering License decruption key.
After the temporary credentials of interim PC arrived the time limit, gadget got final product from this locality deletion certificate because certificate limits if having time, need not execution and withdraws from the territory operation.
Further, field managing server receives user's second by the newly-built territory request of its notebook computer, produce a unique domain identifier domain2, generate a new anti-one-way function chain at random, therefrom take out the License decruption key LKey1 ' of first key as the domain2 territory, notebook computer is applied for the registration of in the domain2 territory, and management server joins notebook computer in the domain2 territory.Follow-up encryption and decryption process and aforementioned process repeat no more roughly the same herein.
The 3rd embodiment provided by the invention is a kind of Digital Right Management field managing server based on the territory, and its structure comprises as shown in Figure 4:
Identification sets acquisition module 320: be used to obtain the customer equipment identification collection, described customer equipment identification collection is the set that joins the customer equipment identification of the whole subscriber equipmenies in the territory;
Territory PKI computing module 330: be used for calculating the territory PKI by cryptographic algorithm and customer equipment identification collection by the plain deciphering of multielement ciphering unit;
Decruption key encrypting module 340: be used to adopt territory public key encryption License decruption key to obtain License decruption key ciphertext, and send to subscriber equipment.
The 4th embodiment provided by the invention is a kind of digital right management system based on the territory, and its structure comprises as shown in Figure 5:
Identification sets acquisition module 320: be used to obtain the customer equipment identification collection, described customer equipment identification collection is the set that joins the customer equipment identification of the whole subscriber equipmenies in the territory;
Territory PKI computing module 330: be used for calculating the territory PKI by cryptographic algorithm and customer equipment identification collection by the plain deciphering of multielement ciphering unit;
Decruption key encrypting module 340: be used to adopt territory public key encryption License decruption key to obtain License decruption key ciphertext, and send to subscriber equipment;
Decruption key deciphering module 350: the arbitrary subscriber equipment that is used for the territory is according to its customer equipment identification, and deciphering License decruption key ciphertext obtains the License decruption key.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (14)
1. the digital authority managing method based on the territory is characterized in that, comprising:
Field managing server is set up the territory, generate to use the certificate decruption key, and two users' equipment joins in the territory at least;
Field managing server obtains the customer equipment identification collection, and described customer equipment identification collection is the set that joins the customer equipment identification of the whole subscriber equipmenies in the territory;
Field managing server calculates the territory PKI by the cryptographic algorithm and the customer equipment identification collection of the plain deciphering of multielement ciphering unit, only uses the algorithm of one of them element deciphering when the cryptographic algorithm of the plain deciphering of described multielement ciphering unit uses a plurality of elements to decipher when encrypting;
Field managing server adopts the territory public key encryption to use the certificate decruption key to obtain using certificate decruption key ciphertext, and sends to subscriber equipment;
Arbitrary subscriber equipment in the territory is according to its customer equipment identification, and deciphering uses certificate decruption key ciphertext to obtain using the certificate decruption key.
2. the method for claim 1 is characterized in that, described cryptographic algorithm by the plain deciphering of multielement ciphering unit is complete public key broadcasts cryptographic algorithm.
3. method as claimed in claim 2 is characterized in that, field managing server generates anti-one-way function chain at random, therefrom takes out a key as using the certificate decruption key.
4. method as claimed in claim 3 is characterized in that,
Field managing server is set up the territory, generate to use the certificate decruption key, and two users' equipment also comprises after joining step in the territory at least:
Field managing server uses the certificate encryption key according to using the certificate decruption key to generate;
Subscriber equipment is to using the certificate server requests to obtain the content key that is used for encrypted digital content;
Use certificate server to use the certificate encryption key to the field managing server acquisition request;
Use certificate server according to using certificate encryption keys content key to obtain the content key ciphertext;
Use certificate server that the content key ciphertext is sent to subscriber equipment;
Arbitrary subscriber equipment in the territory is according to its customer equipment identification, and deciphering also comprises after using certificate decruption key ciphertext to obtain using the step of certificate decruption key:
Subscriber equipment adopts and uses certificate decruption key decrypted content keys ciphertext to obtain content key;
Subscriber equipment uses content key decryption content ciphertext to obtain digital content.
5. as the described method of arbitrary claim in the claim 1 to 4, it is characterized in that, when new casual user's equipment adds the territory, use this casual user's device identification to encrypt and use the certificate decruption key, obtain using the interim ciphertext of certificate decruption key;
Set and use the certificate decruption key pot life of interim ciphertext in gadget;
Casual user's equipment uses the interim ciphertext of certificate decruption key to obtain using the certificate decruption key according to its customer equipment identification deciphering;
After the pot life arrives, use the interim ciphertext of certificate decruption key to be disabled, casual user's equipment withdraws from the territory.
6. as the described method of arbitrary claim in the claim 1 to 4, it is characterized in that when new non-casual user's equipment added the territory, field managing server upgraded customer equipment identification collection and computational fields PKI again.
7. as claim 3 or 4 described methods, it is characterized in that when non-casual user's equipment withdrawed from the territory, field managing server upgraded customer equipment identification collection and computational fields PKI again;
Field managing server takes out next key updating and uses the certificate decruption key from anti-one-way function chain;
Field managing server uses the new new use certificate decruption key of territory public key encryption that calculates, and generates new use certificate decruption key ciphertext.
8. as the described method of arbitrary claim in the claim 1 to 4, it is characterized in that, field managing server is provided with and uses the certificate decruption key lifetime, and when the life period of using the certificate decruption key surpassed the set lifetime, field managing server upgraded and uses the certificate decruption key.
9. method as claimed in claim 4 is characterized in that, field managing server is set up at least two territories, and corresponding each territory generates and uses the certificate decruption key, uses certificate encryption key and domain identifier;
With domain identifier with use certificate decruption key ciphertext related after send to subscriber equipment;
Subscriber equipment is to using the certificate server requests to obtain the process of the content key that is used for encrypted digital content, and the domain identifier of this subscriber equipment is sent to the use certificate server;
Use the domain identifier of certificate server, the use certificate encryption key that has this user equipment domain identification field to the field managing server acquisition request according to this subscriber equipment.
10. method as claimed in claim 9 is characterized in that, described customer equipment identification collection is the set with whole customer equipment identifications of same domain sign.
11. the method for claim 1 is characterized in that, the use certificate decruption key ciphertext that the passive acceptance domain management server of subscriber equipment sends, and deciphering obtains using the certificate decruption key; Or
Subscriber equipment is initiatively downloaded from field managing server and is used certificate decruption key ciphertext, and deciphering obtains using the certificate decruption key; Or
Subscriber equipment is shared the use certificate decruption key ciphertext of using other subscriber equipment, and deciphering obtains using the certificate decruption key.
12. method as claimed in claim 11 is characterized in that, subscriber equipment is shared and is used the use certificate decruption key ciphertext of other subscriber equipment to be specially:
Subscriber equipment uses certificate decruption key ciphertext from other equipment copies.
13. the Digital Right Management field managing server based on the territory is characterized in that, comprising:
Module is set up in the territory: be used to set up the territory, generate and use the certificate decruption key, and two users' equipment join in the territory at least;
The identification sets acquisition module: be used to obtain the customer equipment identification collection, described customer equipment identification collection is the set that joins the customer equipment identification of the whole subscriber equipmenies in the territory;
Territory PKI computing module: be used for calculating the territory PKI, only use the algorithm of one of them element deciphering when the cryptographic algorithm of the plain deciphering of described multielement ciphering unit uses a plurality of elements to decipher when encrypting by cryptographic algorithm and customer equipment identification collection by the plain deciphering of multielement ciphering unit;
Decruption key encrypting module: be used to adopt the territory public key encryption to use the certificate decruption key to obtain using certificate decruption key ciphertext, and send to subscriber equipment.
14. digital right management system based on the territory, it is characterized in that, comprise: the territory that is positioned at field managing server is set up module, identification sets acquisition module, territory PKI computing module and decruption key encrypting module and is positioned at the decruption key deciphering module of subscriber equipment;
Module is set up in the territory: be used to set up the territory, generate and use the certificate decruption key, and two users' equipment join in the territory at least;
The identification sets acquisition module: be used to obtain the customer equipment identification collection, described customer equipment identification collection is the set that joins the customer equipment identification of the whole subscriber equipmenies in the territory;
Territory PKI computing module: be used for calculating the territory PKI, only use the algorithm of one of them element deciphering when the cryptographic algorithm of the plain deciphering of described multielement ciphering unit uses a plurality of elements to decipher when encrypting by cryptographic algorithm and customer equipment identification collection by the plain deciphering of multielement ciphering unit;
Decruption key encrypting module: be used to adopt the territory public key encryption to use the certificate decruption key to obtain using certificate decruption key ciphertext, and send to subscriber equipment;
The decruption key deciphering module: the arbitrary subscriber equipment that is used for the territory is according to its customer equipment identification, and deciphering uses certificate decruption key ciphertext to obtain using the certificate decruption key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200710179936 CN101252432B (en) | 2007-12-19 | 2007-12-19 | Field managing server and system, digital authority managing method based on field |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200710179936 CN101252432B (en) | 2007-12-19 | 2007-12-19 | Field managing server and system, digital authority managing method based on field |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101252432A CN101252432A (en) | 2008-08-27 |
| CN101252432B true CN101252432B (en) | 2011-03-30 |
Family
ID=39955630
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200710179936 Expired - Fee Related CN101252432B (en) | 2007-12-19 | 2007-12-19 | Field managing server and system, digital authority managing method based on field |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101252432B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101399663B (en) * | 2008-10-14 | 2010-10-20 | 北京大学 | Method, system and device for digital content authentication |
| CN101404573B (en) * | 2008-10-27 | 2014-11-19 | 北京大学 | Authorization method, system and apparatus |
| US8707045B2 (en) | 2009-02-12 | 2014-04-22 | Lg Electronics Inc. | Method and apparatus for traffic count key management and key count management |
| KR20100092353A (en) * | 2009-02-12 | 2010-08-20 | 엘지전자 주식회사 | Methods and apparatus of managing a traffic encryption key |
| CN101977113B (en) * | 2010-11-05 | 2013-05-08 | 四川长虹电器股份有限公司 | Method for equipment identification in digital copyright management |
| CN103188219A (en) * | 2011-12-28 | 2013-07-03 | 北大方正集团有限公司 | Method, equipment and system for digital right management |
| CN104462874B (en) * | 2013-09-16 | 2017-09-05 | 北大方正集团有限公司 | It is a kind of to support the offline DRM method and system for sharing digital resource |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1561025A (en) * | 2004-03-03 | 2005-01-05 | 北京北大方正电子有限公司 | Method of binding digital contents and hardware with hardward adaptive |
-
2007
- 2007-12-19 CN CN 200710179936 patent/CN101252432B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1561025A (en) * | 2004-03-03 | 2005-01-05 | 北京北大方正电子有限公司 | Method of binding digital contents and hardware with hardward adaptive |
Non-Patent Citations (5)
| Title |
|---|
| CN 1561025 A,全文. |
| 董贝贝等.动态存取控制新方案在广播加密中的应用.计算机工程与设计第27卷 第2期.2006,第27卷(第2期),252-254. |
| 董贝贝等.动态存取控制新方案在广播加密中的应用.计算机工程与设计第27卷 第2期.2006,第27卷(第2期),252-254. * |
| 谭作文等.一个安全公钥广播加密方案.软件学报第16卷 第7期.2005,第16卷(第7期),1333-1343. |
| 谭作文等.一个安全公钥广播加密方案.软件学报第16卷 第7期.2005,第16卷(第7期),1333-1343. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101252432A (en) | 2008-08-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108768988B (en) | Block chain access control method, block chain access control equipment and computer readable storage medium | |
| CN107493273B (en) | Identity authentication method, system and computer readable storage medium | |
| US20200084027A1 (en) | Systems and methods for encryption of data on a blockchain | |
| CN100592678C (en) | Key management for network elements | |
| KR100895462B1 (en) | Contents distribution management method in a digital distribution management system | |
| KR101985179B1 (en) | Blockchain based id as a service | |
| CN109450843B (en) | SSL certificate management method and system based on block chain | |
| CN101252432B (en) | Field managing server and system, digital authority managing method based on field | |
| CN105103119A (en) | Data security service | |
| CN105027130A (en) | Delayed data access | |
| CN105103488A (en) | Policy enforcement with associated data | |
| US20120303967A1 (en) | Digital rights management system and method for protecting digital content | |
| CN105122265A (en) | Data security service system | |
| CN111865988B (en) | Certificate-free key management method, system and terminal based on block chain | |
| JP2006285490A (en) | Personal information browsing/update system and method | |
| JP4823704B2 (en) | Authentication system, authentication information delegation method and security device in the same system | |
| US11258601B1 (en) | Systems and methods for distributed digital rights management with decentralized key management | |
| JP5012574B2 (en) | Common key automatic sharing system and common key automatic sharing method | |
| WO2019163040A1 (en) | Access management system and program thereof | |
| JP2003233594A (en) | Access right management system, access right management method, access right management program and recording medium recording access right management program | |
| CN115766270A (en) | File decryption method, file encryption method, key management method, device and equipment | |
| CN102236753A (en) | Rights management method and system | |
| JP4959152B2 (en) | Authentication system and authentication information delegation method in the same system | |
| JP2008217300A (en) | System and method for encrypting and decrypting file with biological information | |
| CN104809365A (en) | Digital right management system, management method and information transfer system and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220616 Address after: 3007, Hengqin international financial center building, No. 58, Huajin street, Hengqin new area, Zhuhai, Guangdong 519031 Patentee after: New founder holdings development Co.,Ltd. Patentee after: FOUNDER APABI TECHNOLOGY Ltd. Patentee after: Peking University Address before: 100871, Haidian District Fangzheng Road, Beijing, Zhongguancun Fangzheng building, 298, 513 Patentee before: PEKING UNIVERSITY FOUNDER GROUP Co.,Ltd. Patentee before: FOUNDER APABI TECHNOLOGY Ltd. Patentee before: Peking University |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110330 |