CN1878092A - Domain management system, method for building local domain and method for acquisition of local domain licence - Google Patents
Domain management system, method for building local domain and method for acquisition of local domain licence Download PDFInfo
- Publication number
- CN1878092A CN1878092A CN 200610098590 CN200610098590A CN1878092A CN 1878092 A CN1878092 A CN 1878092A CN 200610098590 CN200610098590 CN 200610098590 CN 200610098590 A CN200610098590 A CN 200610098590A CN 1878092 A CN1878092 A CN 1878092A
- Authority
- CN
- China
- Prior art keywords
- domain
- terminal
- territory
- local
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a DRM regional management system and building method of local region and allowing method of terminal obtaining local region, which comprises the following parts: local side region manager and terminal, website side regional information storage mode and allowing server, wherein the local regional manager reserves local regional information to add or leave local region according to terminal request or makes terminal add or leave local region directly, which sends regional information to terminal in the local region; the terminal transmits local regional allowing request with local mark to allowing server, which proceeds allowing consumption according to regional allowance of allowing server; the regional information storage mode can reserve local regional information; the allowing server generates regional allowing and sends regional allowance to terminal according to regional information corresponding to local regional allowance in the regional information storage mode.
Description
Technical field
The present invention relates to wireless communication technology field, be meant a kind of digital copyright management (DRM) domain management system, a kind of method and a kind of method of obtaining the local domain permission of setting up local domain especially.
Background technology
DRM protects content owner's legitimate rights and interests mainly by the use of claim limitation and content protecting scheme control figure content.The publisher of digital content with encrypt digital content after, the user downloads to the encrypted digital content packet on the terminal equipment; Permit server is responsible for distribution and the corresponding licence of digital content, comprising content decryption key and corresponding authority.Equipment have only have simultaneously comprise decrypts digital content must information content data packets and licence, could normally use the digital content of being bought.
Carry out the distribution and the management of licence for convenience, introduced the notion in territory in the DRM system.The territory is the set of one group of DRM terminal, and the DRM terminal in the same territory is shared some domain informations, and domain information comprises that a unique relam identifier and being used for deciphers the domain key of sensitive information in the permission of territory etc.When permit server is territory distribution permission, utilize domain key that permission is encapsulated, the permission after the encapsulation is called the territory permission, thereby the contents encryption key during the member can secure permission by domain key in the territory uses digital content; But not the territory member be owing to can't obtain domain key, then can not access digital content.
As shown in Figure 1, existing DRM domain management system comprises: territory administrative center (Domain ManageCenter, DMC), permit server (License Server, LS) and terminal.DMC and LS all are positioned at network side, and DMC is usually by Virtual network operator or provide the service supplier of field managing server to set up specially and safeguard.
Publication number is 20050182727 U.S. Patent Publication a kind of setting up the territory and adding the method in territory based on DRM domain management system shown in Figure 1.In the method, the terminal that adds the territory all must be initiated to join request by internet (Internet) and DMC (Central Domain Service), whether DMC detects the terminal that adds the territory by the territory member who adds this territory approaching with this territory, if then DMC adds the territory with this terminal, and domain information is handed down to terminal.Thereby terminal can be permitted to the LS request domain, thereby and be deciphered the territory by the domain key in the domain information and permit consumption.
In above-mentioned prior art, by network side DMC the territory member is carried out unified management, and since the DMC of network side the territory number of members of management is huger usually, so cause the burden of DMC of network side serious; And because DMC is positioned at network side, terminal must be mutual by internet and DMC, for the equipment that does not have long-range connection, as equipment such as portable players, can't add the territory.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of DRM domain management system, a kind of method and a kind of method of obtaining the territory permission of setting up local domain, can alleviate the burden of network side DMC.
For achieving the above object, the invention provides a kind of DRM domain management system, this system comprises: the domain information memory module and the permit server of the local domain supervisor of local side and terminal and network side; Wherein,
Described local domain supervisor is used to preserve the domain information of local domain, makes terminal add local domain or leaves local domain according to the request of terminal, or directly make terminal add local domain or leave local domain, and domain information is sent to the terminal that adds local domain;
Described terminal is used for sending the local domain license request that comprises the local domain sign to permit server, and permits consumption according to the territory that permit server returns;
Described domain information memory module is used to store the domain information of local domain;
Described permit server is used to receive the local domain license request of self terminal, according to the pairing domain information of storing in the described domain information memory module of described local domain license request, generates the territory permission and issues this territory and permit to described terminal.
Described local domain supervisor further can be used to generate the domain information of local domain, and the domain information that generates directly or by terminal is sent to described domain information memory module.
Described domain information memory module can be arranged in permit server.
Described domain information memory module can be territory administrative center, then this territory administrative center is further used for the domain information that the request of setting up the territory according to local domain supervisor generates the domain information of local domain or directly generates local domain, and the domain information of the local domain that generates directly or by terminal is handed down to local domain supervisor; Then described local domain supervisor is further used for receiving and preserve the domain information from territory administrative center.
Described territory administrative center can be arranged in the described permit server.
The local domain permission that described permit server is handed down to described terminal can be the territory permission that requires local domain supervisor to manage concentratedly; The territory permission of the described centralized management that then described terminal further will receive sends to described local domain supervisor, and the authority in the permission of the described territory of local domain supervisor sending permission acquisition request, and permit consumption according to the authority that local domain supervisor returns; Described local domain supervisor is further used for installing the territory permission of the described centralized management of reception, and according to the authority request of terminal corresponding authority in the territory permission of described installation is handed down to terminal.
The present invention also provides a kind of method of setting up local domain, and this method comprises:
Generate the domain information of local domain, and obtain and preserve described domain information respectively at network equipment and local domain supervisor and set up the territory.
Described domain information can comprise: domain identifier and domain key, or further comprise domain policy; Described domain policy is: territory size, the terminal type that allows the adding territory or the term of validity in territory, or above combination in any.
Can be generated and be preserved the domain information of described local domain by network equipment, network equipment sends to the local domain supervisor of described domain information correspondence with the domain information that generates, and local domain supervisor receives also and preserves described domain information and set up the territory.
Described network equipment can send to corresponding local domain supervisor with described domain information by the domain information response message.
Further can comprise in the described domain information response message: call time on network equipment sign, local domain supervisor sign, the domain information, domain information calls time at the latest or territory version number, or above combination in any.
Comprise in the described domain information response message when calling time on domain information at the latest, if described network equipment determines not receive the domain information that reports from described local domain supervisor when this time arrives, then the local domain of the described domain information response message of network equipment correspondence is set to invalidly, and stops to be this local domain granting permission.
Can set up the territory by the domain information that local domain supervisor generated and preserved described local domain, and the domain information that generates is sent to network equipment, network equipment receives also preserves described domain information.
Described network equipment can verify this domain information after receiving domain information from local domain supervisor, and the response message that returns success or fail to described local domain supervisor according to the checking result.
This method further can comprise:
Local domain supervisor is according to the area update request from network equipment, or call time on the domain information that issues in advance according to network equipment or domain information calls time at the latest, or after self domain information upgrades, give network equipment by information reporting with the domain information that upgrades;
After network equipment receives the domain information of described renewal, preserve the domain information of described renewal.
Described local domain supervisor further can comprise in the message of the domain information that comprises renewal that network equipment reports: local domain supervisor is to the digital signature of this message and/or the identity information of local domain supervisor;
Then network equipment further can comprise after receiving the domain information of described renewal: whether network equipment is legal and/or verify according to the identity information of described local domain supervisor whether described local domain supervisor is legal according to the described message of described digital signature authentication, or judge whether to allow to upgrade, if carry out the step of the domain information of the described renewal of described preservation; Otherwise, directly finish this flow process.
Further can comprise behind the domain information of the described renewal of described preservation: network equipment returns the information of area update success to local domain supervisor; Further comprise before described this flow process of direct end: network equipment returns the information of area update failure to local domain supervisor.
Network equipment can be to the domain information after described local domain supervisor sends renewal after the domain information of described local domain upgrades; Local domain supervisor receives and preserves the domain information after the described renewal.
Described network equipment further can comprise before described local domain supervisor sends domain information after upgrading: described network equipment directly or upgrade the terminal of described domain information by the user, local domain supervisor to described local domain correspondence sends the update notification message that comprises domain identifier, and described local domain supervisor sends the domain information update request that comprises described domain identifier according to described update notification message to described network equipment; Then described network equipment obtains the domain information of corresponding renewal according to the domain identifier in the described domain information update request, and the domain information after will upgrading sends to described local domain supervisor.
Described network equipment can be according to the domain information that generates local domain from the request of setting up local domain of local domain supervisor.
Local domain supervisor can comprise in the request of setting up local domain that network equipment sends: the identity information of described local domain supervisor and/or local domain supervisor are to the digital signature of this request, after then described network equipment receives the request of setting up local domain, described identity information and/or digital signature in this request are verified, carried out the step of the domain information of described generation local domain in checking by the back.
Described local domain supervisor comprises domain information in the request of setting up local domain that network equipment sends, then described network equipment generates the domain information of described local domain according to the domain information in this request.
Described network equipment further comprises according to the domain information that the domain information in this request generates described local domain before: described network equipment judges whether the domain information in this request is legal, if then carry out the step of the domain information of the described local domain of described generation.
Described network equipment further comprises after generating domain information: what network equipment sent the domain identifier that comprises described local domain to the local domain supervisor of described local domain correspondence sets up the local domain notification message; After local domain supervisor receives this notification message, send the domain information request message that comprises described domain identifier to network equipment;
Then described network equipment with the local domain supervisor that the domain information that generates sends to described local domain correspondence is: described network equipment is according to the domain identifier in the domain information request message that receives, search corresponding domain information, and the domain information that is found is sent to the local domain supervisor of described domain identifier correspondence.
Described network equipment generates domain information according to the user by the order that terminal sends; What then described network equipment sent the domain identifier that comprises described local domain to the local domain supervisor of described local domain correspondence by described terminal sets up the local domain notification message.
This method further comprises:
Terminal sends the adding local domain request message requests that comprises terminal identity information and domain identifier to local domain supervisor and adds local domain;
Local domain supervisor is preserved the identity information of terminal, and returns domain information to terminal, and terminal is preserved the domain information that receives.
After local domain supervisor receives described adding local domain request message, the identity information of terminal is authenticated, and carry out the identity information and the subsequent step of described preservation terminal in authentication by the back.
Local domain supervisor further comprises after receiving and adding the local domain request message: the adding local domain request message that local domain supervisor will receive is transmitted to network equipment; Network equipment determines whether to allow described terminal to add described local domain, if network equipment returns confirmation to described local domain supervisor, carries out identity information and subsequent step that described local domain supervisor is preserved terminal then.
This method further comprises:
Local domain supervisor sends to terminal and adds the territory request, and terminal receives this request back and returns adding domain response message to described local domain supervisor;
Local domain supervisor is preserved the identity information of terminal, and returns domain information to terminal, and terminal is preserved the domain information that receives.
This method further comprises:
Terminal sends to local domain supervisor and comprises that the local domain request message requests of leaving of terminal identity information and domain identifier leaves local domain, and the domain information of this local domain that comprises in the deletion terminal;
Local domain supervisor receive described leave the local domain request message after, delete this terminal information.
This method further comprises:
Local domain supervisor is deleted the local domain of the adding terminal information of preserving in self, and sends the domain message that withdraws from that comprises domain identifier to terminal;
After terminal receives and withdraws from domain message, delete the domain information of the described domain identifier correspondence of preserving in self.
But described network equipment is a perhaps server of territory administrative center.
The present invention also provides a kind of method of obtaining the local domain permission, and this method comprises:
Terminal sends the territory license request of the domain identifier comprise local domain, the territory permission of the described local domain of acquisition request to permit server;
Permit server receives described territory license request, is determining that this asks pairing local domain after network side has been registered corresponding domain information, returns territory permission through encrypting to terminal.
Further can comprise in the license request of territory: the digital signature of terminal and/or the digital certificate of terminal;
After then described permit server receives described territory license request, wherein the digital signature and/or the digital certificate of terminal are verified, carried out by the back in checking and describedly determine that this asks the registered step of pairing local domain.
Described permit server comprises that according to the domain identifier in the described request message and the local domain information of preserving that comprises domain identifier or with preservation the territory administrative center of domain information of domain identifier is mutual, determines whether the local domain of described request correspondence is registered.
Described permit server receives described territory license request, asks the not registration then carry out following step of pairing local domain if determine this:
Permit server sends request to terminal, and request reports the domain information of described local domain to register;
Permit server determine described local domain registered after, carry out described step from territory permission to terminal that return.
Described permit server determine described local domain registered after, carry out described step from territory permission to terminal that return and comprise:
Terminal reports domain information to the territory permit server, permit server to the checking of the domain information of terminal to report by after to determine described local domain registered, carry out described step from the territory permission to terminal that return then;
Or comprise: terminal reports domain information to territory administrative center, after territory administrative center passes through the domain information checking of terminal to report, with the information notice permit server that checking is passed through, it is registered that permit server is determined described local domain, carries out described step from the territory permission to terminal that return then.
When terminal reported domain information to permit server, permit server received the domain information that reports, and after the domain information checking of terminal to report is passed through, this domain information was kept at this locality, perhaps the domain information that is received was sent to territory administrative center and preserved;
When terminal reported domain information to territory administrative center, terminal was according to reporting domain information from the territory administrative center address in the request of permit server to territory administrative center.
After described terminal receives request from permit server, domain information that this locality is preserved or the domain information that obtains alternately with local domain supervisor, or the local domain supervisor that further comprises reports permit server or territory administrative center to the digital signature of domain information.
Described terminal and local domain supervisor obtain domain information alternately and comprise:
Terminal sends the message request comprise the terminal identity sign to local domain supervisor and obtains domain information, and local domain supervisor receives this request message, and to determine terminal be behind the legal territory member, to return the response message that comprises up-to-date domain information to terminal.
Described local domain supervisor further comprises in the response message that terminal is returned: local domain supervisor with self private key to the digital signature of domain information; Then described terminal further reports permit server with described local domain supervisor to the digital signature of domain information.
After described terminal receives described response message, upgrade the domain information of self preserving according to the domain information in this response message.
Described permit server determine described local domain registered after, carry out described step from territory permission to terminal that return and comprise:
The request from permit server that terminal will receive is transmitted to the local domain supervisor of described local domain correspondence, and described local domain supervisor reports permit server or territory administrative center with the domain information of described local domain; After permit server passes through the domain information checking that receives, or territory administrative center to the domain information checking that receives by back notice permit server, permit server determines that described local domain is registered, carries out described step from the territory permission to terminal that return then.
Comprise in the license request of described territory: the version number of domain information;
After then described permit server receives described territory license request, further according to the domain information version number that comprises in the license request of territory, the version number of the domain information of preserving with this locality or mutual with the territory administrative center that preserves domain information, determine whether the domain information version number in the license request of territory is consistent with the version number of registered domain information, if consistently carry out described step from territory permission to terminal that return.
Described permit server is permitted for the territory of centralized management to the territory permission that terminal is returned; This method further comprises:
The territory permission of the centralized management that terminal will receive is transmitted to local domain supervisor, and local domain supervisor receives and resolve this territory permission of installation;
When terminal is used the territory permission at needs, send the authority request that comprises the territory License Info that will use to local domain supervisor, local domain supervisor permits the authority with correspondence to return to terminal according to the territory.
Described terminal further comprises after receiving the territory permission: judge whether the territory permission that receives is the territory permission of centralized management, is transmitted to local domain supervisor if carry out the territory permission of the described centralized management that will receive; Otherwise terminal is in the territory permission of local parsing and installation reception.
The territory permission of described encryption is: use the territory permission of the public key encryption of local domain supervisor.
The territory permission of described encryption is: with the PKI of described terminal or the territory permission of encrypting with the domain key of described local domain.
Described permit server determine described local domain registered after, carry out described step from territory permission to terminal that return and comprise:
After terminal receives described request from permit server, directly or the notice local domain supervisor report domain information to register to permit server or territory administrative center;
After succeeding in registration, carry out described terminal sends step from the territory license request of the domain identifier that comprises local domain to permit server.
By such scheme as can be seen, among the present invention, by local domain supervisor (LocalDomain Manager in this locality, LDM) local member is managed, only need store the domain information of LDM at network side, LS in network side storing the member of local domain of domain information provide permission, thereby needn't be by the DMC of network side to all territory member's unified managements, reduce the burden of the DMC of network side, and reduced network traffics;
Among the present invention, permit to the territory that terminal sends centralized management by permit server that also terminal is transmitted to LDM with this territory permission and resolves and install, and can only obtain corresponding authority subsequently, thereby prevented the infinite expanding of territory permission, ensured the interests of content supplier;
In addition, terminal can only can realize adding local domain with the local domain supervisor of this locality alternately among the present invention, thereby can permit by shared domain the feasible equipment that does not have long-range connection between each member of local domain, as portable player etc., also can obtain the territory permission and permit consumption;
And then, the invention provides the mutual implementation method between multiple terminal, LDM, DMC and the LS, increased application scenarios of the present invention, and by digital certificate and/or digital signature are set in interactive messages, prevented that message from being distorted and palming off midway, improved fail safe.
Description of drawings
Fig. 1 is the composition schematic diagram of DRM domain management system in the prior art;
Fig. 2 is the composition schematic diagram of DRM domain management system specific embodiment of the present invention;
Fig. 3 is the overall flow figure of the inventive method first embodiment;
The process chart that Fig. 4 permits for the territory of managing concentratedly among the inventive method first embodiment;
Fig. 5 is the flow chart that domain information upgrades among the inventive method first embodiment;
Fig. 6 is the flow chart of the inventive method second embodiment;
Fig. 7 obtains the flow chart of territory permission for terminal among the inventive method second embodiment;
Fig. 8 is a kind of flow chart of setting up local domain among the inventive method the 3rd embodiment;
Fig. 9 is the another kind of flow chart of setting up local domain among the inventive method the 3rd embodiment.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
Main thought of the present invention is, in local side local domain supervisor (LDM) is set, and is used for the local terminal is managed, thereby alleviates the burden of network side DMC.
DRM domain management system of the present invention comprises LS, domain information memory module, LDM and terminal.Wherein, LS and domain information memory module are positioned at network side, and LDM and terminal are positioned at local side.The domain information memory module can be arranged in LS, also can be exactly existing DMC.Below be exactly DMC with the domain information memory module, as shown in Figure 2, system of the present invention is elaborated as specific embodiment.
LDM is used to preserve and safeguard the domain information of local domain, makes terminal add local domain or leaves local domain according to the request of terminal, or directly make terminal add local domain or leave local domain, and domain information is sent to the terminal that adds local domain.The domain information of safeguarding local domain can be included in that terminal adds or leaving domain after more neofield member tabulation, the domain key in the regular update domain information or other information etc.Comprise domain identifier and domain key in the domain information, can further include that domain name claims or domain policy.Domain policy is the mandatory principle when territory is managed, as comprises the size in territory, the terminal type that allows to add the territory, the term of validity in territory etc.
Domain information among the LDM can be that LDM generates in this locality, and the domain information that generates is sent to the DMC of network side.Domain information among the LDM also can be the DMC generation by network side, directly or by terminal send to LDM again, in this case, LDM can send the territory request of setting up to DMC, perhaps can receive from DMC set up the local domain notification message after, send the domain information request message to DMC.
LDM can resolve installation to this territory permission after the permission of the territory of the public key encryption of this LDM of usefulness that receives self terminal, and after receiving the authority request of self terminal, the authority in the correspondence permission is handed down to terminal.
After LDM can also upgrade at the domain information of self, or according to from calling time on the DMC, or according to the area update request from DMC, the domain information after DMC reports renewal.
Terminal is used for sending the local domain license request that comprises the local domain sign to LS, and permits consumption according to the territory that LS returns.Terminal is permitted consumption according to the territory that LS returns, and can be after receiving the territory permission of encrypting with terminal public key or domain key that LS returns, and directly resolves this territory permission is installed and consumes by the territory permission of installing; Also can be after the territory permission with the public key encryption of LDM that receives that LS returns, the territory permission that receives is sent to LDM, resolve installation by LDM, then terminal be when needs are permitted consumption, to the authority of LDM acquisition request correspondence.
Terminal can send to LDM and comprise the adding territory request of domain identifier or domain name, and will preserve in self from the domain information of LDM, and sends the leaving domain request that comprises domain identifier or domain name to LDM, and the domain information of the local corresponding domain of preserving of deletion.
Terminal can be after the domain information request that receives from territory LS, reports to territory LS or DMC to comprise domain information, or the domain information request that is received is transmitted to LDM, reports domain information by local domain to territory LS or DMC.
Terminal can also receive from DMC comprise domain identifier or LDM address set up the local domain notification message, and the local domain notification message of setting up that will receive sends to corresponding LDM.
Described DMC is used to store the domain information of local domain, returns domain information according to the request of LS, or according to determining from the domain identifier of LS whether corresponding local domain is registered, and the result that will determine returns to LS.
The local domain information of storing among the DMC can be from LDM or terminal; Also can be that DMC generates according to user command or according to the request of LDM voluntarily, DMC directly sends to corresponding LDM with the local domain information that generates in this case, the domain information that maybe will comprise the domain identifier of the address of LDM or corresponding local domain sends to LDM by terminal, perhaps send to the LDM of correspondence and set up the local domain notification message by terminal, and after the domain information request that receives from LDM, the domain information of correspondence is sent to LDM.
DMC can also send upgrade the domain information update request of corresponding local domain information to LDM, and the domain information after the renewal that reports according to LDM upgrades the corresponding domain information of preserving in self; Perhaps also can DMC upgrade the domain information of local domain voluntarily and will upgrade after domain information send to LDM.
DMC can also generate the domain information of global field according to the request of user's establishment global field and create global field, the domain information of global field comprises: relam identifier, domain key, territory size and the territory term of validity etc., and the global field member added and management such as leave, and the domain information of the global field created is safeguarded; DMC also carries out the operation that relevant terminal adds global field and leaves global field according to the request of the adding global field of terminal and the request of leaving global field, and execution result is returned terminal.
LS is used to receive the local domain license request of self terminal, domain information according to network side, as the domain information preserved among the LS or the domain information among the DMC, determine whether the local domain of this license request correspondence is registered, if the centralized management territory permission of having registered then having generated the permission of the analysable territory of terminal or must be resolved by LDM, and this territory that will generate is permitted and is handed down to described terminal; Otherwise return the domain information request message to terminal.LS further also can be used for receiving the global field license request about the overall situation of self terminal, and the global field permission of correspondence is handed down to terminal.Here, the permission of the secret key encryption of local domain correspondence is promptly used in the local domain permission, as the domain key of local domain, the PKI of terminal or the PKI of LDM; The permission of the secret key encryption of global field correspondence is promptly used in the global field permission, as the domain key of global field.
Above-mentioned terminal can be portable terminal, fixed terminal, also can be portable player (MP3, MP4), television set etc.LDM can be portable terminal or fixed terminal etc., and also can be used as terminal execution termination function.And a LDM can set up a plurality of local domains, and each local domain also can be preserved the domain information in this territory in a plurality of DMC, promptly to a plurality of DMC registrations.In addition, above-mentioned DMC also can be arranged among the LS.
It more than is explanation to DRM domain management system specific embodiment of the present invention.
The method that the present invention sets up local domain can be the domain information that is generated local domain by network equipment, preserves the domain information of described generation, and the domain information that generates is sent to the LDM of described local domain; Then LDM receives and preserves the domain information of described local domain, sets up local domain.
The method that the present invention sets up local domain also can be to set up local domain according to user's order generation local domain information voluntarily by LDM, and local domain information is reported network equipment.
Can comprise in the above-mentioned domain information: domain identifier and domain key, or further comprise domain policy; Described domain policy is: territory size, the terminal type that allows the adding territory or the term of validity in territory, or above combination in any.
Above-mentioned network equipment sends to the domain key in the domain information of LDM, adopts the PKI of LDM or the symmetric key of described LDM and DMC to encrypt.
After setting up local domain, can also the domain information of local domain be upgraded.As of the area update request of LDM basis from network equipment, or call time on the domain information that issues in advance according to network equipment or domain information calls time at the latest, or after self domain information upgrades, give network equipment by information reporting with the domain information that upgrades; After network equipment receives the domain information of described renewal, preserve the domain information of described renewal.Perhaps also can by network equipment after domain information is upgraded the domain information after upgrading directly or by terminal be sent to corresponding LDM, LDM upgrades domain information corresponding in self after the Information Authentication that receives is passed through.
Network equipment can also can generate local domain information according to user's order voluntarily according to the domain information that generates local domain from the request of setting up local domain of LDM.
After setting up the territory, among the present invention, terminal can add or leaving domain.
Terminal adds the territory and comprises: terminal sends the adding local domain request message requests that comprises terminal identity information and domain identifier to LDM and adds local domain; LDM preserves the identity information of terminal, terminal is joined in the territory member tabulation, and return domain information to terminal, and terminal is preserved the domain information that receives.
LDM can also be transmitted to network equipment with the adding local domain request message that receives; Network equipment determines whether to allow described terminal to add described local domain, if network equipment returns confirmation to described LDM, LDM adds local domain with terminal then.
Terminal can be to return the adding domain response message that comprises terminal identity information to described LDM after terminal receives from the adding territory request of LDM.
The terminal leaving domain comprises: terminal sends to LDM and comprises that the local domain request message requests of leaving of terminal identity information and domain identifier leaves local domain, and the domain information of this local domain that comprises in the deletion terminal; LDM receive described leave the local domain request message after, delete this terminal information, and return to terminal and to leave acknowledge message.
The terminal leaving domain also can be that LDM deletes the local domain of the adding terminal information of preserving in self, and sends the domain message that withdraws from that comprises domain identifier to terminal, after terminal receives and withdraws from domain message, deletes the domain information of the described domain identifier correspondence of preserving in self.Above-mentioned network equipment can be DMC or LS.
After setting up local domain, the terminal that adds local domain can be permitted consumption to the local domain of LS acquisition request correspondence, specifically can comprise: terminal sends the territory license request of the domain identifier comprise local domain, the territory permission of the described local domain of acquisition request to LS; LS receives described territory license request, is determining that this asks pairing local domain after network side has been registered corresponding domain information, returns territory permission through encrypting to terminal.
LS can comprise that the DMC of domain information of domain identifier is mutual according to the domain identifier in the described request message and the local domain information of preserving that comprises domain identifier or with preservation, determines whether the local domain of described request correspondence is registered.If LS determines this and asks pairing local domain not have registration then can send to terminal to ask, request reports the domain information of described local domain to register.
Because terminal may be owing to cross that for a long time to cause domain information wherein alternately with LDM be not up-to-date domain information, can comprise version number in the domain information, then terminal can be provided with the version number of self domain information in the license request of territory, LS determines the domain information version unanimity of domain network side domain information whether in the terminal according to the version number of domain information, again initiate the territory license request notify terminal to upgrade domain information if the version of network side is higher than the version in the terminal after, notify terminal to report up-to-date domain information if the version of network side is lower than the version in the terminal.
Terminal is after the request that receives from LS, domain information in self can be reported LS or DMC, also can notify corresponding LDM that domain information is reported LS or DMC, after then LS or DMC get access to domain information, can be kept in self, also can send to another equipment among both, then LS can according in self or DMC in the domain information of corresponding local domain send the local domain permission to terminal.
For making that terminal is up-to-date domain information to the domain information that LS or DMC report, terminal can be to the up-to-date domain information of LDM acquisition request after the request that receives from LS.
LS can be that then terminal is directly resolved the permission consumption that correspondence is carried out in this permission is installed with the PKI of terminal or the permission of the permission of described territory being encrypted with the domain key of local domain to the territory permission that terminal is returned; LS also can be permission with the centralized management of the public key encryption of LDM to the permission of territory that terminal is returned, and then the territory permission of the terminal centralized management that will receive is transmitted to LDM, and LDM receives also to resolve and this territory is installed permits; When terminal is used the territory permission at needs, send the authority request that comprises the territory License Info that will use to LDM, LDM permits the authority with correspondence to return to terminal according to the territory.
Below the above-mentioned method of setting up the territory, terminal are added the territory method and terminal obtain the method for territory permission in conjunction with the inventive method being described in detail as specific embodiment.
In first embodiment of the inventive method, generate the local domain that domain information is set up corresponding home network by the LDM in the home network, and domain information is preserved by LS.The flow process of present embodiment specifically comprises the steps: as shown in Figure 3
Step 301, user operate LDM generation domain information and set up the territory, specifically comprise: the user imports the domain name parameters of local domain on the operation interface of LDM, LDM generates domain identifier according to the domain name parameters of user's input for this local domain, in order to guarantee the overall uniqueness of domain identifier, some special naming policies be can adopt, the prefix sign of production firm and the sequence number of LDM etc. for example before random number, added; LDM produces a random number as domain key then; At last, LDM also needs for this territory generates machine-readable domain policy, and so-called domain policy is the mandatory rule when territory is managed, for example the size in territory, the terminal type that allows to add the territory, the term of validity in territory etc.Some domain policy also can be used as parameter and is imported by the user, or production firm is configured among the LDM when producing.After this, LDM preserves domain information in local data base, and the prompting user sets up the territory success.
Step 302, user are after having bought a terminal, terminal is connected on the home network, whether terminal is to existing local domain to detect, when detect have local domain after, user's operating terminal sends the adding territory request that comprises domain identifier or domain name to LDM, can also comprise the digital certificate of terminal in this adding territory request.
Step 303, after LDM receives the adding territory request of self terminal, the digital certificate of verification terminal, confirm that by the back terminal is a terminal trusty in checking, then from the request message of described adding territory, obtain domain identifier or domain name, and from the database of having stored domain information, search corresponding domain information according to the domain identifier that obtains or domain name, if terminal can satisfy the domain policy in the domain information, determine promptly whether terminal can add local domain, LDM ejects prompting message then, require the user to confirm whether to allow this terminal to add the territory, after the user confirms to add, LDM generates the response message of the adding territory success that comprises domain information, and this response message is sent to terminal.Here, LDM can be provided with the timestamp of expression current time in this response message, and domain information and timestamp are signed to prevent that this message from being distorted midway.
In this step, LDM sends to the part of the domain information that domain information in the response message of terminal can be among the LDM to be stored, as only comprising domain identifier and domain key, and LDM can sign with the private key of self to the domain information in the response message, is a legal territory member to show this terminal.
After LDM receives request message, except wanting verification terminal whether the trusted, also need to obtain user's affirmation, promptly terminal identity is confirmed.For example LDM ejects a window in this locality, and the keeper of request LDM confirms whether to agree that this terminal adds.Perhaps, LDM is after receiving the request message that adds the territory, return the username and password that a message requires user input manager person, the user returns to LDM by response message after the corresponding content of terminal input, return the response message that adds the territory after LDM is proved to be successful.Affirmation to the terminal identity that adds the territory also can be finished before terminal is initiated to add the territory request message, for example the user logins LDM by terminal remote with keeper's identity, operation LDM sends a trigger that adds the territory to terminal, terminal triggers the flow process that adds the territory according to this trigger, then need not in this step the identity of terminal to be verified again.
In this step, if LDM adds local domain to terminal authentication failed or user's refusal with terminal, then LDM can return to terminal and add territory failure response message, adds the territory failure with the notice terminal.
Step 304, terminal are preserved domain information after receiving the response message that adds the territory success in self, and can point out the user to add the territory success on local display device.
Request message also can be initiatively to be initiated by LDM.For example the user operates LDM control with certain terminal adding home network, and LDM sends the message that request adds the territory to this terminal, returns the response message of adhereing to the territory behind the terminal check, so LDM sends to this terminal with domain information, this terminal is added the territory.
Step 305, terminal send the permission of permission request message acquisition request territory, territory to LS, can comprise this territory of specific parameter identification in this message is a local domain, in addition, to comprise the domain identifier of local domain in this request message at least, be used for identifying the territory of being asked and permit the local domain of being bound.Can also comprise the digital certificate of identifiers of terminals or terminal in the request message, terminal is made digital signature to request message.
For example, the user browses a website that movie download is provided with terminal, find his film of liking, so he downloads this film and wishes to buy the permission of watching film, because he wishes other equipment in the family, terminal such as another failed cluster also can be play this film, and what he wished to buy is a territory permission, so terminal is in the territory permission of LS acquisition request to its film correspondence of downloading of this step.
After step 306, LS receive the territory permission request message, the digital signature of verification terminal at first, judge this request message have not do not distorted by the third party midway and request message whether effective, secondly the digital certificate that also needs verification terminal, after checking is passed through, LS determines whether the pairing local domain of this request message is registered at network side, if direct execution in step 310; Otherwise execution in step 307.
In this step, if LS to territory permission request message or terminal authentication failed, then LS ignores this territory permission request message and stops whole flow process.
LS can judge whether this territory is a registered territory by extracting the domain identifier parameter in the permission request message of territory.LS can judge whether to exist the domain information of this domain identifier correspondence to determine whether this territory registers according to the domain information of storing in self in this locality, also can judge whether this territory registers to a DMC request domain information, if local domain was registered at DMC, then DMC returns relevant domain information, and then to judge local domain registered for LS; If no, then DMC returns unregistered message to LS.
Step 307, LS are returned the response message of request domain information to terminal, can comprise corresponding domain identifier parameter in this message.
After step 308, terminal were received response message, determining this message was the message that a requirement reports domain information, reads corresponding domain information and report LS from database.
In this step, terminal can report LS with domain information by registration message, and the domain information that reports comprises domain identifier, domain key, the territory term of validity, territory size etc.Simultaneously, comprise the identify label of LDM and LDM digital signature in the registration message to domain information.The identity of LS checking LDM and the validity of digital signature, thus guarantee that this local domain is that a local domain trusty and this terminal are legal territory members.The identify label of LDM can be a digital certificate, and for example the LDM of each manufacturer's production needs the check through third party inspection mechanism, is that LDM issues digital certificate by this mechanism after the check.LS can check whether the digital certificate of LDM is that a legal mechanism that is trusted issues, and whether whether this digital certificate is expired, revoked or the like, thus the legitimacy of checking LDM.Legal LDM is trusted can strict execution territory management function.
Step 309, LS verify the domain information of terminal to report, preserve this domain information in checking by the back.
In this step, after LS receives the registration message that comprises domain information, at first check the digital certificate of LDM, after being an equipment trusty, this LDM of judgement checks the digital signature of LDM to domain information with the PKI of LDM, confirm the reliability of domain information, according to the timestamp and the current time of LDM signature, whether judgement time has surpassed the territory term of validity at interval, or domain information length effective time that is provided with among the LS simultaneously.Whether at last, LS also will check domain information itself, legal etc. as checking domain identifier, domain key, judges whether this territory is effective, and after all inspections were passed through, LS preserved this domain information in this locality.
In this step, also can be finished by DMC the verification operation of domain information, LS is transmitted to DMC with the log-on message that receives, and the information that the DMC checking reports is carried out above-mentioned checking, if the verification passes, then returns a response message that is proved to be successful and gives LS.After checking is passed through, DMC can preserve domain information in self, under the situation, can preserve among the LS also and can not preserve domain information in this, LS preserves under the situation of domain information, can directly confirm the step of whether registering after receiving the territory license request in this locality; LS does not preserve under the situation of domain information, and after receiving the territory license request, whether LS need register with the mutual affirmation of DMC.
In above-mentioned flow process, LS is after receiving permission request message, according to the terminal registered needs terminal to report domain information that judges whether whether.Because domain information might upgrade, the version number of the corresponding domain information that terminal can comprise in self in the permission request message of territory to be preserved, after LS receives request message, to judge not only whether this territory registers, need also to judge whether the territory version of territory version that terminal is current and registration is consistent.Under the registered situation of local domain, if the current territory version of terminal is higher than the territory version of registration, LS need notify terminal to report up-to-date domain information equally; If the current territory version of terminal is lower than the territory version of registration, then LS can notify terminal versions low excessively, requires terminal at first to upgrade domain information, and then request domain permission again.Perhaps LS also can provide the territory permission for the territory of a lowest version, and the territory permission is encrypted with the domain key of terminal current version; If the territory version that the current territory version of terminal equals to register, then execution in step 310.
In the present embodiment, registration also can be an independently flow process, and for example LS returns the response message of failure in step 307, and the reason of explanation failure is that local domain is not registered or log-on message is not inconsistent.After terminal is received this response message, can automatically or point out the user to determine to initiate independently register flow path by the user, after registration is finished, terminal can send the territory permission request message to LS again, be specially: terminal is initiated registration message to LS or DMC, comprise aforesaid domain information in this registration message, for example the identify label of domain identifier, domain key, the territory term of validity, territory size, corresponding LDM and LDM are to digital signature of domain information etc.The validity of LS or DMC checking message is if authentication failed is then returned the response message of a failure; If be proved to be successful, then return the response message of a success.After succeeding in registration, terminal can be permitted to LS acquisition request territory again.Said terminal also can be LDM in this section.
In the above description, terminal generates registration message with the own local domain information of preserving.Because may there be invalid situation in the domain information that terminal is preserved, for example terminal is not connected on the home network for a long time, the message of the area update of failing in time to receive.In order to prevent this situation, in the present embodiment, terminal can be could initiate registration after LDM obtains up-to-date domain information, be specially: terminal will be initiated register requirement to LS or DMC, therefore this terminal is at first from trend LDM request domain information, IncFlds identifier and terminal identifier in the request message; LDM receives the request message of terminal, verifies this message and checks whether terminal is a legal territory member, if authentication failed is then returned the response message of a failure; If be proved to be successful, then return the response message of a success, wherein comprise the timestamp of up-to-date domain information and sign current time, LDM signs to domain information and timestamp with the private key of oneself, and signature is attached in the response message, last, LDM returns to terminal with response message; After terminal is received up-to-date domain information, judge whether the local domain information of preserving variation has taken place, for example whether identical with the local territory version number that preserves by more current territory version number.If variation has taken place in domain information, then upgrade local domain information according to response message, terminal generates registration message and sends to LS or DMC then, has comprised the digital signature of current domain information, timestamp and LDM in message; LS or DMC judge by comparing timestamp and current time whether this domain information is credible, thereby whether decision accepts this log-on message.
Step 310, LS returns a territory license request response message to terminal, wherein comprises the territory permission that terminal is asked, and this territory permission is encrypted with the domain key that terminal reports in registration message.After terminal is received the territory permission, this territory permission can be installed on the other-end of local or same local domain, just can use the territory to permit then and watch film.
Usually LS can encrypt to the territory that terminal is returned with domain key and permit, like this, have only legal territory member could decipher and install and use this permission, the user can pass to other territories member for many parts then with territory permission copy, because any territory member has domain key, so it can install and resolve this territory permission of execution in this locality.And,, may bring unsafe factor if encrypt with domain key for permitting in the territory of some special needs centralized management.For example, a territory permission comprises restriction, only allows to be no more than 3 territory members and uses, and passes to other territories member if allow the user to copy many parts, and this will cause the diffusion of authority.For fear of above-mentioned situation, LS can itself add that relevant parameters indicates this territory permission must centralized management in territory license request response message or territory permission, and for this class field permission, terminal can forbid it is copied distribution.
Yet the copy distribution is not a solution completely in simple forbidding, for example the user can duplicate many parts with a grant message and pass to a plurality of territory users by the mode of interception message.Therefore, among the present invention, LS can encrypt without domain key the permission of this class field, and with the public key encryption of requesting terminal.Like this, even the user has tackled the territory permission and it is duplicated to other terminal,, also just can't use this territory permission because other terminal can't be deciphered.In order to use this class field permission, other-end must be to the source terminal application.
Certainly, LS also can encrypt the territory permission of this class with the PKI of LDM, and such terminal must be transferred to LDM and manage after receiving this class field permission.In this case, terminal obtain after the territory permission handling process as shown in Figure 4, specifically comprise the steps:
In step 401, terminal is received the territory permission from LS, and this message can be the license request response message in the above-mentioned flow process, also can be the message that LS initiatively issues.LS adds that in this message it is the territory permission of a centralized management that relevant parameters is indicated the permission of this territory, after terminal is received this message, judges according to above-mentioned parameter this permission can't be installed in this locality, so give LDM in step 402 with this forwards.After LDM receives the message of forwarding, verify its validity, if be proved to be successful then this permission is installed in this locality; Otherwise, abandon this message.
In the above-mentioned steps 402, terminal directly is transmitted to LDM with grant message.If terminal can't connect LDM, terminal also can be preserved the territory permission with the form of file in this locality so, and the mode by file transfer is transferred to local domain LS with permission later on.
When terminal is wanted by above-mentioned territory permission content of consumption, all must execution in step 403, send consumption rights request, the territory permissions of acquisition request correspondence to LDM.LDM permits authority and content decryption key with correspondence to return to the requesting terminal according to mounted corresponding domain.
In above-mentioned steps 401, LS indicates the territory permission whether must give LDM management by the parameter in the message.It is inner that this parameter also can directly be included in the territory permission, and terminal at first parses the territory permission after receiving grant message, and judge whether and can install according to the above-mentioned territory inner parameter of permission that is included in when mounted in this locality, if can, then continue to install the territory permission; If cannot, then this territory permission is transferred to LDM.
Because the domain information among the LDM may upgrade, after renewal, need the domain information preserved among synchronous LS or the DMC, the domain information of being preserved in also can synchronous terminal.LDM upgrades the initiatively domain information after LS or DMC report renewal of back at self domain information, also can be the domain information of answering after the request of DMC or LS reports renewal.Answering the request of DMC to report domain information with LDM is that example further specifies the flow process that domain information upgrades.
As shown in Figure 5, in step 501, DMC sends the area update request to LDM and carries out area update.After LDM receives this request, initiate area update to DMC in the official hour immediately or in the area update request.This step is optionally, has for example stipulated in domain policy that update time or domain information back LDM take place to upgrade initiate to upgrade from trend DMC.
In step 502, LDM initiates area update message to DMC.Comprised up-to-date domain information in this updating message, this domain information can be all complete domain informations, may only comprise that also domain information that upgrades has taken place for a domain identifier and other.This updating message comprises the signature of LDM to message.The validity of DMC checking LDM and updating message is if authentication failed is then returned the response message of failure in step 503; If be proved to be successful, then preserve up-to-date domain information in this locality, and the response message that returns success in step 503.Certainly, the message of step 503 also is that optionally DMC also can not return response message.
In above-mentioned flow process, LDM informs DMC with the domain information after upgrading, and preserves information after this renewal by DMC.In other realization, area update must obtain the agreement of DMC.In this case, the domain information that IncFlds sign and request are upgraded in the area update message in the step 502, for example the LDM request changes the territory size into 20.After DMC receives updating message, judge whether to allow this time to upgrade, if allow, the response message that returns success in step 503 then is simultaneously at the local update domain information; If do not allow, then return the response message of failure.After LDM receives response message, judge whether state is success, if, then at the local update domain information; Otherwise the prompting user upgrades failure.
In the present embodiment, terminal can be left a territory to the LDM request, comprises the identifier in the territory that will leave in the request message, and terminal is with the information deletion in this territory of this locality preservation.After a LDM receives the request message of terminal leaving domain, at first to verify the validity of message, prevent that the assailant from forging message.After being proved to be successful, from the user list of local domain, this end message is deleted.LDM can return a response message, and whether the operation of notice terminal leaving domain is successful.
LDM also can initiatively require a terminal to leave local domain.For example, the user operates the LDM management domain, and unwanted terminal is deleted from the territory.LDM sends the message that withdraws from the territory to terminal, receives the validity of the terminal checking message of this message, after being proved to be successful, and the information deletion in this territory that this locality is preserved.
In the present embodiment, the territory management also can initiatively require terminal to add local domain.For example the user operates LDM control with certain terminal adding home network, and LDM sends the message that request adds the territory to this terminal, returns the response message of adhereing to the territory behind the terminal check, so LDM sends to this terminal with domain information, this terminal is added the territory.
It more than is explanation to the inventive method first embodiment.In this embodiment, generate domain information voluntarily by LDM and set up local domain.Among the present invention, can also generate domain information by DMC and set up the territory, be elaborated below by second embodiment.
In the present embodiment, as shown in Figure 6, the flow process of setting up local domain and terminal adding local domain specifically comprises the steps:
In step 601, the user operates LDM and selects to set up the territory, the relevant parameter of input on operation interface, and as getting a domain name that the people is readable for the territory, what LDM generated correspondence sets up the local domain request message, and this message is sent to DMC.
Here, the address of DMC can be that configured in advance is good, and for example LDM production firm is written to the address of DMC in the LDM particular storage when equipment dispatches from the factory; This address also may be to obtain by message, and for example Mobile Network Operator is periodically broadcasted the DMC address and given portable terminal; This address also may be user's own manual input in setting up the process in territory.When LDM sends a request message to DMC, need report the identity of oneself, for example the digital certificate issued of LDM identifier or third party.LDM can sign to message, prevents that message from being distorted by the third party.
In step 602, after DMC receives and sets up the local domain request message, at first verify the validity of LDM and request message, if authentication failed is then ignored this request or returned the notification message of a failure, finish whole flow process; If be proved to be successful, be that local domain generates relevant domain information then according to request message, comprise domain policy.
DMC preserves the domain information of this local domain in database, return response message in step 603 to LDM then, has comprised relevant domain information in this response message.After LDM received response message, at first according to the validity of digital signature authentication response message, if authentication failed is then ignored this message, the prompting user set up the territory failure; If be proved to be successful, then in step 604, in local data base, preserve this domain information, the prompting user sets up the territory success.
In above-mentioned flow process, DMC is responsible for generating domain informations such as relam identifier and domain key.Optionally, the part domain information also may and be notified DMC by the local generation of LDM in setting up the territory request message, DMC checks whether the domain information that LDM generates meets the requirements, for example LDM is 10 territory according to user's input request domain size, DMC judges whether this territory size surpasses the maximum that DMC limits, thereby determine whether to set up this local domain, if can, flow process below then continuing, if cannot, then return the territory and set up failure, perhaps DMC and LDM also can hold consultation with regard to the part domain policy.
In the above-described embodiments, LDM must follow the domain policy that DMC is the local domain formulation.DMC can require LDM regularly to report up-to-date domain information in domain policy, and DMC need set up in the response message at local domain and add corresponding parameters and indicate the time that reports domain information.Example is as shown in table 1:
| Type of message: set up local domain response message state: successful territory administrative center sign: xxxxxxx local domain supervisor sign: xxxxxxx domain identifier: xxxxxxxxxxx domain key: xxxxxxxxxxxxxxxxxx territory size: the 20 territory terms of validity: call time on the 2006-12-31 domain information: the 2006-06-01 domain information calls time at the latest: 2006-06-03 digital signature: xxxxxxxxxxxxxxxxxxxx |
Table 1
Type of message shows that this message is a response message of setting up local domain, and state is to set up the local domain success.DMC has generated corresponding domain identifier and domain key for this local domain.In order to prevent to attack, domain key must be with the form transmission of ciphertext, and encryption key can be PKI or symmetric key that has only LDM to obtain of LDM.LDM stipulates that this territory can only comprise 20 terminals at most, and the term of validity in territory is to 2006-12-31.Surpass this term of validity, terminal can not can not be that this local domain is provided territory permission for this local domain request domain permission and LS.This domain policy regulation LDM must report current up-to-date domain information to 2006-06-03 at 2006-06-01 during this period of time, still do not report domain information if call time on LDM surpasses at the latest, then DMC temporarily is changed to this territory invalidly, and LS can not be this local domain granting permission.Comprise size, the territory version number of the current field reality, some statistical informations of territory management in the domain information that reports, for example carry out number of times that addings/leaving domain operates etc.
In step 605, terminal send to add the local domain request message requests to LDM and adds a territory, and the identity information of IncFlds sign and terminal in the request message is as the digital certificate of terminal iidentification, terminal etc.In step 606, after LDM receives request message, check local domain policy of preserving, judge whether to allow this terminal to add the territory, if do not allow, then directly return the response message of failure, finish whole flow process; If LDM allows this terminal to add the territory, and in being checked through domain policy, require the adding territory must notify DMC,, the local domain request message is transmitted to DMC, the identity information of IncFlds sign and terminal in the request message of forwarding then in step 607; If do not require in the domain policy that adding the territory must notify DMC, then directly return the response message that adds the territory success to terminal, comprising domain key and some other domain information, and preserve the digital certificate and the terminal iidentification of terminal in this locality, terminal iidentification is joined in the territory member tabulation, finish whole flow process.
In step 608, after DMC receives and adds the territory request message, check the digital certificate of terminal, judge whether this terminal is a believable terminal.If terminal is insincere, for example the digital certificate of terminal is expired or cancelled, and then DMC returns the adding domain response message of a failure, refuses the adding territory request of this terminal.
In step 609, LDM receives the response message that adds local domain.If this response message is the response message of a failure, then LDM directly gives terminal with forwards, the notice terminal is set up the territory failure, if this response message is the response message of a success, LDM preserves the digital certificate and the terminal iidentification of terminal in this locality, terminal iidentification is joined in the territory member tabulation, and generate one and add the local domain response message, comprising domain key and some other domain information, response message is returned to terminal, terminal is preserved domain information in this locality, and the prompting user adds the territory success.
In above-mentioned flow process, LDM judges whether to allow this terminal to add the territory according to the response message of DMC.In other realization, whether LDM can independently determine to allow terminal to add the territory in step 606, if allow, then notify terminal to add the territory success, and this territory information about firms is informed DMC in step 607, DMC registers this territory member in this locality, in this case, step 608 and step 609 can be omitted; If do not allow, then notify terminal to add the territory failure, discord DMC does any mutual, finishes whole flow process.
In the present embodiment, when terminal was left local domain, LDM can be mutual with DMC, also can be not mutual with DMC.In addition, when carrying out the domain information renewal, LDM need be mutual with DMC, is embodied in existing explanation among first embodiment, repeats no more here.
The flow process that terminal is obtained territory permission specifically comprises the steps: as shown in Figure 7
In step 701, terminal is permitted to the LS request domain.In request message, can comprise the address (URL) of identifier or the DMC of DMC, be used to refer to LS and obtain the relevant message of local domain to a DMC.Certainly, LS also may bind with DMC, in this case, does not need the address information of terminal to report DMC.After LS received request message, at first whether verification terminal and request message be effective, if authentication failed is then directly returned territory license request failure, finishes whole flow process.If be proved to be successful, then in step 702 to the DMC of correspondence request domain information, comprise a domain identifier in the request message at least.
After DMC received the domain information request message, whether registered whether checking territory and territory version consistent with the territory version of registration or the like.In step 703, according to the checking result, return corresponding response message, if authentication failed is then returned the response message of failure, and point out corresponding failure cause, for example unregistered, the territory version is low excessively, the territory is expired or the like; If be proved to be successful, the response message that then returns success carries corresponding domain information therein, comprises domain key at least.
After LS receives response message, judge whether successfully to obtain domain information, if domain information request response state is failure, LS returns to terminal field license request failure in step 704 so; If domain information request response state is successfully, then LS generates corresponding territory permission, and encrypts with domain key, returns a state in step 704 and is successful territory permission response message, wherein comprises the territory permission of encryption.
In above-mentioned first embodiment, setting up local domain does not need the participation of DMC, in a second embodiment, setting up local domain is confirmed by LDM operation and notice DMC, and in the third embodiment of the present invention, setting up local domain can operate by DMC, and for example the user lands DMC by the administration page of territory managed service provider, and a territory is set up in operation on webpage then.After operating successfully, DMC will comprise that again the domain information of domain policy comprises that domain policy is handed down to LDM.Idiographic flow comprises the steps: as shown in Figure 8
In step 801, the user signs in to DMC, sets up a local domain by relevant operation.DMC comprises domain policy for this local domain generates domain information.DMC preserves this domain information in this locality, generate a notification message of setting up local domain then, in step 802 this notification message is issued LDM, IncFlds sign in this notification message, after the notified message of LDM, initiate the domain information request message in step 803 to DMC, comprise above-mentioned domain identifier in this request message.After DMC receives the domain information request message, find corresponding domain information, in step 804 domain information is returned to LDM by response message then according to domain identifier, here, DMC will do encryption as domain key, and message is done digital signature some sensitive informations wherein.After LDM receives the response message that comprises domain information, extract domain information and preserve these information in this locality in step 805.
In the above-mentioned flow process, step 803 and step 804 are omissible, and this moment, DMC can directly tell LDM by notification message with complete domain information in step 802, and LDM preserves these information subsequently in this locality.
In the above-mentioned flow process, DMC directly sends to LDM with notification message in step 802, as the website of user by LDM online visit DMC, and carry out the operation set up the territory thereon, DMC directly returns notification message by http protocol and gives LDM subsequently, in HTTP message, comprise a trigger, trigger the flow process that LDM starts the domain information request.Under other situation, the user may not be to visit DMC by LDM, and in order to send to LDM to notification message, when setting up the territory, the user need import address or the identifier of LDM, and DMC is pushed to corresponding LDM according to user's input with notification message.In a word, DMC can directly send to LDM with message.Yet, also exist DMC can not contact directly the situation of LDM, for example the user is by other terminal access DMC, and LDM does not support propelling movement modes such as wap push or broadcasting.In this case, terminal need be preserved this notification message, by terminal the message of preserving is passed to LDM then.LDM starts the flow process of obtaining domain information subsequently, specifically as shown in Figure 9.Wherein, in step 901, the user sets up a territory by terminal access DMC by relevant operation, and DMC comprises domain policy for this territory generates domain information.DMC preserves this domain information in this locality, generate a notification message of setting up local domain then, issues terminal in step 902, comprises a trigger in this notification message, is used for triggering LDM to DMC request domain information, the URL of IncFlds sign and DMC in the trigger.
After the notified message of terminal, give LDM with this forwards in step 903.The forwarding of message can be finished automatically, and terminal itself and LDM keep being connected, and after the notified message of terminal, directly it are transmitted to LDM, LDM according to this message to DMC request domain information; The forwarding of message also can be finished indirectly, after the notified message of terminal, therefrom extracts trigger and preserves in this locality with document form, and the user is connected terminal with LDM subsequently, by the form of file transfer the file of preserving is transferred on the LDM.The user double-clicks this document subsequently, and LDM calls the flow process of corresponding procedure triggers request domain information.
In step 904, LDM is according to the address in the trigger, and to DMC request domain information, IncFlds identifies in the request message, and DMC returns the response message that comprises domain information in step 905 according to request subsequently, and in step 906, LDM therefrom extracts domain information and is kept at this locality.
Behind newly-built local domain, the user also can login DMC and revise domain information, for example changes the territory size.DMC also can revise some domain informations automatically, for example regularly replaces domain key.Behind area update, DMC can adopt Fig. 8 or the similar flow process of Fig. 9, and notice LDM obtains new domain information, does not repeat them here.
More than be explanation, in concrete implementation process, can carry out suitable improvement, to adapt to the concrete needs of concrete condition method of the present invention to the specific embodiment of the invention.Therefore be appreciated that according to the specific embodiment of the present invention just to play an exemplary role, not in order to restriction protection scope of the present invention.
Claims (49)
1, a kind of digital copyright management DRM domain management system is characterized in that, this DRM domain management system comprises: the domain information memory module and the permit server of the local domain supervisor of local side and terminal and network side; Wherein,
Described local domain supervisor is used to preserve the domain information of local domain, makes terminal add local domain or leaves local domain according to the request of terminal, or directly make terminal add local domain or leave local domain, and domain information is sent to the terminal that adds local domain;
Described terminal is used for sending the local domain license request that comprises the local domain sign to permit server, and permits consumption according to the territory that permit server returns;
Described domain information memory module is used to store the domain information of local domain;
Described permit server is used to receive the local domain license request of self terminal, according to the pairing domain information of storing in the described domain information memory module of described local domain license request, generates the territory permission and issues this territory and permit to described terminal.
2, system according to claim 1 is characterized in that, described local domain supervisor is further used for generating the domain information of local domain, and the domain information that generates directly or by terminal is sent to described domain information memory module.
3, system according to claim 1 is characterized in that, described domain information memory module is arranged in permit server.
4, system according to claim 1, it is characterized in that, described domain information memory module is a territory administrative center, then this territory administrative center is further used for the domain information that the request of setting up the territory according to local domain supervisor generates the domain information of local domain or directly generates local domain, and the domain information of the local domain that generates directly or by terminal is handed down to local domain supervisor; Then described local domain supervisor is further used for receiving and preserve the domain information from territory administrative center.
5, system according to claim 4 is characterized in that, described territory administrative center is arranged in the described permit server.
6, system according to claim 1 is characterized in that, described permit server is handed down to the local domain permission of described terminal for requiring the territory permission of local domain supervisor centralized management; The territory permission of the described centralized management that then described terminal further will receive sends to described local domain supervisor, and the authority in the permission of the described territory of local domain supervisor sending permission acquisition request, and permit consumption according to the authority that local domain supervisor returns; Described local domain supervisor is further used for installing the territory permission of the described centralized management of reception, and according to the authority request of terminal corresponding authority in the territory permission of described installation is handed down to terminal.
7, a kind of method of setting up local domain is characterized in that, this method comprises:
Generate the domain information of local domain, and obtain and preserve described domain information respectively at network equipment and local domain supervisor and set up the territory.
8, method according to claim 7 is characterized in that, described domain information comprises: domain identifier and domain key, or further comprise domain policy; Described domain policy is: territory size, the terminal type that allows the adding territory or the term of validity in territory, or above combination in any.
9, method according to claim 7, it is characterized in that, generate and preserve the domain information of described local domain by network equipment, network equipment sends to the local domain supervisor of described domain information correspondence with the domain information that generates, and local domain supervisor receives also and preserves described domain information and set up the territory.
10, method according to claim 9 is characterized in that, described network equipment sends to corresponding local domain supervisor by the domain information response message with described domain information.
11, method according to claim 10, it is characterized in that, further comprise in the described domain information response message: call time on network equipment sign, local domain supervisor sign, the domain information, domain information calls time at the latest or territory version number, or above combination in any.
12, method according to claim 11, it is characterized in that, comprise in the described domain information response message when calling time on domain information at the latest, if described network equipment determines not receive the domain information that reports from described local domain supervisor when this time arrives, then the local domain of the described domain information response message of network equipment correspondence is set to invalidly, and stops to be this local domain granting permission.
13, method according to claim 7 is characterized in that, the domain information that is generated and preserved described local domain by local domain supervisor is set up the territory, and the domain information that generates is sent to network equipment, and network equipment receives and preserve described domain information.
14, method according to claim 13, it is characterized in that, described network equipment verifies this domain information after receiving domain information from local domain supervisor, and the response message that returns success or fail to described local domain supervisor according to the checking result.
15, method according to claim 7 is characterized in that, this method further comprises:
Local domain supervisor is according to the area update request from network equipment, or call time on the domain information that issues in advance according to network equipment or domain information calls time at the latest, or after self domain information upgrades, give network equipment by information reporting with the domain information that upgrades;
After network equipment receives the domain information of described renewal, preserve the domain information of described renewal.
16, method according to claim 15, it is characterized in that described local domain supervisor further comprises in the message of the domain information that comprises renewal that network equipment reports: local domain supervisor is to the digital signature of this message and/or the identity information of local domain supervisor;
Then network equipment further comprises after receiving the domain information of described renewal: whether network equipment is legal and/or verify according to the identity information of described local domain supervisor whether described local domain supervisor is legal according to the described message of described digital signature authentication, or judge whether to allow to upgrade, if carry out the step of the domain information of the described renewal of described preservation; Otherwise, directly finish this flow process.
17, method according to claim 16 is characterized in that, further comprises behind the domain information of the described renewal of described preservation: network equipment returns the information of area update success to local domain supervisor; Further comprise before described this flow process of direct end: network equipment returns the information of area update failure to local domain supervisor.
18, method according to claim 7 is characterized in that, network equipment sends domain information after upgrading to described local domain supervisor after the domain information of described local domain upgrades; Described local domain supervisor receives and preserves the domain information after the described renewal.
19, method according to claim 18 is characterized in that, described network equipment further comprises to the domain information that described local domain supervisor sends after upgrading before:
Described network equipment directly or upgrade the terminal of described domain information by the user, local domain supervisor to described local domain correspondence sends the update notification message that comprises domain identifier, and described local domain supervisor sends the domain information update request that comprises described domain identifier according to described update notification message to described network equipment;
Then described network equipment obtains the domain information of corresponding renewal according to the domain identifier in the described domain information update request, and the domain information after will upgrading sends to described local domain supervisor.
20, method according to claim 9 is characterized in that, described network equipment is according to the domain information that generates local domain from the request of setting up local domain of local domain supervisor.
21, method according to claim 20, it is characterized in that, described local domain supervisor comprises in the request of setting up local domain that network equipment sends: the identity information of described local domain supervisor and/or local domain supervisor are to the digital signature of this request, after then described network equipment receives the request of setting up local domain, described identity information and/or digital signature in this request are verified, carried out the step of the domain information of described generation local domain in checking by the back.
22, method according to claim 20, it is characterized in that, described local domain supervisor comprises domain information in the request of setting up local domain that network equipment sends, then described network equipment generates the domain information of described local domain according to the domain information in this request.
23, method according to claim 22, it is characterized in that, described network equipment further comprises according to the domain information that the domain information in this request generates described local domain before: described network equipment judges whether the domain information in this request is legal, if then carry out the step of the domain information of the described local domain of described generation.
24, method according to claim 9, it is characterized in that described network equipment further comprises after generating domain information: what network equipment sent the domain identifier that comprises described local domain to the local domain supervisor of described local domain correspondence sets up the local domain notification message; After local domain supervisor receives this notification message, send the domain information request message that comprises described domain identifier to network equipment;
Then described network equipment with the local domain supervisor that the domain information that generates sends to described local domain correspondence is: described network equipment is according to the domain identifier in the domain information request message that receives, search corresponding domain information, and the domain information that is found is sent to the local domain supervisor of described domain identifier correspondence.
25, method according to claim 24 is characterized in that, described network equipment generates domain information according to the user by the order that terminal sends; What then described network equipment sent the domain identifier that comprises described local domain to the local domain supervisor of described local domain correspondence by described terminal sets up the local domain notification message.
26, according to arbitrary described method in the claim 7 to 25, it is characterized in that this method further comprises:
Terminal sends the adding local domain request message requests that comprises terminal identity information and domain identifier to local domain supervisor and adds local domain;
Local domain supervisor is preserved the identity information of terminal, and returns domain information to terminal, and terminal is preserved the domain information that receives.
27, method according to claim 26, it is characterized in that, after local domain supervisor receives described adding local domain request message, the identity information of terminal is authenticated, and carry out the identity information and the subsequent step of described preservation terminal in authentication by the back.
28, method according to claim 26 is characterized in that, local domain supervisor further comprises after receiving and adding the local domain request message: the adding local domain request message that local domain supervisor will receive is transmitted to network equipment; Network equipment determines whether to allow described terminal to add described local domain, if network equipment returns confirmation to described local domain supervisor, carries out identity information and subsequent step that described local domain supervisor is preserved terminal then.
29, according to arbitrary described method in the claim 7 to 25, it is characterized in that this method further comprises:
Local domain supervisor sends to terminal and adds the territory request, and terminal receives this request back and returns adding domain response message to described local domain supervisor;
Local domain supervisor is preserved the identity information of terminal, and returns domain information to terminal, and terminal is preserved the domain information that receives.
30, according to arbitrary described method in the claim 7 to 25, it is characterized in that this method further comprises:
Terminal sends to local domain supervisor and comprises that the local domain request message requests of leaving of terminal identity information and domain identifier leaves local domain, and the domain information of this local domain that comprises in the deletion terminal;
Local domain supervisor receive described leave the local domain request message after, delete this terminal information.
31, according to arbitrary described method in the claim 7 to 25, it is characterized in that this method further comprises:
Local domain supervisor is deleted the local domain of the adding terminal information of preserving in self, and sends the domain message that withdraws from that comprises domain identifier to terminal;
After terminal receives and withdraws from domain message, delete the domain information of the described domain identifier correspondence of preserving in self.
32, according to arbitrary described method in the claim 7 to 25, it is characterized in that, but described network equipment is a perhaps server of territory administrative center.
33, a kind of method of obtaining the local domain permission is characterized in that this method comprises:
Terminal sends the territory license request of the domain identifier comprise local domain, the territory permission of the described local domain of acquisition request to permit server;
Permit server receives described territory license request, is determining that this asks pairing local domain after network side has been registered corresponding domain information, returns territory permission through encrypting to terminal.
34, method according to claim 33 is characterized in that, further comprises in the license request of described territory: the digital signature of terminal and/or the digital certificate of terminal;
After then described permit server receives described territory license request, wherein the digital signature and/or the digital certificate of terminal are verified, carried out by the back in checking and describedly determine that this asks the registered step of pairing local domain.
35, method according to claim 33, it is characterized in that, described permit server is according to the domain identifier in the described request message, the domain information of preserving with this locality that comprises domain identifier or comprise that with preservation the territory administrative center of domain information of domain identifier is mutual determines whether the local domain of described request correspondence is registered.
36, method according to claim 33 is characterized in that, described permit server receives described territory license request, asks the not registration then carry out following step of pairing local domain if determine this:
Permit server sends request to terminal, and request reports the domain information of described local domain to register;
Permit server determine described local domain registered after, carry out described step from territory permission to terminal that return.
37, method according to claim 36 is characterized in that, described permit server determine described local domain registered after, carry out described step from territory permission to terminal that return and comprise:
Terminal reports domain information to the territory permit server, permit server to the checking of the domain information of terminal to report by after to determine described local domain registered, carry out described step from the territory permission to terminal that return then;
Or comprise: terminal reports domain information to territory administrative center, after territory administrative center passes through the domain information checking of terminal to report, with the information notice permit server that checking is passed through, it is registered that permit server is determined described local domain, carries out described step from the territory permission to terminal that return then.
38, according to the described method of claim 37, it is characterized in that, when terminal reports domain information to permit server, permit server receives the domain information that reports, after checking is passed through to the domain information of terminal to report, this domain information is kept at this locality, perhaps the domain information that is received is sent to territory administrative center and preserve;
When terminal reported domain information to territory administrative center, terminal was according to reporting domain information from the territory administrative center address in the request of permit server to territory administrative center.
39, according to the described method of claim 37, it is characterized in that, after described terminal receives request from permit server, domain information that this locality is preserved or the domain information that obtains alternately with local domain supervisor, or the local domain supervisor that further comprises reports permit server or territory administrative center to the digital signature of domain information.
According to the described method of claim 39, it is characterized in that 40, described terminal and local domain supervisor obtain domain information alternately and comprise:
Terminal sends the message request comprise the terminal identity sign to local domain supervisor and obtains domain information, and local domain supervisor receives this request message, and to determine terminal be behind the legal territory member, to return the response message that comprises up-to-date domain information to terminal.
According to the described method of claim 40, it is characterized in that 41, described local domain supervisor further comprises in the response message that terminal is returned: local domain supervisor with self private key to the digital signature of domain information; Then described terminal further reports permit server with described local domain supervisor to the digital signature of domain information.
42, according to the described method of claim 40, it is characterized in that, after described terminal receives described response message, upgrade the domain information of self preserving according to the domain information in this response message.
43, method according to claim 36 is characterized in that, described permit server determine described local domain registered after, carry out described step from territory permission to terminal that return and comprise:
The request from permit server that terminal will receive is transmitted to the local domain supervisor of described local domain correspondence, and described local domain supervisor reports permit server or territory administrative center with the domain information of described local domain; After permit server passes through the domain information checking that receives, or territory administrative center to the domain information checking that receives by back notice permit server, permit server determines that described local domain is registered, carries out described step from the territory permission to terminal that return then.
44, method according to claim 33 is characterized in that, comprises in the license request of described territory: the version number of domain information;
After then described permit server receives described territory license request, further according to the domain information version number that comprises in the license request of territory, the version number of the domain information of preserving with this locality or mutual with the territory administrative center that preserves domain information, determine whether the domain information version number in the license request of territory is consistent with the version number of registered domain information, if consistently carry out described step from territory permission to terminal that return.
45, method according to claim 33 is characterized in that, described permit server is permitted for the territory of centralized management to the territory permission that terminal is returned; This method further comprises:
The territory permission of the centralized management that terminal will receive is transmitted to local domain supervisor, and local domain supervisor receives and resolve this territory permission of installation;
When terminal is used the territory permission at needs, send the authority request that comprises the territory License Info that will use to local domain supervisor, local domain supervisor permits the authority with correspondence to return to terminal according to the territory.
46, according to the described method of claim 45, it is characterized in that, described terminal further comprises after receiving the territory permission: judge whether the territory permission that receives is the territory permission of centralized management, is transmitted to local domain supervisor if carry out the territory permission of the described centralized management that will receive; Otherwise terminal is in the territory permission of local parsing and installation reception.
According to arbitrary described method in the claim 33 to 46, it is characterized in that 47, the territory permission of described encryption is: use the territory permission of the public key encryption of local domain supervisor.
According to arbitrary described method in the claim 33 to 44, it is characterized in that 48, the territory permission of described encryption is: with the PKI of described terminal or the territory permission of encrypting with the domain key of described local domain.
49, method according to claim 36 is characterized in that, described permit server determine described local domain registered after, carry out described step from territory permission to terminal that return and comprise:
After terminal receives described request from permit server, directly or the notice local domain supervisor report domain information to register to permit server or territory administrative center;
After succeeding in registration, carry out described terminal sends step from the territory license request of the domain identifier that comprises local domain to permit server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100985901A CN100479386C (en) | 2006-07-12 | 2006-07-12 | Domain management system, method for building local domain and method for acquisition of local domain licence |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100985901A CN100479386C (en) | 2006-07-12 | 2006-07-12 | Domain management system, method for building local domain and method for acquisition of local domain licence |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1878092A true CN1878092A (en) | 2006-12-13 |
| CN100479386C CN100479386C (en) | 2009-04-15 |
Family
ID=37510399
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100985901A Active CN100479386C (en) | 2006-07-12 | 2006-07-12 | Domain management system, method for building local domain and method for acquisition of local domain licence |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100479386C (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008148325A1 (en) * | 2007-06-06 | 2008-12-11 | Huawei Technologies Co., Ltd. | A method for acquiring user domain information, a domain management server and a license server |
| WO2009015607A1 (en) * | 2007-07-31 | 2009-02-05 | Huawei Technologies Co., Ltd. | Method, system and device for performing domain management for user device by domain manager |
| CN101814990A (en) * | 2010-04-15 | 2010-08-25 | 华中科技大学 | Home network-oriented digital rights certificate management system |
| CN101816165A (en) * | 2007-10-04 | 2010-08-25 | 朗讯科技公司 | Methods for determining whether femtocell is authorized to provide wireless connectivity to a mobile unit |
| CN101895563A (en) * | 2010-05-19 | 2010-11-24 | 深圳市五巨科技有限公司 | Mobile terminal desktop spirit service push method and device |
| CN101364871B (en) * | 2007-08-10 | 2011-12-21 | 华为技术有限公司 | Method, system and apparatus for domain manager to carry out domain management to user equipment |
| CN102394869A (en) * | 2011-10-21 | 2012-03-28 | 河南科技大学 | Digital content sharing method and system for digital network |
| CN102882555A (en) * | 2012-08-30 | 2013-01-16 | 华为技术有限公司 | Domain access control method, domain searching method and communication apparatus |
| CN101315654B (en) * | 2007-06-01 | 2013-02-27 | 华为技术有限公司 | Method and system for validating permission |
| CN101640889B (en) * | 2008-07-29 | 2013-04-24 | 华为技术有限公司 | Method and device for accessing terminal of fixed or nomadic user to network |
| CN116346396A (en) * | 2022-12-15 | 2023-06-27 | 北京航星永志科技有限公司 | Digital certificate distribution method, device, electronic equipment and storage medium |
-
2006
- 2006-07-12 CN CNB2006100985901A patent/CN100479386C/en active Active
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101315654B (en) * | 2007-06-01 | 2013-02-27 | 华为技术有限公司 | Method and system for validating permission |
| WO2008148325A1 (en) * | 2007-06-06 | 2008-12-11 | Huawei Technologies Co., Ltd. | A method for acquiring user domain information, a domain management server and a license server |
| CN101321155B (en) * | 2007-06-06 | 2012-12-19 | 华为技术有限公司 | Method for acquiring user domain information, domain management server and permission server |
| WO2009015607A1 (en) * | 2007-07-31 | 2009-02-05 | Huawei Technologies Co., Ltd. | Method, system and device for performing domain management for user device by domain manager |
| CN101364871B (en) * | 2007-08-10 | 2011-12-21 | 华为技术有限公司 | Method, system and apparatus for domain manager to carry out domain management to user equipment |
| CN101816165A (en) * | 2007-10-04 | 2010-08-25 | 朗讯科技公司 | Methods for determining whether femtocell is authorized to provide wireless connectivity to a mobile unit |
| CN101640889B (en) * | 2008-07-29 | 2013-04-24 | 华为技术有限公司 | Method and device for accessing terminal of fixed or nomadic user to network |
| CN101814990A (en) * | 2010-04-15 | 2010-08-25 | 华中科技大学 | Home network-oriented digital rights certificate management system |
| CN101895563A (en) * | 2010-05-19 | 2010-11-24 | 深圳市五巨科技有限公司 | Mobile terminal desktop spirit service push method and device |
| CN102394869A (en) * | 2011-10-21 | 2012-03-28 | 河南科技大学 | Digital content sharing method and system for digital network |
| CN102394869B (en) * | 2011-10-21 | 2013-05-01 | 河南科技大学 | Digital content sharing method and system for digital network |
| CN102882555A (en) * | 2012-08-30 | 2013-01-16 | 华为技术有限公司 | Domain access control method, domain searching method and communication apparatus |
| CN102882555B (en) * | 2012-08-30 | 2015-04-08 | 华为技术有限公司 | Domain access control method, domain searching method and communication apparatus |
| CN116346396A (en) * | 2022-12-15 | 2023-06-27 | 北京航星永志科技有限公司 | Digital certificate distribution method, device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100479386C (en) | 2009-04-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1878092A (en) | Domain management system, method for building local domain and method for acquisition of local domain licence | |
| CN101064628A (en) | Household network appliance safe management system and method | |
| CN1852094A (en) | Method and system for protecting account of network business user | |
| CN101051898A (en) | Certifying method and its device for radio network end-to-end communication | |
| CN1502186A (en) | Controlled distribution of application code and content data within a computer network | |
| CN1315268C (en) | Method for authenticating users | |
| CN1581777A (en) | Network system, indoor apparatus control server and intermediate server | |
| CN1531245A (en) | Server, terminal controller and terminal weight determiner | |
| CN1906883A (en) | Enabling stateless server-based pre-shared secrets | |
| CN1689367A (en) | Security and privacy enhancements for security devices | |
| CN1681238A (en) | Key allocating method and key allocation system for encrypted communication | |
| CN1647442A (en) | Secure electonic messqging system requiring key retrieval for deriving decryption keys | |
| CN1701561A (en) | Authentication system based on address, device thereof, and program | |
| CN1745356A (en) | Single sign-on secure service access | |
| CN1568475A (en) | A system and a method relating to user profile access control | |
| CN1631000A (en) | Key management protocol and authentication system for securecontent delivery over the internet | |
| CN1881964A (en) | Home gateway device, access control system for home network | |
| CN1539106A (en) | Modular authentication and authorization scheme for internet protocol | |
| CN1738248A (en) | Information-processing method, information-processing apparatus and computer program | |
| CN1901448A (en) | Connecting identification system in communication network and realizing method | |
| CN1961311A (en) | Method and apparatus for transmitting rights object information between device and portable storage | |
| CN1934564A (en) | Method and apparatus for digital rights management using certificate revocation list | |
| CN1873652A (en) | Device and method for protecting digit content, and device and method for processing protected digit content | |
| CN1685306A (en) | Printing system, printing device and method for giving printing command | |
| CN1708740A (en) | Method and device for authorizing content operations |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |