CN102624681A

CN102624681A - Method and system for distributing copyrighted digital content in peer-to-peer network

Info

Publication number: CN102624681A
Application number: CN2011100359843A
Authority: CN
Inventors: 许良玉
Original assignee: Sony Corp
Current assignee: Sony Corp
Priority date: 2011-01-30
Filing date: 2011-01-30
Publication date: 2012-08-01

Abstract

The invention discloses a method and a system for distributing copyrighted digital content in a peer-to-peer (P2P) network. The method comprises the following steps: an initial source node obtains and publishes protection content and license of the digital content; a destination node downloads a fragment or encrypted license of the protection content from one or more source nodes which have partial or whole protection content or the license, and sends a signed record report to the resource nodes; the resource nodes upload the signed record report to the initial source node; and the initial source node calculates a download contribution degree of each source node based on the signed record report. According to a technical scheme of the invention, the copyright of the digital content distributed in the P2P network can be effectively protected, dependence on a center server is greatly reduced, transmission records between users are counted and processed truly, and the users which provide service obtain a benefit.

Description

Distribution receives the method and system of the digital content of copyright protection on point to point network

Technical field

The present invention relates to the computer communication network technical field, relate more specifically to a kind of method and system of on P2P (point-to-point) network, distributing the digital content that receives copyright protection.

Background technology

Along with the development of computer communication network technology, People more and more is got used to obtaining various content informations through network, comprises content informations such as literal, picture, audio frequency, video.Statistics shows that today, most of people bought and downloading digital music through network, rather than as former, went shopping and bought audiotape or CD CD.Because computer network has advantages such as low cost, quick, service-enriched, now, increasing people begins on network online appreciation or downloads digital video content.This shows,, trend is become the main channel that people obtain content information through the network download digital content.

Provide service to mainly contain two kinds of network schemers through computer network: the Client-Server service mode is called for short the CS pattern and Peer-to-Peer (point-to-point) pattern is called for short the P2P pattern.The CS pattern is adopted in the network application of traditional calculating machine, is that a plurality of clients provide service by central server promptly, all is the CS pattern like network applications such as WEB and FTP.In the CS pattern; Only by central server to a large amount of client distributing datas; Therefore be easier to for the control of content and user's management ratio; When but more or data volume is big when concurrent client, can make the performance of central server become the bottleneck of application, all can make to use to have unreliability and be difficult for autgmentability like bottlenecks such as CPU computing capability, the network bandwidths.And a kind of in recent years emerging network schemer P2P pattern more and more obtains people's favor.In the P2P pattern; Each user is as a function that node serves as the server and client side simultaneously in the network; Make a user to obtain service from a plurality of nodes; A node can provide service for a plurality of other users, thereby makes whole P2P network can make full use of all users' accumulation computing capability and bandwidth.Adopt the content distribution capability of the network of P2P pattern greatly to improve, be specially adapted to the bigger digital content of distributing data amount for example DAB, video etc. than the network that adopts the CS pattern.Can see that from the application example of at present a lot of P2P the P2P net distribution data file of forming through large-scale user becomes a reality technically.Yet the P2P network is because the central server of lack of uniform, to user's management and to the control of content difficulty very.In a lot of now actual P2P network applications; User's own or form P2P networks through some software companys; Distribution is without the digital content of copyright protection; Violate relevant laws and regulations, greatly damaged the interests of content supplier, hindered the sound development of the digital distribution industrial chain on network.So people are devoted to seek a kind of solution that can on the P2P network, distribute the digital content that receives copyright protection.

The dispersiveness of P2P network makes difficult management; Existing a lot of known technology and solution propose in the P2P network, to introduce central server; The function of user management with the distribution permission is provided; This is actually a kind of compromise of P2P network and CS mode network, still is difficult to avoid the performance bottleneck of central server.There are some solutions to overcome the problem of central server in addition; The P2P network is made up of the user who disperses but ignored; Must rely on the user to share content energetically each other, not have suitable Revenue Sharing Mechanism excitation user to be difficult to set up the huge network of P2P efficiently.Yet will be to user's benefit of division that service is provided in the P2P network; Download behavior between the recording user is relatively more difficult in the P2P network; More existing solution weak points are not overcome the deception of P2P network participant and deny behavior, and detect and cancel problem such as disabled user.

Solution in present patent documentation and the paper published mainly contains three types:

The first kind is in the P2P network, to introduce central server, is responsible for user management and License Management by central server, receives the content (for example, referring to patent documentation 1 and 2) of copyright protection between the user through the P2P net distribution; In these solutions, consider how to protect the copyright of digital content emphatically, and permit by the central server unified management.This can cause two problems: the one, and central server must keep constantly online and stronger service ability, otherwise will make that system is unavailable, and this is running counter to the P2P design philosophy; The 2nd, distributing protected content between the user; Be a kind of voluntary or voluntary; The user can not benefit because of providing for other users to download, and this can make the user not have power or reason to keep online, thereby makes the P2P network in default of the source that service is provided and depletion.This also is that a lot of now existing actual P2P use the problem that is run into.

Second type is dynamically in the P2P network, dynamically to assign super node, and super node has the function (for example, referring to non-patent literature 1) of central server.This solution has been removed the P2P network to the dependence of certain single central server and make the P2P network have stronger robustness and availability.But on this solution, set up relatively difficulty of unified copyright management or user management.Especially provide the situation of service to be difficult to go on record between the user mutually and by Unified Treatment.This can make the user not have power or reason to keep online equally, thereby makes the P2P network in default of the source that service is provided and depletion.

The 3rd type is to introduce central server distribution permission, and the mutual distribution between the user will go on record and finally carry out profit distribution (for example, referring to patent documentation 3 and 4) by central server.These methods are still used the source of central server as unique distribution permission, so the also necessary online and stronger service ability of the moment that keeps of server, are running counter to P2P thought equally.These methods consider that all the user keeps online and for other users provide the enthusiasm of service, make that with some agreements and method that the user of service is provided is benefited.These methods still come with some shortcomings, and mainly are that agreement is perfect inadequately, can not eliminate user's deception and guarantee the non-property denied.As proposing in patent documentation 3 and 4,, need inform the source that download at the DRM center as the user who downloads during to the application permission of DRM (digital copyright management) center.Such as this method description; In the process of informing; The user's of download participation is not provided, and the user of download can cheat the source that download at the DRM center, in addition; Provide the user of download can not provide certain evidence proof that service is provided, so the DRM center possibly cheated the user that download is provided and refused offer of advantages and be divided into.

These three class methods do not mention that all feasible agreement eliminates mutual deception between content supplier, Virtual network operator and the user and situation about denying, user's management, and for example user's detection and cancelling does not in violation of rules and regulations have feasible solution yet.Thereby there is defective in these methods on integrality, availability.

[patent documentation 1] US7426637, " Method and system for controlled media sharing in a network "

[patent documentation 2] US20030158958, " Distributed storage network architecture using user devices "

[patent documentation 3] CN03104440.9, " through method and apparatus " in spider lines distribution content

[patent documentation 4] US20070226368, " METHOD OF DIGITAL MEDIAMANAGEMENT IN A FILE SHARING SYSTEM "

[non-patent literature 1] Jae-Youn Sung; Jeong-Yeon Jeong; Ki-Song Yoon. " DRM Enabled P2P Architecture "; Advanced Communication Technology, 2006.ICACT 2006.The 8th International Conference Publication Date:20-22Feb.2006Volume:1, On page (s): 487-490

Summary of the invention

Provided hereinafter about brief overview of the present invention, so that the basic comprehension about some aspect of the present invention is provided.But, should be appreciated that this general introduction is not about exhaustive general introduction of the present invention.It is not that intention is used for confirming key part of the present invention or pith, neither be intended to be used for limiting scope of the present invention.Its purpose only is to provide about some notion of the present invention with the form of simplifying, with this as the preorder in greater detail that provides after a while.

In view of the said circumstances of prior art, the purpose of this invention is to provide a kind of on the P2P network distribution receive the method and system of the digital content of copyright protection, it can solve or alleviate one or more in the prior art problem.

To achieve these goals; According to an aspect of the present invention; A kind of method of on point-to-point P2P network, distributing the digital content that receives copyright protection is provided; Comprise: protection content and permission thereof that the initial source node obtains and issues said digital content, become the source node that has said protection content and said permission in the said P2P network at first, wherein said protection content is to create through with the protection key the part or all of burst of said digital content being encrypted; And said permission is based on said protection key and creates, and it can be used for said protection content is deciphered; Destination node in said P2P network from the one or more source nodes that have part or all of said protection content or said permission download said protection content burst or to said destination node through encrypted permission; Wherein saidly by the said source node that license download is provided said permission is directed against the encryption of said destination node and obtains through encrypted permission; And can only decipher by said destination node, and said destination node to said source node send show said destination node from said source node downloaded said protection content burst or said through encrypted permission through the signature record report; Said source node uploads to said initial source node with said through the signature record report; And said initial source node is said through the signature record report based on what upload from said source node, calculates the said digital content of contribution degree separately each said source node is downloaded to(for) said destination node.

According to another aspect of the present invention; A kind of system that on the P2P network, distributes the digital content that receives copyright protection also is provided; Comprise: the initial source node; Protection content and permission thereof that it is configured to obtain and issue said digital content become the source node that has said protection content and said permission in the said P2P network at first, and wherein said protection content is to create through with the protection key the part or all of burst of said digital content being encrypted; And said permission is based on said protection key and creates, and it can be used for said protection content is deciphered; Destination node; It is configured in said P2P network from the one or more source nodes that have part or all of said protection content or said permission download said protection content burst or to said destination node through encrypted permission; Wherein saidly by the said source node that license download is provided said permission is directed against the encryption of said destination node and obtains through encrypted permission; And can only decipher by said destination node, and said destination node to said source node send show said destination node from said source node downloaded said protection content burst or said through encrypted permission through the signature record report; And one or more said source nodes, it is configured to upload to said initial source node with said through the signature record report; Wherein, said initial source node also is configured to said through the signature record report based on what upload from said source node, calculates the said digital content of contribution degree separately each said source node is downloaded to(for) said destination node.

According to another aspect of the present invention, also provide be used to realize above-mentioned on the P2P network distribution receive the computer program of method of the digital content of copyright protection.

According to another aspect of the present invention, computer-readable medium is provided also, record on it be used to realize above-mentioned on the P2P network distribution receive the computer program code of method of the digital content of copyright protection.

According to technique scheme of the present invention; Make the digital content that receives copyright protection on the P2P network, distribute and become truly feasible; The present invention has at first solved the necessary constantly online problem of central server; Not only can distributing contents between the user, can also distribute permission, this has greatly alleviated the dependence to central server.The present invention has also designed perfect user's feedback mechanism, makes the transmission log between the user added up truly and handle, and making provides the user of service to benefit.

Description of drawings

The present invention can wherein use same or analogous Reference numeral to represent identical or similar parts in institute's drawings attached through with reference to hereinafter combining the given detailed description of accompanying drawing to be better understood.Said accompanying drawing comprises in this manual and forms the part of specification together with following detailed description, is used for further illustrating the preferred embodiments of the present invention and explains principle and advantage of the present invention.In the accompanying drawings:

Fig. 1 schematically shows P2P network environment involved in the present invention;

Fig. 2 shows the overview flow chart of on the P2P network, distributing the method for the digital content that receives copyright protection according to the embodiment of the invention;

Fig. 3 shows the typical application system according to the embodiment of the invention;

Fig. 4 shows content supplier and the user process to the Virtual network operator registration;

Fig. 5 shows content supplier provides protection content and process from permission to Virtual network operator;

Fig. 6 shows the user downloads the protection content from source node process;

Fig. 7 shows the user and downloads the process through encrypted permission to this user from source node;

Fig. 8 shows the process of the record report that network operators handle uploads from source node;

Fig. 9 shows the example process of the record report that instruction content burst that network operators handle uploads from source node downloads;

Figure 10 shows the example process of the record report of the indication license download that network operators handle uploads from source node;

Figure 11 shows the process that the user uses digital content;

Figure 12 shows the application system according to comprising of the embodiment of the invention a plurality of content suppliers and a plurality of Virtual network operators;

Figure 13 shows the application system that service directly is provided to the user according to the content supplier of the embodiment of the invention; And

Figure 14 shows the application system of creating digital content according to the user of the embodiment of the invention through the P2P net distribution certainly.

It will be appreciated by those skilled in the art that in the accompanying drawing element only for simple and clear for the purpose of and illustrate, and be not necessarily to draw in proportion.For example, some size of component possibly amplified with respect to other elements in the accompanying drawing, so that help to improve the understanding to the embodiment of the invention.

Embodiment

To combine accompanying drawing that example embodiment of the present invention is described hereinafter.In order to know and for simplicity, in specification, not describe all characteristics of actual execution mode.Yet; Should understand; In the process of any this practical embodiments of exploitation, must make a lot of decisions, so that realize developer's objectives, for example specific to execution mode; Meet and system and professional those relevant restrictive conditions, and these restrictive conditions may change along with the difference of execution mode to some extent.In addition, might be very complicated and time-consuming though will also be appreciated that development, concerning the those skilled in the art that have benefited from present disclosure, this development only is customary task.

At this; What also need explain a bit is; For fear of having blured the present invention, only show in the accompanying drawings and closely-related apparatus structure of scheme according to the present invention and/or treatment step, and omitted other details little with relation of the present invention because of unnecessary details.

At first will introduce P2P network environment involved in the present invention with reference to accompanying drawing.Fig. 1 schematically shows P2P network environment involved in the present invention.As shown in Figure 1; Stand in and receive the digital content (being also referred to as the protection content in this article) of copyright protection to be distributed to the angle of certain destination node from the initial source node certain; The P2P network environment comprises the initial source node (abbreviating the initial source node in this article as) that has protection content and permission thereof at first; Download protection content and permission thereof so that finally use the destination node (abbreviating destination node in this article as) of digital content, and destination node from its download protection content perhaps can one or more source nodes.Obviously, this source node can comprise the initial source node.According to concrete application system, the initial source node can be Virtual network operator, content supplier or or even user.The back will be with reference to the concrete embodiment explanation in addition detailed to these concrete application systems.

Receive the method for the digital content of copyright protection according to the distribution on the P2P network of the embodiment of the invention below with reference to the accompanying drawing describe, in general terms.Fig. 2 shows the overview flow chart of on the P2P network, distributing the method for the digital content that receives copyright protection according to the embodiment of the invention.

As shown in Figure 2, at first, at step S210; The initial source node obtains and issues the protection content and the permission thereof of digital content; Become the source node that has protection content and permission in the P2P network at first, wherein protecting content is to create through with the protection key the part or all of burst of digital content being encrypted, and permits that being based on the protection key creates; It can be used for the protection content is deciphered, thereby recovers digital content.Here; Encryption to the part or all of burst of digital content carries out can adopt existing any encryption technology to realize; Comprise symmetric cryptosystem and asymmetric encryption techniques, under the situation that adopts symmetric cryptosystem, permission can itself be made up of the protection key that is used to encrypt; And under the situation that adopts asymmetric encryption techniques, permission can be by constituting with the corresponding key that is used to decipher of the protection key that is used to encrypt.

Next; At step S220; Destination node in the P2P network from the one or more source nodes that have part or all of protection content or permission download the protection contents burst or to destination node through encrypted permission; Wherein should be directed against the encryption of destination node by the source node that license download is provided to permission and obtained through encrypted permission; And can only decipher by destination node, and destination node to source node send show destination node from source node downloaded the protection content burst or through encrypted permission through the signature record report.Here, preferably, this is encrypted permission with the PKI of destination node by the source node that license download is provided and obtains through encrypted permission, and can be deciphered with its private key by destination node.

Next, at step S230, source node will upload to the initial source node through the signature record report.

At last, at step S240, the initial source node calculates the separately contribution degree (in this article abbreviate " download contribution degree ") of each source node for said destination node download digital content based on the warp signature record report of uploading from source node.For example; Indicated destination node to download from certain source node under the situation of a burst protecting content at warp signature record report; Can the download contribution degree of this source node be increased by 1 point; And indicating destination node to download from certain source node under the situation of the permission of protecting content through the signature record report, can the download contribution degree of this source node be increased by 5 points.Like this, the initial source node can be according to the download contribution degree of each source node, own expense of perhaps distributing destination node download digital content to be paid by means of third party's payment system to each source node.

Describe typical application of the present invention system below with reference to accompanying drawings in detail.In this application system; The initial source node is a Virtual network operator, be responsible for content supplier and user's registration and management by it, and destination node is the user; The protection content is created by content supplier with permission, and Virtual network operator obtains protection content and permission from content supplier.But, it will be clear to one skilled in the art that this application system only is exemplary, scope of the present invention is not limited to this application system.

Specifically, as shown in Figure 3, content supplier is made up of the server of functions such as somely having content fragment, encrypt and communicate by letter with Virtual network operator, and the software or the special hardware module of the said method of embodiment of the present invention is housed on the server; Virtual network operator is equipped with the software or the special hardware module of the said method of embodiment of the present invention by somely having registrar, communicate by letter with content supplier, forming with the server of telex network, organize content and functions such as license distribution and profit distribution on the server; The user can be any terminal equipment with compunication function, and these equipment are carried out the communication function of communication between the user, user and Virtual network operator, and the software or the special hardware module of the said method of embodiment of the present invention is housed on these terminal equipments.Each parts in the system are through method collaboration communication of the present invention, are implemented in that distribution receives the digital content of copyright protection on the P2P network, and the reasonable distribution of generating profit.

The method of in this application system, implementing mainly comprises: (1) Virtual network operator is that content supplier and user provide registration, management service; (2) content supplier provides content and permission to Virtual network operator; (3) user downloads content and permission through the P2P network from one or more source nodes (can comprise Virtual network operator and/or other users); (4) Virtual network operator calculates the download contribution degree of each source node, so that other users that the expense allocation of user downloaded content payment given this content supplier, Virtual network operator and offered this user content and license download by certain rule; (5) user is downloading content and permission back use content.

Be that the spendable concrete technology of these methods in reality realizes described below.

(1) Virtual network operator is that content supplier and user provide registration and management service

The process of registration is as shown in Figure 4; Virtual network operator at first produces the public private key pair of oneself; Produce own digital certificate then, digital certificate be with the private key of Virtual network operator to the formation of Information Signature such as PKI, its content can be with reference to relevant international standard with form; As X.509, this processing can or be accomplished by third party's digital certificate service system by Virtual network operator oneself.The private key of Virtual network operator only has oneself to be known and uses, and maintains secrecy and preserve.Virtual network operator can have many group public private key pairs, and one group of Your Majesty's private key is to being used for registrar, and other many group time public private key pairs are used for receiving protection content and the permission from a plurality of content suppliers, and to the user download of content fragment and permission are provided.Next private key can not be visited or directly used to Virtual network operator, uses the private key mode identical to the use and the user of next private key.(following as no special indicating when mentioning the public and private key of Virtual network operator, all is meant its Your Majesty's private key).When content supplier registers; Content supplier must voluntarily or produce the public private key pair that belongs to content supplier under the help of Virtual network operator; Its private key has only content supplier oneself to know and use; And maintain secrecy to preserve, content supplier sends to Virtual network operator with other log-on messages (log-on message can comprise: content supplier's title, information such as area) with the PKI of content supplier; Virtual network operator is after the inspection log-on message is errorless; Private key with oneself is signed to log-on message, generates the digital certificate of content supplier, and digital certificate has comprised the term of validity; The information such as number of the account of this content supplier of Virtual network operator initialization simultaneously, and be kept in the database; After the digital certificate (digital certificate that comprises Virtual network operator and content supplier) from Virtual network operator is received by content supplier, properly preserve.When the user registers; User's public private key pair must be produced by authoring program or hardware; And private key is kept in the secure memory, only can in shielded internal memory, use by authoring program, the user can not visit or directly use; The registration process of other registration processes and content supplier is similar basically, not repeated description.

Can temporarily be stopped using by Virtual network operator when Sorry, your ticket has not enough value when user's certificate expired, number of the account, Virtual network operator passes through the new digital certificate revocation list of issue, and the digital certificate numbering that will be suspended the user adds revocation list.Suspending the user needs to activate digital certificate to the Virtual network operator application again.The process and the registration process that activate are similar, and Virtual network operator is signed and issued new certificate to the user, and new certificate can keep the original public private key pair of user; Virtual network operator also can be deleted this user's certificate number and come excited users through issuing new digital certificate revocation list from new revocation list.If the user in time do not activate digital certificate, or take place other abnormal conditions for example private key for user reveal or when losing; To stop using user's digital certificate of Virtual network operator; Its inactive method is the new certificate revocation list of issue, with the permanent revocation list that adds of the digital certificate numbering that is deactivated the user.

(2) content supplier provides protection content and permission to Virtual network operator

As shown in Figure 5, content supplier is the digital content burst, and produces some protection keys at random, selects part or all of burst to encrypt with the protection key, creates by through encrypting the protection content that burst and residue not encrypted burst are formed.Content supplier the relevant information of this content (include but not limited to: information such as content introduction, exercise price) and the protection content send to Virtual network operator.Virtual network operator is according to this content; Prepare profit sharing contract, contract comprises: the user buys expense that the permission of this content pays will be by which kind of pro rate to this content supplier, Virtual network operator and other users of offering this user's burst and license download.Content supplier can select to accept and do not accept, and next is the process that a content supplier and Virtual network operator are consulted repeatedly.After reaching an agreement, permission is created based on the protection key by content supplier, and this permission is encrypted with inferior PKI of Virtual network operator, formation be directed against Virtual network operator through encrypted permission, should send to Virtual network operator through encrypted permission then.Virtual network operator is preserved and is somebody's turn to do through encrypted permission, and on its server, issues to this content with through encrypted permission.Can be as an alternative, content supplier can send to Virtual network operator with the unencrypted digital content, by Virtual network operator create this digital content the protection content and to Virtual network operator through encrypted permission.Other users can search for, inquire about, download and buy protection content and permission from Virtual network operator.

(3) user downloads protection content and permission through the P2P network from one or more source nodes

Virtual network operator becomes in the P2P network source node that first has protection content and permission after obtaining protection content and permission.Each user also constitutes a node in the P2P network, and the user can search for protection content and permission in the P2P network, and downloads protection contents and permission from the one or more source nodes that have part or all of this protection content and permission.

As shown in Figure 6, the user can select to download from the multiple source node the different bursts of protection content.The user is at first with forms such as keyword search content in the P2P network, and other have had partly or entirely one or more source nodes download content fragments of this content from network.When source node when sending a burst to this user, at first verify the validity of this user's digital certificate.The validity of checking this user's digital certificate must comprise: with the signature of this user certificate of public key verifications of Virtual network operator and the term of validity of inspection certificate etc.If feasible, source node can also be checked this user whether in certificate revocation list, and source node can also obtain up-to-date certificate revocation list from Virtual network operator at any time.This process (background is the process of grey in the drawings) is carried out in shielded secure memory by authoring program.If this user's certificate lost efficacy, source node can refuse to provide to this user the download of any burst.If this customer digital certificate is effective; Then elder generation sends to this user with the part of burst; Source node produces a record report (record report comprise at least show that this user has downloaded the information of a burst from source node) then, and source node sends to this user with record report, and this user is after examining; Private key with this user carries out digital signature to record report; And the record report after will signing sends to source node, after the source node certifying signature is correct, the remainder of burst sent to this user.This user forms a complete burst through merging.Source node can upload to Virtual network operator with the record report behind this user's signature at any time.Can be as an alternative; Under the situation of user and source node mutual trust, source node also can send to this user with whole burst, and produces record report by this user; Private key with this user carries out digital signature to record report, and the record report after will signing sends to source node.

As shown in Figure 7, the user can select from other nodes that has had permission download to this user through encrypted permission.Source node send to this user to this user through encrypted permission the time, at first verify the validity of this user's digital certificate, the process of checking validity falls said identical with the preceding paragraph.If this user's digital certificate is effective; Then being kept under the situation in the source node to source node through encrypted permission; With the private key of source node will to this source node through the encrypted permission deciphering, to secure permission, this user's of this external application PKI is encrypted permission; Form to this user through encrypted permission, these processes (background is the process of grey in the drawings) are carried out in shielded internal memory by authoring program.Then; Source node will send to this user to this user's the part through encrypted permission earlier; Source node produces a record report (record report comprise at least show that this user has downloaded the information of a permission from source node) then, and source node sends to this user with record report, after this user examines; Private key with this user carries out digital signature to record report, and the record report after will signing sends to source node.After the source node certifying signature is correct, will send to this user to this user's remainder through the signature permission.This user through merging form one complete to this user through encrypted permission.Source node can upload to Virtual network operator with the record report behind this user's signature at any time.Can be as an alternative; Under the situation of user and source node mutual trust; Source node also can with whole to this user send to this user through encrypted permission; And produce record report by this user, use this user's private key that record report is carried out digital signature, and the record report after will signing sends to source node.

(4) Virtual network operator calculates the download contribution degree of each source node, so that other users that the expense allocation of user downloaded content payment given this content supplier, Virtual network operator and offered this user content and license download by certain rule

As shown in Figure 8, after the user downloaded content fragment or permission from source node, source node will obtain one by the record report behind this number signature.Source node can upload to Virtual network operator with this record report at any time; After Virtual network operator passes through through the record validation verification; Calculate the download contribution degree of each source node based on record report; So that the contract of reaching according to Virtual network operator and content supplier, give content supplier, Virtual network operator the expense allocation of user downloaded content payment, offer the pairing user of source node of this user's burst and license download.

In one example, Virtual network operator can be divided into two kinds of situation through the process of handling record report computing node contribution degree and expense allocation: handle the record report that the instruction content burst is downloaded; Handle the record report of indication license download.

As shown in Figure 9; The record report that source node is downloaded the instruction content burst is submitted to Virtual network operator; After Virtual network operator is received this record report, at first verify the validity of record report, the validity of inspection record report comprises: the digital signature of verifying this record report; Check whether this record report is to repeat to upload.Definite this record report be effectively after, check then whether the user who has downloaded content fragment in this record report has downloaded the corresponding permission of this content and paid.If the download contribution degree of Virtual network operator calculation sources node is to distribute to the corresponding user of source node with the part of expense in view of the above as agreed; Also do not download corresponding permission of this content or not paying if downloaded the user of content fragment in this record report; Then Virtual network operator is preserved this record report, to have downloaded the user's download permission of burst in this record report by the time and to have dealt with when paying again.

Shown in figure 10; Source node will indicate the record report of license download to submit to Virtual network operator; After Virtual network operator is received this record report, at first verify the validity of this record report, the validity of inspection record report comprises: the digital signature of checking record report; Check whether this record report is to repeat to upload.After definite record report is effective; Whether the user who downloads permission in the inspection record report is the repeated downloads permission; If, then be free of charge, perhaps collect the expense of a spot of repeated downloads permission of this user; Calculate the download contribution degree that the source node that this user permits repeated downloads is provided then, in view of the above the part of expense is distributed to the corresponding user of this source node.If should download the user who permits in the record report is to download permission and not paying for the first time; Virtual network operator is then to this user's charge; Search the record report that the indication of having preserved of the preceding paragraph described in falling provides this user content burst to download then; And calculate the download contribution degree of the source node that this user content burst and license download are provided, in view of the above expense is distributed to the pairing user of these source nodes, content supplier and Virtual network operator as agreed.

Can be as an alternative; When content supplier and Virtual network operator can not be trusted each other (for example both are not same tissues); Source node can send to Virtual network operator with behind the public key encryption of record report with content supplier of indicating license download, and Virtual network operator must send to the record report of this encryption corresponding content supplier; Content supplier sends to Virtual network operator after deciphering and write down with the private key of oneself, and Virtual network operator just can be known the content of record report.Can prevent Virtual network operator when distribute a profit, to cheat the situation of content supplier like this.

(5) user uses content in all bursts of downloading the protection content and permission back

The user all bursts of the content that is protected and to this user behind encrypted permission, the user can use the protection content.The user can duplicate arbitrarily, move, preserve the protection content and to this user through encrypted permission, and on any terminal equipment with authoring program and shielded internal memory, use content.Shown in figure 11, the user judges at first whether this burst is to encrypt burst when using each burst of protection content, if not encrypting burst, and then can be by the external program direct decoding; If encryption burst; Then should encrypt burst and send into authoring program, authoring program uses this user's private key to being directed against deciphering through encrypted permission of this user in shielded internal memory, recovers the corresponding permission of this burst; Use this permission the burst of this encryption is deciphered and to be decoded; Can in decoded burst, add the digital watermarking of identifying user identity as required simultaneously, this watermark is difficult for removing easily; And the subscriber identity information that is easily detected in the watermark to be comprised by Virtual network operator or content supplier, thereby the prevention user illegally uses deciphering decoded digital content.

The present invention can be used for being implemented on the P2P network the various digital contents that have copyright protection of distribution, for example DAB, video, and e-book, software etc.Method provided by the present invention can provide the solution of key issue for these application examples.

Can become content supplier according to the above-mentioned typical application system of the embodiment of the invention provides a kind of new mode of digital content to the user, and it has protected the digital publishing rights of content supplier, has guaranteed the contribution to profit of content supplier; Making the user play an active part in through the special mechanism that the user is carried out profit-sharing simultaneously becomes the node in the P2P network, promotes the stability of P2P network service and rich; Network provider is as the agency of content supplier; Only lightweight functions such as registration management, profit distribution need be provided, these functions need not guarantee real-time, do not need googol according to bandwidth; Do not need powerful computing ability yet, thereby guarantee that the P2P network is with good expansibility.

Except the typical application system described in Fig. 3; A system that distributes digital contents through a plurality of Virtual network operators by some content suppliers can use technology of the present invention; In different areas is that different users provides service, or between various network operator, competes.Shown in figure 12; Same content supplier can give some Virtual network operator distribution with digital content distribution; A Virtual network operator also can be distributed the digital content from different content provider; The user of heterogeneous networks operator can be mutual isolation, also can be intercommunication, can increase the mutual settlement system of heterogeneous networks operator under the situation of intercommunication.Because content supplier and Virtual network operator are not trusted each other; Can carry out initial content distribution through the technology among Fig. 5 between content supplier and the Virtual network operator; Virtual network operator carries out the content distribution through technology of the present invention in the registered user of institute then; Carry out content sharing through technology provided by the invention between the user, and the reasonable distribution of generating profit through technology of the present invention at last, the user is when submitting the license download report to Virtual network operator; Can select public key encryption, thereby make and trust each other between content supplier and the Virtual network operator with content supplier.

Because method proposed by the invention does not need content supplier that powerful server is provided, and can directly set up the P2P network so have the content supplier of certain strength yet, directly to the user service is provided.Shown in figure 13, content supplier has the role of Virtual network operator concurrently, and therefore, the communication protocol between content supplier and the Virtual network operator can be simplified or remove.The user also need not the public key encryption with content supplier when submitting the license download report to content supplier.

The present invention can also support the spontaneous P2P of foundation network by the user, and creates digital content certainly through the P2P net distribution, thereby from distribution, makes a profit.The user can issue certainly and create digital content as a node in the P2P network, and realizes the function of content supplier through the software or the hardware of lightweight simultaneously, the user of record download digital content, and the reasonable distribution of generating profit.A pure spontaneous P2P network is difficult to set up Subscriber Management System, and native system must be by means of trusted third party's custom system, and for example same mail domain realizes user management and authentication.

A concrete application example is following.Shown in figure 14.User in the P2P network is through (CA [certificate granting center] system for example of system of trusted third party; Perhaps based on the PKC system of ID [in this system; E-mail address can be used as user's the corresponding private key of public key certificate application]), obtain a pair of foregoing public and private key.When one of them user A needs is content distributed; Create the protection content and the permission thereof of this content, deposit on the PC of user A, and the information of content (is for example comprised content introduction; Price; The contact method of user A, the computer IP address of user A etc.) be made into the tracker file, be published on certain disclosed website.Other users can be known the content of user A issue and download the tracker file through this open website; Can be connected to the computer of user A and download the user who protects content and permission thereof through the tracker file; The tracker file is under the signature permission of user A; Download the user of this content according to other, increase corresponding other user's IP address.User A is equivalent to the combination of aforesaid content supplier and Virtual network operator.The agreement of share protect content and permission and aforementioned process are similar between other users.Difference is that it possibly be that mode through Email is (uncertain because the PC of user A connects the time of network that user A receives mode through the signature record report; And the IP address possibly change), obtain report of content Download History and license download record report.User A handles the mode of these record reports, can through submitting to record report to third party's payment system, settle accounts the income between each user by third party's trusted payment system.

More than combine specific embodiment to describe basic principle of the present invention; But; It is to be noted; As far as those of ordinary skill in the art, can understand whole or any step or the parts of method and apparatus of the present invention, can be in the network of any calculation element (comprising processor, storage medium etc.) or calculation element; Realize that with hardware, firmware, software or their combination this is that those of ordinary skills use their basic programming skill just can realize under the situation of having read explanation of the present invention.

Therefore, the object of the invention can also be realized through program of operation or batch processing on any calculation element.Said calculation element can be known fexible unit.Therefore, the object of the invention also can be only through providing the program product that comprises the program code of realizing said method or device to realize.That is to say that such program product also constitutes the present invention, and the storage medium that stores such program product also constitutes the present invention.Obviously, said storage medium can be any storage medium that is developed in any known storage medium or future.

It is pointed out that also that in apparatus and method of the present invention obviously, each parts or each step can decompose and/or reconfigure.These decomposition and/or reconfigure and to be regarded as equivalents of the present invention.And, carry out the step of above-mentioned series of processes and can order following the instructions naturally carry out in chronological order, but do not need necessarily to carry out according to time sequencing.Some step can walk abreast or carry out independently of one another.

Though specified the present invention and advantage thereof, be to be understood that and under not breaking away from, can carry out various changes, alternative and conversion the situation of the appended the spirit and scope of the present invention that claim limited.And; The application's term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability; Thereby make the process, method, article or the device that comprise a series of key elements not only comprise those key elements; But also comprise other key elements of clearly not listing, or also be included as this process, method, article or device intrinsic key element.Under the situation that do not having much more more restrictions, the key element that limits by statement " comprising ... ", and be not precluded within process, method, article or the device that comprises said key element and also have other identical element.

Claims

One kind on point-to-point P2P network distribution receive the method for digital content of copyright protection, comprising:

Protection content and permission thereof that the initial source node obtains and issues said digital content; Become the source node that has said protection content and said permission in the said P2P network at first; Wherein said protection content is to create through with the protection key the part or all of burst of said digital content being encrypted; And said permission is based on said protection key and creates, and it can be used for said protection content is deciphered;

Destination node in said P2P network from the one or more source nodes that have part or all of said protection content or said permission download said protection content burst or to said destination node through encrypted permission; Wherein saidly by the said source node that license download is provided said permission is directed against the encryption of said destination node and obtains through encrypted permission; And can only decipher by said destination node, and said destination node to said source node send show said destination node from said source node downloaded said protection content burst or said through encrypted permission through the signature record report;

Said source node uploads to said initial source node with said through the signature record report; And

Said initial source node is said through the signature record report based on what upload from said source node, calculates the said digital content of contribution degree separately each said source node is downloaded to(for) said destination node.
2. the method for claim 1; Wherein said initial source node is a Virtual network operator; Be responsible for content supplier and user's registration and management by it; And said destination node is the user, and said protection content and said permission are created by said content supplier, and said initial source node obtains said protection content and said permission from said content supplier.
3. method as claimed in claim 2, wherein said initial source node is cancelled designated user through the issue digital certificate revocation list.
4. method as claimed in claim 2, wherein said initial source node are obtained said permission from said content supplier and are comprised: said initial source node from said content supplier obtain with the PKI of said initial source node said permission is encrypted and obtain through encrypted permission.
5. the method for claim 1, wherein said initial source node is a content supplier, is responsible for user's registration and management by it, and said destination node is the user, and said protection content and said permission are created by said initial source node and obtained.
6. method as claimed in claim 5, wherein said initial source node is cancelled designated user through the issue digital certificate revocation list.
7. the method for claim 1; Wherein user's registration and management realize by means of trusted third party's custom system; Said initial source node and said destination node all are the users, and said protection content and said permission are created by said initial source node and obtained.
8. the method for claim 1; Wherein download the burst of said protection content or said through the process of encrypted permission from said source node in said destination node, said source node the burst that sends said protection content to said destination node or said before encrypted permission the validity of the said destination node of check earlier.
9. the method for claim 1 is wherein saidly encrypted said permission with the PKI of said destination node by the said source node that license download is provided and is obtained through encrypted permission, and can be deciphered with its private key by said destination node.
10. method as claimed in claim 9; Wherein download said through the process of encrypted permission from said source node in said destination node; Said source node uses its private key to being kept at deciphering to obtain said permission through encrypted permission to said source node wherein in shielded secure memory; With the PKI of said destination node said permission is encrypted to obtain being directed against the said through encrypted permission of said destination node then, the private key of wherein said source node can not directly be visited by its user.
11. the method for claim 1, the burst or said of wherein downloading said protection content from said source node in said destination node sends said through the process of signature record report to said source node through encrypted permission and said destination node,

Said destination node receives the burst or the said part through encrypted permission of said protection content from said source node;

Said destination node receives from said source node and shows that destination node downloaded the burst or the said record report through encrypted permission of said protection content from said source node;

Said destination node is signed to said record report after examining said record report, thereby generates said through the signature record report;

Said destination node is sent said through the signature record report to said source node; And

Said destination node receives the burst or the said remainder through encrypted permission of said protection content from said source node.
12. method as claimed in claim 2 wherein uploads in the process of said initial source node through the signature record report said at said source node,

Said source node is encrypted through the signature record report the said of indication license download with the PKI of said content supplier, and the warp signature record report after will encrypting uploads to said initial source node;

Said initial source node is forwarded to said content supplier through the signature record report after with said encryption;

Deciphering after said content supplier uses its private key to said encryption through the signature record report, said to obtain through the signature record report, be sent back to said initial source node then.
13. the method for claim 1; Also comprise: said destination node is after all bursts of having downloaded said protection content and said encrypted permission; In shielded secure memory, said encrypted permission is deciphered to obtain said permission; With said permission said protection content is deciphered then, to obtain said digital content, the private key of wherein said destination node can not directly be visited by its user.
14. method as claimed in claim 13, the wherein digital watermarking of adding identifying user identity in resulting said digital content.
15. a system that on point-to-point P2P network, distributes the digital content that receives copyright protection comprises:

The initial source node; It is configured to obtain and issue the protection content and the permission thereof of said digital content; Become the source node that has said protection content and said permission in the said P2P network at first; Wherein said protection content is through the part or all of burst of said digital content is encrypted being created with the protection key, and said permission is based on said protection key and creates, and it can be used for said protection content is deciphered;

Destination node; It is configured in said P2P network from the one or more source nodes that have part or all of said protection content or said permission download said protection content burst or to said destination node through encrypted permission; Wherein saidly by the said source node that license download is provided said permission is directed against the encryption of said destination node and obtains through encrypted permission; And can only decipher by said destination node, and said destination node to said source node send show said destination node from said source node downloaded said protection content burst or said through encrypted permission through the signature record report; And

One or more said source nodes, it is configured to upload to said initial source node with said through the signature record report;

Wherein, said initial source node also is configured to said through the signature record report based on what upload from said source node, calculates the said digital content of contribution degree separately each said source node is downloaded to(for) said destination node.