CN101872399B - Dynamic digital copyright protection method based on dual identity authentication - Google Patents
Dynamic digital copyright protection method based on dual identity authentication Download PDFInfo
- Publication number
- CN101872399B CN101872399B CN2010102145897A CN201010214589A CN101872399B CN 101872399 B CN101872399 B CN 101872399B CN 2010102145897 A CN2010102145897 A CN 2010102145897A CN 201010214589 A CN201010214589 A CN 201010214589A CN 101872399 B CN101872399 B CN 101872399B
- Authority
- CN
- China
- Prior art keywords
- user
- digital certificate
- key
- digital
- pin code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention discloses a dynamic digital copyright protection method based on dual identity authentication, comprising the following steps of: downloading a digital certificate of a user into a USBKEY internally provided with a random number generator; when a user logins, after placing the USBKEY into a client end, activating the USBKEY according to the input PIN code command, acquiring the digital certificate in the USBKEY, when the digital certificate is valid, generating a random number sequence by the random number generator, when the signature information of a signature of the user to the random number sequence is right, playing or downloading media works files on line according to the user right specified by an expansion item of the digital item; and when the user does not login, after placing the USBKEY into the client end, activating the USBKEY according to the input PIN code command, acquiring the digital certificate in the USBKEY, and when the digital certificate is valid, playing media works files off line according to the user right specified by the expansion item of the digital item. The method can restrict the user use right and divide the user right range and is used for authenticating the off-line state user identity to prevent off-line diffusion.
Description
Technical field
The present invention relates to information security field, relate to digital copyright protecting and authentication, particularly a kind of dynamic digital copyright protection method based on dual-identity authentication.
Background technology
Develop rapidly along with the Network Transmission and the communication technology; The distribution of network multimedia file, duplicate with editor and become more and more general; Meanwhile, the service provider requires its digital content of protection more and more consumingly, and copyright problem has obtained increasing concern.Digital copyright management technology (the Digital Rights Management that produces therefrom; Hereinafter to be referred as DRM) can realize the protection of copyright; The access mechanism of its combined with hardware and software, the access in its life cycle is controlled effectively to digital multimedia content.At present, numerous scholars have carried out going deep into extensive studies to the DRM technology.
People such as Steve K have proposed the copyright management pattern that a kind of privacy can be protected, and this pattern can onlinely be carried out the shielded authentication permission of privacy of user, but can't locate copyright user's identity under the off-line state.People such as Andreaux JP have proposed a kind of copyright protecting system that is used for digital home network, and this system carries out lock out operation with Attribute certificate and licence, thereby the safety that has realized Digital Media is provided.But belonged to the restriction of network, also be not generalized to the category of wide area network.People such as ShiHao have then designed a kind of digital rights management scheme of the point-to-point peer-to-peer network that is used to work in coordination with, and this scheme adopts the Dynamic License technology, but do not support the migration of the physical space of copyright controlled content.
Though scientific payoffs in recent years and practical experience have obtained the achievement of attracting attention, still exist problem demanding prompt solution on the copyright management platform, be in particular in:
(1) though the identity identifying technology under the presence has solved user's legal identity problem well,, the extent of competence that can not correctly retrain user's rights of using and clearly divide the user.
(2) owing to also there is not the authenticating user identification mechanism under the off-line state at present; The user on the copyright management platform through authentication after; The digital multimedia document that downloads on the local computer can be play-overed through media player commonly used; Will cause the digital multimedia works to be distorted mala fide or steal like this, can not prevent the off-line diffusion effectively.
Therefore, be necessary to provide a kind of improved digital literary property protection method to overcome the defective of prior art.
Summary of the invention
The purpose of this invention is to provide a kind of dynamic digital copyright protection method based on dual-identity authentication; The digital rights management scheme that PIN code in the USBKEY can solve the digital home network that people such as the problem that can't locate copyright user's identity in the copyright management pattern that people such as Steve K proposes under the off-line state, Andreaux JP propose with digital certificate copyright protection system is not generalized to the point-to-point peer-to-peer network that is used for working in coordination with that the people such as problem and Shi Hao of the category of wide area network design is not supported the problem of migration of the physical space of copyright controlled content; And the extension of digital certificate can correctly retrain user's rights of using and clear division user's extent of competence under presence; PIN code and digital certificate can carry out authentication to user identity under off-line state; Avoid media piece to be distorted mala fide or steal, effectively prevent the off-line diffusion.
To achieve these goals, the invention provides a kind of dynamic digital copyright protection method, comprise the steps: that (1) downloads to user's digital certificate among the USBKEY that is built-in with randomizer based on dual-identity authentication; (2) when the user logins; After USBKEY inserts client,, and then obtain the digital certificate in the USBKEY according to the PIN code password activation USBKEY of input; When digital certificate is effective; Randomizer produces random number sequence, when the user is correct to the signing messages of random number sequence signature, according to the rights of using online playing or the online downloads of media works file of the extension defined of digital certificate; (3) when the user does not login; After USBKEY inserts client,, and then obtain the digital certificate in the USBKEY according to the PIN code password activation USBKEY of input; When digital certificate is effective, according to the rights of using off-line playing media works file of the extension defined of digital certificate.
In one embodiment of the invention; Said method also comprises: when the PIN code that (11) are set the user as the user is registered with the user system automatically user's unique identifier of generation as the key key element; And utilize the key key element produce unsymmetrical key to after; CA Acting Center examines user's in the right PKI of unsymmetrical key identity information; The identity information of treating the user is through after examining; The PKI of unsymmetrical key centering and user's identity information are sent to CA authenticating authority center, and the user of (12) CA authenticating authority center in user's identity information and PKI identity information information produces digital certificate when consistent, and digital certificate is sent to CA Acting Center; (13) CA Acting Center is presented to the owner or consumer with digital certificate, and with digital certificate store to database.
In another embodiment of the present invention; Said digital certificate comprises the identity information, CA authenticating authority center at user's identity information, public key information, CA authenticating authority center signature, extension and the term of validity to digital certificate; Wherein user's identity information comprises the digital certificate sequence number, the user's name submitted to when the user registers and system platform be the unique identifier of user's generation; And definite by CA authenticating authority center 100, extension comprises the authority information of online playing, online download, off-line playing media works file.
In another embodiment of the present invention; Said step (2) is specially: after client is inserted in user's login and with USBKEY in (21); When the PIN code password number of times of input does not surpass stipulated number; Input PIN code password, when the PIN code of the PIN code password of input and USBKEY is identical, activation USBKEY; (22) obtain the interior digital certificate of USBKEY, when digital certificate was effective, randomizer produced random number sequence; (23) after message signature that the user forms the random number, certificate effective time and the target receiver that are produced as initialization seed according to the private key of unsymmetrical key centering by randomizer and signing messages pass through encrypted private key; Utilize the PKI of digital certificate that the signing messages of encrypting is deciphered; Message is carried out digital signature, whether correct according to the signature of the signing messages judges of message and the deciphering of signature; (24) when signature is correct, judge whether server is the recipient of information, and whether the timestamp of digital certificate is the current time; (25) when server the recipient of information, when the timestamp of digital certificate is the current time, according to the rights of using online playing or the downloads of media works file of the extension defined of digital certificate.
In an embodiment more of the present invention; Said step (3) is specially: (31) are not after the user logins and USBKEY inserted client; When the PIN code password number of times of input does not surpass stipulated number; Input PIN code password, when the PIN code of the PIN code password of input and USBKEY is identical, activation USBKEY; (32) obtain digital certificate in the USBKEY, when digital certificate is effective, according to the rights of using off-line playing media works file of the extension defined of digital certificate.
In another embodiment of the present invention, said method also comprises: pay the new usufructuary expense of media piece file as the user after, upgrade the extension and the term of validity of user's digital certificate; The digital certificate that upgrades is downloaded among the USBKEY to substitute original digital certificate.
Compared with prior art, the dynamic digital copyright protection method that the present invention is based on dual-identity authentication has following advantage:
(1) in presence and off-line state; All adopt PIN code password and digital certificate to come identifying user identity; This dual identity checking has avoided all users to operate media file, under off-line state, can locate copyright user's identity like this, and home network server of the present invention is formed a territory; Through to the managing family network with the corresponding certificate of server end application of digital content is provided; As a holistic management, it is that apply in the territory that the digital content that equipment is applied in the territory all is taken as to server end with the territory, only user domain communication therewith of server end; And not with the territory in each equipment direct communication, can the copyright protection of digital home network be generalized to the category of wide area network; Share thought through secret the PKI of digital certificate is distributed to the trusted node in the point-to-point peer-to-peer network, for the distribution of digital content in the digital copyright management of network provides the necessary security guarantee, the physical space of copyright controlled content can be moved.
(2) extension of digital certificate has been stipulated the rights of using of digital multimedia works, can realize rights of using constraint and extent of competence division that online download, online playing, off-line are play.
(3) when presence, adopt randomizer to produce random number sequence and require user's signature, the random number sequence of the each signature of user is all inequality, has realized the dynamic of authentication.
Through following description and combine accompanying drawing, it is more clear that the present invention will become, and these accompanying drawings are used to explain embodiments of the invention.
Description of drawings
Fig. 1 is the process flow diagram that the present invention is based on the dynamic digital copyright protection method of dual-identity authentication.
Fig. 2 is the Organization Chart of the system that relates to based on the dynamic digital copyright protection method of dual-identity authentication shown in Figure 1.
Fig. 3 is the composition frame chart based on USBKEY in the dynamic digital copyright protection method of dual-identity authentication shown in Figure 1.
Fig. 4 is shown in Figure 1 based on the process flow diagram of realizing online playing or download in the dynamic digital copyright protection method of dual-identity authentication.
Fig. 5 is shown in Figure 1 based on realizing the process flow diagram that off-line is play in the dynamic digital copyright protection method of dual-identity authentication.
Fig. 6 for shown in Figure 1 based on the process flow diagram of issuing digital certificate in the dynamic digital copyright protection method of dual-identity authentication for the user.
Embodiment
With reference now to accompanying drawing, describe embodiments of the invention, the similar elements label is represented similar elements in the accompanying drawing.
With reference to figure 1 and Fig. 2, present embodiment comprises the steps: based on the dynamic digital copyright protection method of dual-identity authentication
Step S1, the service provider downloads to user's digital certificate among the USBKEY (intelligent code key) 500 that is built-in with randomizer, changes step S2 or step S3;
Step S2 is when the user logins, after USBKEY 500 inserts client (user's PC) 410; The dynamic identity authentication module activates USBKEY 500 according to the PIN code password of input; And then obtain the digital certificate in the USBKEY 500, when digital certificate was effective, randomizer produced random number sequence; When the user is correct to the signing messages of random number sequence signature, according to the rights of using online playing or the online downloads of media works file of the extension defined of digital certificate;
Step S3; When the user does not login; After USBKEY 500 inserted client (user's PC) 410, the off-line playing module activated USBKEY 500 according to the PIN code password of input, and then obtained the digital certificate in the USBKEY 500; When digital certificate is effective, according to the rights of using off-line playing media works file of the extension defined of digital certificate.
By on can find out that present embodiment has following advantage based on the dynamic digital copyright protection method of dual-identity authentication:
(1) in presence and off-line state, all adopt PIN code password and digital certificate to come identifying user identity, this dual identity checking has avoided all users to operate media file.
(2) extension of digital certificate has been stipulated the rights of using of digital multimedia works, can realize rights of using constraint and extent of competence division that online download, online playing, off-line are play.
(3) when presence; Adopt randomizer to produce random number sequence and require user's signature, the random number sequence of the each signature of user is all inequality, has realized the dynamic of authentication; Even the hacker intercepts and captures digital signature, identity that also can't counterfeit validated user.
See Fig. 3, said USBKEY 500 comprises the user's that managing hardware device submodule 510, unsymmetrical key management submodule 520, algorithm management submodule 530, data encryption management submodule 540 and service provider download digital certificate 550.Be elaborated in the face of each ingredient in the USBKEY 500 down.
Said managing hardware device submodule 510 comprises the EPROM 513 of USB identification control unit 511, PIN code discriminating CPU element 512 and encipherment protection.Said USB identification control unit 511 is used to discern the operation that USBKEY 500 inserted or extracted client (user's PC) 410; The CPU (CentralProcessing Unit, central processing unit) of control client 410 reads the PIN code password of user's input when identifying USBKEY 500 insertion operations.Said PIN code is differentiated the number of times of correcting errors and judging the input PIN code of the PIN code password that CPU element 512 is used to judge that CPU reads.Said EPROM unit 513 is used to store secret datas such as digital certificate 550, key; Read-write operation to this EPROM unit 513 is realized through program; The user can't directly read, and wherein private key for user can not be derived, and has stopped to duplicate the possibility of customer digital certificate or identity information.
When the PIN code that said unsymmetrical key management submodule 520 is used for that the user is set is registered with the user system automatically user's unique identifier (ID) of generation as the key key element; It is right to utilize the key key element to adopt RSA Algorithm to generate unsymmetrical key, with unsymmetrical key to being stored in the EPROM unit of encipherment protection with digital certificate 550; Key is divided into symmetric key and unsymmetrical key, and the term of validity (key can not use indefinite duration, because key is long more service time, the chance that it is revealed is just big more, and the loss that causes will be big more) is all arranged.In the key term of validity; The user utilizes the encrypted private key message in the unsymmetrical key; The take over party utilizes the PKI decrypted message in the digital certificate; When the key exhaustion of effect, it is right to utilize the key key element to adopt RSA Algorithm to regenerate unsymmetrical key, according to the unsymmetrical key that regenerates to new key more.Particularly, said unsymmetrical key management submodule 520 comprises that key is installed generation unit 521, key uses updating block 522 and key storing revocation unit 523.User's unique identifier (ID) that system generated automatically when key was installed PIN code that generation unit 521 is used for that the user is set and registered with the user utilizes the key key element to adopt RSA Algorithm generation unsymmetrical key right as the key key element; Key use unsymmetrical key that updating block 522 is used for reading EPROM unit 511 to and to upgrade the unsymmetrical key that lost efficacy right; It is right to the unsymmetrical key in being saved in EPROM unit 511 or the deletion EPROM unit 511 that key storing revocation unit 523 is used for the unsymmetrical key that generates.
Said algorithm management submodule 530 is used for each ID of algorithm mark and then storage and each algorithm of identification are selected the algorithm of encrypting in each algorithm.Wherein, Algorithm has asymmetric key algorithms such as RSA, DSA, symmetric key algorithms such as DES, RC6, RC5, data hashing algorithms such as SHA-1, MD5; Mark ID carries out the reasonable storage of the mode ability implementation algorithm of algorithm stores, solves USBKEY space storage problem better.Particularly, said algorithm management submodule 530 comprises algorithms library administrative unit 531, AES selected cell 532 and randomizer 533.Algorithms library administrative unit 531 is in charge of asymmetric key algorithm, symmetric key algorithm, data hashing algorithm; AES selected cell 532 is responsible for according to each algorithm of mission requirements scheduling; Randomizer 533 has an input parameter, i.e. initialization seed, and initialization seed is different, can produce each different random number sequence in view of the above.
Said data encryption management submodule 540 is used for carrying out the encryption of data according to the AES that algorithm management submodule 530 is selected, and carries out the deciphering of data according to the AES of selecting according to algorithm management submodule 530.Particularly, said data encryption management submodule 540 comprises that data encryption realizes unit 541, data decryption realization unit 542 and data file signature unit 543.Data encryption realizes the operation of unit 541 responsible AESs; Data decryption unit 542 is responsible for the operation of decipherment algorithm; Data file signature unit 543 is responsible for the operation of digital signature.
By on can find out that said USBKEY 500 can be regarded as the association of smart card and card reader.
Like Fig. 4 and combine Fig. 2 and Fig. 3, said step S2 is specially:
Step S21 is after user's login, when the USB identification control unit 511 of the managing hardware device submodule 510 of USBKEY 500 identifies 410 operations of USBKEY 500 insertion clients (user's PC); PIN code differentiates whether the PIN code password number of times of CPU element 512 judgement inputs surpasses stipulated number; If finish (block user password, prevented non-use in person); If not, continue next step;
Step S22, treat that the user imports the PIN code password after, the CPU of USB identification control unit 511 control clients 410 reads the PIN code password of user's input; PIN code differentiates CPU element 512 judges whether the PIN code password of input is correct, if continue next step; If not, change step S21;
Step S23, server end (copyright management Platform Server) 230 obtains the digital certificate 550 of USBKEY 500 through network, judges whether the EPROM unit 513 stored numbers certificates 550 of USBKEY 500 are effective, if, continue next step, if not, finish;
Step S24; User's unique identifier (ID) that system generated automatically when key in the unsymmetrical key management submodule 520 of USBKEY 500 was installed PIN code that generation unit 521 sets the user and registered with the user adopts RSA Algorithm generation unsymmetrical key to (PKI+private key) as the key key element; Randomizer 533 in the algorithm management submodule 530 produces random number r according to the private key of unsymmetrical key centering as initialization seed
c, and with random number r
c, certificate t effective time
c, and target receiver s
cAs message; The data file signature unit 543 of data encryption management submodule 540 is signed to message through the user, obtains signing messages S (r
c, t
c, s
c); The private key that the data encryption realization unit 541 of data encryption management submodule 540 utilizes unsymmetrical key centering is to signing messages S (r
c, t
c, s
c) encrypt, signing messages and the message encrypted are sent to server end 230 together, wherein; Digital signature is the one-way function that whole message is carried out; Be one group of fixed length code of representing message characteristic, if only change the place in the message, digital signature is just different fully.
Step S25; Server end 230 extracts user's PKI from digital certificate 550; Utilize user's PKI that the signing messages of the encryption of data encryption handling submodule 540 transmissions is deciphered, obtain the plaintext of a digital signature, in addition; Whether the message that server end 230 sends data encryption management submodule 540 carries out identical digital signature, and come verification msg file signature unit 543 signatures correct with the plaintext comparison consistance of digital signature;
Step S26; When signature is correct; Whether server end 230 authentication servers are the recipient of information; Whether the timestamp of digital certificate 550 is current time (any like this people who has client public key can receive or the rejection message according to the checking result, realizes forbidding forging digital signature simultaneously and reaches the modification to message);
Step S27, when server 230 is timestamps of recipient and the digital certificate of information when being the current time, whether server end 230 has the authority of online playing or online downloads of media file according to the extension content judges of digital certificate 550; If; Continue next step, if not, finish;
Step S28, server end 230 allows online playing or online downloads of media file.
By on can find out; When user's online playing or online downloads of media file; Adopt PIN code password and digital certificate double authentication user's identity, realized that the height of authentication is credible, adopt randomizer to produce random number sequence; The random number sequence of each user's authentication is all inequality, has realized the dynamic of authentication.In addition, the extension of digital certificate has clearly been stipulated to be authorized to the authority relation between multimedia file and the user, has solved the online right assignment problem of watching and download.
Like Fig. 5 and Fig. 2, Fig. 3, said step S3 is specially:
Step S31 is after user's login, when the USB identification control unit 511 of the managing hardware device submodule 510 of USBKEY 500 identifies 410 operations of USBKEY 500 insertion clients (user's PC); PIN code differentiates whether the PIN code password number of times of CPU element 512 judgement inputs surpasses stipulated number; If finish (block user password, prevented non-use in person); If not, continue next step;
Step S32, treat that the user imports the PIN code password after, the CPU of USB identification control unit 511 control clients 410 reads the PIN code password of user's input; PIN code differentiates CPU element 512 judges whether the PIN code password of input is correct, if continue next step; If not, change step S31;
Step S33, client 410 is obtained the digital certificate 550 of USBKEY 500, judges whether the EPROM unit 513 stored numbers certificates 550 of USBKEY 500 are effective, if, continue next step, if not, finish;
Step S34, whether client 410 has the authority of off-line playing media file according to the extension content judges of digital certificate 550, if, continue next step, if not, finish;
Step S35, client 410 allows the off-line playing media file.
By on can find out, when user's off-line playing media file, adopt PIN code password and digital certificate 550 double authentication users' identity, realized the height credibility of authentication; The extension of digital certificate has clearly been stipulated to be authorized to the authority relation between multimedia file and the user, has solved off-line and has play the authority assignment problem.
In the present embodiment, said digital certificate 550 is signed and issued by CA authenticating authority center 100 and digital certificate management module 200.Like Fig. 2, said digital certificate management module 200 comprises CA Acting Center 210, database 220 and server end (copyright management Platform Server) 230, and then like Fig. 6, said dynamic digital copyright protection method based on dual-identity authentication also comprises step:
Step S61; When the PIN code of the user being set as the user is registered with the user system automatically user's unique identifier (ID) of generation as the key key element; Utilize the key key element adopt the unsymmetrical key management submodule 520 of RSA Algorithm through USBKEY500 produce unsymmetrical key to (PKI+private key) and the PKI through the said unsymmetrical key centering of copyright management Platform Server 230 transmissions to CA Acting Center 210; User's identity information is examined in 210 pairs of PKIs of CA Acting Center; The identity information of treating the user is sent to CA authenticating authority center 100 through after examining with the PKI of unsymmetrical key centering and user's identity information;
Step S62; The user of CA authenticating authority center 100 in user's identity information and PKI identity information information produces digital certificate 550 when consistent; The form of said digital certificate 550 is as standard with digital certificate format X.509; It comprises user's identity information, public key information, the identity information at CA authenticating authority center 100, the signature of the 100 pairs of digital certificates 550 in CA authenticating authority center and extension, timestamp and the term of validity of digital certificate; The user's name that wherein said user's identity information comprises certificate serial number, submit to when the user registers, system platform are the unique identifier (ID) of user's generation; And confirm that by CA authenticating authority center 100 extension of said digital certificate comprises the authority information of online playing, online download, off-line playing media works file, and (have only digital certificate in term of validity scope, the extension of digital certificate has shown that online playing, online download, off-line play authority simultaneously; The user just can carry out corresponding operation); User's in the digital certificate identity information shows whether user's identity is legal, and PKI is used for decrypting ciphertext, and extension is used to limit user right; Timestamp guarantees real-time Transmission, the validity of term of validity monitoring digital certificate;
Step S63, CA authenticating authority center 100 is sent to CA Acting Center 210 with digital certificate 550, CA Acting Center 210 is presented to the user with digital certificate 550, and with digital certificate store in database 220.
By on can find out that CA Acting Center 210 is responsible for audit users' identity, digital certificate is responsible for signing and issuing in CA authenticating authority center 100.
In addition, said dynamic digital copyright protection method based on dual-identity authentication also comprises step:
Step S101; When the user through copyright management Platform Server 230 to CA Acting Center 210 send upgrade certificate request or calcellation certificate request after; 210 pairs of CA Acting Centers upgrade the subscriber identity information that comprises in certificate request or the calcellation certificate request and examine; After the subscriber identity information audit is passed through; CA Acting Center 210 produces the random number sequence of fixed length code with user's private key as initialization seed, treat that the user is to the random number sequence signature after, apply for more new authentication or cancellation of doucment to CA authenticating authority center 100;
Step S102, CA authenticating authority center 100 upgrade digital certificates 550 and will upgrade after digital certificate be sent to the user through CA Acting Center 210, or cancel digital certificate and with among the digital certificate adding certificate revocation list CRL that cancels.
By on can find out that CA Acting Center 210 is responsible for handling for the renewal request of digital certificate or the request of cancelling, CA authenticating authority center 100 is responsible for upgrading digital certificates or cancelling digital certificate.
In addition, said dynamic digital copyright protection method based on dual-identity authentication also comprises step:
Step S201, the user through copyright management Platform Server 230 after CA Acting Center 210 proposes the certificate status query requests, the subscriber identity information that comprises in the CA Acting Center 210 cert status query requests is examined;
Step S202; After the subscriber identity information audit is passed through; Timestamp in the 100 enquiring digital certificates 550 of CA authenticating authority center or inquiry certificate revocation list CRL, when timestamp was the current time, the state of confirming certificate 550 was before the deadline; When digital certificate 550 was positioned at certificate revocation list CRL, the state of confirming certificate was cancelled.
By on can find out that CA Acting Center 210 is responsible for handling the status query requests for digital certificate, the state of enquiring digital certificates is responsible at CA authenticating authority center 100.
In the present embodiment, said dynamic digital copyright protection method based on dual-identity authentication also comprises step:
Step S301, pay the new usufructuary expense of media file as the user after, CA Acting Center 210 upgrades the extension and the term of validity of users' digital certificate 550 to CA authenticating authority center 100 application;
Step S302, after digital certificate 550 was upgraded at CA authenticating authority center 100, the service provider downloaded among the USBKEY 500 digital certificate that upgrades to substitute original digital certificate 550.
By on can find out; When digital certificate expire, invalid after; CA Acting Center 210 can be according to user's requirement under the prerequisite of having paid new right to use expense; Upgrade digital certificate, the user can continue to use the USBKEY 500 that has upgraded digital certificate to carry out online playing, online download, off-line play operation.
Invention has been described more than to combine most preferred embodiment, but the present invention is not limited to the embodiment of above announcement, and should contain various modification, equivalent combinations of carrying out according to essence of the present invention.
Claims (5)
1. the dynamic digital copyright protection method based on dual-identity authentication comprises the steps:
(1) digital certificate with the user downloads in the intelligent code key that is built-in with randomizer;
(2) when the user logins; After intelligent code key is inserted client,, and then obtain the digital certificate in the intelligent code key according to the PIN code password activation intelligent code key of input; When digital certificate is effective; Randomizer produces random number sequence, and message signature of the random number, certificate effective time and the target receiver that are produced as initialization seed according to the private key of unsymmetrical key centering by randomizer being formed the user and signing messages be through behind the encrypted private key, and the signing messages and the message of encryption is sent to server end together; Server end extracts user's PKI from digital certificate; Utilize user's PKI that the signing messages of encrypting is deciphered, obtain the plaintext of a digital signature, in addition; Server end carries out identical digital signature with message; Whether the signature according to the signing messages judges of message and the deciphering of signature is correct, when user's signature information is correct, according to the rights of using online playing or the online downloads of media works file of the extension defined of digital certificate;
(3) when the user does not login; After intelligent code key is inserted client; PIN code password according to input activates intelligent code key, and then obtains the digital certificate in the intelligent code key, when digital certificate is effective; Rights of using off-line playing media works file according to the extension defined of digital certificate
It is characterized in that, also comprise:
When the PIN code of (11) as the user user being set is registered with the user system automatically user's unique identifier of generation as the key key element; And utilize the key key element produce unsymmetrical key to after; CA Acting Center examines user's in the right PKI of unsymmetrical key identity information; The identity information of treating the user is sent to CA authenticating authority center through after examining with the PKI of unsymmetrical key centering and user's identity information;
Produce digital certificate when (12) user of CA authenticating authority center in user's identity information and PKI identity information information is consistent, digital certificate is sent to CA Acting Center;
(13) CA Acting Center is presented to the owner or consumer with digital certificate, and with digital certificate store to database.
2. the dynamic digital copyright protection method based on dual-identity authentication as claimed in claim 1; It is characterized in that; Said digital certificate comprises the identity information, CA authenticating authority center at user's identity information, public key information, timestamp, CA authenticating authority center signature, extension and the term of validity to digital certificate; Wherein user's identity information comprises the digital certificate sequence number, the user's name submitted to when the user registers and system platform be the unique identifier of user's generation; And confirm that by CA authenticating authority center extension comprises the authority information of online playing, online download, off-line playing media works file.
3. the dynamic digital copyright protection method based on dual-identity authentication as claimed in claim 1 is characterized in that, said step (2) further comprises:
After inserting client in user login and with intelligent code key, when the PIN code password number of times of input surpasses stipulated number, input PIN code password, when the PIN code of the PIN code password of input and intelligent code key is identical, the activation intelligent code key;
When user's signature is correct, judge whether server is the recipient of information, and whether the timestamp of digital certificate is the current time;
When server is the recipient of information, when the timestamp of digital certificate is the current time, according to the rights of using online playing or the downloads of media works file of the extension defined of digital certificate.
4. the dynamic digital copyright protection method based on dual-identity authentication as claimed in claim 1 is characterized in that, said step (3) is specially:
(31) after the user does not login and intelligent code key is inserted client; When the PIN code password number of times of input does not surpass stipulated number; Input PIN code password, when the PIN code of the PIN code password of input and intelligent code key is identical, the activation intelligent code key;
(32) obtain digital certificate in the intelligent code key, when digital certificate is effective, according to the rights of using off-line playing media works file of the extension defined of digital certificate.
5. the dynamic digital copyright protection method based on dual-identity authentication as claimed in claim 1 is characterized in that, also comprises:
Pay the new usufructuary expense of media piece file as the user after, upgrade the extension and the term of validity of user's digital certificate;
The digital certificate that upgrades is downloaded in the intelligent code key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102145897A CN101872399B (en) | 2010-07-01 | 2010-07-01 | Dynamic digital copyright protection method based on dual identity authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102145897A CN101872399B (en) | 2010-07-01 | 2010-07-01 | Dynamic digital copyright protection method based on dual identity authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101872399A CN101872399A (en) | 2010-10-27 |
| CN101872399B true CN101872399B (en) | 2012-08-22 |
Family
ID=42997256
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102145897A Expired - Fee Related CN101872399B (en) | 2010-07-01 | 2010-07-01 | Dynamic digital copyright protection method based on dual identity authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101872399B (en) |
Families Citing this family (34)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102082669A (en) * | 2010-12-23 | 2011-06-01 | 深圳市文鼎创数据科技有限公司 | Security certification method and device |
| CN102780572A (en) * | 2011-05-11 | 2012-11-14 | 中兴通讯股份有限公司 | License management method and device |
| CN102427459B (en) * | 2011-12-23 | 2014-03-05 | 杭州数盾信息技术有限公司 | Offline authorization method based on Usbkeys |
| CN102413146B (en) * | 2011-12-23 | 2014-02-19 | 杭州数盾信息技术有限公司 | Client authorized logon method based on dynamic codes |
| CN103049705B (en) * | 2012-06-08 | 2016-08-03 | 深圳市朗科科技股份有限公司 | A kind of based on virtualized method for secure storing, terminal and system |
| CN103051453B (en) * | 2012-12-17 | 2016-03-23 | 连连银通电子支付有限公司 | A kind of mobile terminal network affaris safety trade system based on digital certificate and method |
| CN104253801B (en) * | 2013-06-28 | 2017-09-22 | 中国电信股份有限公司 | Realize the methods, devices and systems of login authentication |
| CN104579663B (en) * | 2013-10-24 | 2018-03-27 | 上海中移通信技术工程有限公司 | For the method for the validity for limiting digital certificate |
| CN104780141B (en) | 2014-01-10 | 2018-07-03 | 电信科学技术研究院 | Message Authentication acquisition methods and equipment in a kind of car networking system |
| CN103929310A (en) * | 2014-04-25 | 2014-07-16 | 长沙市梦马软件有限公司 | Mobile phone client side password unified authentication method and system |
| CN105323204B (en) * | 2014-05-29 | 2019-05-31 | 中兴通讯股份有限公司 | Interaction classroom network system realization and server end |
| CN104901803A (en) * | 2014-08-20 | 2015-09-09 | 易兴旺 | Data interaction safety protection method based on CPK identity authentication technology |
| CN105553662B (en) * | 2014-10-29 | 2019-01-08 | 航天信息股份有限公司 | Dynamic digital copyright protection method and system based on id password |
| CN104504323B (en) * | 2014-12-16 | 2017-06-06 | 浪潮集团有限公司 | A kind of IPMI management systems with encryption certification |
| CN104866736B (en) * | 2015-05-26 | 2017-10-03 | 武汉大学 | The system for numeral copyright management and method of a kind of non-proliferation |
| GB2544109A (en) * | 2015-11-06 | 2017-05-10 | Visa Europe Ltd | Transaction authorisation |
| CN105516136B (en) * | 2015-12-08 | 2019-05-24 | 深圳市口袋网络科技有限公司 | Right management method, device and system |
| CN106921623B (en) * | 2015-12-25 | 2020-06-05 | 航天信息股份有限公司 | Identification key updating method and system |
| EP3258662B1 (en) * | 2016-06-16 | 2019-10-30 | ABB Schweiz AG | Secure efficient registration of industrial intelligent electronic devices |
| CN106209849A (en) * | 2016-07-13 | 2016-12-07 | 浪潮电子信息产业股份有限公司 | A kind of implementation of the double factor login mode that can freely open and close |
| CN106778323B (en) * | 2016-10-24 | 2018-06-26 | 北京亚控科技发展有限公司 | A kind of safety key of configurable control integration platform |
| CN106452795A (en) * | 2016-11-25 | 2017-02-22 | 成都三零凯天通信实业有限公司 | USB decryption Key |
| CN106713279B (en) * | 2016-11-29 | 2019-12-13 | 北京航天爱威电子技术有限公司 | video terminal identity authentication system |
| CN108427880B (en) * | 2018-03-07 | 2022-09-16 | 北京元心科技有限公司 | Program running method and device |
| CN108337090A (en) * | 2018-05-21 | 2018-07-27 | 上海众人网络安全技术有限公司 | A kind of dynamic password acquisition methods, device, terminal and storage medium |
| CN109190354A (en) * | 2018-09-10 | 2019-01-11 | 尉丽玲 | A kind of ca authentication system and its operating method with U-key device |
| CN109214147A (en) * | 2018-09-28 | 2019-01-15 | 内蒙古师范大学 | A kind of encryption system of accounting software |
| CN109375960B (en) * | 2018-09-29 | 2021-10-01 | 郑州云海信息技术有限公司 | Copyright information loading method and device |
| CN109801415A (en) * | 2018-12-29 | 2019-05-24 | 海南新软软件有限公司 | A kind of method for unlocking of encryption lock and encryption lock based on elliptic curve encryption algorithm |
| CN110099063B (en) * | 2019-05-08 | 2020-05-26 | 杭州健康在线信息技术有限公司 | Method for generating conference registration certificate |
| CN110287739B (en) * | 2019-06-17 | 2020-12-29 | 西安纸贵互联网科技有限公司 | Data security management method and system based on hardware private key storage technology |
| CN110598422A (en) * | 2019-08-01 | 2019-12-20 | 浙江葫芦娃网络集团有限公司 | Trusted identity authentication system and method based on mobile digital certificate |
| TWI818515B (en) * | 2021-04-19 | 2023-10-11 | 銓安智慧科技股份有限公司 | Digital key service device and method for activating digital key service |
| CN114422261A (en) * | 2022-02-15 | 2022-04-29 | 北京无字天书科技有限公司 | Management method, management system, computer device, and computer-readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1367475A2 (en) * | 2002-05-15 | 2003-12-03 | Microsoft Corporation | Software application protection by way of a digital rights management (DRM) system |
| CN1971576A (en) * | 2006-12-08 | 2007-05-30 | 华中科技大学 | On-line digital copyright management method and its management server |
| CN101714195A (en) * | 2009-07-22 | 2010-05-26 | 北京创原天地科技有限公司 | Digital certificate-based novel digital copyright protection method and device |
-
2010
- 2010-07-01 CN CN2010102145897A patent/CN101872399B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1367475A2 (en) * | 2002-05-15 | 2003-12-03 | Microsoft Corporation | Software application protection by way of a digital rights management (DRM) system |
| CN1971576A (en) * | 2006-12-08 | 2007-05-30 | 华中科技大学 | On-line digital copyright management method and its management server |
| CN101714195A (en) * | 2009-07-22 | 2010-05-26 | 北京创原天地科技有限公司 | Digital certificate-based novel digital copyright protection method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101872399A (en) | 2010-10-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101872399B (en) | Dynamic digital copyright protection method based on dual identity authentication | |
| CN103109495B (en) | Method for authenticating and registering devices | |
| EP1942430B1 (en) | Token Passing Technique for Media Playback Devices | |
| EP1636664B1 (en) | Proof of execution using random function | |
| US20060021065A1 (en) | Method and device for authorizing content operations | |
| EP3585023B1 (en) | Data protection method and system | |
| US20040088541A1 (en) | Digital-rights management system | |
| CN101094062B (en) | Method for implementing safe distribution and use of digital content by using memory card | |
| CN105103488A (en) | Policy enforcement with associated data | |
| CN105027130A (en) | Delayed data access | |
| CN105191207A (en) | Federated key management | |
| JPH06223041A (en) | Rarge-area environment user certification system | |
| JP5452192B2 (en) | Access control system, access control method and program | |
| JP2007226470A (en) | Authority management server, authority management method, and authority management program | |
| CN106992978B (en) | Network security management method and server | |
| CN102999710A (en) | Method, equipment and system for safely sharing digital content | |
| CN112822021B (en) | Key management method and related device | |
| TW201032606A (en) | Spectrum authorization and related communications methods and apparatus | |
| KR20100114321A (en) | Digital content transaction-breakdown the method thereof | |
| CN115514578A (en) | Block chain based data authorization method and device, electronic equipment and storage medium | |
| KR100989371B1 (en) | DRM security mechanism for the personal home domain | |
| KR20150005789A (en) | Method for Authenticating by using Certificate | |
| CN110138547A (en) | Based on unsymmetrical key pond to and sequence number quantum communications service station cryptographic key negotiation method and system | |
| JP2008529339A (en) | Method for preventing unauthorized distribution of content in a DRM system for commercial or personal content | |
| CN114143777B (en) | Certificate key downloading method and system of internet of things terminal based on SIM card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120822 Termination date: 20190701 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |