DRM content protection system and method based on mobile intelligent terminal
Technical field
The present invention relates to digital copyright protection technology, more particularly to a kind of digital copyright management based on mobile intelligent terminal
(DRM, Digital Rights Management)Content protective system and method.
Background technology
Mobile intelligent terminal flourishes in recent years, and mobile intelligent terminal also becomes more intelligent.At the same time, people
Dependence to mobile intelligent terminal in daily work, studying and living is more and more stronger.For example document is read, and audio frequency and video make
With etc..But user on these intelligent terminals use digital product when, there is regular illegal propagation, read, copy
The phenomenons such as shellfish, this make it that digital product is abused, and also makes the safety of digital product and turns into a major issue, is this digital version
Power management(DRM, Digital Rights Management)Receive more and more attention.DRM is that protection content of multimedia is exempted from
By unwarranted broadcasting and a kind of method replicated, it is using DRM technology by encryption and additional usage rule in numeral
Appearance is protected, and is protected other data such as privately owned video, music to exempt from illegal use for content provider and is provided a kind of solution
Certainly scheme.
The use of more digital copyright protection technologies is in the market Microsoft DRM digital copyright technologies, and
Microsoft DRM are to be based on personal computer(PC)Issue licenses, when user is whole in another PC or intelligent mobile
Purchase new authentication in addition is needed when same digital product is used on end, this brings very big inconvenience to the use of user.
The today flourished in mobile intelligent terminal, a people possesses the possibility of several or several intelligent terminals very
Greatly, it is this so allowing the requirement that same user is era development using same digital content on different intelligent terminals
Strategy is also imperative.If some enterprise utilizes Microsoft DRM digital content platform again, this requires the enterprise
The data of oneself are uploaded to Microsoft DRM servers by industry(Server)On, but necessarily have Microsoft Corporation pair
The worry that the digital content of oneself is spied on.And realizing for Microsoft DRM technologies is extremely complex, want to utilize
Microsoft DRM method develops a set of one's own digital content platform management system, it is necessary to expend substantial amounts of money
The input of gold, equipment and manpower, this is extremely difficult for medium-sized and small enterprises, without real operation.
The content of the invention
In view of this, it is a primary object of the present invention to provide a kind of digital copyright management based on mobile intelligent terminal
(DRM)Content protective system and method, the deficiency existed for Microsoft DRM technologies, using based on user and equipment
Distributed proccessing, it is allowed to which a user uses same digital product simultaneously on different terminal devices, neither violates
Copyright protection principle meets the demand of user again, convenient for users.
Another object of the present invention also resides in simple, the suitable medium-sized and small enterprises of a set of implementation process of offer and builds the number of oneself
The digital rights management content protection system of word Content Management Platform system, it is allowed to which user is under off-line state using protected
Digital product.
To reach above-mentioned purpose, the technical proposal of the invention is realized in this way:
A kind of digital copyright management based on mobile intelligent terminal(DRM)Content protective system, including user registration module,
Certificate is parsed and generation module and control of authority module;It is characterized in that:It is additionally included in line device management module, authority purchase
And distribute module, certificate management module and digital Context resolution module;Wherein,
Onlineization device management module, for management terminal device, realizes that user registers according to self-demand and deleted certainly
Oneself terminal device;
Authority is bought and distribute module, buys corresponding digital product for realizing user according to self-demand, and be it
Authority is distributed, the authority is including the use of number of times, usage time interval, accumulative use time;
Certificate management module, download, inspection, renewal, recovery and the renewal of the document of title for managing digital product
Access right;
Digital content parsing module, for parsing the corresponding file format of digital content, parsing includes encrypted digital content
The file File header information, and decrypt file body, obtain the digital content of plaintext version.
Wherein:The control of authority module, for ensureing that digital content is advised according to the use defined in the document of title
Then used.
The DRM content protection system further comprises digital content playing module, for broadcasting decryption with plaintext shape
The digital content that formula is present.
The certificate parsing and generation module, for being parsed to document of title, by with the certificate of XML file form
The digital content access right of definition is extracted, then corresponding using rule generation according to definition when generating the certificate
The certificate of XML form.
A kind of digital copyright management DRM content guard method based on mobile intelligent terminal, comprises the following steps:
A, user are registered and deleted online management to equipment, and the access right of some digital content is distributed to
The multiple equipment of registration;
When B, User logs in client Agent, client Agent believes the only mark of user profile UserInfo and equipment
Breath DevUniqueInfo is sent to digital content management server DRMServer using http agreements, and the DRMServer is looked into
See whether the user registered the equipment, automatic location registration process was carried out if not registering;
C, user buy corresponding digital content, access right are distributed to different equipment, when first time is to the number
When the access right of word content is allocated, then authority distribution is directly carried out;
D, when user needs to re-start authority distribution, the DRMServer to it is all to the digital content have make
Certificate passback request RightsPostBackRequest is sent with the client Agent of authority;
E, the client Agent receive certificate passback request RightsPostBackRequest, please by the passback
The certificate number for asking the requirement in RightsPostBackRequest to return is extracted, and searches local certificate, and send certificate
Passback notifies RightsPostBack, then corresponding certificate is returned into the DRMServer;
F, the DRMServer are parsed to the passback certificate received, and the access right of corresponding digital content is entered
Row statistics, updates remaining access right ULRights of the user to the digital content;
G, the DRMServer statistics obtain the remaining access right ULRights of user then by the authority newly bought
It is added together in the lump and obtains the access right UserRights of user to the digital content altogether;
The access right ULRights for belonging to itself is distributed to different equipment by H, user, and the certificate newly obtained is sent out
Client Agent to mandate;
After I, authority distribution are finished, obtain the equipment authorized has access right to the digital content, so that user can
To use same digital content simultaneously in multiple equipment.
Wherein, after the step I, also include:
J, user delete some equipment, and the DRMServer sends certificate passback request to the client Agent of the equipment
RightsPostBackRequest, it is desirable to which the equipment returns all certificates, client Agent returns all certificates, server
Obtained certificate is parsed, counts and updates the remaining access right ULRights of user.The process of the sweep equipment is specifically included:
J1, User logs in digital content management platform website, select sweep equipment, digital content management Platform Server
DRMServer sends certificate to the equipment can send request RightsPostBackRequest, it is desirable to which it can send out all certificates
To server;
All certificates are returned to server end by J2, client-side program Agent first, and then local certificate is all marked
Will is invalid;
The remaining right to use of each digital content in the certificate RightsParse that J3, server parsing are obtained, statistics certificate
Limit, among obtained remaining access right information updating to database.
When user opens the digital content downloaded, digital content is parsed by client Agent, file header is obtained
With file body, then search respective certificate and carry out scope check.
The file header includes encryption method, fill pattern, the former form of digital content file, digital content numbering and number
Word content certificate is numbered;The file body is the digital content file by encryption.
DRM content protection system and method provided by the present invention based on mobile intelligent terminal, with advantages below:
DRM content protection system and method for the present invention, using the distributed proccessing based on user and equipment, it is allowed to one
Individual user uses same digital product simultaneously on different terminal devices, and neither copyright violation protection philosophy meets user again
Demand, it is convenient for users.The DRM content protection system, it is allowed to which user uses shielded number under off-line state
Word product, supports user by the file download with digital publishing rights to mobile terminal, and according to access right(Such as access times,
Use time etc.)Used, also allow multiple mobile terminal devices of same user has digital publishing rights using same
The problem of file.The DRM content protection system has implementation process simple, and suitable medium-sized and small enterprises build the digital content pipe of oneself
Platform system, and the mode that encrypted certificate sends key is employed, further increase Information Security.
Brief description of the drawings
Fig. 1 is master-plan system construction drawing of the invention;
Fig. 2 is overall design approach implementing procedure figure of the invention;
Fig. 3 is client-side program flow chart of the invention;
Fig. 4 is digital content file structural representation of the invention;
Fig. 5 is relation schematic diagram between the modules of the present invention.
【In algorithm and variable used in the present invention/the English table of comparisons】
DRM:Digital content management
DigitalProducts :Digital product
UserRegister:User's registration
Dev:Terminal device
DevManager :Equipment control
Rights:Document of title
RightsID:Certificate number
AssetID:Digital content is numbered
RightsParse:Certificate is parsed
RightsPostBackRiquest:Certificate postbacks request
RightsPostBack:Certificate postbacks notice
DRMServer:Digital content management server
Agent:Client-side program
DevUniqueInfo:Equipment unique designation information
UserInfo:User profile
dcf:Self-defined digital product file format
UserRights:Authority of a user, the i.e. access right altogether to digital product
ULRights:User's residue usage right or also unappropriated right.
DistributeRights:User distributes access right to each equipment(Such as access times)
StateRecord:Certificate status is recorded.
Embodiment
Below in conjunction with the accompanying drawings and embodiments of the invention to the present invention DRM content protection system and method make further in detail
Thin explanation.
The present invention realizes the DRM digital content protections on intelligent terminal using digital certificate technique, and its characteristic is to permit
Perhaps the multiple terminal devices of same user use the same content with digital rights file simultaneously.It is of the invention main by right
Digital content is encrypted, and digital content is protected after additional usage rule.
Fig. 1 is master-plan system construction drawing of the invention.As shown in figure 1, the present invention based on mobile intelligent terminal
DRM content protection system, mainly including following 8 functional modules:User registration module, online change device management module, authority
Purchase and distribute module, certificate management module, certificate parsing and generation module, digital content parsing module, control of authority mould
Block and digital contents play module.Relation between the function and each module of described each module is as follows:
User registration module 1:It is mainly used in user's registration.
Such as, User logs in website is registered, and registers the terminal of oneself using the addition of onlineization device management module 2
Equipment(Dev).
Onlineization device management module 2:For terminal unit management(Dev Manage).Allow user according to oneself
Need to register and delete the Dev of oneself.The effective Dev numbers of user are conditional, i.e., the registrations that user cannot be unlimited
Dev.So user is just limited to a certain extent to digital product(DigitalProducts)Propagation.
Dev used in user must be in digital copyright management server(DRMServer)Registered Dev(By making
Use authority defined), therefore when user uses a new Dev, it is necessary to first registered on DRMServer.
When user logs in client-side program for the first time(Agent)When, Agent is by the user profile of this user(UserInfo)
And the equipment unique identification information of device therefor(DevUniqueInfo)It is sent to DRMServer.DRMServer then bases
Customer information checks client enrollment Dev.If the Dev was never registered, then allow to register the Dev.
When user deletes some registration Dev, then certificate of utility management module 4 gives the Agent transmission routes to the DRMServer
Sharp certificate(Rights)Request is postbacked, and obtained Rights is subjected to certificate using the parsing of module certificate with generation module 5
Parsing(RightsParse), then update the remaining access right ULRights of user(Refer to the also unappropriated access right of user).
It is invalid that local all certificate Rights state is then changed to by Agent.
Authority is bought and distribute module 3:User selects the commodity that oneself is liked, and buys the authority of commodity in use.
Authority is main including the use of number of times, usage time interval, accumulative use time etc..The distribution of authority is carried out after user's purchase authority
DistributeRights, i.e. user distribute access right to each equipment.The DistributeRights, refers to that user will
The authority distribution of oneself purchase gives different registration equipment.For example, user can distribute 10 access rights oneself bought
To A equipment 5 times, B device 5 times.For another example use time is added up, user can distribute different use times to different equipment.
And for need not then carry out authority distribution as this authority of usage time interval, all registered equipment can be used simultaneously, this
Sample user can just use same digital product on different devices.
When user distributes authority to equipment, DRMServer certificates of utility management module 4 sends certificate to each Agent and returned
Hair request(RightsPostBackRequest), it is desirable to related certificate is sent back DRMServer by Agent(The situation is main
It is that for access times or this authority of accumulative use time, card need not be postbacked as this authority of usage time interval
Book).DRMServer certificates of utility are parsed parses certificate RightsParse with generation module 5, collects access right, updates user
Remaining access right.The remaining access right of oneself is distributed to different equipment by user.Distribute after authority, update surplus
Remaining access right ULRights.Now the certificate status of Agent end is updated to expired, it is desirable to which user re-downloads certificate.
Certificate management module 4, for the download of certificate, inspection, renewal, recovery and renewal access right.
Here, the certificate, which is downloaded, refers to that discovery lacks certificate or card when user clicks on and plays some digital content
Book useful life is expired and Agent carries out certificate download automatically.The credentials check refers to that Agent inspects periodically the effective of certificate
Use time, and the certificate soon expired to user's prompting.When the certificate update refers to that validity period of certificate is expired, Agent
Automatically update the certificate.The certificate, which is reclaimed, refers to that Agent receives DRMServer certificates and postbacks request
(RightsPostBackRequest)When, corresponding certificate is sent back into DRMServer.DRMServer then according to certificate among
Authority do some update operation.
Update access right and refer to that Agent periodically postbacks local certificate to DRMServer, ask DRMServer more cenotypes
Answer the authority in certificate(The simply data among modification database, and certificate need not be regenerated).
Certificate is parsed and generation module 5:This module is that certificate is parsed, will be with extensible markup language(XML)
Digital content access right defined in the certificate of document form is extracted;The generation of certificate is then the use rule according to definition
Then generate the certificate of corresponding XML form.
Digital content parsing module 6:Using the dcf file formats for meeting OMA DRM1.0 agreements in the embodiment of the present invention,
And dcf file headers are redefined, digital content numbering, certificate number, encryption side are directly defined in file header
Method, fill pattern, file type, length of the plaintext.Its file body is the digital content by encryption.The dcf, is self-defined number
Word product documentation form, such as * .dcf, it would however also be possible to employ other customized file formats.The digital content parsing module 6 is led
It is responsible for parsing dcf file headers, and decrypts file body, obtains the digital content of plaintext version.
Digital content playing module 7:For playing digital content.The digital content that the present invention is supported include audio, video,
A variety of digital content forms such as pdf documents, picture.Information and plaintext that the module is obtained using digital content parsing module 6
File, under the control of control of authority module 8, is used safely to digital content.
Control of authority module 8:For ensureing that digital content, according to being used defined in certificate using rule, protects number
Word content is by illegal use.These authorities including the use of number of times, use platform, use time etc..Control of authority module can
To be divided into authority detection two little modules are updated with authority.
Here, authority detection refers to that Agent is verified according to the operation of user, inspection when user uses digital content
Survey whether the user has this access right;Authority, which updates, to be referred to after user is to digital content manipulation, Agent change phases
The access right answered.
Described access right also includes replicating, the operation such as propagation.We mainly use encryption technology in terms of this
Ensure with certificate technique.User is allowed to propagate these digital contents, but this digital content is that, by encryption, only have
There is corresponding certificate to be used, and certificate is issued based on platform used in user and user, institute
Even if being transmitted with digital product, it can not also be used.
It is on intelligent terminal the invention provides the specific embodiment that digital content management is carried out on mobile intelligent terminal
Digital content security use provide a kind of succinct method.Relation between modules is in the comparison having been described above
It is clear, Fig. 5 is now done described briefly below:
As shown in figure 5, buying authority after user's registration and distributing access right, certificate of utility management module hair to equipment
Send certificate to postback request RightsPostBackRequest, call certificate parsing to parse certificate with generation module
RightsParse, then updates the data storehouse, and user carries out authority distribution;When user deletes a registration equipment, onlineization is set
Standby management module certificate of utility management module sends RightsPostBackRequest, then calls certificate parsing and generation mould
Block, parses certificate RightsParse, then updates the data storehouse, delete the equipment;When carrying out the digital content side of broadcasting, in numeral
Hold playing module call number Context resolution module and obtain certificate number RightsID, and call certificate management module, then
Call certificate parsing module to carry out certificate parsing RightsParse, obtain access right, call control of authority module, play number
Word content.
Digital Rights Management Technology implementation proposed by the present invention is applied to intelligent terminal mobile platform.Can realize from
Line uses, it is reliable, safe the advantages of.According to previously described design, intelligent mobile terminal successfully have developed
Agent.In order to more clearly visible describe the embodiment of the present invention, Fig. 2 gives overall design approach implementing procedure:
Step 21:Register User logs in website;The digital product that user's selection is liked, and buy the corresponding right to use
Limit;
Step 22:Download digital content is to intelligent terminal, and the client agent Agent of User logs in intelligent terminal is adopted
The equipment that justice registers this client to DRMServer is assisted with http;Agent uniquely marks user profile UserInfo and equipment
Know information DevUniqueInfo and be sent to digital content management platform DRMServer
Step 23:User logs in website is allocated DistributeRights, DRMServer generations to access right
Certificate and it is distributed to authorisation device.
Step 24:After the success of User logs in client, Agent is initialized, and certificate information is initialized first.
Agent scans all local certificates, reads the title of each certificate, using information such as numbering, effective lives, gained is believed
The breath local certificate status log file StateRecord of deposit, and to will expired certificate automatically update.
If now no network connection then points out user certificate expired, network, more new authentication please be connect.During more new authentication
Local certificate is returned into DRMServer, to update the authority service condition of the DRMServer ends user.The passback of certificate
And download is all based on http protocol realizations.Certificate status is updated after more new authentication.
Step 25:The digital content to be played of customer selecting, Agent parsing digital content file heads, extracts title, original
Form, digital content numbering and the information such as certificate number RightsID, and the suffix name that file is shown all be revised as it is original
Suffix, file header structure is as shown in Figure 4.
Then check whether to have been read into the certificate in internal memory first, only need to change respective counts if having been read into
The opening time of word content.If not reading in the certificate in internal memory, certificate is read;Certificate is read to first have to search certificate,
Certificate number in dcf file headers is recorded to certificate status(StateRecord)The middle file name for searching respective certificate
And certificate status etc..The certificate is parsed if being effectively if certificate status, the use of all digital contents of this certificate is obtained
Authority;Otherwise certificate expired is pointed out, it is desirable to which user re-downloads certificate.Certificate status is updated after more new authentication.
Step 26:Agent checks the access right of digital content, and digital content file is opened if it can use, no
Then prompting user buys new authority, and user buys new authority and downloadable authentication;The Agent when user buys new authority
Local certificate is issued by DRMServer using http agreements, DRMServer changes access right of the user to digital content,
The new certificate of generation, and Agent is issued, now update certificate status record StateRecord.
Step 27:Agent in encrypted decrypted digital content to application program sandbox, will be protected in plain text using sandbox
The digital content of form prevents that it from illegally being used, and application program opens the digital content in sandbox.
Step 28:When user closes the digital content opened, digital content in respective certificate in Agent modification internal memories
Access right, and by sandbox plaintext version digital content delete.
Step 29:When user exits client-side program, program regenerates the certificate in internal memory local, renewal card
The authority of all digital contents in book;Agent back to DRMServer, the present remaining access right of user is accused certificate
Know DRMServer and renewal authority.
The present invention draws the strong point of a variety of digital content management methods of current trend, and the need used with reference to present user
Ask, from Consumer's Experience, strive completing safer with simplest process, reliable digital content management method.This
Invention utilizes distributed equipment control scheme, meets in this current intelligent terminal booming age, user possesses many
The current demand of individual intelligent terminal, is user-friendly to, and this method implementation process is simple, is that medium-sized and small enterprises make
The digital content management platform of oneself provides practicable method.In addition, this method allows user to use offline, is
The use of user further provides facility.
The above, only presently preferred embodiments of the present invention is not intended to limit the scope of the present invention.