Embodiment
Also in conjunction with the accompanying drawings the present invention is described in further detail below by specific embodiment.
Fig. 1 is the structural representation of system for numeral copyright management first embodiment of the present invention.As shown in Figure 1, comprising: Digital Media management equipment 1, Digital Media management equipment 1 ' and digital publishing rights (DRM) encryption equipment 2.Wherein, Digital Media management equipment 1 and Digital Media management equipment 1 ' be used for manage unencryption and encrypt after digital media content, Digital Media management equipment 1 can be media file management equipment, the digital media content of management of media file type, Digital Media management equipment 1 ' can be real-time flow management equipment is managed the digital media content of real-time stream type, need to prove, according to the difference of digital media content, can also comprise other Digital Media management equipments; DRM encryption equipment 2 is used for encrypting the unencrypted digital media content from Digital Media management equipment 1 and/or Digital Media management equipment 1 ' obtain, and the digital media content after will encrypting return Digital Media management equipment 1 and/or Digital Media management equipment 1 ', by data encryption interface A and Digital Media management equipment 1 and/or Digital Media management equipment 1 ' be connected.Data encryption interface A be mainly used in set up Digital Media management equipment 1 and/or Digital Media management equipment 1 ' and DRM encryption equipment 2 between encryption session, control ciphering process and want encrypted digital media content etc.
System for numeral copyright management of the present invention can be realized the different digital media content that different digital media management equipment sends is encrypted by the DRM encryption equipment, and can adopt different cryptographic algorithm to different digital media contents, thus realize a kind of member flexibly, open, extendible DRM system.
Fig. 2 is the structural representation of system for numeral copyright management second embodiment of the present invention.As shown in Figure 2, comprising: Digital Media management equipment 1, Digital Media management equipment 1 ', DRM encryption equipment 2, certificate management equipment 3, playback equipment 4, playback equipment 4 ' and log store equipment 5.Wherein, Digital Media management equipment 1, Digital Media management equipment 1 ' and DRM encryption equipment 2 as above-mentioned first embodiment described in; Certificate management equipment 3 is used for receiving the key of DRM encryption equipment 2 generations and it is managed, and also with generating the digital certificate that comprises key, is connected with DRM encryption equipment 2 by cipher key management interface B; When Digital Media management equipment 1 is media file management equipment, corresponding playback equipment 4 is the file playback equipment, when the real-time flow management equipment of Digital Media management equipment 1 ' be, corresponding playback equipment 4 ' put equipment for spreading in real time, promptly corresponding different digital media content should use corresponding playback equipment to play, playback equipment 4 and playback equipment 4 ' be used for obtain the digital media content after the encryption, obtain the digital certificate that comprises key from certificate management equipment 3 by data decryption interface C, digital media content after encrypting is decrypted, can also be used to obtaining and do not have the encrypted digital media content, play-over; Log store equipment 5 is used for storing the transaction journal of DRM encryption equipment 2, is connected with DRM encryption equipment 2 by log management interface D.
Wherein cipher key management interface B be mainly used to generate key, storage key and with other device synchronization keys etc.; By this cipher key management interface B, DRM encryption equipment 2 can generate and managing keys, simultaneously, and can be relevant key synchronization to certificate management equipment 3.Partial data piece in the digital media content that data decryption interface C is mainly used to control decrypting process, control the needs deciphering etc.; By this data decryption interface C, playback equipment 4 and/or playback equipment 4 ' can decipher the encrypted digital media content that it obtains.Log management interface D is mainly used to transaction journal of storing DRM encryption equipment 2 etc., by this log management interface D, DRM encryption equipment 2 can store log information into log store equipment 5, and wherein log information mainly comprises: information such as the information of serviced Digital Media management equipment, the status information of related service, key information; By obtaining these log informations, and it is carried out statistics and analysis, can grasp information such as the working result of this DRM encryption equipment 2 and state, for the operation and the maintenance of system for numeral copyright management provides support.
Fig. 3 is the structural representation of the digital publishing rights encryption equipment of system for numeral copyright management second embodiment of the present invention.As shown in Figure 3, be main inner composition of DRM encryption equipment 2 of the present invention, because DRM encryption equipment 2 of the present invention is independent of outside the digital media content transmission, therefore the inside of this DRM encryption equipment 2 composition is not limited to following described structure, can expand this DRM encryption equipment 2 according to different needs.Can include, but are not limited in this DRM encryption equipment 2: key production module 21, parameter management module 22, digital media content administration module 23, key management module 24 and crypto engine 25.Wherein, key production module 21 usefulness generate the key of enciphered digital media content, include randomizer, key generator and other devices relevant with key schedule etc. in this key production module 21; Parameter management module 22 is used for managing drm encryption equipment 2 employed parameters, and described parameter comprises: encryption parameter, digital media content packing data parameter, certificate information parameter etc.; Digital media content administration module 23 is used for from Digital Media management equipment 1 and/or Digital Media management equipment 1 ' obtain unencrypted digital media content, and return after the encryption digital media content to Digital Media management equipment 1 and/or Digital Media management equipment 1 ', the unencryption digital media content of management comprises media identification, file header information, clear data format information etc. in this digital media content administration module 23, and the encrypted digital media content comprises media identification, whether encryption indicator position, data encrypted format information etc.; Key management module 24 is used for the key that storage key generation module 21 generates, and/or synchronisation key is to certificate management equipment 3; Crypto engine 25 is used for using key that the unencrypted digital media content is encrypted, and is connected with key production module 21, parameter management module 22, digital media content administration module 23 and key management module 24.
System for numeral copyright management of the present invention can be realized the different digital media content that different digital media management equipment sends is encrypted by relatively independent DRM encryption equipment, and can adopt different cryptographic algorithm to different digital media contents, thus realize a kind of member flexibly, open, extendible DRM system.
Fig. 4 is the process flow diagram of digital copyright management method first embodiment of the present invention.As shown in Figure 4, comprise the steps:
Step 401, DRM encryption equipment and Digital Media management equipment are set up encryption session;
Step 402, DRM encryption equipment are encrypted the digital media content that obtains from the Digital Media management equipment;
Digital media content after step 403, DRM encryption equipment will be encrypted returns the Digital Media management equipment.
Digital publishing rights method of the present invention can realize the different digital media content that digital media management equipment sends is encrypted by the DRM encryption equipment relatively independently, and can adopt different cryptographic algorithm to different digital media contents, thus realize a kind of member flexibly, open, extendible DRM system.
Fig. 5 is the process flow diagram of digital copyright management method second embodiment of the present invention.As shown in Figure 5, comprise the process of digital media content being carried out encryption and decryption, step is as follows:
Step 501, DRM encryption equipment receive the encryption session request of setting up that the Digital Media management equipment sends;
Step 502, DRM encryption equipment return to carry whether agree that the request of setting up encryption session responds the management equipment to Digital Media, if disagree with execution in step 503; If agree execution in step 504;
Step 503, finish the process of this enciphered digital media content, do not carry out following step;
Step 504, DRM encryption equipment receive the beginning encrypted instruction that the Digital Media management equipment sends, and set up the encryption session with the Digital Media management equipment;
Step 505, DRM encryption equipment receive the unencrypted digital media content that the Digital Media management equipment sends, and specify the request of the encrypted digital media content-data piece of wanting;
Step 506, DRM encryption equipment are encrypted the digital media content data block of appointment;
Digital media content after step 507, DRM encryption equipment will be encrypted returns the Digital Media management equipment;
Step 508, DRM encryption equipment receive the request of the end encryption session of Digital Media management equipment transmission;
Step 509, DRM encryption equipment are handled and the store transaction log information, can be with the transaction journal information stores to log store equipment;
The key of step 510, DRM encryption equipment synchronous crypto-operation digital media content gives certificate management equipment so that key is managed;
This step 510 also can be DRM oneself storage, managing keys, and the so following process of obtaining key all is to obtain from the DRM encryption equipment;
Step 511, playback equipment obtain the digital media content type from the Digital Media management equipment, and judge whether digital media content is the encrypted digital media content, if unencryption, execution in step 514; If encrypt execution in step 512;
Step 512, obtain the key of the digital media content behind the enabling decryption of encrypted, this key can be carried in the digital certificate;
The key that obtains the digital media content behind the enabling decryption of encrypted is specially: detect playback equipment this locality and whether have the digital certificate that carries key, if exist, then obtain key from this digital certificate; If do not exist, then send the request of the key of the digital media content after obtaining enabling decryption of encrypted to certificate management equipment; Certificate management equipment generates the digital certificate that carries key, and digital certificate is sent to playback equipment, and playback equipment obtains key from digital certificate;
Step 513, playback equipment are deciphered the digital media content after its encryption of obtaining;
Step 514, playback equipment playing digital medium content.
Digital copyright management method of the present invention can be realized the different digital media content that different digital media management equipment sends is encrypted by relatively independent DRM encryption equipment, and can adopt different cryptographic algorithm to different digital media contents, thus realize a kind of member flexibly, open, extendible DRM system.
To elaborate digital copyright management method by the flow process of different digital media contents being carried out encryption and decryption below.
Fig. 6 is an encrypted media file method flow synoptic diagram of the present invention.The DRM encryption equipment is the media file that the encrypted media file management equipment is sent, and media file management equipment is the media file of getting from a memory read, as shown in Figure 6, comprises the steps:
Step 601, media file management equipment send the encryption session request of setting up to the DRM encryption equipment;
Step 602, DRM encryption equipment return the request response of whether agreeing to set up encryption session according to the encryption session request;
If step 603 DRM encryption equipment agrees to set up encryption session, also comprise the information such as sign of encryption session in the request of then the returning response;
If the DRM encryption equipment does not agree to set up encryption session in this step 603, then finish this cryptographic tasks, no longer carry out following step;
Step 604, media file management equipment send the instruction of beginning encrypted media file after receiving this request response to the DRM encryption equipment;
Step 605, media file management equipment piecemeal read the content-data of unencrypted media file;
Step 606, media file management equipment send the content-data of unencrypted media file and encrypt the request of specifying the media file data piece to the DRM encryption equipment;
Step 607, DRM encryption equipment are encrypted the media file data piece of appointment in the request;
Step 608, DRM encryption equipment return to media file management equipment to the media file data piece after encrypting;
Media file data piece after the encryption that step 609, media file management device storage DRM encryption equipment return;
Repeat above-mentioned steps 605 to step 609, till having encrypted all media files;
Step 610, after encryption is finished, media file management equipment send to finish the request of encryption session to the DRM encryption equipment, finishes this cryptographic tasks;
Step 611, the relevant log information of DRM encryption equipment storage, log information mainly comprises: information such as the information of serviced Digital Media management equipment, the status information of related service, key information;
Step 612, DRM encryption equipment send to certificate management equipment to the information such as key of corresponding encrypted media file data block.
Fig. 7 encrypts real-time media stream method flow synoptic diagram for the present invention.The DRM encryption equipment is to encrypt the real time flow medium data that real-time flow management equipment sends, and flow management equipment will be gathered the real time flow medium data in real time in real time, as shown in Figure 7, comprises the steps:
Step 701, real-time flow management equipment send the encryption session request of setting up to the DRM encryption equipment;
Step 702, DRM encryption equipment return the request response of whether agreeing to set up encryption session according to the encryption session request;
If step 703 DRM encryption equipment agrees to set up encryption session, also comprise the information such as sign of encryption session in the request of then the returning response,
If the DRM encryption equipment does not agree to set up encryption session in this step 703, then finish this cryptographic tasks, no longer carry out following step;
Step 704, real-time flow management equipment send the instruction that begins to encrypt the real time flow medium data after receiving this request response to the DRM encryption equipment;
Step 705, the unencrypted of flow management equipment piecemeal collection in real time real time flow medium data;
Step 706, real-time flow management equipment send unencrypted real time flow medium data and encrypt the request of specifying the real time flow medium data block to the DRM encryption equipment;
Step 707, DRM encryption equipment are encrypted the real time flow medium data block of appointment in the request;
Step 708, DRM encryption equipment return to real-time flow management equipment to the real time flow medium data block after encrypting;
Step 709, in real time flow management equipment is externally issued the real time flow medium data block after the encryption that the DRM encryption equipment returns;
Repeat above-mentioned steps 705 to step 709, till having encrypted all real time flow medium data;
Step 710, after encryption is finished, in real time flow management equipment sends the request that finishes encryption session to the DRM encryption equipment, finishes this cryptographic tasks;
Step 711, the relevant log information of DRM encryption equipment storage;
Step 712, DRM encryption equipment send to certificate management equipment to corresponding information such as key of encrypting the real time flow medium data block.
In the encryption method that above-mentioned Fig. 6 and Fig. 7 provide to media file and real time flow medium data, the data encryption interface A that provides can be unified, and the algorithm that can adopt the block encryption data with and also can be identical to the administrative mechanism of key.Different is, media file management equipment directly reads media file from storer, and flow management equipment adopts while gathering method of encrypting in real time; And both key generation methods and the parameter of using may the property of there are differences.
Fig. 8 is a decrypt media document method schematic flow sheet of the present invention.Corresponding to the encryption method of media file shown in Figure 6, after the file playback equipment has obtained the encrypted media file, will be decrypted process to it, as shown in Figure 8, comprise the steps:
Step 801, file playback equipment are from media file management device downloads media file;
This step is that optionally the file playback equipment also can get access to respective media files from other approach;
Step 802, file playback equipment check whether media file is what encrypt;
If it is encrypted that this media file does not have, then directly enter the broadcast state of step 808;
The digital certificate identification information that carries in step 803, the file playback equipment analyzing medium file, and check the local key that whether has corresponding digital certificate and deciphering media file;
If found the key of deciphering in this locality, then forward the broadcast state of step 808 to;
If step 804 does not have the key of digital certificate and deciphering in this locality, the file playback equipment obtains the key of deciphering to the certificate management equipment of appointment;
Step 805, certificate management equipment generate digital certificate, should comprise the key of deciphering in the digital certificate of generation;
If step 806 digital certificate generates successfully, then certificate management equipment returns digital certificate to the file playback equipment; Otherwise that returns fails to generate the information of digital certificate for prompting, if fail to generate digital certificate, then the entire media file playing process finishes;
The digital certificate that step 807, playback of media files device storage are obtained, and decipher this digital certificate to obtain the key of decrypt media file;
Step 808, file playback equipment use the secret key decryption media data, and give playback equipment (as certain software) decoding and playing media file.
Step 809, certificate management device processes log information, this log information are to be generated by certificate management equipment, provide service relevant information with it, provide support for safeguarding certificate management equipment.
Fig. 9 deciphers real-time media stream method flow synoptic diagram for the present invention.Corresponding to the encryption method of real time flow medium data shown in Figure 7, obtained the real time flow medium data of encrypting when the equipment of putting that spreads in real time after, will be decrypted process to it, as shown in Figure 9, comprise the steps:
Step 901, spread the equipment of putting to the type of real-time flow management device request real time flow medium data in real time, check by analysis whether the real time flow medium data are ciphered data;
If it is encrypted that the real time flow medium data do not have, then directly play the real time flow medium data while gathering;
Step 902, spread and put digital certificate identification information in the device analysis real time flow medium data in real time, and check the local key that whether exists the corresponding digital certificate to conciliate stream medium data when closely knit;
If found the key of deciphering in this locality, then play the real time flow medium data while deciphering;
If step 903 does not have the key of digital certificate and deciphering in this locality, the equipment of putting that spreads in real time obtains the key of deciphering to the certificate management equipment of appointment;
Step 904, certificate management equipment generate digital certificate, should comprise the key of deciphering in the digital certificate of generation;
If step 905 digital certificate generates successfully, then certificate management equipment returns digital certificate and puts equipment to spreading in real time; Otherwise that returns fails to generate the information of digital certificate for prompting, if fail to generate digital certificate, then whole real time flow medium data playback process finishes;
Step 906, spread and put the digital certificate that device storage is obtained in real time, and decipher this digital certificate to obtain the key of deciphering real time flow medium data;
Step 907, certificate management device processes log information;
Step 908, spread the equipment of putting to real-time flow management device request real time flow medium data in real time;
Step 909, real-time flow management equipment spread in real time and put equipment transmission real time flow medium data;
Step 910, spread and put the real time flow medium data that device decrypts and broadcast receive in real time.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.