CN100435162C - Finger print structure in digital products, its authentication and digital products issue system - Google Patents

Finger print structure in digital products, its authentication and digital products issue system Download PDF

Info

Publication number
CN100435162C
CN100435162C CNB2006100116997A CN200610011699A CN100435162C CN 100435162 C CN100435162 C CN 100435162C CN B2006100116997 A CNB2006100116997 A CN B2006100116997A CN 200610011699 A CN200610011699 A CN 200610011699A CN 100435162 C CN100435162 C CN 100435162C
Authority
CN
China
Prior art keywords
fingerprint
buyer
server
evidence
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2006100116997A
Other languages
Chinese (zh)
Other versions
CN1834973A (en
Inventor
朱岩
张建宇
叶志远
陈昱
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Peking University
Original Assignee
Peking University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Peking University filed Critical Peking University
Priority to CNB2006100116997A priority Critical patent/CN100435162C/en
Publication of CN1834973A publication Critical patent/CN1834973A/en
Application granted granted Critical
Publication of CN100435162C publication Critical patent/CN100435162C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The present invention relates to a fingerprint configuring and verifying method for a digital product. The configuring method is characterized in that secret purchase information is obtained from a purchaser, and an evidence fingerprint which can not be counterfeited is configured by a copyright server; then, a license issued by the copyright server and marketing information are configured into an identity fingerprint by a copyright publishing server, and finally, a copy with the fingerprint is configured by a combination technology. The verifying method is characterized in that the identity fingerprint stored in a digital product is accessed for verifying the licensing right of the product and identifying the identity of a purchaser, and then, ownership is verified and confirmed according to the similarity of the evidence fingerprint. Correspondingly, the present invention provides a digital product publishing system which comprises a purchase device, a copyright publishing server and a copyright server. The present invention provides a client-friendly, simple and easy method which aims to solve the problems of safe product distribution, licensing right management, copyright monitoring, etc. and greatly improves the safety and the extensibility of the existing systems.

Description

The structure of fingerprint and verification method and digital product publishing system in the digital product
Technical field
The present invention relates to the structure and the verification method of digital finger-print, relate in particular to a kind of structure and verification method that is used for the fingerprint of digital product, and the digital product publishing system that is used to realize this method, software technology field belonged to.
Background technology
Along with the application of internet and digitizing technique with popularize, be rapidly developed based on the medium industry of ecommerce, but digital product is easy to the characteristics of revising, duplicating and propagating, make more and more wildness of piracy, copyright protection is increasingly important.And, the existing digital production marketing is served in (as download services such as MP3, books, software, films) on the internet in ecommerce, usually the copy of digital product directly is sent to the buyer, make that selling safety can't be guaranteed, licence can't be monitored, more can't the copyright of digital product be control effectively, causes legal digital product to be downloaded and to propagate everywhere, grievous injury the copyright interest of the digital publishing rights owner (as the publisher).
Have that copyright is followed the tracks of, evidence obtains and the copyright protection technology of low-complexity is the basic demand of following digital distribution system.There is variety of issue in the digital copyright management technology that is adopted in the known systems, also lacks effective copy-right protection method.For example, based on electronic money, the electronic trading system of cryptographic technique, safety of data and confidentiality in can guaranteeing to sell but can't provide the support of copyright protection aspect; Copyright protecting system based on methods such as digital watermarkings; be comparatively effective aspect proof of ownership; but can't realize that thereby the bootlegger assert piracy formation deterrence; vaild evidence in the court also can't be provided and realize fairness and legitimacy in the electronic transaction; particularly the sentience watermark copyright question at issue that exists multi-watermarking to embed has not limited its application aspect copyright protection.
On the other hand, existing e-commerce transaction has higher requirement to calculating and the storage capacity of buying the employed equipment of digital product, even need the ability the same with issuance server, with regard to the equipment of the actual use of present buyer, significant limitation is arranged on the implementation.For example, use mobile phone to download the mp3 song from certain website by the GPRS+WAP technology, buyer's mobile phone can only carry out simple computation to transaction, does not have enough processing poweies and storage space to be used for complicated commercial affairs and cipher protocol, can customer-furnished information also be extremely limited.
In a word, copyright protection technology needs not only to realize that control access permission and copyright prove, also needs to reach tracking and trial to the bootlegger, and functional requirement such as convenient processing, and existing technology also can't satisfy these requirements at present.
Summary of the invention
At the problems referred to above, the object of the present invention is to provide the structure and the verification method of fingerprint in a kind of digital product, utilize the mixed-fingerprint constructing technology, but construct a kind of digital finger-print that comprises the buyer's of digital product characteristic information, copyright permission and authorization information, be blended in the digital product copy this fingerprint and then distribution.Therefore, when the credible digital product that contains this fingerprint suffers illegal copies with distribution, just can from the illegal copies product, extract the owner (buyer) information of the trusted copy that is used to duplicate these illegal copies, by verifying the described owner (buyer) information, thereby realize tracking and identification to pirate product.This method can be used in e-commerce website, portable equipment (palmtop computer, mobile phone etc.), web browser or the media player, realize the secure distribution of digital products such as audio frequency, video, CD, software, text, guarantee in the digital product selling trackability, non-repudiation, can not duplicity, security property such as anonymity, and improve the distribution efficient of digital product.
For achieving the above object, the present invention at first provides a kind of building method of digital finger-print, is used for digital product.Digital finger-print is meant a kind ofly can distinguish analogical object and by characteristic sequence Computer Processing, digitized.In essence, fingerprint has uniqueness, thereby can play the purpose of mutual difference by the interpolation fingerprint to identical carrier.Fingerprint has robustness again, by it being depended on the purpose that the object that will protect plays object of protection.Fingerprint described in the present invention is characterised in that and comprises:
A, identity fingerprint: comprise information such as sale, entitlement, the usage license, be used for reference numbers product copyright and the identity that identifies the buyer;
B, fingerprint evidence: the information that comprises buyer's secret information and can not forge, be used to provide the evidence of digital product selling or distribution, thereby prevent that the publisher from framing a case against the buyer or the buyer denies affiliated relation, also can be used as simultaneously and confirm that rebel user (buyer of illegal copies promptly is provided) provides the evidence of illegal copies behavior.
The structural attitude of above-mentioned fingerprint guarantees that fingerprint had not only comprised the product copyright information but also comprised buyer's personal information.At fingerprint evidence is under the situation about holding in close confidence, and it can play the effect that illegal act is given credible proof.These two kinds of fingerprint function differences, structure require also different, and fingerprint evidence requires fingerprint to forge; Identity fingerprint then further need embed extractible information in fingerprint.
As shown in Figure 1, the building method of fingerprint comprises step in the digital product provided by the invention:
1) generates purchase secret information string: buy device according to buyer's information, generate by the abstract function algorithm and buy the secret information string; Wherein, buyer's information comprises: timestamp, buyer's PKI, buyer's sign and buyer's secret information, described abstract function algorithm can be wherein any of hash function, message authentication code, cryptographic one-way function or random permutation algorithm.
2) structure copyright mark sequence: copyright server utilizes fingerprint generating algorithm structure copyright mark sequence according to the fingerprint parameter that the fingerprint seed and the digital product publisher of picked at random provides; Described fingerprint parameter comprises: fingerprint pattern, fingerprint length, span, type of coding, anti-attack strength, detection error rate; Described fingerprint generating algorithm can be any in sequence spread spectrum, key fingerprint algorithm, Boneh-Shaw sign indicating number, Algorithms of Algebraic Geometric Codes, IPP sign indicating number, FP sign indicating number, TA sign indicating number or the direct sequence spread spectrum.
3) structure buyer fingerprint evidence: copyright issuance server utilization purchase secret information string and copyright mark sequence construct buyer's fingerprint evidence by secret hybrid algorithm;
Described secret hybrid algorithm can be between data mix computing (be mould between data adds, XOR), encrypt ciphertext or promise to undertake between homomorphism computing or in the random permutation any; Described fingerprint evidence comprises buyer's secret information and the information that can not forge, is used to provide the evidence of digital product selling or distribution; Described fingerprint seed is random number or the sequence with uniqueness, and the fingerprint seed has short length, is convenient to excite pseudorandom number generator to produce the characteristics of random length pseudo-random number sequence.
4) structure buyer's identity fingerprint: the copyright issuance server is selected the fingerprint seed, according to buyer's sign, licence and copyright information, utilizes the fingerprint generating algorithm, constructs buyer's identity fingerprint; Described identity fingerprint comprises marketing information, entitlement information and the usage license information of digital product, is used to identify product copyright and buyer's identity;
5) structure contains the digital product copy of fingerprint: the copyright issuance server is with fingerprint evidence and identity fingerprint or the information to forming behind described two kinds of encrypting fingerprints, depend on digital product by integration technology, generation contains the product copy of buyer's feature, and described integration technology can be any in the content scrambling technology of the digital watermark technology of video and audio frequency, concealed coupling technique, key fingerprint technique or DVD.Concealed coupling technique adopts session secret key pair original works to encrypt, and with the secret key of session with the broadcast enciphering algorithm for encryption and with concealed form be positioned in the works or the hidden area of storage medium (subregion) in, the user uses and to decipher secret key by the uniqueness of fingerprint structure and realize deciphering.
Wherein, process to two kinds of encrypting fingerprints can be: the copyright issuance server carries out random permutation to the evidence fingerprint earlier, then according to the fingerprint evidence after identity fingerprint and the displacement, be combined into the fingerprint that contains buyer's feature, detailed process is: the copyright issuance server carries out random permutation to the evidence fingerprint earlier, in order to increase randomness and the security that fingerprint is hidden, guarantee between the different server also acquired information each other and prevent copyright server to be broken and the harm that causes; And then according to the fingerprint evidence after identity fingerprint and the displacement, be combined into the complete fingerprint that contains buyer's feature, array mode both can adopt overlap mode to mix, also can non-overlap mode be linked at together, as: identity fingerprint ‖ fingerprint evidence, wherein, " ‖ " is the character string link symbol.
Utilize said method, the buyer's information that includes digital product and the trusted copy of product copyright information can be provided.In the use of trusted copy, the copyright issuance server can be according to copyright information in the identity fingerprint and occupancy permit constraint buyer's behavior, and for example, broadcasting time, keeping life are permitted in control.In addition, the information in the identity fingerprint also can be used as the tracking foundation of observing products in circulation and operating position.
Another object of the present invention is to provide a kind of verification method of digital finger-print, is used for verifying the digital finger-print of digital product copy, thereby realizes protection and tracking to the digital product copyright, and the method comprising the steps of:
1) the copyright issuance server extracts and the decoding identity fingerprint from the digital product copy that contains buyer's identity fingerprint and fingerprint evidence, obtain buyer's sign, and send the fingerprint evidence of discovering and seizing to arbitrating server, wherein, described extraction is corresponding with the algorithm of use in the fingerprint structure with decoding algorithm;
2) arbitrating server is announced with described buyer to the copyright server request and is identified corresponding copyright mark sequence, confirms the authenticity of this copyright mark sequence, and itself and purchase secret information string are synthesized fingerprint evidence;
3) arbitrating server is with fingerprint evidence and the step 2 discovered and seized in the step 1)) fingerprint evidence that plant to generate compares, if similarity surpasses predefined credibility, confirms that then this digital product copy identifies relevant with original buyer.Wherein, used similarity comparison method can be error correction information decoding likelihood ratio to the rebel of, serial correlation comparison, the optimum decoding of Viterbi, key fingerprint follow the tracks of, based in the polynomial fingerprint vector searching method any; Described credibility comprises parameter: the degree of correlation, confidence level, discrimination, conspiracy tolerance.
After buyer's identity of the digital product copy that is verified was identified, the buyer of this copy also can provide buyer's secret information to examine whole fingerprint structure and tracing process, is oneself statement.
The technique effect of said method has been to provide a kind of building method of digital finger-print, and this fingerprint has not only been realized copyright management functions such as copyright proves, the usage license, and has satisfied the needs that abuse come source acknowledgement and credible evidence obtaining.Described building method adopts identity fingerprint and the mode that fingerprint evidence separates, and has further strengthened construction flexibility and finger print safety and robustness; Aspect extendability, this building method also is convenient to combine with other digital watermarking or concealed method, forms the unified management mechanism to numerous medium.The present invention also provides a kind of verification method of digital finger-print simultaneously, for solve problems such as copyright dispute, license management and copyright monitoring with legal means, a kind of user friendly and simple digital product distribution, sale, supervisory system and method are provided, and this method also can provide certain evidence for court's arbitration simultaneously.
Another purpose of the present invention is to provide a kind of digital product publishing system of realizing said method, comprising:
1) buys device, be deployed on the terminal that links to each other with the copyright issuance server, described terminal is mounted with can realize that digital product is bought and the software of playing function, be used to generate buyer's secret information and proof of purchase, described proof of purchase comprises: timestamp, buyer's PKI, source IP address, purchase are promised to undertake;
2) copyright issuance server is used to distribute digital product and management product copyright, comprising: Sales module is used for handling the request of purchase and provides product; The fingerprint authorization module is used for the structure that fingerprint evidence request, fingerprint generation, license issuance and band fingerprint copy; Sale database is used to preserve the sales figure that comprises identity fingerprint seed, buyer's information and copyright information, and described sales figure comprises: sales figure number, proof of purchase, licence, identity fingerprint seed.
3) copyright server is deployed on the terminal that links to each other with the copyright issuance server, is used for authentification of user and license awarding, comprising: User Manager is used for authentication and key management; The fingerprint management device is used for licence mandate and fingerprint evidence structure; The copyright data storehouse is used for copyright and fingerprint authorization message record, and described copyright and fingerprint authorization message record comprises: colophon number, dealer's sign, sales figure number, proof of purchase, licence, fingerprint evidence seed, publisher's signature.
Copyright server both can be structured on publisher's the equipment together with the copyright issuance server, also can be structured in separately on the equipment of an arbitration body of trusted third party.
Further, above-mentioned digital product publishing system can also comprise: arbitrating server, be deployed in terminal that copyright server links to each other on, perhaps provide arbitration equipment separately by believable third party, comprise: the mediation service unit is used for collecting fingerprint evidence when abuse occurring; The fingerprint identification unit is used to finish the finger print information similarity and detects.
Further, described system can also comprise some copyright tracking agent servers of disposing in Internet, be used for the monitoring network data stream and obtain pirate product, includes the copyright monitoring software.
Technique effect of the present invention is, described fingerprint building method can effectively construct detectable uniqueness fingerprint sequence, reach the purpose of distinguishing different user, and adopt scramble and similar detection technique at random, the anti-attack performance of fingerprint and the reliability of checking arrive and strengthen; Secondly, the security password computing is incorporated among fingerprint generates, strengthen fingerprint undeniable with can not frame a case against performance; In addition, organically digital watermarking and concealed technology are applied to both realize the fingerprint disguise in the fingerprint integration technology, have realized tracking again the infringer; Simultaneously, the two fingerprint techniques that adopt fingerprint evidence and identity fingerprint to combine guarantee the accuracy of rebel's tracking and the validity of evidence.Use system provided by the invention, can be for solve problems such as copyright dispute, license management and copyright monitoring with legal means, a kind of user friendly and simple digital product distribution, sale, supervisory system and method are provided, and this method also can provide certain evidence for court's arbitration simultaneously.
The technique effect of said system is, provides a kind of realization convenient, reliable digital product copy-right protection method.At first, it has realized transparent purchase, promptly do not know the buyer that copyright information exists under the situation and realize that digital product buys, and make the buyer buy for the time calculate with storage cost and minimize; Secondly, introduce copyright server and promptly satisfy the independence requirement that license is issued, the efficient realization of complex calculation in helping the fingerprint structure again and merging; Be used homomorphism cryptographic system, message authentication and signature scheme, pseudo-random generator etc., the safety that guarantees fingerprint structure and corresponding system is with efficient.
Another characteristics of the present invention provide a kind of method and system that is used for copying safely distribution and copyright protection.When running down the rebel, owing to be blended in the secret information that fingerprint in the product includes buyer, publisher and copyright server three, these information all are cryptography safety, guaranteed the publisher to not guilty user can not frame, illegal rebel is undeniable to crime fact, need not defendant participates in finishing functions such as (absence) trial and defendant's complaint.
To sum up, method and system of the present invention provides better extendability and adaptability, to satisfy various application needs.On shielded digital product kind, perceptibility medium such as video, audio frequency are not only contained in the present invention, and contain the copyright protection of expressivity medium such as software, CD, text; In protection in form, both can adopt content-based data embedding grammar, can adopt based on the concealed coupling process of the data of structure.Aspect applied environment, the present invention is applicable to the structure of various e-commerce systems and copyright tracing system, comprise electronic transaction based on browser, video/audio program request, the product subscription of palm PC, the electronic transaction (ringing sound of cell phone/MMS) of particularly various calculating, storage constrained devices based on media player.
Description of drawings
Fig. 1 represents the structural texture figure of digital finger-print among the present invention;
Fig. 2 represents the structural representation of the digital product publishing system of most preferred embodiment of the present invention;
Fig. 3 represents digital product registration, sale and the arbitration process figure according to the inventive method and system;
Fig. 4 represents the fingerprint sequence organigram based on direct sequence spread spectrum skill;
Fig. 5 represents linking of identity fingerprint and fingerprint evidence and merges synoptic diagram;
Fig. 6 represents the process flow diagram of the embodiment of the invention in copyright authentication and evidence extraction application.
Embodiment
Following with reference to accompanying drawing, describe the most preferred embodiment of the present invention in network media dissemination system makes up in detail.
In the network media dissemination system by the present embodiment structure, rely on the user that necessary personal information correctly is provided, automatically perform buying behavior among the present invention by the purchase device that is loaded in client, comprise and realize that private information generation, signature authentication, data are downloaded, product deciphering functions such as (containing format conversion).One side can guarantee user's purchase convenience and safety purchase, realizes having the generation that user characteristics copies the user under situation about discovering; On the other hand, can guarantee distribution merchant sale safety and realize copyright management, tracing process can be carried out the copyright inspection before client software is play works, examination scope comprises: works copyright, usage license power etc., as discover and seize and abuse occurs, even prevent and report; Can intercept and capture and obtain pirate information to abnormal movement by the mode of monitoring network stream on the network key node again.On this basis, present embodiment has made up media play (reading) device of support user program request, download, broadcast and recording digital media function with copyright management function.
Fig. 2 represents the structural representation of digital product publishing system and the information flow between each parts.Related entity comprises: copyright issuance server M, purchase device B, copyright server FC, copyright tracking agent TA and arbitrating server A, wherein, copyright server also has key distribution and authentication function except that having the copyright server function.The buyer obtains merchandise news by the product player of buying in the device 201 202 from the Sales module 205 of copyright issuance server 204, start point-of-sale terminal process 203 and finish the user profile typing and buy the request packing, this request is sent to copyright issuance server 204; Sales module 205 is set up selling event and is delivered fingerprint authorization module 206 and generates fingerprints after examining request, and fingerprint authorization module 206 at first asks copyright server 208 to provide rights certificate and fingerprint evidences; Request is received the back by the User Manager in the copyright server 208 210 and realizes that rights certificate generates and startup fingerprint management device 209 is finished the fingerprint evidence structure, and with buy the signatures of the device 201 mutual buyers of acquisition to the evidence fingerprint, at last certificate and fingerprint are presented to copyright issuance server 204 and store relative recording in copyright data storehouse 211; Fingerprint authorization module 206 generates buyer's identity fingerprint and is blended in the purchase product with the fingerprint evidence of issuing according to certificate, be with the fingerprint product to send to the most at last and buy device 201 and store sales figure in sales server 207, reach copyright management whereby in Normal Goods is bought and can follow the tracks of the purpose that fingerprint generates, process of purchase is seen Fig. 3 in detail.
Aspect copyright management and piracy tracking, can be in the internet 212 key nodes dispose a plurality of copyright tracking agent 213 and be used for the monitoring network flow, suspicious data is delivered to copyright monitor server 214 to be handled, the copyright information that dependence goes out from extracting data, the corresponding copyright issuance server 204 of copyright monitor server 214 requests is confirmed the validity of rights certificate; As find illegal abuse, then copyright issuance server 204 relies on identity fingerprint to identify the bootlegger, to arbitrating server 215 request for arbitration is proposed, the fingerprint evidence information that arbitrating server starts mediation service unit 216 and asks for this bootlegger to copyright server 208, the comparison of the fingerprint evidence of issuing by 217 pairs of fingerprint evidences of discovering and seizing in fingerprint identification unit and copyright server, finally provide bootlegger's ruling, realize that whereby copyright monitors and pirate identification affirmation purpose that detailed process is seen Fig. 3.
In order to realize above function, embodiment adopts the Paillier cryptographic system with addition homomorphism character, and Benaloh password, Naccache-Stern password etc. also can meet design requirement in addition.If n=pq, wherein p and q are safe primes, make φ (n) and λ (n) represent Euler function and Carmichael function respectively, for example, according to definition have φ (n)=(p-1) (q-1) and λ (n)=1cm (p-1, q-1), mould n so 2The multiplication of integers group who constitutes
Figure C20061001169900111
Have | Z n 2 * | = φ ( n 2 ) = nφ ( n ) . If g is
Figure C20061001169900113
Generator, On the definition encryption function
E(m,r)=g m·r nmodn 2(1)
Wherein, m is expressly, and r is a random number, and m, r<n, encrypted public key be (n, g).Make L (u)=(u-1)/n,, can try to achieve expressly by ciphertext c according to decruption key λ
m = L ( c λ mod n 2 ) L ( g λ mod n 2 ) mod n - - - ( 2 )
As seen, this cryptographic system is the r nothing to do with, and the security of password is the safety to the n decomposition.For arbitrarily
Figure C20061001169900116
With
Figure C20061001169900117
Encryption function
Figure C20061001169900118
Figure C20061001169900119
On have homomorphism character
E(m 1)·E(m 2)modn 2=E(m 1+m 2mod n)(3)
Under Hensel-lifting difficult problem hypothesis, be that first is proved to be semantic safe RSA type cryptographic system by the RSA RSA-Paillier password of constructing that combines with the Paillier password.Owing to have the similar key of RSA, be convenient to more to encrypt and sign in application, adopt the 1024-bits length keys here.
Digital signature among the embodiment adopts Digital Signature Standard (DSS), uses big prime number p and 160-bits prime number q, realizes the 320-bits signature expressly to 160-bits.The 160-bits summary that hash function (Hash Function) adopts safe hash algorithm (SHA) to ask for.
Above-mentioned process of purchase as shown in Figure 3, whole flow process comprises that the user registers and sales process two parts:
In user registration, buying module at first needs to send register requirement (A) to copyright server before buying commodity, finishes registration by registration center, comprises legal buyer's authentication and issues user key (pk p, sk p) certificate, to various monetary payoff means, also need to finish at registration phase as account No., credit card, mobile phone charge etc., then, device (B) is bought with the key certificate transmission repurchase of issuing by registration center.
In sales process, publisher's copyright issuance server 205 at first provides required merchandise news (C) to buying device, the buyer determines to buy the back and starts point-of-sale terminal process 203, the various user profile of this process typing, comprise: timestamp, user ID, secret information and key certificate etc. generate buyer's secret expressly Text according to these B, ask for the secret expressly Text of the long buyer of 160-bits by the Hash function again BSummary STR B, at last to STR BEncrypt and signature SIG S, BObtain buying promise PRM B, this promise will be used to generate fingerprint evidence and prove as buyer's statement.The structure of detailed purchase request list item is as shown in the table, and wherein long measure is a byte, every byte g-bits:
Figure C20061001169900121
Obtaining to buy promise PRM BAfter, the point-of-sale terminal module is with the REQ of proof of purchase B, user ID ID B, buy descriptive labelling Des and their signature and pack to form and buy request message, wherein, the REQ of proof of purchase BComprise contents such as timestamp, buyer's PKI, source IP address, purchase promise.At last, message is carried out encrypting and transmitting to copyright issuance server (D), concrete buyer's purchase request message list item structure is as shown in the table:
Figure C20061001169900122
After receiving the purchase request message, Sales module carries out validity check to information format, timestamp etc., identity is confirmed (can select for use trusted third party to confirm identity or realization anonymity in case of necessity), and the correctness of request and payment information is confirmed, as check ES BSignature SIG BDeng.If by checking, generate purchaser record and obtain sales figure NO by the sales management module M, and the combined sale trade mark is known, sales figure number, proof of purchase, copyright issuance server signature and fingerprint parameter Params constitute the publisher asks REQ M(wherein, Params contains the fingerprint tectonic information, as fingerprint length, span etc.), the copyright issuance server is again with fingerprint structure request REQ MPack, and be sent to copyright server (E) with encrypted form.Detailed publisher's request package structure is as follows:
Figure C20061001169900132
Copyright server carries out validity check to the request form, again to publisher's identity ID after receiving publisher's request M, transmission information etc. authenticity (pass through SIG M, R) test, comprise and check ES BSignature SIG BWith SIG M, require to generate uniqueness fingerprint FING according to Params then B, adopt direct sequence spread spectrum (DSSS) technology to produce pseudo-random sequence structure fingerprint sequence in this example, the feedback-type shift register structure that is adopted as shown in Figure 4, the seed SEED that selects at random by copyright server FCAs feedback-type shift register original state control pseudorandom PN sequence, sequence is [0,1] sequence, and (this sequence can be directly used in and generate the fingerprint key) is the normal state sequence that acquisition can be used for embedding, and this PN sequence is imported as minor function, as shown in Figure 4:
f(x)=2x-1(4)
Make it to become [1,1] sequence, this sequence and normal state sequence are multiplied each other (Figure 40 2) again, this normal state sequence character determines that by Params character comprises average, variance etc., and multiplied result will obtain normal distribution fingerprint sequence FING BCopyright server is used pk again BTo FING BIn each component encrypt and obtain ciphertext EF B, use homomorphism character to calculate
EW B = EF B ⊗ ES B
= E B ( FING B ⊕ STR B ) - - - ( 5 )
Acquisition contains the fingerprint of buyer's feature W B = FING B ⊕ STR B Encrypted form EW BWherein,
Figure C20061001169900144
Be the homomorphism multiplying.
Copyright server uses the Hash function to EW earlier as shown in Figure 3 BCalculate authentication code HASH W, and sign and obtain SIG W, FC, according to the REQ of proof of purchase BIn buyer address Addr BWith message (ID FC, HASH WAnd SIG W, FC) sending to the buyer with encrypted form, the buyer is to fingerprint EW in request B(F) signs; After the buyer receives the message of being provided by copyright server, to buyer's identity ID FCAnd authentication code signature HASH WCarry out validity and authenticity verification, if by authentication, the buyer signs to the finger print identifying sign indicating number with private key and obtains SIG W, B, and its signature returned back copyright server (G) by safe lane; Copyright server receives the buyer and signs the back to signature SIG W, BTest, if, then construct rights certificate EMB by check FC, detailed rights certificate structure is as follows, wherein, and fingerprint evidence section EW BLength is by LEN BProvide:
Figure C20061001169900145
Copyright server is with rights certificate EMB FCPass the copyright issuance server (H) that is presented to the publisher by safe lane; After receiving rights certificate, the fingerprint authorization module is checked copyright server identity, certificate validity, data layout integrality, is checking EW then BAuthenticity is to signature SIG W, B, SIG W, FCAuthenticate, as passing through authentication, issuance server also will be to EW BSign and obtain signature SIG W.M, and by safe lane return SIG W.MTo copyright server: copyright server receive and check copyright issuance server signature after, preserve necessary information and form colophon REC FC, copyright server finishes this operation, and detailed colophon structure is as follows:
Data message (arranging) according to storage order Length (byte) Implication
Colophon number (NO FC) 4 Sequence number in the colophon
Sign (the ID of dealer M) 16 Publisher's uniqueness sign
Sales figure number (NO M) 4 Sequence number in the sales figure
(the REQ of proof of purchase M) 344 The buyer is proof of purchase this time
Copyright notice (CRC FC) 102 Copyright notice to publisher's transmission
Fingerprint evidence seed (SEED FC) 8 Pseudo-random sequence generator input seed
Publisher (the SIG that signs W.M) 40 Issuance server is to EW BSignature
Fig. 5 has provided the copyright mark structure and the band fingerprint copy generative process of copyright issuance server.After receiving the rights certificate of copyright server, Distributor is with copyright information, this sales figure ID B, licence LIC BConstruct identity fingerprint V etc. information by finger-print codes BThe finger-print codes method has Boneh-Shaw fingerprint model, IPP sign indicating number (IdentifiableParent Property can confirm father unit sign indicating number), FP sign indicating number (the anti-sign indicating number of framing a case against of Frameproof), TA sign indicating number (but Tracibility tracking code), direct sequence spread spectrum fingerprint etc. adopt FP sign indicating number realization identity fingerprint V in the Boneh-Shaw model here BStructure, and use buyer's PKI pk BTo V BEncrypt with original works X and to obtain EV BAnd EX.
As shown in Figure 5, the copyright issuance server is with identity fingerprint EV B(501) with fingerprint evidence EW B(502) carrying out linked operation, use link symbol ‖ to represent, is a sequence (503) with two combined sequence, and obtains final fingerprint F by the random permutation operation BEncrypted form (504), i.e. EF B=π (EW B‖ EV B), this displacement π is unique appointment for a certain publisher, and preserves as the publisher is secret, purpose is to guarantee to adopt the information that also can't understand between different publisher's servers of the present invention each other, to strengthen security.
Different medium are adopted different fusion methods, for example, to medium such as text, softwares, can adopt the integration technology of a kind of " key fingerprint ", promptly increase by one " fingerprint key block " at the medium head, use general encryption method that media content is encrypted, its encryption key can be tried to achieve from the fingerprint key block, and this acquiring method is followed the tracks of (Traitor Tracing) method etc. by finger print information decision (506) as the broadcast encryption method of the Content Scrambling System among the DVD (CSS), Fiat-Naor, the rebel of Chor-Fiat-Naor; To video, audio frequency media, can adopt the embedded mode of digital watermarking, among the finger print information embedding media content (507), all be the watermark embedded technology of comparatively moulding soon as Cox method, DIM method, lowest bit embedding etc.Present embodiment describes in the watermark mode, to F B, X encrypted form EF B, EX, have according to homomorphic cryptography character
EX B = EX ⊗ EF B
= E ( X ⊕ F B ) - - - ( 6 )
= E ( X ⊕ π ( W B | | V B ) )
Promptly obtain being with fingerprint F BWorks X BEncrypted form EX BTo improve the hiding ability of fingerprint (optional for the factor of sheltering of utilizing that macking technique provides, macking technique be a kind of at the human vision and the sense of hearing the perception characteristics and technology that Information hiding is got up, normally by human vision and auditory masking model, as the Johnston vision mode, calculate and shelter the factor and control embedment strength to be hidden Info).
The copyright issuance server according to the standard format of buying the module appointment to EX BPack (as various industry or enterprise's media standard), and provide product license, the back copy of will packing again is sent to buyer's (seeing Fig. 3 I) by safe lane.Buyer's point-of-sale terminal process receives copy and the inspection file layout of transmitting from issuance server, then licence in the file is carried out validity check, if meet permission, then to EX BUse private key sk pObtain this user and copy X B
At last, the copyright issuance server is checked and the whether normal termination of communicating by letter of purchase module, if communication channel is closed, is thought that then this purchase completes successfully, and will keep current sales figure REC MEtc. information, and finish this operation.Detailed sales figure content structure is as follows:
Figure C20061001169900164
A function of present embodiment is to realize the copyright control and the bootlegger of copyright are followed the tracks of.
After copyright tracking agent in being deployed in Internet network key node, Download Server, client terminal playing software is found suspicious works, the identity fingerprint information (being included in position in the medium, displacement, copyright requirement etc.) that provides according to the publisher, extract the licence content in the identity fingerprint, lost efficacy if find licence, and then showed illegal infringement incident to occur.The agency starts corresponding rebel's trace flow, as shown in Figure 3.At first, the agency sends these pirate works to affiliated copyright owner, further check the infringement situation of licence and copyright information by the fingerprint authorization module in the copyright issuance server, and find the sales figure of these commodity by identity fingerprint, with the fingerprint evidence that extracts with sell voucher SALE MSend to arbitrating server (a); Sell voucher SALE in the arbitrating server inspection MIn after the various signatures validity of confirming to ask, send fingerprint evidence query requests (b) to copyright server; Copyright server is searched colophon REC according to querying command FC, and will write down with secured fashion and send back arbitrating server (c); The consistance of data and signature is checked in the comprehensive record of sales of arbitrating server and colophon, and then detects copyright server fingerprint evidence of issuing and the consistance of discovering and seizing the fingerprint evidence in the pirate thing, determines whether this bootlegger has illegal infringement.If copy right piracy is identified, then to this buyer's file charges with submit would to state evidence (d) to; The secret expressly Text of buyer's typing point-of-sale terminal process during with oneself purchase BSend to arbitrating server (e) as the statement evidence; Arbitrating server provides final arbitration result according to the whole sales process of all these information revertings, and the result is sent it back issuance server (f).
Detailed copyright control and bootlegger's trace flow in Fig. 6, have been provided.The copyright issuance server at first compares pirate works X ' 601 and original works X, and utilization and the corresponding fingerprint characteristic extraction algorithm 603 of fingerprint blending algorithm extract fingerprint characteristic sequence F ' B604; Again it is split as identity fingerprint V ' B605 and fingerprint evidence W ' B614 two parts; To identity fingerprint V ' BCarry out licence and copyright and detect 606, pass through, then regard as permission product 608, finish operation as authorizing detection 608; Otherwise judge piracy to occur, and will buy sequence number NO M609, sell voucher SALE MWith inverse permutation π at random -1Fingerprint evidence W ' after 610 B611 send arbitrating server together to; Checking sale voucher SALE MAfter the validity, arbitrating server sends to copyright server and obtains copyright mark FING BRequest, copyright server re-constructs publishing right flag F ING according to the record of sales B612, and according to the secret information STR of equation (5) with the buyer B613 comprehensively come to testify according to fingerprint W B614, and with W BSend back arbitrating server with signature in the sales figure by safe lane.Various signatures 615 checking W that copyright server transmits in the sales figure of arbitrating server use copyright issuance server BCorrectness 616, if inconsistent, illustrate there is mistake in the merchandise sales evidence for the prosecution invalid 617; Otherwise arbitrating server is to evidence fingerprint W BWith the fingerprint evidence W ' in the piracy BSimilarity, if similarity can confirm, then confirm to occur pirately 620, otherwise show the evidence invalid 619 that issuance server provides.

Claims (16)

1, the building method of fingerprint in a kind of digital product comprises step:
1) buys device according to buyer's information, generate by the abstract function algorithm and buy the secret information string, and provide purchase information to the copyright issuance server;
2) copyright server utilizes fingerprint generating algorithm structure copyright mark sequence according to the fingerprint parameter that the fingerprint seed and the digital product publisher of picked at random provides; Described fingerprint parameter comprises: fingerprint pattern, fingerprint length, anti-attack strength;
3) copyright issuance server utilization purchase secret information string and copyright mark sequence construct buyer's fingerprint evidence by secret hybrid algorithm; Described fingerprint evidence comprises the information that can not forge, is used to provide the non-repudiation evidence of digital product distribution with affiliated relation;
4) the copyright issuance server is selected the fingerprint seed, according to buyer's sign, licence and copyright information, utilizes the fingerprint generating algorithm, constructs buyer's identity fingerprint; Described identity fingerprint comprises marketing information, entitlement information and the usage license information of digital product, is used to identify product copyright and buyer's identity;
5) the copyright issuance server depends on digital product with fingerprint evidence and identity fingerprint or the information to forming behind described two kinds of encrypting fingerprints by integration technology, generates the product copy that contains buyer's feature.
2, the method for claim 1, it is characterized in that, the process to two kinds of encrypting fingerprints described in the step 5) is: the copyright issuance server carries out random permutation to the evidence fingerprint earlier, according to the fingerprint evidence after identity fingerprint and the displacement, is combined into the fingerprint that contains buyer's feature then.
3, the method for claim 1 is characterized in that, described abstract function algorithm is hash function or message authentication code or cryptographic one-way function or random permutation algorithm.
4, the method for claim 1 is characterized in that, described purchase information comprises: timestamp, buyer's PKI, buyer's sign and purchase secret information string.
5, the method for claim 1 is characterized in that, described fingerprint generating algorithm is sequence spread spectrum or key fingerprint algorithm or Boneh-Shaw sign indicating number or Algorithms of Algebraic Geometric Codes or IPP sign indicating number or FP sign indicating number or TA sign indicating number or direct sequence spread spectrum.
6, the method for claim 1 is characterized in that, described fingerprint seed is random number or the sequence with uniqueness.
7, the method for claim 1 is characterized in that, described secret hybrid algorithm be between data mix computing, encrypt ciphertext or promise to undertake between homomorphism computing or random permutation.
8, the method for claim 1 is characterized in that, described integration technology is the content scrambling technology of digital watermark technology or concealed coupling technique or the key fingerprint technique or the DVD of video and audio frequency.
9, the verification method of fingerprint in a kind of digital product comprises step:
1) the copyright issuance server extracts and the decoding identity fingerprint from the digital product copy that contains buyer's identity fingerprint and fingerprint evidence, obtains buyer's sign, and sends the fingerprint evidence of discovering and seizing to arbitrating server;
2) arbitrating server is announced with described buyer to the copyright server request and is identified corresponding copyright mark sequence, confirms the authenticity of this copyright mark sequence, and itself and purchase secret information string are synthesized fingerprint evidence;
3) arbitrating server is with fingerprint evidence and the step 2 discovered and seized in the step 1)) the middle fingerprint evidence that generates carries out the similarity comparison, if similarity surpasses predefined credibility, confirms that then there are corresponding relation in this digital product copy and original buyer sign.
10, method as claimed in claim 9, it is characterized in that, described similarity comparison method be error correction information decoding likelihood ratio to or serial correlation relatively or the rebel of optimum decoding of Viterbi or key fingerprint follows the tracks of or based on polynomial fingerprint vector search.
11, method as claimed in claim 9 is characterized in that, described credibility is: the degree of correlation or discrimination or confidence level or conspiracy tolerance.
12, a kind of digital product publishing system comprises:
Buy device, be deployed on the terminal that links to each other with the copyright issuance server, be used for generating and buy secret information and proof of purchase, described proof of purchase comprises: timestamp, buyer's PKI, contain buyer's promise of buying the secret information string;
Copyright server is deployed on the terminal that links to each other with the copyright issuance server, is used for authentification of user and license awarding, comprising: User Manager is used for authentication and key management; The fingerprint management device is used for licence mandate and fingerprint evidence structure; The copyright data storehouse is used for copyright and fingerprint authorization message record;
The copyright issuance server is used to distribute digital product and management product copyright, comprising: Sales module is used for handling the request of purchase and provides product; The fingerprint authorization module is used for the structure that fingerprint evidence request, fingerprint generation, license issuance and band fingerprint copy; Sale database is used to preserve the sales figure that comprises identity fingerprint seed, buyer's information and copyright information;
Wherein, the fingerprint management device in the described copyright server utilizes fingerprint generating algorithm structure copyright mark sequence according to the fingerprint parameter that the fingerprint seed and the digital product publisher of picked at random provides;
Fingerprint authorization module utilization purchase secret information string in the described copyright issuance server and copyright mark sequence construct the buyer by secret hybrid algorithm fingerprint evidence, described fingerprint evidence comprises the information that can not forge, is used to provide the non-repudiation evidence of digital product distribution with affiliated relation; Fingerprint authorization module in the described copyright issuance server is selected the fingerprint seed from sale database, according to buyer's sign, licence and copyright information, utilize the fingerprint generating algorithm, construct buyer's identity fingerprint, described identity fingerprint comprises marketing information, entitlement information and the usage license information of digital product; Described copyright issuance server depends on digital product with fingerprint evidence and identity fingerprint or the information to forming behind described two kinds of encrypting fingerprints by integration technology, generates the product copy that contains buyer's feature.
13, system as claimed in claim 12 is characterized in that, also comprises: arbitrating server, be deployed in terminal that copyright server links to each other on, perhaps provide arbitration equipment separately by believable third party, described arbitrating server comprises:
The mediation service unit is used for collecting fingerprint evidence when abuse occurring;
The fingerprint identification unit is used to finish the finger print information similarity and detects.
14, system as claimed in claim 12 is characterized in that, also comprises: the copyright tracking agent server in the Internet deploy, include the copyright monitoring software, and be used for the monitoring network data stream and obtain the illegal copies digital product.
15, system as claimed in claim 12 is characterized in that, described copyright and fingerprint authorization message record comprises: colophon number, dealer's sign, sales figure number, proof of purchase, licence, fingerprint evidence seed.
16, system as claimed in claim 12 is characterized in that, described sales figure comprises: sales figure number, proof of purchase, licence, identity fingerprint seed.
CNB2006100116997A 2006-04-18 2006-04-18 Finger print structure in digital products, its authentication and digital products issue system Expired - Fee Related CN100435162C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2006100116997A CN100435162C (en) 2006-04-18 2006-04-18 Finger print structure in digital products, its authentication and digital products issue system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2006100116997A CN100435162C (en) 2006-04-18 2006-04-18 Finger print structure in digital products, its authentication and digital products issue system

Publications (2)

Publication Number Publication Date
CN1834973A CN1834973A (en) 2006-09-20
CN100435162C true CN100435162C (en) 2008-11-19

Family

ID=37002717

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2006100116997A Expired - Fee Related CN100435162C (en) 2006-04-18 2006-04-18 Finger print structure in digital products, its authentication and digital products issue system

Country Status (1)

Country Link
CN (1) CN100435162C (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103235908A (en) * 2013-02-22 2013-08-07 北京密安网络技术股份有限公司 Digital safety protection algorithm

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2100451A1 (en) * 2006-12-11 2009-09-16 Thomson Licensing Visible anti-piracy system and method for digital cinema
CN102567657A (en) * 2010-12-15 2012-07-11 黄铁军 Digital work ownership authentication system and digital work ownership authentication method
US20130003963A1 (en) * 2011-07-01 2013-01-03 Gyan Prakash Thwarting Unauthorized Content Copying Using Media Tracking Code
CN102306305B (en) * 2011-07-06 2013-04-17 北京航空航天大学 Method for authenticating safety identity based on organic characteristic watermark
CN102629901B (en) * 2012-03-08 2014-08-20 成都天钥科技有限公司 Identity authentication method, system thereof, authentication subject and authenticated subject
CN103632071B (en) * 2012-08-28 2018-04-13 北京超图软件股份有限公司 The copy-right protection method and system of geographical spatial data product
CN104537538A (en) * 2014-12-29 2015-04-22 芜湖乐锐思信息咨询有限公司 Efficient and safe internet online trading system
CN108615218B (en) * 2018-05-02 2022-02-15 北京印刷学院 Printed quantum dot watermark detection method based on pseudo-random information spatial modulation
CN110831102B (en) * 2018-08-07 2023-03-28 香港科技大学 Path construction method and system
CN109190333A (en) * 2018-08-22 2019-01-11 山东超越数控电子股份有限公司 A kind of high intensity method for protecting software
CN109190335B (en) * 2018-09-17 2020-05-05 北京市计算中心 Software copyright protection method and system
CN110378140B (en) * 2019-07-26 2021-05-18 武汉轻工大学 Method, device and system for verifying attribution of deep neural network model
CN113159762B (en) * 2021-01-28 2024-04-09 武汉天喻信息产业股份有限公司 Blockchain transaction method based on Paillier and game theory

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002042970A1 (en) * 2000-11-21 2002-05-30 Kilseob Yang Method and system for server to execute electronic commerce in concerted internet site and off-line store
JP2003256595A (en) * 2002-02-26 2003-09-12 Ntt Comware Corp Content delivery authentication system, content delivery authentication method, program for making computer execute the method, and storage medium with the method stored therein
CN1621992A (en) * 2004-12-20 2005-06-01 四川大学 Method for software copyright protection
WO2006014040A1 (en) * 2004-08-06 2006-02-09 Electronics And Telecommunications Research Institute System for distributing digital contents and method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002042970A1 (en) * 2000-11-21 2002-05-30 Kilseob Yang Method and system for server to execute electronic commerce in concerted internet site and off-line store
JP2003256595A (en) * 2002-02-26 2003-09-12 Ntt Comware Corp Content delivery authentication system, content delivery authentication method, program for making computer execute the method, and storage medium with the method stored therein
WO2006014040A1 (en) * 2004-08-06 2006-02-09 Electronics And Telecommunications Research Institute System for distributing digital contents and method thereof
CN1621992A (en) * 2004-12-20 2005-06-01 四川大学 Method for software copyright protection

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103235908A (en) * 2013-02-22 2013-08-07 北京密安网络技术股份有限公司 Digital safety protection algorithm

Also Published As

Publication number Publication date
CN1834973A (en) 2006-09-20

Similar Documents

Publication Publication Date Title
CN100435162C (en) Finger print structure in digital products, its authentication and digital products issue system
CN111095332B (en) Method and system for protecting private social media advertisements
CN106452756B (en) Can the safe Quick Response Code construction verification method of off-line verification and device
US9830600B2 (en) Systems, methods and devices for trusted transactions
Lei et al. An efficient and anonymous buyer-seller watermarking protocol
AU716912B2 (en) Electronic copy protection mechanism
CN107146120B (en) Electronic invoice generation method and generation device
US20060173794A1 (en) Secure electronic commerce using mutating identifiers
Choi et al. Does it need trusted third party? design of buyer-seller watermarking protocol without trusted third party
CN101682612A (en) Controlled activation of function
Chang et al. An enhanced buyer seller watermarking protocol
CN104966000A (en) Multimedia copyright protection method based on security engine
WO2001043026A1 (en) Systems, methods and devices for trusted transactions
Yang et al. Enhanced digital rights management authentication scheme based on smart card
CN101388764B (en) Data information protecting method, system and ciphering apparatus
CN100428107C (en) Digital watermarking infrastructure
Cheung et al. Rights protection for digital contents redistribution over the Internet
CN113837875A (en) Transaction method, node and medium based on block chain network
US20020062441A1 (en) Authentication apparatus for authentication to permit electronic document or payment by card using personal information of individual, verification apparatus for verifying individual at payment site, and electronic authentication system interconnecting the same
JP2000112751A (en) Device used for software distribution system
JP2001202452A (en) Method and device for distributing digital contents and recording medium of distribution program of digital contents
Choi et al. Analysis of COT-based fingerprinting schemes: New approach to design practical and secure fingerprinting scheme
JPH10228375A (en) Electronic distribution system
EP1288830A1 (en) Anonymous processing of usage rights with variable degrees of privacy and accuracy
CA2557516C (en) Non-algorithmic vectored steganography

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20081119

Termination date: 20110418