CN102523232A - Method for granting display license based on participation of digital content providers - Google Patents
Method for granting display license based on participation of digital content providers Download PDFInfo
- Publication number
- CN102523232A CN102523232A CN2011104476780A CN201110447678A CN102523232A CN 102523232 A CN102523232 A CN 102523232A CN 2011104476780 A CN2011104476780 A CN 2011104476780A CN 201110447678 A CN201110447678 A CN 201110447678A CN 102523232 A CN102523232 A CN 102523232A
- Authority
- CN
- China
- Prior art keywords
- server
- licence
- broadcast
- user
- super node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method for granting a display license based on participation of digital content providers, which provides protection for integrity and confidentiality of the process of granting the display license. The method comprises the following steps: (1) when a user needs to watch a certain program, UE (User Equipment) needs to be connected with SN-T, initiates a service request, then is connected with SN-C and carries out subsequent actions; (2) the UE is connected with the SN-C and initiates a service request, and then the SN-C is connected with Portal to acquire information of streaming media CS servers; (3) the SN-C selects a proper CS server to obtain a first streaming media fragmentation; (4) a security communication link is established between the SN-C and a DRM (Digital Right Management) server and the header of a streaming media file is sent to the DRM server; (5) the DRM server sends the generated license to the SN-C; and (6) the SN-C contacts and receives the display license, then is interacted with the attributable SN-C of the UE to deduct the user cost, encrypts the display license and sends the encrypted display license to the UE.
Description
Technical field
The present invention is that a kind of broadcast license passport of participating in based on digital content provider is provided scheme.Be mainly used in to solve and play the safety problem that license passport is provided in the digital copyright protecting, belong to software technology field.
Background technology
Based on the PKIX PKI of public-key cryptosystem, be the effective infrastructure that realizes secure e-business, E-Government, public information secure exchange, be the effective technology of realization information confidentiality, distinctive, integrality and non-repudiation.The core of PKI is the CA of authenticating authority mechanism, is responsible for certificate, and---data structure of binding entity identities and PKI---provided and management.Wherein, the request of certificate is one of important step of certificate management with providing, and guarantees that fail safe, integrality, the identifiability of certificate issued process is to guarantee the key of certificate validity and process validity.Generally, the method for certificate request and granting has two kinds: the one, " centralized mechanism ", and this mechanism need not initially to differentiate CA/RA, does not need online discriminating request, and key is to producing (concentrate and generate) at the RA/CA place, and the information transmission need not to confirm; Another kind is basic authentication scheme ", this mechanism is differentiated each link of initialization, request and affirmation.Public network (Internet/Intranet) has been full of various potential threats and attack, has the assailant at any time and intercepts and captures, distorts key message.Certificate as user certificate solicited message or RA/CA sign and issue is intercepted and captured and is distorted, and can make that all certificate loses validity.
Summary of the invention
Technical problem: the purpose of this invention is to provide a kind of broadcast license passport distribution method of participating in based on digital content provider; The broadcast license passport granting scheme node that the introducing digital content provider is disposed in the process of playing the license passport granting of participating in based on digital content provider participates in the distribution process of playing license passport, and through setting up secure communications links with the digital copyright protecting server integrality and Confidentiality protection is provided.
Technical scheme: broadcast license passport distribution method of participating in based on digital content provider of the present invention is that a kind of the broadcast at digital copyright protecting introduced the license passport granting scheme that digital content provider is participated in the license passport distribution process; In playing the license passport distribution process; Through setting up secure communications links between the SN-C node digital copyright protecting server, and provide integrality and Confidentiality protection to ensure the fail safe of playing the license passport distribution process.
Each user has a name that has nothing in common with each other, and a believable authentication center distributes an only name and sign and issue a certificate that comprises name and user's public-key cryptography for each user.
If first is communicated by letter with second, he at first must obtain the certificate of second from database, then it is verified, same second also will be carried out certification authentication to first, and both parties' identity just can have been confirmed like this.After checking was accomplished, the holder first transmitted digital information to holder second, and authenticity, integrality and non-repudiation for guarantee information transmits need carry out digital encryption and digital signature to the information that will transmit, and its transport process is following:
(1) principle of employing digital certificate, the information that first will be sent generates a summary.
(2) first is carried out digital signature to this summary; Promptly with his private key this summary is encrypted, the summary after the encryption sends to the Party B, if second can use the PKI of first to the summary deciphering after encrypting; First just can't deny that this summary is that he sends, and has promptly solved the non repudiation of information.
(3) first produces a symmetric key at random, and with this key the information (identical with the information that will send before) that will send is encrypted, and encrypts the back and generates ciphertext.
(4) first together sends to the Party B with PKI that symmetric key encryption to producing at random of second with key and ciphertext after encrypting.Since first be with the PKI of second to symmetric key encryption, therefore have only his private key of second usefulness to decipher to it, then with the symmetric key of untiing with decrypt ciphertext, so just guaranteed the confidentiality of information.
(5) second is untied the same digital certificate technique that adopts in back with ciphertext the information of untiing is generated a summary; The summary that the summary and the first of this new generation sends to him is compared; If these two summaries are identical; Explain that then the information that second is received was not modified, and so just can come the integrality of authorization information.
For: in the process of playing the license passport granting, introduce the node that digital content provider is disposed; Participate in the distribution process of playing license passport; And integrality and Confidentiality protection are provided through setting up secure communications links with the digital copyright protecting server, the node that specifically needs to dispose comprises core super node SN-C, caching server CS, portal server portal:
Core super node SN-C: be the node that is used to provide the signaling service in the core net;
Caching server CS: be responsible for the transfer of content and send flow data to user UE;
Portal server portal: live channel list and the rendition list of program request are provided, and retrieval service are provided to the user.
The concrete steps of the broadcast license passport distribution process of participating in based on digital content provider are:
1) client is initiated service request to core super node SN-C, and core super node SN-C selects suitable caching server CS to obtain first streaming medium content burst, comprises the head of packaging file;
2) the local broadcast licence that whether has this files in stream media of client end of playing back inspection as having not out of date or the broadcast licence of broadcasting time still being arranged, is then play-overed; Otherwise, continue the 3rd) and the step;
3) client end of playing back sends to core super node SN-C with customize services type, files in stream media head;
4) core super node SN-C and portal server portal carry out alternately; Confirm the address of digital copyright protecting server DRM; And and digital copyright protecting server DRM between set up a communication link; The confidentiality and integrity protection is provided, user customized service type, files in stream media head are sent to digital copyright protecting server DRM;
5) digital copyright protecting server DRM verifies the signature of file header with the PKI of packing device; The inquiry decruption key; Generate and play licence, the information that comprises in the certificate has Streaming Media clear crytpographic key, Streaming Media decryption technology, broadcasting time, licence expired time etc.; Generate the encryption key of this broadcast licence then, it is carried out encryption;
6) the broadcast licence that will encrypt of digital copyright protecting server DRM sends core super node SN-C to, and this core super node SN-C operates successively as follows:
A) at first use user's IP multimedia private identity IMPI encryption stream medium decruption key;
B) re-use session key and play licence;
C) deduct customer charge alternately with user's homing core super node SN-C then;
D) will play license issuance at last and give client end of playing back;
7) licence is play in the client deciphering, the Streaming Media decruption key obtains Streaming Media deciphering relevant information;
Hereto, client has been accomplished and has been obtained the process of playing licence, and after this, client end of playing back continues to streaming media server request streaming medium content, and deciphers broadcast.
Beneficial effect: the present invention proposes a kind of broadcast license passport of participating in based on digital content provider and provides scheme; It is characterized in that this scheme node that the introducing digital content provider is disposed in the process of playing the license passport granting participates in the distribution process of playing license passport; And integrality and Confidentiality protection are provided through setting up secure communications links with the digital copyright protecting server, guarantee certificate request and provide the complete, effective of overall process.
This programme has guaranteed that effectively the information security in the certificate request requires characteristic:
(1) confidentiality: the solicited message that the user submits to, the response message that certificate returns, user's affirmation information all are encapsulated in the digital envelope, guarantee the confidentiality of transmission information.Though certificate is disclosed at last, before the official approval issue, possibly not hope that information leaks outside (possibly relate in like application information and not comprise individual privacy in the official certificate).
(2) distinctive: comprise the discriminating of cert and have the discriminating of private key end subscriber.The user adds private key signature in certificate request information, certificate can verify that the requestor has effective private key.The user disassembles digital envelope and private key signature confirmation, shows that this certificate is correctly obtained by the user, really has effective private key person and just can disassemble certificate response information because have only, and obtains certificate signature in the certificate, and with this certificate signature of private key for user signature.
(3) integrality: in each process of session, use digital signature, the integrality of guarantee information can be found distorting or error of transmission in the transmission course.
(4) non-repudiation: the response message that certificate is signed and issued with private key; The affirmation information that the user signs and issues all has non-repudiation; Guarantee the non repudiation (user's non-repudiation derives from him and really has private key) of the reliable of cert source and user's acquisition and affirmation certificate, do not relate to categories of the law here.
(5) this discriminating transmission course can effectively prevent man-in-the-middle attack.Can guarantee that at first end subscriber obtains public key certificate (through open medium, open hashed value) validity; Last signing certificate guarantees the validity of certificate issued, and the go-between is in the failure that will cause overall process of distorting in any one stage of agreement.
Description of drawings
Fig. 1 is a digital copyright protecting mechanism general structure,
Fig. 2 is that the scene of digital copyright protecting mechanism is set,
Fig. 3 plays the license issuance process.
Embodiment
The present invention is that a kind of the broadcast at digital copyright protecting introduced the license passport granting scheme that digital content provider is participated in the license passport distribution process; In playing the license passport distribution process; Through setting up secure communications links between the SN-C node digital copyright protecting server, and provide integrality and Confidentiality protection to ensure the fail safe of playing the license passport distribution process.Concrete scheme is:
At first, UE need link to each other and initiate service request with SN-T, and SN-T confirms suitable SN-C through the resource query of portal then, and then tells UE with the address of SN-C, and UE links to each other with SN-C and carries out subsequent action;
Secondly, UE links to each other with SN-C and initiates service request, and SN-C contact Portal obtains Streaming Media CS server info then;
Then, SN-C selects appropriate C S server to obtain first streaming medium content burst (head that comprises packaging file).
So far, whether client inspection user has had the broadcast licence.If do not play licence or play licence out of date; Then client sends to SN-C together with the files in stream media head, and this SN-C node carries out obtaining the DRM server address alternately with the Portal node again; Set up a secure communications links then between SN-C and the DRM server; The confidentiality and integrity protection is provided, and with the user customized service type, the files in stream media head sends to the DRM server; The DRM server sends to SN-C with the licence that generates; After SN-C contact is received and play licence, deduct customer charge alternately, encrypt and play license passport, and send to UE with the ownership SN-C of UE.Detailed process is described below:
(1) client is initiated service request to SN-C, and SN-C selects appropriate C S server to obtain first streaming medium content burst (head that comprises packaging file).
(2) the local broadcast licence that whether has this files in stream media of client end of playing back inspection as having not out of date or the broadcast licence of broadcasting time still being arranged, is then play-overed; Otherwise, continued for (3) step.
(3) client end of playing back sends to the SN-C node with customize services type, files in stream media head etc.
(4) SN-C node and portal node carry out alternately; Confirm the address of DRM server, and and the DRM server between set up a communication link, confidentiality and integrity protection is provided; With the user customized service type, the files in stream media head sends to the DRM server.
(5) the DRM server is verified the signature of file header with the PKI of packing device, and the inquiry decruption key generates and plays licence (Streaming Media clear crytpographic key, Streaming Media decryption technology, broadcasting time, licence expired time etc.); Generate and play the licence encryption key, encrypt and play licence.
(6) the DRM server will be play licence and send SN-C to, and this SN-C operates successively as follows:
1) at first uses user IMPI encryption stream medium decruption key;
2) re-use session key and play licence;
3) deduct customer charge alternately with the ownership SN-C of UE then;
4) will play license issuance at last and give client end of playing back.
(7) licence is play in the client deciphering, the Streaming Media decruption key obtains Streaming Media deciphering relevant information.
Hereto, client has been accomplished the process of playing licence of obtaining.After this, client end of playing back continues to streaming media server request streaming medium content, and deciphers broadcast.
Claims (1)
1. broadcast license passport distribution method of participating in based on digital content provider; It is characterized in that this method node that the introducing digital content provider is disposed in the process of playing the license passport granting; Participate in the distribution process of playing license passport; And integrality and Confidentiality protection are provided through setting up secure communications links with the digital copyright protecting server, the node that specifically needs to dispose comprises core super node SN-C, caching server CS, portal server portal:
Core super node SN-C: be the node that is used to provide the signaling service in the core net;
Caching server CS: be responsible for the transfer of content and send flow data to user UE;
Portal server portal: live channel list and the rendition list of program request are provided, and retrieval service are provided to the user;
The concrete steps of the broadcast license passport distribution process of participating in based on digital content provider are:
1) client is initiated service request to core super node SN-C, and core super node SN-C selects suitable caching server CS to obtain first streaming medium content burst, comprises the head of packaging file;
2) the local broadcast licence that whether has this files in stream media of client end of playing back inspection as having not out of date or the broadcast licence of broadcasting time still being arranged, is then play-overed; Otherwise, continue the 3rd) and the step;
3) client end of playing back sends to core super node SN-C with customize services type, files in stream media head;
4) core super node SN-C and portal server portal carry out alternately; Confirm the address of digital copyright protecting server DRM; And and digital copyright protecting server DRM between set up a communication link; The confidentiality and integrity protection is provided, user customized service type, files in stream media head are sent to digital copyright protecting server DRM;
5) digital copyright protecting server DRM verifies the signature of file header with the PKI of packing device; The inquiry decruption key; Generate and play licence, the information that comprises in the certificate has Streaming Media clear crytpographic key, Streaming Media decryption technology, broadcasting time, licence expired time etc.; Generate the encryption key of this broadcast licence then, it is carried out encryption;
6) the broadcast licence that will encrypt of digital copyright protecting server DRM sends core super node SN-C to, and this core super node SN-C operates successively as follows:
A) at first use user's IP multimedia private identity IMPI encryption stream medium decruption key;
B) re-use session key and play licence;
C) deduct customer charge alternately with user's homing core super node SN-C then;
D) will play license issuance at last and give client end of playing back;
7) licence is play in the client deciphering, the Streaming Media decruption key obtains Streaming Media deciphering relevant information;
Hereto, client has been accomplished and has been obtained the process of playing licence, and after this, client end of playing back continues to streaming media server request streaming medium content, and deciphers broadcast.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104476780A CN102523232A (en) | 2011-12-28 | 2011-12-28 | Method for granting display license based on participation of digital content providers |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104476780A CN102523232A (en) | 2011-12-28 | 2011-12-28 | Method for granting display license based on participation of digital content providers |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102523232A true CN102523232A (en) | 2012-06-27 |
Family
ID=46294024
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011104476780A Pending CN102523232A (en) | 2011-12-28 | 2011-12-28 | Method for granting display license based on participation of digital content providers |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102523232A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107609355A (en) * | 2016-07-12 | 2018-01-19 | 厦门简帛信息科技有限公司 | It is a kind of to realize the polynary system and method sold of digital resource |
| CN107911210A (en) * | 2017-10-20 | 2018-04-13 | 广东省南方数字电视无线传播有限公司 | Video segment encryption and decryption method and related device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1852420A (en) * | 2005-10-24 | 2006-10-25 | 华为技术有限公司 | Method for realizing digital copyright management of altermative network TV system |
| CN101183417A (en) * | 2006-11-16 | 2008-05-21 | 达诺媒体有限公司 | Systems and methods for collaborative content distribution and generation |
| CN102143232A (en) * | 2011-04-02 | 2011-08-03 | 南京邮电大学 | Peer-to-peer network based digital copyright protection method |
-
2011
- 2011-12-28 CN CN2011104476780A patent/CN102523232A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1852420A (en) * | 2005-10-24 | 2006-10-25 | 华为技术有限公司 | Method for realizing digital copyright management of altermative network TV system |
| CN101183417A (en) * | 2006-11-16 | 2008-05-21 | 达诺媒体有限公司 | Systems and methods for collaborative content distribution and generation |
| CN102143232A (en) * | 2011-04-02 | 2011-08-03 | 南京邮电大学 | Peer-to-peer network based digital copyright protection method |
Non-Patent Citations (2)
| Title |
|---|
| 申双奇: "一种基于DRM的数字媒体文件版权保护系统的设计与实现方法和系统", 《万方数据库》 * |
| 陈超: "数字版权理论研究与系统设计实现", 《万方数据库》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107609355A (en) * | 2016-07-12 | 2018-01-19 | 厦门简帛信息科技有限公司 | It is a kind of to realize the polynary system and method sold of digital resource |
| CN107609355B (en) * | 2016-07-12 | 2020-11-10 | 厦门润丰投资有限公司 | System and method for realizing multi-element sale of digital resources |
| CN107911210A (en) * | 2017-10-20 | 2018-04-13 | 广东省南方数字电视无线传播有限公司 | Video segment encryption and decryption method and related device |
| CN107911210B (en) * | 2017-10-20 | 2019-01-22 | 广东省南方数字电视无线传播有限公司 | Video segment encryption and decryption method and related device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110022217B (en) | Advertisement media service data credible storage system based on block chain | |
| CN104618110B (en) | A kind of VoIP security conferences session key transmission method | |
| CN105959269B (en) | A kind of identifiable dynamic group key agreement method of identity-based | |
| CN103763356B (en) | A kind of SSL establishment of connection method, apparatus and system | |
| CN103095696B (en) | A kind of authentication and cryptographic key negotiation method being applicable to power information acquisition system | |
| US7269730B2 (en) | Method and apparatus for providing peer authentication for an internet key exchange | |
| US20090024845A1 (en) | Method and system for encryption of messages in land mobile radio systems | |
| CN103905384B (en) | The implementation method of session handshake between built-in terminal based on secure digital certificate | |
| CN105871797A (en) | Handshake method, device and system of client and server | |
| JP2011172276A (en) | Method, device and system for relating entities for protecting content to each other | |
| CN104506503B (en) | A kind of security certification system based on broadcasting and TV one-way transport network | |
| CN104735068A (en) | SIP security authentication method based on commercial passwords | |
| CN111756529B (en) | Quantum session key distribution method and system | |
| CN103684798B (en) | Authentication method used in distributed user service | |
| CN113761582B (en) | Group signature-based supervision blockchain transaction privacy protection method and system | |
| CN109151508A (en) | A kind of video encryption method | |
| JP2014068350A (en) | Method and apparatus for authentication and identity management using public key infrastructure (pki) in ip-based telephone environment | |
| CN101378320A (en) | Authentication method and system | |
| WO2010025638A1 (en) | Method, equipment and system of peer to peer live broadcast stream transfer | |
| CN101202630A (en) | Method and system for adding decipher in TR069 integrative terminal management platform | |
| CN116614599B (en) | Video monitoring method, device and storage medium for secure encryption | |
| US8417933B2 (en) | Inter-entity coupling method, apparatus and system for service protection | |
| Ignjatic et al. | MIKEY-RSA-R: An additional mode of key distribution in multimedia internet keying (MIKEY) | |
| CN102281303A (en) | Data exchange method | |
| CN102523232A (en) | Method for granting display license based on participation of digital content providers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120627 |