CN113037472B - Digital content protection method based on receiving end quantity control - Google Patents

Digital content protection method based on receiving end quantity control Download PDF

Info

Publication number
CN113037472B
CN113037472B CN202110212681.8A CN202110212681A CN113037472B CN 113037472 B CN113037472 B CN 113037472B CN 202110212681 A CN202110212681 A CN 202110212681A CN 113037472 B CN113037472 B CN 113037472B
Authority
CN
China
Prior art keywords
receiving
equipment
content stream
list
source
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110212681.8A
Other languages
Chinese (zh)
Other versions
CN113037472A (en
Inventor
高明
杨浩然
赵海阔
石颖
葛建华
岳安军
张沉思
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen National Engineering Laboratory Of Digital Television Co ltd
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN202110212681.8A priority Critical patent/CN113037472B/en
Publication of CN113037472A publication Critical patent/CN113037472A/en
Application granted granted Critical
Publication of CN113037472B publication Critical patent/CN113037472B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

The invention discloses a quantity control method in digital content protection, which comprises a source sending device AnA target receiving device B,Forwarding device An‑1~A0Source transmission apparatus AnA forwarding device A cascaded with a target receiving device B is connected between the target receiving device B and the forwarding device An‑1~A0Source transmission apparatus AnWith respective content stream lists for the different content streams, wherein the source transmitting device anForwarding device A according to the cascaden‑1~A0Counting the total number of the receiving devices, updating a content flow list according to the total number of the receiving devices, and storing the content flow list in a source sending device A according to the counted total number of the receiving devicesnThrough the forwarding device an‑1~A0To the destination receiving device B. The invention carries out the statistics and control of the receiving end quantity aiming at the content flow, leads the quantity control to be related to the content flow, can meet the different requirements of different content flows on the control of the receiving end quantity, and leads the control of the receiving end quantity to be more flexible.

Description

Digital content protection method based on receiving end quantity control
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a digital content protection method based on receiving end quantity control.
Background
The digitalization of multimedia content and the popularization of consumer digital electronic terminals enable users to conveniently obtain and spread the copy of the digitalized multimedia content, and the situation enables the phenomenon that high-definition digital media content is easily pirated when being transmitted between entities, thereby causing great damage to the interests of copyright owners of the digital content.
In order to prevent Digital Content from being illegally copied, intercepted and tampered during Transmission between entities, High-bandwidth Digital Content Protection systems (HDCP), Digital Transmission Content Protection (DTCP) and the like are available, which can be applied to Digital interfaces such as HDMI, DVI and IEEE 1394-plus 1995 or can receive, decode and play Digital Content. The quantity control mechanism belongs to a part of a scale control function, and is mainly used for controlling the quantity of entities capable of decrypting the digital content at the initial sending end of the content and limiting the quantity of the entities capable of decrypting the digital content so as to meet the requirement of the quantity limitation of a specific application or content to a receiving end. The HDCP system: the quantity control of the receiving ends is finished in a topological information reporting stage, specifically: collecting the number of devices connected downstream of the devices from the bottom layer through a Repeater (Repeater) in the HDCP system, reporting the number to the upstream devices, after checking the number, the upstream devices collect the number of the devices under the current level of devices and continue reporting until the initial sending device at the top layer, and judging whether the number of receiving ends exceeds the preset maximum value by the sending device to achieve the quantity control; the DTCP system: and performing quantity control in the equipment authentication stage, specifically: a source sending Device in a DTCP system maintains a receiving end counter, when a new Device is authenticated, whether the receiving end counter exceeds a preset maximum value or not is checked, when the receiving end counter exceeds the maximum value, an authentication request of the newly added Device is rejected, and the authentication request of a Device connected under a Bridge Device (Bridge Device) carries out proxy authentication through the Bridge Device, so that the quantity control of the source Device is facilitated.
However, a quantity control mechanism in the HDCP system needs to report the topology information layer by means of the repeat, each repeat and the uppermost layer sending end judge whether the quantity exceeds the limit layer by layer, once a certain device finds that the quantity of devices connected downstream of the interface exceeds the limit, the authentication state of the interface will be disconnected, and thus if the quantity of the receiving ends exceeds the preset maximum value due to the addition of a new device, the sending end will be disconnected from the authentication state, and other devices will be affected from receiving the content; the DTCP system and HDCP system have the same drawback that the number of devices passing authentication is counted, so that the quantity control mechanism is inflexible, and the receiving devices cannot be respectively controlled in quantity according to different content streams, but the quantity of all devices connected to the source device is generally controlled in quantity.
Disclosure of Invention
In order to solve the above problems in the prior art, the present invention provides a digital content protection method based on receiving end number control.
One embodiment of the present invention provides a digital content protection method based on receiving end number control, which includes:
source transmission apparatus AnDestination receiving equipment B and forwarding equipment An-1~A0Source transmission apparatus AnA forwarding device A cascaded with a target receiving device B is connected between the target receiving device B and the forwarding device An-1~A0Source transmission apparatus AnA respective content stream list is provided for the different content streams, wherein,
source transmission apparatus AnForwarding device A according to the cascaden-1~A0Counting the total number of the receiving devices, updating a content flow list according to the total number of the receiving devices, and storing the content flow list in a source sending device A according to the counted total number of the receiving devicesnThrough the forwarding device an-1~A0To the destination receiving device B.
In one embodiment of the invention, the source transmitting device AnThe content stream list configured for each content stream includes the content stream ID, the first receiving device ID list, and the number of receiving devices corresponding to the content stream ID.
In one embodiment of the invention, the source transmitting device AnForwarding device A according to the cascaden-1~A0Counting the total number of the receiving devices, updating a content flow list according to the total number of the receiving devices, and storing the content flow list in a source sending device A according to the counted total number of the receiving devicesnThrough the forwarding device an-1~A0The destination receiving device B includes:
source transmission apparatus AnCounting the total number of the receiving devices, updating a content flow list according to the counted total number of the receiving devices, and storing the content flow list in an originating serverConveying device AnIs transmitted to the source transmission device AnDirectly connected forwarding device An-1
Forwarding device An-1Receiving and storing content stream, and transmitting join request message to source transmitting device An
Source transmission apparatus AnCounting the total number of receiving devices according to the join request message, updating a content stream column according to the counted total number of the receiving devices, and sending a join passing message to the forwarding device A according to the counted total number of the receiving devicesn-1
Forwarding device An-1Will be stored in the forwarding device a according to the join pass messagen-1Is sent to the forwarding device an-2
Forwarding device An-2Receive and store content streams and pass through forwarding device An-1Sending join request message to source sending equipment An
Source transmission apparatus AnCounting the total number of the receiving devices according to the joining request message, updating a content flow list according to the counted total number of the receiving devices, and passing through a forwarding device A according to the counted total number of the receiving devicesn-1Sending a join pass message to An-2
Forwarding device An-2Will be stored in the forwarding device a according to the join pass messagen-2Is sent to the forwarding device an-3
Repeating the above operations until the forwarding device A is passed1~An-1Sending a join request message to a source sending device AnSource transmission apparatus AnThrough a forwarding device An-1~A1Sending the joining passing message to a forwarding device A directly connected with a target receiving device B0Forwarding device A0Will be stored in the forwarding device a according to the join pass message0Is sent to the destination receiving device B.
In an embodiment of the present invention, the method further includes pre-negotiating and storing a shared master key between adjacent direct-connected devices, wherein the sending, receiving and storing of the content stream includes:
the method comprises the steps that an upstream device encrypts a content stream through a pre-stored shared master key of a downstream device directly connected with the upstream device to obtain an encrypted content stream, and sends the encrypted content stream to the downstream device directly connected with the upstream device, wherein the upstream device comprises a source sending device AnForwarding device An-1~A0The downstream equipment comprises a forwarding equipment An-1~A0
The downstream equipment receives the encrypted content stream sent by the upstream equipment, decrypts the encrypted content stream through a prestored shared main key of the upstream equipment directly connected with the downstream equipment, and encrypts and updates the encrypted content stream by using the prestored shared main key of the downstream equipment directly connected with the downstream equipment;
until the target receiving equipment B receives the forwarding equipment A directly connected with the target receiving equipment B0The transmitted encrypted content stream passes through the pre-stored forwarding device A connected directly0The shared master key of (2) decrypts the encrypted content stream to obtain the content stream.
In one embodiment of the invention, sending the join request message comprises:
the downstream equipment sends a joining request message to upstream equipment directly connected with the downstream equipment, wherein the joining request message comprises a content stream ID, a second receiving equipment ID list and verification information;
the upstream equipment receives the joining request message, recalculates the verification information according to the joining request message, and compares the recalculated verification information with the verification information in the joining request message to obtain a comparison result;
updating a second receiving equipment ID list received by the upstream equipment according to the comparison result, and sending a joining request message to the upstream equipment directly connected with the upstream equipment;
up to the source transmitting device anA join request message is received.
In one embodiment of the present invention, updating the second receiving device ID list in the upstream device according to the comparison result includes:
acquiring a second receiving equipment ID list from the joining request message according to the comparison result;
the receiving device IDs of the downstream devices are updated in a second receiving device ID list.
In one embodiment of the invention, the source transmitting device AnThe step of counting the total number of the receiving devices according to the join request message comprises the following steps:
source transmission apparatus AnAcquiring a second receiving equipment ID list from the joining request message, and adding the equipment ID of An-1 into the second receiving equipment list;
and counting the total number of the receiving devices according to the number of the receiving devices corresponding to each receiving device ID in the first receiving device ID list and the second receiving device list.
In one embodiment of the invention, the content flow list is updated according to the counted total number of the receiving devices, and the sending the join pass message comprises:
source transmission apparatus AnConfiguring the number of preset receiving devices;
source transmission apparatus AnJudging whether the total number of the counted receiving devices is larger than the preset number of the receiving devices or not;
responding to the counted total number of the receiving devices smaller than or equal to the preset number of the receiving devices, adding a second receiving device ID list to a first receiving device ID list in a content flow list, and sending a source sending device AnSending device A to and from sourcenDirectly connected downstream equipment sends a join passing message;
and source transmitting apparatus AnAnd the directly connected downstream equipment sends a joining passing message to the downstream equipment directly connected with the downstream equipment until the upstream equipment directly connected with the current receiving equipment receives the joining passing message.
In one embodiment of the invention, the quitting receiving device comprises a forwarding device a when the quitting receiving device no longer receives the content streamn-1~A1And a destination receiving apparatus B, further comprising:
upstream device cascaded with the quit receiving device sends device A to the sourcenSending an exit request message;
source transmission apparatus AnUpdating the content stream list based on the exit request message, based on the updatedThe content flow list sends an exit passing message to an upstream device cascaded with an exit receiving device through a downstream device;
and the upstream equipment cascaded with the quitting receiving equipment acquires the quitting success of the quitting receiving equipment according to the quitting passing message.
In one embodiment of the invention, the source transmitting device AnUpdating the content stream list according to the exit request message includes:
the quit request message comprises a content stream ID, a quit receiving equipment ID and verification information;
source transmission apparatus AnRecalculating the verification information according to the quit request message, and comparing the recalculated verification information with the verification information in the quit request message to obtain a comparison result;
and acquiring the ID of the quitting receiving equipment corresponding to the content stream ID from the quitting request message, and deleting all the equipment IDs from the quitting receiving equipment to the target receiving equipment B from the first receiving equipment ID list corresponding to the content stream according to the comparison result and the ID of the quitting receiving equipment so as to update the content stream list.
Compared with the prior art, the invention has the beneficial effects that:
the digital content protection method based on receiving end quantity control provided by the invention is used for counting and controlling the quantity of the receiving ends aiming at the content stream, so that the quantity control is related to the content stream. Compared with the method for controlling the quantity through authentication in the traditional HDCP system and the DTCP system, the method can meet different requirements of different content flows on quantity control of the receiving terminals, and enables the source sending equipment to control the quantity of the content flows on the receiving terminals more flexibly.
The present invention will be described in further detail with reference to the accompanying drawings and examples.
Drawings
Fig. 1 is a schematic flowchart of a digital content protection method based on receiving end quantity control according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of another digital content protection method based on receiving end number control according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of another digital content protection method based on receiving end quantity control according to an embodiment of the present invention;
fig. 4 is a schematic flowchart of a receiver exit mechanism in a digital content protection method based on receiver quantity control according to an embodiment of the present invention;
fig. 5 is a flowchart illustrating a receiver exit mechanism in another digital content protection method based on receiver quantity control according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to specific examples, but the embodiments of the present invention are not limited thereto.
Example one
Referring to fig. 1, fig. 2, and fig. 3, fig. 1 is a schematic flowchart of a digital content protection method based on receiving end number control according to an embodiment of the present invention, fig. 2 is a schematic flowchart of another digital content protection method based on receiving end number control according to an embodiment of the present invention, and fig. 3 is a schematic flowchart of another digital content protection method based on receiving end number control according to an embodiment of the present invention. The embodiment provides a digital content protection method based on receiving end quantity control, which comprises a source sending device AnDestination receiving equipment B and forwarding equipment An-1~A0Source transmission apparatus AnA forwarding device A cascaded with a target receiving device B is connected between the target receiving device B and the forwarding device An-1~A0Source transmission apparatus AnRespective content stream lists are configured for the different content streams, wherein:
source transmission apparatus AnForwarding device A according to the cascaden-1~A0Counting the total number of the receiving devices, updating a content flow list according to the total number of the receiving devices, and storing the content flow list in a source sending device A according to the counted total number of the receiving devicesnThrough the forwarding device an-1~A0To the destination receiving device B.
Specifically, the source transmission device of this embodiment serves as an initial transmission end of the content stream, and different source transmission devices may transmit different content streams. This implementationExample sending device A by statistical SourcenThe total number of receiving devices among the downstream devices to determine whether or not to store data in the source transmitting device AnThrough the forwarding device an-1~A0And the content stream is sent to the target receiving equipment B, so that the statistics and control of the receiving end quantity are carried out aiming at the content stream, the quantity control is related to the content stream, different requirements of different content streams on the receiving end quantity control can be met, and the source sending equipment can more flexibly control the content stream receiving end quantity. Before the source transmission device transmits the content stream, the content stream is encrypted in the following specific manner.
The source transmitting device of this embodiment is configured with a respective content Stream List for each content Stream, the content Stream List includes a content Stream ID, a first receiving device ID List, and the number of receiving devices corresponding to the content Stream, which are expressed as Stream _ Receiver _ List ═ Stream ID, receiverid List, ReceiverCounter }, where ReceiverCounter is used to record all the number of receiving ends on the transmission path of the content Stream from the source transmitting device to the destination receiving device, receiverid List is used to record the ID information of all the receiving devices on the transmission path of the content Stream from the source transmitting device to the destination receiving device, receiverid List can be a plurality of records, each record records the ID information of all the devices on the transmission path of the content Stream from the source transmitting device to a certain receiving device, StreamID is used to record the identification of the content Stream, the StreamID of each content Stream is unique, different content streams can be expressed in various aspects, such as their contents are different, or they come from different streams, or they may have different quantity control requirements, etc.
Further, the source transmission apparatus a of the present embodimentnForwarding device A according to the cascaden-1~A0Counting the total number of the receiving devices, updating a content flow list according to the total number of the receiving devices, and storing the content flow list in a source sending device A according to the counted total number of the receiving devicesnThrough the forwarding device an-1~A0The sending to the destination receiving device B specifically includes:
referring again to fig. 2, the source transmitting apparatus anCounting the total number of receiving devices, according to the systemThe total number of receiving devices in the list is updated and stored in the source transmitting device AnIs transmitted to the source transmission device AnDirectly connected forwarding device An-1(ii) a Forwarding device An-1Receiving and storing content stream, and transmitting join request message to source transmitting device An(ii) a Source transmission apparatus AnCounting the total number of receiving devices according to the join request message, updating a content flow list according to the counted total number of the receiving devices, and sending a join pass message to the forwarding device An-1(ii) a Forwarding device An-1Will be stored in the forwarding device a according to the join pass messagen-1Is sent to the forwarding device an-2(ii) a Forwarding device An-2Receive and store content streams and pass through forwarding device An-1Sending join request message to source sending equipment An(ii) a Source transmission apparatus AnCounting the total number of receiving devices according to the join request message, updating a content flow list according to the counted total number of the receiving devices, and then forwarding the content flow list through a forwarding device An-1Sending a join pass message to An-2(ii) a Forwarding device An-2Will be stored in the forwarding device a according to the join pass messagen-2Is sent to the forwarding device an-3(ii) a Repeating the above operations until the forwarding device A0Through a forwarding device A1~An-1Sending a join request message to a source sending device AnSource transmission apparatus AnThrough a forwarding device An-1~A1Sending the joining message to the forwarding device A directly connected with the target receiving device B0Forwarding device A0Will be stored in the forwarding device a according to the join pass message0Is sent to the destination receiving device B.
Further, in this embodiment, a shared master key is negotiated in advance between adjacent direct-connected devices and stored, and the shared master key is forwarded through the cascaded forwarding device an-1~A1The content stream is transmitted, received and stored, and the content stream is transmitted, received and stored by the following steps:
the upstream device encrypts the content stream through a pre-stored shared master key of the directly connected downstream device to obtain an encrypted content stream, and sends the encrypted content stream to the upstream deviceThe downstream equipment directly connected with the upstream equipment comprises source sending equipment AnForwarding device An-1~A0The downstream equipment comprises a forwarding equipment An-1~A0Destination receiving device B. Specifically, the method comprises the following steps:
when sending device A with the sourcenThe directly connected downstream equipment is forwarding equipment An-1The source transmitting apparatus AnAnd source transmitting apparatus AnDirectly connected forwarding device An-1Pre-consulted and stored with a shared master key, source transmitting device AnSending device A through the sourcenPrestored directly connected forwarding equipment An-1The content stream is encrypted by the shared master key to obtain an encrypted content stream.
When sending device A with the sourcenWhen the directly connected downstream equipment is the target receiving equipment B, the source sending equipment AnAnd source transmitting apparatus AnThe directly connected target receiving equipment B negotiates in advance and stores a shared master key, and the source sending equipment AnSending device A through the sourcenAnd encrypting the content stream by the prestored shared master key of the target receiving device B directly connected with the shared master key to obtain the encrypted content stream.
In this embodiment, the source sending device a is completed through the above encryption processing procedure for the content streamnThe encryption processing of the transmission content stream between the downstream equipment directly connected with the source sending equipment improves the security of content stream transmission.
The downstream device receives the encrypted content stream sent by the upstream device, decrypts the encrypted content stream through a pre-stored shared master key of the upstream device directly connected with the downstream device, and re-encrypts and updates the encrypted content stream by using the pre-stored shared master key of the downstream device directly connected with the downstream device. Specifically, the method comprises the following steps:
when the upstream device directly connected with the current downstream device is the source sending device AnThen, the downstream device receives the source transmission device AnThe transmitted encrypted content stream is pre-stored on the downstream device by the downstream device and transmitted to the source transmitting device AnPre-negotiated shared master key for decrypting encrypted content streamsAnd encrypting and updating the encrypted content stream by using a shared master key which is pre-negotiated with the downstream equipment directly connected with the current downstream equipment, and then sending the updated encrypted content stream to the downstream equipment directly connected with the current downstream equipment.
When the upstream device directly connected with the current downstream device is a forwarding device, the downstream device receives the encrypted content stream sent by the upstream forwarding device, decrypts the encrypted content stream on the downstream device through a shared master key pre-stored in the downstream device and pre-negotiated with upstream forwarding, encrypts and updates the encrypted content stream by using the shared master key pre-negotiated with the downstream device directly connected with the current downstream device, and then sends the updated encrypted content stream to the downstream device directly connected with the downstream device.
And when the downstream equipment directly connected with the current downstream equipment is forwarding equipment, encrypting and updating the encrypted content stream by using a shared master key which is negotiated in advance of the downstream equipment directly connected with the current downstream equipment, and sending the updated encrypted content stream to the downstream equipment directly connected with the current downstream equipment.
And when the downstream equipment directly connected with the current downstream equipment is the target receiving equipment B, encrypting and updating the encrypted content by using the shared master key which is negotiated with the target receiving equipment B in advance, and sending the updated encrypted content stream to the target receiving equipment B.
In this embodiment, the source sending device a is completed through the encryption and decryption processesnAll forwarding devices A between the forwarding devices A and the target receiving device Bn-1~A0The encrypted content stream is decrypted and encrypted, so that the security of content stream transmission is improved.
Wherein, the forwarding device A directly connected with the target receiving device B is received by the target receiving device B until the target receiving device B receives the forwarding device A0The transmitted encrypted content stream passes through the pre-stored forwarding device A connected directly0The shared master key of (2) decrypts the encrypted content stream to obtain the content stream. Specifically, the method comprises the following steps:
at an upstream device A directly connected to a destination receiving device B0Through an upstream apparatus A0Prestored and directly-connected upstream equipment A1For the stored encrypted content of the shared master key pairDecrypting the stream, re-encrypting and updating the encrypted content stream by using a pre-stored shared master key of the target receiving device B, sending the updated encrypted content stream to the target receiving device B, and receiving the upstream device A directly connected with the target receiving device B by the target receiving device B0The transmitted encrypted content stream passes through the directly-connected upstream equipment A pre-stored by the target receiving equipment B0The shared master key of (a) decrypts the encrypted content stream to obtain the content stream to complete the sending device from the source (a)nTo the destination receiving device B.
It should be noted that, in this embodiment, there may be several source sending devices and several destination receiving devices, each source sending device may send different content streams and may be received by different destination receiving devices, and a content stream transmission protection scheme is implemented between each source sending device and the destination receiving device.
Further, in this embodiment, forwarding device a is cascadedn-1~A0Sending device A to the sourcenA join request message is sent. Specifically, the method comprises the following steps:
to increase the flexibility of the quantity control mechanism, the present embodiment introduces a receiving end joining mechanism, where the receiving end includes a forwarding device an-1~A0And any one or more target receiving devices B execute a receiving end adding mechanism before a sending end needs to send a certain content stream to a certain adjacent receiving end, and allow the receiving end to add when the number of the receiving ends corresponding to the content stream meets the quantity control condition, or refuse the receiving end to add. The receiving end joining mechanism of the embodiment is divided into two cases: if the content stream sender is the source sending device AnDirectly checking whether the number of the receiving ends exceeds a preset maximum value; if the content stream sender is not the source sending device AnThen, the unique identifier of the destination receiving device at the receiving end of the content stream needs to be securely reported to the source transmitting device a at the sending end of the content streamnSending device A by the sourcenChecking whether the number of receiving ends of the content stream exceeds the preset number of receiving devices, and returning a join pass message through a secure channel. Utensil for cleaning buttockBody ground:
the downstream equipment sends a joining request message to upstream equipment directly connected with the downstream equipment, wherein the joining request message comprises a content stream ID, a second receiving equipment ID list and verification information; the upstream equipment receives the joining request message, recalculates the verification information according to the joining request message, and compares the recalculated verification information with the verification information in the joining request message to obtain a comparison result; updating a second receiving equipment ID list in the upstream equipment according to the comparison result, and sending a joining request message to the upstream equipment directly connected with the upstream equipment; up to the source transmitting device anA join request message is received.
Specifically, the present embodiment introduces a receiving end joining mechanism, and the receiving end quantity control is related to the content stream, and counts the receiving end quantity of the content stream, thereby implementing a stream-one control. In this embodiment, only a mechanism for joining a certain content stream receiving end is described in detail, and the joining mechanisms of other content stream receiving ends are implemented the same, specifically, the mechanism for joining a certain content stream receiving end includes: the join request Message of this embodiment includes a content stream ID, a second receiving device ID list, and verification information, where the second receiving device ID list is used to record ID information of a current receiving device, the verification information is used to protect integrity of a join request Message sent to an upstream receiving device, a downstream device sends the join request Message to an upstream device directly connected to the downstream device, the upstream device receives the join request Message and then recalculates the verification information according to the join request Message, specifically, the embodiment uses a key-based Message Authentication Code (HMAC) to recalculate the verification information, the input of the HMAC algorithm includes a derived key and a join request Message, the derived key is calculated from a shared master key negotiated in advance between the downstream device and the upstream device directly connected to the downstream device, and the recalculated verification information is compared with the verification information in the join request Message to obtain a comparison result, and when the comparison result is not equal, no processing is carried out, the downstream equipment waits for retransmitting the join request message, when the comparison result is equal, the second receiving equipment ID list received by the upstream equipment corresponding to the content stream ID is updated, then the join request message is sent to another upstream equipment directly connected with the upstream equipment, and the join request message comprises the content stream ID, the updated second receiving equipment ID list of the upstream equipment ID and new verification information.
Up to the source transmitting device anUpon receiving the join request message, the present embodiment sends the join request message from the destination receiving device B to the source sending device AnThe processing of the join request message is the same, and is not described herein again.
Further, the updating the second receiving device ID list of the upstream device according to the comparison result in the present embodiment includes: acquiring a second receiving equipment ID list from the joining request message according to the comparison result; and updating the receiving equipment ID of the downstream equipment in the acquired second receiving equipment ID list to obtain an updated second receiving equipment list of the upstream equipment.
Specifically, when the comparison result is equal, the second receiving device ID list is updated, specifically, the second receiving device ID list of the downstream device corresponding to the content stream ID is acquired from the join request information, and then the device ID of the downstream device corresponding to the content stream ID is added to the second receiving device ID list. Until the source transmitting device receives the join request message, the second receiving device ID list records all the receiving end IDs from the destination receiving device to the source transmitting device. And initializing a second receiving equipment ID list of the upstream equipment directly connected with the target receiving equipment into the target receiving equipment ID.
Further, the source transmission apparatus a of the present embodimentnThe step of counting the total number of the receiving devices according to the join request message comprises the following steps: source transmission apparatus AnObtaining a second receiving device ID list from the joining request message, and adding An-1Adding the device ID into a second receiving device list; and counting the total number of the receiving devices according to the number of the receiving devices corresponding to each receiving device ID in the first receiving device ID list and the updated second receiving device ID list.
Specifically, the source transmission apparatus anReceiving and source sending equipment AnDirectly connected downstream equipment An-1After the sent join request message is subjected to message authentication through the HMAC, the source sending equipment A is updatednThe list of content streams in (1) is,specifically, a second receiving device ID list is obtained from the received join request message, then the device ID of An-1 is added into the second receiving device ID list, then whether the receiving device ID in the updated second receiving device ID list is in the first receiving device ID list or not is judged, and the number of receiving devices which are not in the first receiving device list in the second receiving device list is counted, so that the total number of all receiving devices on the content stream transmission path is counted.
Further, the sending the join passing message according to the counted total number of the receiving devices in the embodiment includes: source transmission apparatus AnConfiguring the number of preset receiving devices; source transmission apparatus AnJudging whether the total number of the counted receiving devices is larger than the preset number of the receiving devices or not; responding to the counted total number of the receiving devices smaller than or equal to the preset number of the receiving devices, adding the second receiving device ID list into the first receiving device ID list, and adding the source sending device AnSending device A to and from sourcenDirectly connected downstream equipment sends a join passing message; and source transmitting apparatus AnAnd the directly connected downstream equipment sends a joining passing message to the downstream equipment directly connected with the downstream equipment until the upstream forwarding equipment directly connected with the current receiving equipment receives the joining passing message.
Specifically, the present embodiment source transmission apparatus anThe method comprises the steps that the number of preset receiving devices is configured, the number of the preset receiving devices of different content streams can be the same or different, whether the number of receiving ends is larger than the number of the preset receiving devices or not is judged through the total number of the receiving devices obtained through statistical calculation, when the total number of the receiving devices is smaller than or equal to the number of the preset receiving devices, the number of the current receiving ends does not reach the number of the preset receiving devices, at the moment, the number of the receiving ends corresponding to the content streams meets the control condition of the number of the preset receiving devices, and the source sending device A is allowed to be sentnThe source sending equipment A is added to the receiving end on the transmission path of the target receiving equipment BnTo a downstream device A directly connected to the source transmitting devicen-1Sending join pass message, join notification message including content stream ID, join destination receiving device ID, verification information, and source sending device AnDirectly connected downstream equipment An-1Re-direction and downstream equipment An-1Directly connected downstream equipment An-2Sending join passing message until the upstream device A directly connected with the target receiving device B0A join pass message is received. In the process of receiving the join passing message, the devices at all levels firstly verify the message after receiving the join passing message, and then send a join notification message carrying new verification information to the downstream receiving device, as with the join request message.
Further, please refer to fig. 4 and 5, where fig. 4 is a schematic flowchart of a receiving end exit mechanism in a digital content protection method based on receiving end number control according to an embodiment of the present invention, fig. 5 is a schematic flowchart of a receiving end exit mechanism in another digital content protection method based on receiving end number control according to an embodiment of the present invention, and when an exiting receiving device no longer receives a content stream, the exiting receiving device includes a forwarding device an-1~A1And a destination receiving device B, in which the present embodiment introduces a receiving end quitting mechanism, and when a receiving end quits to receive a certain content stream, the receiving end quitting mechanism needs to be executed to ensure that the source sending end device a is ensurednThe total number of receiving devices receiving this content stream can be updated in real time. The receiving end exit mechanism and the receiving end addition mechanism are also divided into two cases: if sending device A with the content stream sourcenConnected receiving end An-1Exit, source transmitting device A of the content streamnDirectly counting the total reduced receiving end number; if not, the content stream source transmitting device AnConnected receiving end An-1If quitting, the receiving end needs to execute the quitting reporting mechanism, and safely report the device ID of the quitting receiving device to the source sending device A of the content streamnAnd then sent by the source sending equipment AnThe total reduced number of receivers is counted. The method specifically comprises the following steps: upstream device cascaded with the quit receiving device sends device A to the sourcenSending an exit request message; source transmission apparatus AnUpdating the content stream list according to the quit request message, and sending the quit-passing cancel message to the upstream equipment directly connected with the quit receiving equipment through the cascaded downstream equipment according to the updated content stream listInformation; and the upstream equipment directly connected with the quitting receiving equipment acquires the quitting success of the quitting receiving equipment according to the quitting passing message.
Specifically, in order to implement dynamic statistics and control of the number of receiving ends of a content stream, in this embodiment, a receiving end quitting mechanism is introduced, and when a quitting receiving device no longer receives the content stream, the receiving end quitting mechanism is executed, specifically, the quitting receiving device sends a quitting request message to an upstream device directly connected to the quitting receiving device until a source sending device anAn exit request message is received. Source transmission apparatus AnAfter receiving the quit request message, updating the source sending equipment A according to the quit request messagenList of content streams configured above, source transmission device anThe method comprises the steps that an exit passing message is sent to an upstream device directly connected with an exit receiving device through a forwarding device between the exit receiving device and the exit receiving device, the exit notification message comprises a content stream ID, an exit receiving device ID and verification information, the upstream device directly connected with the exit receiving device learns that the exit of the exit receiving device is successful according to the exit passing message, and the fact that the exit receiving device to a target receiving device B is sent by a source sending device A is shownnAnd (6) successfully deleting. The process that each stage of forwarding device receives the exit passing message is the same as the exit request message, message authentication is carried out after the exit passing message is received, and then the exit notification message carrying new authentication information is sent to downstream equipment.
Further, the quit request message of this embodiment includes a content stream ID, a quit receiving device ID, and authentication information, and the source transmitting device anUpdating the content stream list according to the exit request message includes: source transmission apparatus AnRecalculating the verification information according to the quit request message, and comparing the recalculated verification information with the verification information in the quit request message to obtain a comparison result; and acquiring the ID of the quitting receiving equipment corresponding to the content stream ID from the quitting request message, and deleting all the equipment IDs from the quitting receiving equipment to the target receiving equipment B from the first receiving equipment ID list according to the comparison result and the ID of the quitting receiving equipment so as to update the content stream list.
Specifically, in the exit request message processing process of the present embodiment, each stageThe equipment recalculates the verification information according to the quit request message, compares the recalculated verification information with the verification information in the quit request message, if the comparison result is equal, the equipment continues to send the quit request message to the upstream equipment, if the comparison result is equal, the equipment updates the first receiving equipment list and the receiving counter of the corresponding stream, and if the comparison result is unequal, no processing is performed. For the same comparison result, at the source transmitting device AnAll the device IDs exiting the receiving device to the destination receiving device B are deleted from the first receiving device ID list to update the content stream list. For example, there are device 1, device 2, device 3, device 4, device 5, and device 6, device 1 is a source sending device, device 6 is a destination receiving device, when device 3 no longer receives a content stream, the device ID of device 3 is sent to device 1 through device 2, all device IDs of device 3 to device 6 in device 1 are deleted, a content stream list is updated, and then a quit passing message is sent to device 2 through device 1, indicating that device 3 to device 6 have been successfully deleted by device 1.
To illustrate the implementation of the digital content protection method based on receiving end number control proposed in this embodiment, this embodiment is implemented by the following complete process, which is specifically implemented as follows:
setting the receiving device connected with the sending end as B, and adding a mechanism to the receiving end, wherein the mechanism comprises the following two conditions:
case 1: when the upstream device directly connected with the current receiving device B is the source sending device S, directly checking whether the current receiving device B is in a content Stream List Stream _ Receiver _ List, if so, checking to pass; if not, checking whether ReceiverCounter (total number of receiving devices) < LDEVs _ MAX (preset number of receiving devices) is true, if not, checking not to pass, ending the process, if true, updating ReceiverCounter +1, adding the receiving device B into the Stream _ receiverlist, and checking to pass.
Case 2: when the upstream device directly connected to the current receiving device B is a forwarding device, the forwarding device needs to execute a receiving end to join a reporting process. The receiving end joins the reportIn the mechanism execution process, note A0(i.e. A) the content stream to be sent to the receiving device B comes from the upstream device A1Device A1From an upstream device A2… …, device An-1From an upstream device An(AnI.e. the source transmitting device S). In the reporting process, Am(m ═ 1,2, … …, n) adding ID _ Am of directly connected downstream devices to the second receiving device ID list IDList received from the downstream devices, the source sending device S finally obtaining all devices through which the content stream passes when it is sent to the current receiving device B from its updated IDList, thereby determining the number of the added receiving ends by searching the existing first receiving device ID list receiverdist, and then judging whether the number of the added receiving ends exceeds the preset receiving end number limit. Specifically, the process of increasing the number of the receiving ends and reporting the mechanism is as follows:
(1) compute forwarding device a (i.e., a)0) Derived key of (2):
KJA0A1=KDF(KmA0A1,StreamID||“Sink Join”);
wherein KmA0A1For forwarding device A and forwarding device A1The shared master key negotiated in advance, the forwarding device A sends the forwarding device A1Sending join request message MCOUNT 1:
MCOUNT1||ID_A||StreamID||IDList||HMAC(KJA0A1,ID_A||StreamID||IDList||RC)||RC
the IDList is a second receiving device ID list, the IDList is initialized to { ID _ B }, and Rc is a random number generated by the forwarding device A.
And starting a timing counter, if the forwarding device A still does not receive the join passing message MCOUNT2 after the timing counter is overtime, if the retry number is less than the upper limit of the number of times, retransmitting the join request message MCOUNT1, and if the retry number reaches the upper limit of the number of times, controlling the check to fail and not transmitting the content stream to the adjacent receiving device B.
(2) When forwarding device Am1(m1 ═ 1,2, … …, n-1) on receipt of the join request message MCOUNT1, the derived key is calculated:
KJA(m1-1)Am1=KDF(KmA(m1-1)Am1,StreamID||“Sink Join”);
here, KmA(m1-1)Am1As a forwarding device Am1And forwarding device am1-1A shared master key negotiated in advance between. Recalculating authentication information HMAC (K)JA(m1-1)Am1,ID_Am1-1||IDList||StreamID||RC) Compares the result with the authentication information HMAC received through the join request message MCOUNT1, if not equal, does not perform any processing, and if equal, calculates
KJAm1A(m1+1)=KDF(KmAm1A(m1+1),StreamID||“Sink Join”);
Here, KmAm1A(m1+1)As a forwarding device Am1And forwarding device am1+1A shared master key negotiated in advance between. Forwarding device Am1Add ID _ a (m1-1) to IDList { ID _ a (m1-1), ID _ a (m1-2) … … ID _ a, ID _ B }, and then forward to forwarding device am1+1Sending a join request message MCONUT 1:
MCONUT1||ID_Am1||StreamID||IDList||HMAC(KJAm1A(m1+1),ID_Am1||StreamID||IDList||Rc)||Rc;
(3) when source sends device S (i.e. A)n) Receiving and forwarding device An-1Upon sending the join request message MCOUNT1, the derived key of the source sending device S is calculated:
KJA(n-1)An=KDF(KmA(n-1)An,StreamID||“Sink Join”);
here, KmA(n-1)AnAs a forwarding device An-1A shared master key pre-negotiated with the source transmitting device S. Computing authentication information HMAC (K)JA(n-1)An,ID_Am1| StreamID | IDList | | Rc), compared with HMAC received through join request message MCOUNT1, if equal, then perform step 1), if not equal, then perform step 2):
1) adding ID _ A (n-1) to IDList [ { ID _ A (n-1), ID _ A (n-2) … … ID _ A, ID _ B }, then counting the number of sink devices in the IDList in the Stream _ Receiver _ List as n, judging if the total number of sink devices ReceiverCounter + n is larger than the preset sink device number LDEVs _ MAX and exceeds the sink device number control, executing step 2), otherwise updating ReceiverCounter + n, and adding IDList to the first sink device ID List ReceiverIDList in the Stream _ Receiver _ List.
And then to forwarding device an-1Send join pass message MCOUNT 2:
MCOUNT2||ID_An||ID_B||HMAC(KJA(n-1)An,ID_An||ID_B||StreamID||”countok”||Rc);
2) source sending equipment S to forwarding equipment An-1Sending join failure message MCOUNT 3:
MCOUNT3||ID_B||“count failed”;
(4) when forwarding device Am1Upon receipt of the join pass message MCOUNT2, authentication information HMAC (K) is computedJAm1A(m1+1),ID_A(m1+1)If the message is equal to the HMAC received through the message MCOUNT2, the message is sent to the forwarding device am1-1Send join pass message MCOUNT 2:
MCOUNT2||ID_Am1||ID_B||HMAC(KJA(m1-1)Am1,ID_Am1||ID_B||StreamID||“count ok”||Rc);
when forwarding device Am1When receiving join failure message MCOUNT3, forwarding device Am1-1The join failure message MCOUNT3 is forwarded.
(5) When forwarding device A (i.e. A)0) Upon receipt of the join pass message MCOUNT2, authentication information HMAC (K) is computedJA1A0,ID_A1I | ID _ B | "count ok" | Rc), and comparing with the HMAC value received through message MCOUNT2, if they are not equal, executing (6), if they are equal, the number of receiving ends is successfully added, forwarding device a0The stored encrypted content stream is transmitted to the adjacent receiving apparatus B.
When forwarding device A (i.e. A)0) When the join failure message MCOUNT3 is received, the number of retransmissions is set equal to the upper limit of the number of times, and then (6) is performed.
(6) This increased number of control checks at the receiving endIf the retransmission times is less than the upper limit of times, then re-executing (1), otherwise the receiving end increases the number to control the check to fail, and does not initiate the content stream transmission, that is, the forwarding device A0The content stream is not transmitted to the adjacent receiving device B.
Then, for a certain receiver exit mechanism or some receiver exit mechanisms, the following two cases are included:
case 1: when the source sending device S directly connected to the quitting receiving device B (B is not necessarily a destination receiving device, but may include some forwarding device (S)), searching the first receiving device ID list ReceiverIDList, deleting ID _ B and all device IDs of the quitting receiving device B to the respective destination receiving devices of the content stream, and counting the total number of the deleted receiving device IDs as n (the same receiving device IDs are counted only once), then updating ReceiverCounter-n;
case 2: when the device B directly connected to the quitting receiving device B (B is not necessarily the destination receiving device, and may be some forwarding device or some forwarding devices) is not the source sending device S, but a forwarding device, the receiving end quantity quitting reporting mechanism needs to be executed. In the exit mechanism execution process, the forwarding device A0The ID _ B of the exiting receiving device B needs to be reported (if the exiting receiving device B is a set of multiple receiving devices, ID _ B is the ID of all receiving devices in the set) to the source sending device S, then the source sending device S searches for ReceiverIDList, deletes ID _ B and the device ID information of all receiving devices on the transmission path from the exiting receiving device B to each destination receiving device, and counts the total number n of the deleted receiving device IDs (multiple same IDs are counted only once), and updates receivecounter-n. Specifically, the process of the receiving end quantity exiting the reporting mechanism is as follows:
(1) computing and forwarding device A (A)0) Derived key of (2):
KQA0A1=KDF(KmA0A1,StreamID||“Sink Quit”);
here, KmA0A1As a forwarding device A0And forwarding device a1With a shared master key negotiated in advance, forwarding device a0Upstream forwarding device to content stream sourcePreparation of A1Send exit request message mqquit 1:
MQUIT1||ID_A0||StreamID||ID_B||ID_A0||NA0||HMAC(KQA0A1,ID_A0|||StreamID||ID_B||ID_A0||NA0);
updating NA0 to NA0+1, starting a timer counter TYUIT, and forwarding device A before the timer counter times out1And when the quit passing message MQUIT2 is not received, retransmitting the quit request message MQUIT1, and when the retransmission times exceed the upper limit of times, giving up the report of the quit of the quantity of the receiving ends. NA0 is a forwarding device A0And forwarding device a1Maintained monotonic counter, forwarding device A0When the exit reporting mechanism is executed for the first time, NA0 is initialized to 0.
(2) Equipment Am2(m2 ═ 1,2, … …, n) upon receipt of the logout request message mqit 1, it is checked whether there is an NA (m2-1) corresponding to ID _ a (m2-1), and if not, it is stored [ ID _ a (m2-1), NA (m2-1)]. If the received NA (m2-1) is less than or equal to the stored NA (m2-1), no processing is performed, otherwise, the locally stored NA (m2-1) is updated to the received NA (m2-1), and the authentication information HMAC (K) is calculatedQ(A(m2-1))Am2,ID_Am2-1If | StreamID | | ID _ B | | | ID _ a (m2-1) | NA (m2-1)), then it is equal to HMAC received through exit request message mquat 1, and if not, no processing is done, and if equal:
1) if device Am2If not, the forwarding device A is calculatedm2Derived key of (2):
KQAm2A(m2+1)=KDF(KmAm2A(m2+1),StreamID||“Sink Quit”);
HMAC(KQAm2A(m2+1),ID_Am2||StreamID||ID_B||ID_Am2||NAm2);
here, KmAm2A(m2+1)Is Am2And Am2+1A shared master key negotiated in advance between. And then forward device a to the upstream of the content streamm2+1Send exit request message mqquit 1:
MQUIT1||ID_Am2||StreamID||ID_B||ID_Am2||NAm2||HMAC(KQAm2A(m2+1),ID_Am2||StreamID||ID_B||ID_Am2||NAm2);
update NAm2 ═ NAm2+ 1. NAm2 is forwarding device Am2And forwarding device am2+1Maintained monotonic counter, forwarding device Am2When the exit reporting mechanism is executed for the first time, it is initialized to NAm2 ═ 0.
2) If device Am2The source sending device S searches receiverIDList, deletes ID _ B and device ID information of all receiving devices on a transmission path from the quitting receiving device to each destination receiving device, counts the total number of the deleted receiving device IDs as n (a plurality of same IDs are counted only once), updates receiverCounter-n, and transmits the updated receiverCounter-n to the forwarding device Am2-1Send exit by message mqquit 2:
MQUIT2||ID_Am2||StreamID||ID_B||“quit success”。
(3) when forwarding device Am3-1(m3 ═ 2,3, … …, n) upon receipt of the exit pass message mquat 2, the exit pass message mquat 2 is forwarded to the downstream devices of its content stream:
MQUIT2||ID_Am3-1||StreamID||ID_B||“quit success”;
when forwarding device A0And when the quit passing message MQUIT2 is received, stopping the timing counter TQUIT, and finishing the quit report of the receiving end.
It should be noted that the above specific process mainly relates to a transfer process of each message, and does not relate to specific processing of a content stream, and for the content stream, only when a sending condition is satisfied, the content stream is encrypted and decrypted and then transmitted until a destination receiving device B.
In summary, the present embodiment provides a digital content protection method based on receiving end number control, which performs statistics and control on the receiving end number for content streams, so that the number control is related to the content streams. Compared with the method for controlling the quantity through authentication in the traditional HDCP system and the DTCP system, the embodiment can meet different requirements of different content flows on quantity control of receiving ends, each content flow maintains the respective receiving end quantity and the receiving end ID list, so that the receiving end quantity of each content flow is mutually independent in the source sending equipment of the content flow, and further the source sending equipment of the content flow can dynamically count the quantity of the receiving equipment of each content flow and control the quantity, and the quantity of the equipment for receiving another content flow cannot be influenced by the quantity of the equipment for receiving one content flow, so that the source sending equipment can control the quantity of the receiving ends of the content flows more flexibly; and a simple and easy receiving end adding mechanism and a receiving end quitting mechanism are provided, so that the source sending equipment of the content stream can increase or decrease the receiving end number and the receiving equipment ID list corresponding to each content stream, dynamically acquire the receiving end number of each content stream, make the receiving end number statistics more accurate, and ensure the effectiveness of the receiving end number control and statistics.
The foregoing is a more detailed description of the invention in connection with specific preferred embodiments and it is not intended that the invention be limited to these specific details. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.

Claims (8)

1. A digital content protection method based on receiving end quantity control is characterized by comprising a source sending device AnDestination receiving equipment B and forwarding equipment An-1~A0Source transmission apparatus AnA forwarding device A cascaded with a target receiving device B is connected between the target receiving device B and the forwarding device An-1~A0Source transmission apparatus AnA respective content stream list is provided for the different content streams, wherein,
source transmission apparatus AnForwarding device A according to the cascaden-1~A0Counting the total number of the receiving devices, updating a content flow list according to the total number of the receiving devices, and storing the content flow list in a source sending device A according to the counted total number of the receiving devicesnThrough the forwarding device an-1~A0Sending the data to a target receiving device B;
source transmission apparatus AnEach configured content stream list comprises a content stream ID, a first receiving device ID list and the number of receiving devices corresponding to the content stream ID;
the source transmission apparatus AnForwarding device A according to the cascaden-1~A0Counting the total number of the receiving devices, updating a content flow list according to the total number of the receiving devices, and storing the content flow list in a source sending device A according to the counted total number of the receiving devicesnThrough the forwarding device an-1~A0The destination receiving device B includes:
step S1: source transmission apparatus AnCounting the total number of the receiving devices, updating a content flow list according to the counted total number of the receiving devices, and storing the content flow list in a source sending device AnIs transmitted to the source transmission device AnDirectly connected forwarding device An-1
Step S2: forwarding device An-1Receiving and storing content stream, and transmitting join request message to source transmitting device An
Step S3: source transmission apparatus AnCounting the total number of receiving devices according to the join request message, updating a content flow list according to the counted total number of the receiving devices, and sending a join passing message to the forwarding device A according to the counted total number of the receiving devicesn-1
Step S4: forwarding device An-1Will be stored in the forwarding device a according to the join pass messagen-1Is sent to the forwarding device an-2
Step S5: forwarding device An-2Receive and store content streams and pass through forwarding device An-1Sending join request message to source sending equipment An
Step S6: source transmission apparatus AnCounting the total number of the receiving devices according to the joining request message, updating a content flow list according to the counted total number of the receiving devices, and passing through a forwarding device A according to the counted total number of the receiving devicesn-1Sending a join pass message to An-2
Step S7: forwarding device An-2Will be stored in the forwarding device a according to the join pass messagen-2Is sent to the forwarding device an-3
Repeating the steps S1 to S7 untilTo through forwarding device A1~An-1Sending a join request message to a source sending device AnSource transmission apparatus AnThrough a forwarding device An-1~A1Sending the joining message to the forwarding device A directly connected with the target receiving device B0Forwarding device A0Will be stored in the forwarding device a according to the join pass message0Is sent to the destination receiving device B.
2. The method for protecting digital content based on receiving end number control as claimed in claim 1, further comprising pre-negotiating and storing a shared master key between adjacent direct-connected devices, wherein the sending, receiving and storing of the content stream comprises:
the method comprises the steps that an upstream device encrypts a content stream through a pre-stored shared master key of a downstream device directly connected with the upstream device to obtain an encrypted content stream, and sends the encrypted content stream to the downstream device directly connected with the upstream device, wherein the upstream device comprises a source sending device AnForwarding device An-1~A0The downstream equipment comprises a forwarding equipment An-1~A0
The downstream equipment receives the encrypted content stream sent by the upstream equipment, decrypts the encrypted content stream through a prestored shared main key of the upstream equipment directly connected with the downstream equipment, and encrypts and updates the encrypted content stream by using the prestored shared main key of the downstream equipment directly connected with the downstream equipment;
until the target receiving equipment B receives the forwarding equipment A directly connected with the target receiving equipment B0The transmitted encrypted content stream passes through the pre-stored forwarding device A connected directly0The shared master key of (2) decrypts the encrypted content stream to obtain the content stream.
3. The digital contents protection method based on the receiver-side number control as claimed in claim 1, wherein the transmitting of the join request message comprises:
the downstream equipment sends a joining request message to upstream equipment directly connected with the downstream equipment, wherein the joining request message comprises a content stream ID, a second receiving equipment ID list and verification information;
the upstream equipment receives the joining request message, recalculates the verification information according to the joining request message, and compares the recalculated verification information with the verification information in the joining request message to obtain a comparison result;
updating a second receiving equipment ID list of the upstream equipment according to the comparison result, and sending a joining request message to the upstream equipment directly connected with the upstream equipment;
up to the source transmitting device anA join request message is received.
4. The method of claim 3, wherein updating the second list of recipient device IDs in the upstream device based on the comparison comprises:
acquiring a second receiving equipment ID list from the joining request message according to the comparison result;
the receiving device IDs of the downstream devices are updated in a second receiving device ID list.
5. The method of claim 3, wherein the source transmitting device A transmits a digital content stream to the receiving device A according to the receiving device quantity controlnThe step of counting the total number of the receiving devices according to the join request message comprises the following steps:
source transmission apparatus AnObtaining a second receiving device ID list from the joining request message, and adding An-1Adding the device ID into a second receiving device list;
and counting the total number of the receiving devices according to the number of the receiving devices corresponding to each receiving device ID in the first receiving device ID list and the second receiving device list.
6. The method of claim 3, wherein the content stream list is updated according to the counted total number of receiving devices, and the sending the join pass message comprises:
source transmission apparatus AnConfiguring the number of preset receiving devices;
source transmission apparatus AnJudging whether the total number of the counted receiving devices is larger than the preset number of the receiving devices or not;
responding to the counted total number of the receiving devices being less than or equal to the preset number of the receiving devices, and sending the source sending device AnAdding the second receiving device ID list to the first receiving device ID list in the content stream list, and sending the device A to the source sending devicenDirectly connected downstream equipment sends a join passing message;
and source transmitting apparatus AnAnd the directly connected downstream equipment sends a joining passing message to the downstream equipment directly connected with the downstream equipment until the upstream equipment directly connected with the current receiving equipment receives the joining passing message.
7. The method of claim 1, wherein the quitting of the receiving device comprises forwarding device a when the quitting of the receiving device does not receive the content stream any moren-1~A1And a destination receiving apparatus B, further comprising:
upstream device cascaded with the quit receiving device sends device A to the sourcenSending an exit request message;
source transmission apparatus AnUpdating the content flow list according to the quit request message, and sending a quit passing message to an upstream device cascaded with the quit receiving device through a downstream device according to the updated content flow list;
and the upstream equipment directly connected with the quitting receiving equipment acquires the quitting success of the quitting receiving equipment according to the quitting passing message.
8. The method of claim 7, wherein the source transmitting apparatus A transmits a digital content stream to the receiving end based on the number controlnUpdating the content stream list according to the exit request message includes:
the quit request message comprises a content stream ID, a quit receiving device ID and verification information;
source transmission apparatus AnRecalculating authentication information from the exit request message, comparing the recalculated authentication informationThe verification information and the verification information in the quit request message obtain a comparison result;
and acquiring the ID of the quitting receiving equipment corresponding to the content stream ID from the quitting request message, and deleting all the equipment IDs from the quitting receiving equipment to the target receiving equipment B from the first receiving equipment ID list corresponding to the content stream according to the comparison result and the ID of the quitting receiving equipment so as to update the content stream list.
CN202110212681.8A 2021-02-25 2021-02-25 Digital content protection method based on receiving end quantity control Active CN113037472B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110212681.8A CN113037472B (en) 2021-02-25 2021-02-25 Digital content protection method based on receiving end quantity control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110212681.8A CN113037472B (en) 2021-02-25 2021-02-25 Digital content protection method based on receiving end quantity control

Publications (2)

Publication Number Publication Date
CN113037472A CN113037472A (en) 2021-06-25
CN113037472B true CN113037472B (en) 2022-04-15

Family

ID=76462190

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110212681.8A Active CN113037472B (en) 2021-02-25 2021-02-25 Digital content protection method based on receiving end quantity control

Country Status (1)

Country Link
CN (1) CN113037472B (en)

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2862835B1 (en) * 2003-11-24 2006-04-14 Medialive SECURED AND CUSTOMIZED DIFFUSION OF AUDIOVISUAL FLOWS BY A UNICAST / MULTICAST HYBRID SYSTEM
CN1832400B (en) * 2005-11-14 2011-08-17 四川长虹电器股份有限公司 Contents protection system and method
US8259949B2 (en) * 2008-05-27 2012-09-04 Intel Corporation Methods and apparatus for protecting digital content
CN101588236B (en) * 2009-07-16 2012-03-14 四川长虹电器股份有限公司 Protecting device, system and method for transmitting contents safely
US8649519B2 (en) * 2009-09-04 2014-02-11 Rgb Systems, Inc. Method and apparatus for secure distribution of digital content
US8411861B2 (en) * 2009-10-21 2013-04-02 Intel Corporation Apparatus, systems, and methods for checking if a receiver is on a revocation list based on SRMs of DVDs
WO2018012078A1 (en) * 2016-07-14 2018-01-18 ソニー株式会社 Authentication device and authentication method

Also Published As

Publication number Publication date
CN113037472A (en) 2021-06-25

Similar Documents

Publication Publication Date Title
US11784982B2 (en) Secure content access authorization
US7676042B2 (en) Terminal apparatus, server apparatus, and digital content distribution system
US7797755B2 (en) Method to secure the transfer of a data stream, corresponding computer program product, storage means and nodes
US9755826B2 (en) Quantum key distribution device, quantum key distribution system, and quantum key distribution method
JP4478456B2 (en) How to update revocation lists for non-compliant keys, devices, or modules in a secure system for broadcasting content
US8767964B2 (en) Secure communications in computer cluster systems
JP3814620B2 (en) Information processing apparatus and information processing method
US7685422B2 (en) Information processing apparatus, information processing method, and information processing program
EP2460333B1 (en) Policies transfer for session transfer
CN104168267B (en) A kind of identity identifying method of access SIP security protection video monitoring systems
US8649519B2 (en) Method and apparatus for secure distribution of digital content
TW200806034A (en) Method for access control to a scrambled content
US20120084806A1 (en) Key Derivation for Secure Communications
KR20020084067A (en) Copyright protective system, transmitter, receiver, bridge device, copyright protective method, medium, and program
US20180054304A1 (en) Communication device, communication method, and communication system
CN103081493B (en) For the protection of the system and method for the advertisement selection of privacy
WO2007001462A2 (en) Method and apparatus for providing a secure move of a decryption content key
US20060195405A1 (en) Digital content distribution system
KR102008670B1 (en) Apparatus of monitoring multicast group
US20100067695A1 (en) Message processing apparatus and processing method thereof
US8559627B2 (en) Sanctioned caching server and methods for use therewith
CN113037472B (en) Digital content protection method based on receiving end quantity control
SK1592002A3 (en) Method and device for guaranteeing the integrity and authenticity of a set of data
CN112398644A (en) Content key sharing method, system and storage medium
JP4447908B2 (en) Local digital network and method for introducing new apparatus, and data broadcasting and receiving method in the network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230412

Address after: 21a, Guoshi building, 1801 Shahe West Road, high tech community, Yuehai street, Nanshan District, Shenzhen, Guangdong 518063

Patentee after: SHENZHEN NATIONAL ENGINEERING LABORATORY OF DIGITAL TELEVISION Co.,Ltd.

Address before: No.2, Taibai South Road, Yanta District, Xi'an City, Shaanxi Province

Patentee before: XIDIAN University