CN101132275B - Safety system for implementing use right of digital content - Google Patents
Safety system for implementing use right of digital content Download PDFInfo
- Publication number
- CN101132275B CN101132275B CN200610112550A CN200610112550A CN101132275B CN 101132275 B CN101132275 B CN 101132275B CN 200610112550 A CN200610112550 A CN 200610112550A CN 200610112550 A CN200610112550 A CN 200610112550A CN 101132275 B CN101132275 B CN 101132275B
- Authority
- CN
- China
- Prior art keywords
- file system
- digital content
- encrypted file
- module
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
This invention discloses a safety protection system for realizing use of digital contents including: a control module, a ciphered file system module, a loading module and an off-loading module, which stops illegal modification and deletion of use of the digital contents and increases its safety since users have not any chances to delete or alter the access.
Description
Technical field
The present invention relates to the network security technology field, relate in particular to a kind of digital content that realizes and use the safety system of right.
Background technology
Along with networks development, increasing digital media content is distributed by network, particularly looks the digital audio medium, is the main contents of consuming on the network, has the content of 60% transmission on the statistics display network all to follow to look audio frequency relevant.Under broadband environment, film, serial etc. is looked the important Consumption Power that audio content promotes broadband application especially.
But because digital media content, copy and original paper are identical, and the copy of digital content and propagation cost are extremely low, and the problem of therefore long-term puzzlement Virtual network operator and content supplier is exactly the pirate and illegal propagation problem of network of digital media content.Estimate according to U.S. disc employer's organization (RIAA), whole world every year because of the pirate economic loss that causes up to 5,000,000,000 dollars.American film employer's organization (MPAA) estimates that then piracy makes the annual income of American film industry reduce 2,500,000,000 dollars.
In order to stimulate and to keep the health of network digital media content consumption and develop right and the requirement that to take measures necessary to ensure that content supplier, Virtual network operator, agent and ultimate consumer are legal separately rapidly.And digital copyright management (Digital rights management DRM) adopts various technological means to ensure the lawful right of above-mentioned each side and the total solution of requirement just.
The digital copyright management technology provides a kind of method of protecting content of multimedia to exempt from unwarranted broadcast or duplicate, and it is not provided means by bootlegging or use for content supplier's protection digital media content.The DRM technology adopt usually encrypted digital content and therein whether the have the right service regeulations of play content of further decision user reach the purpose of protection content.Authorities such as whether service regeulations generally include can copy, reproduction time, broadcasting time.
As shown in Figure 1, Fig. 1 is typical DRM system reference architectural schematic.This DRM system comprises three main modular: content server (content server), license server (licenseserver) and trusted client (trust clients).
Content server is provided by the original figure media content that is provided by content supplier; after copyright protection is encrypted the original figure media content is increased digital copyright protection technology, the copyright protection technology that is adopted comprises to be encrypted with symmetric key digital media content etc.
License server is mainly used to generate and the distribution digital license, and carries out control such as authenticating user identification.Digital license is one and comprises the computer documents that digital content is used right (comprising rights of using, access times, useful life etc.), license awarding person and owner's information thereof.In the most of DRM system, digital content itself is through encryption.Therefore, digital license also comprises information such as decrypted digital content key usually.
Trusted client (content consumption environment) mainly comprises DRM controller and digital content tool using.The DRM controller is responsible for collecting information such as User Identity, the use of control figure content.If there is not licence, the DRM controller also is responsible for to the license server licensing.The digital content tool using is mainly used to assisted user and uses digital content.
Current most of DRM system is based on all that this reference architecture makes up. in this structure, trusted client (content consumption environment) if fail safe played crucial effects. the protection of client is not enough, and so whole DRM system just loses meaning.
User, mandate and content are three fundamentals of DRM system.The user is the founder and the user of content, and the user can be publisher, film making merchant, record company, enterprise or consumer individual.Content means the set of the digital content that all can spread through the internet.Mandate means permission, constraint and the obligation that loads on the content and award the user.
Client environment has constituted a content consumption environment, because all digital media contents are finally all in user client consumption and use.Therefore believable client environment is an important part in the digital copyright protection system.Because the digital media content of finally all need copyright protections all play to use on user's computer, the key issue that therefore how to make up a trusted client environment in the unsafe home environment of user be a DRM system.
Existing solution subject matter has: a kind of is at client layer media content and authority to be controlled, and fail safe is not high, is easy to be cracked or walk around; Another kind is that protection, the control of authority to media content all is to be embedded in the media player; or as a plug-in unit of media player; traditional DRM is in the design of trusted client; usually the DRM controller is placed on the media player the inside, when the user clicks played file, before player plays, carries out control corresponding.Its concrete realization generally all is an independently player or use Windows Media Player or the corresponding SDK of Helix carries out secondary development of one of exploitation, therefore the system that develops can only play the media file of particular type, compatibility is not high, has limited the media formats of support and the kind of media player.
Because protection and control to media file all are to realize in player; so the end user can only just can watch with the player of appointment for the media file that content supplier provides; and for content supplier; because the restriction of player; be not all to support for the media file of all forms, this also causes very big inconvenience to content supplier.And user's certificate, private key and associated rights statement thereof all preserve on user's the hard disk, even encrypting storing is also deleted by the user easily or altered.
Summary of the invention
(1) technical problem that will solve
At the deficiency that above-mentioned prior art exists, main purpose of the present invention is to provide a kind of digital content that realizes to use the safety system of right, uses the fail safe of right to improve digital content.
(2) technical scheme
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of digital content that realizes is used the safety system of right, and this system comprises:
Control module, be used for using right and digital content to write or read the encrypted file system that the encrypted file system module provides digital content, and call encrypted file system load-on module or encrypted file system Unload module, after loading the encrypted file system module, will make digital content use right to write calculator memory, and in real time use right according to the digital content in the operating position update calculation machine internal memory of digital content, the digital content of upgrading in calculator memory before unloading encrypted file system module uses right to be written to encrypted file system;
The encrypted file system module, be used to provide the encrypted file system of preserving digital content use right and digital content, use right and digital content to carry out cryptographic operation to the digital content that writes encrypted file system, use right and digital content to be decrypted operation the digital content of reading encrypted file system;
The encrypted file system load-on module is used to load the encrypted file system module, and the digital content of preserving in the encrypted file system that the user can be provided the encrypted file system module uses right and digital content to conduct interviews;
The encrypted file system Unload module is used to unload the encrypted file system module, and the digital content of preserving in the encrypted file system that the user can not be provided the encrypted file system module uses right and digital content to conduct interviews.
Described control module is further used for reading the digital content of preserving in the calculator memory according to the request that is received from the content tool using and uses right, judge whether the digital content tool using has digital content and use right, use right if the digital content tool using has digital content, then allow the content tool using to use digital content to use right; Otherwise, do not allow the content tool using to use digital content to use right.
Described control module is further used for revising the digital content of preserving in the calculator memory according to the request that is received from the content tool using and uses right.
Described control module is further used at the encrypted file system loading duration, changes, deletes, writes or read the digital content of preserving in the calculator memory and use right.
The encrypted file system that described encrypted file system module provides comprises:
The file system head, be used to preserve random number Salt, checking character string, file system front page this, the verification of key and, file system creates modification time, reserved area and data encryption key information;
The data field is used to preserve digital content and uses right and digital content.
Random number Salt in the described file system head is used for combining with the password that lands of input, according to the encryption key of certain password generating algorithm spanned file system head;
Checking character string in the described file system head is used for showing and is obtaining the process of data encryption key, judges trial solution decryption key generating algorithm, cryptographic algorithm, encryption mode, and the size of cryptographic block, whether the combination of the length of key is correct;
File system front page in the described file system head this, be used to guarantee to write the compatibility between encrypted file system content and the encrypted file system;
The verification of the key in the described file system head and, be used for trial solution decryption key generating algorithm, cryptographic algorithm, encryption mode, the size of cryptographic block, after the combination of the length of key, the data encryption key that obtains according to deciphering obtain verification and, judge the data encryption key verification of obtaining with the file system head in the verification of key and whether consistent, whether correct with this combination of judging trial;
File system in the described file system head is created modification time, is used to show the establishment and the modification time of file system;
Reserved area in the described file system head is used for later expansion;
Data encryption key information in the described file system head is used for digital content use right and digital content that encrypted data region is preserved.
Random number Salt in the file system head of described encrypted file system does not encrypt, checking character string in the file system head of described encrypted file system, file system front page this, the verification of key and, file system creates modification time, reserved area and data encryption key information and encrypts, described encrypted file system is all encrypted whole encrypted file system, the filename, the folder name that comprise the encrypted file system data field, the content of file and free space.
The file system head of described encrypted file system is by the secret key encryption that password, salt and key schedule generate of landing of input, described key schedule adopts general HMAC-RIPEMD-160, HMAC-SHA-1 or HMAC-WHIRLPOOL standard, and described Salt is used to increase the difficulty of assailant's off-line decryption.
The data field of described encrypted file system is encrypted by the data encryption key in the file system head, and described data encryption key is generated by random number generator, and random number generator generates the data encryption key and the salt of data field.
Described random number adopts the random number generating mode of the universal standard, or adopts the generating mode of the selected random number source of customization.
The generating mode of the random number source that described customization is selected comprises at least: the physical characteristic of the time interval of mouse moving, keystroke, the key assignments of keystroke, hard disk, the network characteristic of network interface card or operating system timer.
Described encrypted file system module adopts the data encryption key in the file system head to use right and digital content to encrypt to the digital content that writes when using right and digital content to carry out cryptographic operation to the digital content that writes encrypted file system;
Described encrypted file system module adopts the data encryption key in the file system head that content is decrypted when using right and digital content to be decrypted operation to the digital content of reading encrypted file system.
When described encrypted file system module is being used right and digital content is encrypted or during decryption oprerations to digital content, described encrypted file system module is according to the salt of preceding 64 bytes of password of importing and file system head, attempt the size of key schedule, cryptographic algorithm, encryption mode, cryptographic block and the various combinations that length allowed of key successively, judge whether described combination is satisfied:
1), with above-mentioned 5 various combination declassified document heads, if the checking character string after the deciphering is the specific character of appointment originally;
2), the deciphering after data encryption key verification and equal in the file header key verification and in content;
If satisfy, then this combination is correct, and the password of input also is correct; Otherwise this combination is incorrect;
If attempted after all combinations still incorrect, the password bad of explanation input then.
Described encrypted file system load-on module judges whether the password of input is correct when loading the encrypted file system module, if correct, then load the encrypted file system module; Otherwise, do not load the encrypted file system module.
Described encrypted file system Unload module unloads the encrypted file system module after receiving the order of closing related application or unloading encrypted file system module.
(3) beneficial effect
From technique scheme as can be seen, the present invention has following beneficial effect:
1, utilizes the present invention, by having made up an encrypted file system based on filter Driver on FSD at the operating system nucleus layer, the digital content that needs to preserve uses right to be kept in this encrypted file system, the user has only the correct password of input could load this encrypted file system, uses right and digital content thereby visit the digital content of preserving in this encrypted file system.When loading this file system, use right to read in the internal memory of computer digital content, afterwards digital content being used increase, the deletion of right or revised all is the operation of using right to carry out to the digital content that is kept in the internal memory, in the time of this encrypted file system of unloading, use right to write the original digital content use right of this encrypted file system covering the digital content that is kept in the internal memory, thereby stoped modification and the deletion of digital content being used right, improved the fail safe of digital content use right.
2, the present invention is with respect to prior art; fail safe is higher; and it is transparent to media content, media player; use the protective value of right better to digital content; the user has no chance to use right to delete or alter to digital content at all, has guaranteed that effectively digital content uses the fail safe of right.
3, the realization digital content provided by the invention safety system that uses right can be embedded into very easily in the complete digital copyright protection system and go as a module independently, is very beneficial for promotion and application of the present invention.
Description of drawings
Fig. 1 is typical DRM system reference architectural schematic;
Fig. 2 is the schematic diagram that realization digital content provided by the invention is used the right safety system;
Fig. 3 is the structural representation of encrypted file system provided by the invention;
The schematic diagram that Fig. 4 uses right to protect for the present invention to digital content.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, below in conjunction with specific embodiment, and with reference to accompanying drawing, the present invention is described in more detail.
The present invention will use the protection of right to be distributed in the core layer and the application layer of operating system to digital content; realize an encrypted file system module in core layer; the encrypting storing digital content is used right; guarantee that the user who only has corresponding password just can visit this encrypted file system module, and realize using the read-write operation of right to realize real-time encryption and decryption at digital content.When realizing the encrypted file system module loading, application layer use right to write calculator memory digital content, when unloading encrypted file system module, use right to be written in the encrypted file system that the encrypted file system module provides the digital content in the calculator memory.
As shown in Figure 2, Fig. 2 is the schematic diagram that realization digital content provided by the invention is used the right safety system, and this system comprises control module, encrypted file system module, encrypted file system load-on module and encrypted file system Unload module.
Wherein, control module is used for using right and digital content to write or read the encrypted file system that the encrypted file system module provides digital content, and call encrypted file system load-on module or encrypted file system Unload module, after loading the encrypted file system module, will make digital content use right to write calculator memory, and in real time use right according to the digital content in the operating position update calculation machine internal memory of digital content, the digital content of upgrading in calculator memory before unloading encrypted file system module uses right to be written to encrypted file system.It is mutual to realize that digital content uses the right safety system to take place by the control module and the external world, realizes the protection to digital content use right.
Realize that digital content use right safety system has constituted a believable client under the content consumption environment; the user at first obtains protected by copyright digital content to extraneous as the content server application by control module, obtains digital content to the license server application and uses right.Control module responding digital content tool using reads digital content and uses right determination number word content tool using whether to have corresponding digital content use right the request of digital content use right.Control module is upgraded digital content dynamically according to the operating position of digital content and is used right, and for example along with the use of content, the broadcasting time of the permission of relevance or reproduction time all can reduce accordingly.
The encrypted file system module is used to provide the encrypted file system of preserving digital content use right and digital content, use right and digital content to carry out cryptographic operation to the digital content that writes encrypted file system, use right and digital content to be decrypted operation the digital content of reading encrypted file system.The user has only the correct password of input just can visit this encrypted file system, and the content in the control module monitoring encrypted file system can not be copied away, promptly have only control module just can use digital content right to write this encrypted file system, after encrypted file system loads, use right to read in calculator memory digital content immediately, before the encrypted file system unloading, use right to be written to encrypted file system the digital content in the internal memory.So just stoped digital content is used the illegal deletion of right or distorted.
The encrypted file system load-on module,, being used to load the encrypted file system module, the digital content of preserving in the encrypted file system that the user can be provided the encrypted file system module uses right and digital content to conduct interviews.
The encrypted file system Unload module is used to unload the encrypted file system module, and the digital content of preserving in the encrypted file system that the user can not be provided the encrypted file system module uses right and digital content to conduct interviews.
Above-mentioned control module is further used for reading the digital content of preserving in the calculator memory according to the request that is received from the content tool using and uses right, judge whether the digital content tool using has digital content and use right, use right if the digital content tool using has digital content, then allow the content tool using to use digital content to use right; Otherwise, do not allow the content tool using to use digital content to use right.
Above-mentioned control module is further used for revising the digital content of preserving in the calculator memory according to the request that is received from the content tool using and uses right.
Above-mentioned control module is further used at the encrypted file system loading duration, changes, deletes, writes or read the digital content of preserving in the calculator memory and use right.
The encrypted file system that above-mentioned encrypted file system module provides as shown in Figure 3, Fig. 3 is the structural representation of encrypted file system provided by the invention, this encrypted file system comprises the file system head, be used to preserve random number Salt, checking character string, file system front page this, the verification of key and, file system creates modification time, reserved area and data encryption key information; The data field is used to preserve digital content and uses right and digital content.
Random number Salt in the above-mentioned file system head is used for combining with the password that lands of input, according to the encryption key of certain password generating algorithm spanned file system head.
Checking character string in the above-mentioned file system head is used for showing and is obtaining the process of data encryption key, judges trial solution decryption key generating algorithm, cryptographic algorithm, encryption mode, and the size of cryptographic block, whether the combination of the length of key is correct.
File system front page in the above-mentioned file system head this, be used to guarantee to write the compatibility between encrypted file system content and the encrypted file system.
The verification of the key in the above-mentioned file system head and, be used for trial solution decryption key generating algorithm, cryptographic algorithm, encryption mode, the size of cryptographic block, after the combination of the length of key, the data encryption key that obtains according to deciphering obtain verification and, judge the data encryption key verification of obtaining with the file system head in the verification of key and whether consistent, whether correct with this combination of judging trial.
File system in the above-mentioned file system head is created modification time, is used to show the establishment and the modification time of file system.
Reserved area in the above-mentioned file system head is used for later expansion.
Data encryption key information in the above-mentioned file system head is used for digital content use right and digital content that encrypted data region is preserved.
Random number Salt in the file system head of above-mentioned encrypted file system does not encrypt, the checking character string in the file system head of encrypted file system, file system front page this, the verification of key and, file system creates modification time, reserved area and data encryption key information and encrypts.Encrypted file system is all encrypted whole encrypted file system, comprises filename, the folder name of encrypted file system data field, the content of file and free space etc.
The file system head of above-mentioned encrypted file system is by the secret key encryption that password, salt and key schedule generate of landing of input, key schedule adopts standards such as general HMAC-RIPEMD-160, HMAC-SHA-1 or HMAC-WHIRLPOOL, and Salt is used to increase the difficulty of assailant's off-line decryption.
The data field of above-mentioned encrypted file system is encrypted by the data encryption key in the file system head, and data encryption key is generated by random number generator, and random number generator generates the data encryption key and the salt of data field.Random number adopts the random number generating mode of the universal standard, or adopts the generating mode of the selected random number source of customization.The generating mode of the random number source that customization is selected comprises at least: the physical characteristic of the time interval of mouse moving, keystroke, the key assignments of keystroke, hard disk, the network characteristic of network interface card or operating system timer etc.
Above-mentioned encrypted file system module is when using right and digital content to carry out cryptographic operation to the digital content that writes encrypted file system, adopt the data encryption key in the file system head to use right and digital content to encrypt, then the data encrypted content is write this file system the digital content that writes.The encrypted file system module adopts the data encryption key in the file system head that content is decrypted when using right and digital content to be decrypted operation to the digital content of reading encrypted file system, and the content after will deciphering is then returned.
When described encrypted file system module is being used right and digital content is encrypted or during decryption oprerations to digital content, described encrypted file system module is according to the salt of preceding 64 bytes of password of importing and file system head, attempt the size of key schedule, cryptographic algorithm, encryption mode, cryptographic block and the various combinations that length allowed of key successively, judge whether described combination is satisfied:
1), with above-mentioned 5 various combination declassified document heads, if the checking character string after the deciphering is the specific character of appointment originally;
2), the deciphering after data encryption key verification and equal in the file header key verification and in content;
If satisfy, then this combination is correct, and the password of input also is correct; Otherwise this combination is incorrect;
If attempted after all combinations still incorrect, the password bad of explanation input then.
Above-mentioned encrypted file system load-on module judges whether the password of input is correct when loading the encrypted file system module, if correct, then load the encrypted file system module; Otherwise, do not load the encrypted file system module.The encrypted file system Unload module unloads the encrypted file system module after receiving the order of closing related application or unloading encrypted file system module.
System determines whether loading this file system module according to the password of user's input, and the input password correctly just loads this file system module; When file system module loads, use right to read in the internal memory of computer the digital content of preserving in the file system.At the file system module loading duration, operations such as the change of the use right that all are related with digital content, deletion, increase all are to reading in the use right operation in the internal memory, and are irrelevant with the use right that is kept in the file system.
In the time of unloading of file system, the use right that is kept at the current digital relevance in the calculator memory write back in the file system go.After the unloading, the user can not visit this encrypted file system.
Below in conjunction with the schematic diagram of the described realization digital content use right safety system provided by the invention of Fig. 2, illustrate and realize digital content use right safety system workflow.Realize that digital content use right safety system workflow comprises that preproduction phase and digital content tool using use the digital content stage.
Wherein, the preproduction phase comprises:
1. create an encrypted file system:
Encrypted file system can be based on file or a Free Partition, and the user at first specifies a filename or idle subregion, and system will set up an encrypted file system on the basis of this file or Free Partition.The user is when creating encrypted file system, the login password of importing when selecting to load this encrypted file system, and the generating algorithm of the encryption key of select File system head, the cryptographic algorithm in file system data district, the encryption mode of data, the size of data encryption piece and the information such as length of key, then according to encrypted file system of information creating of selecting.
2. the user at first inputs the correct password that lands at this encrypted file system of loading, has only and has inputed the correct password that lands, and the user just can visit this file system, otherwise this file system is invisible.
3. control module is at first called the encrypted file system load-on module and is loaded encrypted file system; user's difference accessed content server and license server obtain digital content protected by copyright and digital content use right then; control module uses right, digital content to write in the encrypted file system and go the digital content of user applies, and calls encrypted file system Unload module unloading encrypted file system module.
4. work as data and write this encrypted file system, this encrypted file system module is carried out encrypting storing to it automatically, and when data were read this encrypted file system, this encrypted file system was decrypted operation to it automatically.Digital content uses right just to be kept in this encrypted file system.
The digital content tool using uses the content stage to comprise:
1. control module is at first called the encrypted file system load-on module;
2. the encrypted file system load-on module loads encrypted file system;
3. the control module use right that will be kept at the digital content association in the encrypted file system is read in the calculator memory.
4. when the digital content tool using uses digital content protected by copyright; need to judge whether the user has corresponding use right; therefore the digital content tool using sends request to control module, requires control module to judge whether digital content has corresponding right.
5. control module obtains the use right in the calculator memory, and according to current context environmental, judge whether the digital content tool using has corresponding right, and the result that will judge returns to the digital content tool using.
6. along with of the use of digital content tool using to digital content, the use right of digital content association may change, as the change of operable time, the change of operable number of times, all these all are to reading in the operation of the use right in the internal memory to the operation of using right.
7. after the user uses digital content, when preparing to log off, the use right of control module after with current renewal in the calculator memory writes back in the encrypted file system goes.Even the user can utilize file system to load like this, delete the use right and alter also inoperative the opportunity that use right in the file system can be visited, because after the file system unloading, being kept in the file system is the use right information of the current last state in the calculator memory, the user the various illegal operations of using right to carry out are not worked.
8. control module is called the encrypted file system Unload module;
9. the encrypted file system Unload module unloads encrypted file system;
It more than is exactly the entire flow of native system.
The schematic diagram that Fig. 4 uses right to protect for the present invention to digital content.The present invention will use the protection of right to be distributed in the application layer and the core layer of operating system to digital content; realize an encrypted file system module in core layer; the encrypting storing digital content is used right; guarantee that the user who only has corresponding password just can visit this encrypted file system module, and realize using the read-write operation of right to realize real-time encryption and decryption at digital content.When realizing the encrypted file system module loading, application layer use right to write calculator memory digital content, when unloading encrypted file system module, use right to be written in the encrypted file system that the encrypted file system module provides the digital content in the calculator memory.So just have no chance to use right to delete or distort, even perhaps deletion or distort also inoperative to digital content.
Above-described specific embodiment; purpose of the present invention, technical scheme and beneficial effect are further described; institute is understood that; the above only is specific embodiments of the invention; be not limited to the present invention; within the spirit and principles in the present invention all, any modification of being made, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (15)
1. realize that digital content uses the safety system of right for one kind, it is characterized in that this system comprises:
Control module, be used for using right and digital content to write or read the encrypted file system that the encrypted file system module provides digital content, and call encrypted file system load-on module or encrypted file system Unload module, after loading the encrypted file system module, will make digital content use right to write calculator memory, and in real time use right according to the digital content in the operating position update calculation machine internal memory of digital content, the digital content of upgrading in calculator memory before unloading encrypted file system module uses right to be written to encrypted file system;
The encrypted file system module, be used to provide the encrypted file system of preserving digital content use right and digital content, use right and digital content to carry out cryptographic operation to the digital content that writes encrypted file system, use right and digital content to be decrypted operation the digital content of reading encrypted file system;
The encrypted file system load-on module is used to load the encrypted file system module, and the digital content of preserving in the encrypted file system that the user can be provided the encrypted file system module uses right and digital content to conduct interviews;
The encrypted file system Unload module is used to unload the encrypted file system module, and the digital content of preserving in the encrypted file system that the user can not be provided the encrypted file system module uses right and digital content to conduct interviews.
2. realization digital content according to claim 1 is used the safety system of right, it is characterized in that,
Described control module is further used for reading the digital content of preserving in the calculator memory according to the request that is received from the content tool using and uses right, judge whether the digital content tool using has digital content and use right, use right if the digital content tool using has digital content, then allow the content tool using to use digital content to use right; Otherwise, do not allow the content tool using to use digital content to use right.
3. realization digital content according to claim 1 is used the safety system of right, it is characterized in that,
Described control module is further used for revising the digital content of preserving in the calculator memory according to the request that is received from the content tool using and uses right.
4. realization digital content according to claim 1 is used the safety system of right, it is characterized in that,
Described control module is further used for during the encrypted file system module loading, changes, deletes, writes or read the digital content of preserving in the calculator memory and use right.
5. realization digital content according to claim 1 is used the safety system of right, it is characterized in that the encrypted file system that described encrypted file system module provides comprises:
The file system head, be used to preserve random number Salt, checking character string, file system front page this, the verification of key and, file system creates modification time, reserved area and data encryption key;
The data field is used to preserve digital content and uses right and digital content.
6. realization digital content according to claim 5 is used the safety system of right, it is characterized in that,
Random number Salt in the described file system head is used for combining with the password that lands of input, according to certain key schedule spanned file system encryption key;
Checking character string in the described file system head, be used for showing and obtaining the process of data encryption key whether the combination of the size of the key schedule of a judgement trial declassified document system encryption key, cryptographic algorithm, encryption mode, cryptographic block and the length of key is correct;
File system front page in the described file system head this, be used to guarantee to write the compatibility between encrypted file system content and the encrypted file system;
The verification of the key in the described file system head and, after being used to attempt the combination of length of the size of key schedule, cryptographic algorithm, encryption mode, cryptographic block of a declassified document system encryption key and key, the data encryption key that obtains according to deciphering obtain verification and, judge the data encryption key verification obtain with the file system head in the verification of key and whether consistent, whether correct with this combination of judging trial;
File system in the described file system head is created modification time, is used to show the establishment and the modification time of file system;
Reserved area in the described file system head is used for later expansion;
Data encryption key in the described file system head is used for digital content use right and digital content that encrypted data region is preserved.
7. realization digital content according to claim 5 is used the safety system of right; it is characterized in that; random number Salt in the file system head of described encrypted file system does not encrypt; checking character string in the file system head of described encrypted file system; the file system front page originally; the verification of key and; file system is created modification time; reserved area and data encryption key are encrypted; the data field of described encrypted file system is to be encrypted by the data encryption key in the file system head; the filename that comprises the encrypted file system data field; folder name, the content of file and free space.
8. realization digital content according to claim 7 is used the safety system of right; it is characterized in that; the file system head of described encrypted file system is by the secret key encryption that password, Salt and key schedule generate of landing of input; described key schedule adopts general HMAC-RIPEMD-160, HMAC-SHA-1 or HMAC-WHIRLPOOL standard, and described Salt is used to increase the difficulty of assailant's off-line decryption.
9. realization digital content according to claim 7 is used the safety system of right; it is characterized in that; the data field of described encrypted file system is encrypted by the data encryption key in the file system head; described data encryption key is generated by random number generator, and random number generator generates the data encryption key and the Salt of data field.
10. realization digital content according to claim 9 is used the safety system of right, it is characterized in that, described random number adopts the random number generating mode of the universal standard, or adopts the generating mode of the selected random number source of customization.
11. realization digital content according to claim 10 is used the safety system of right, it is characterized in that, the generating mode of the random number source that described customization is selected comprises at least:
The physical characteristic of the time interval of mouse moving, keystroke, the key assignments of keystroke, hard disk, the network characteristic of network interface card or operating system timer.
12. realization digital content according to claim 5 is used the safety system of right, it is characterized in that,
Described encrypted file system module adopts the data encryption key in the file system head to use right and digital content to encrypt to the digital content that writes when using right and digital content to carry out cryptographic operation to the digital content that writes encrypted file system;
Described encrypted file system module adopts the data encryption key in the file system head that content is decrypted when using right and digital content to be decrypted operation to the digital content of reading encrypted file system.
13. realization digital content according to claim 12 is used the safety system of right; it is characterized in that; when described encrypted file system module is being used right and digital content is encrypted or during decryption oprerations to digital content; described encrypted file system module is according to the Salt of preceding 64 bytes of password of importing and file system head; attempt the size of key schedule, cryptographic algorithm, encryption mode, cryptographic block and the various combinations that length allowed of key successively, judge whether described combination satisfies following two conditions:
1), with above-mentioned 5 various combination declassified document system head, if the checking character string after the deciphering is the specific character string of appointment originally, i.e. the checking character string of preserving in the file system head;
2), the deciphering after data encryption key verification and equal in the file system head key verification and in content;
If satisfy above-mentioned two conditions, then this combination is correct, and the password of input also is correct; Otherwise this combination is incorrect;
If attempted after all combinations still incorrect, the password bad of explanation input then.
14. realization digital content according to claim 1 is used the safety system of right, it is characterized in that described encrypted file system load-on module judges whether the password of input is correct when loading the encrypted file system module, if correct, then load the encrypted file system module; Otherwise, do not load the encrypted file system module.
15. realization digital content according to claim 1 is used the safety system of right; it is characterized in that; described encrypted file system Unload module unloads the encrypted file system module after receiving the order of closing related application or unloading encrypted file system module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610112550A CN101132275B (en) | 2006-08-23 | 2006-08-23 | Safety system for implementing use right of digital content |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610112550A CN101132275B (en) | 2006-08-23 | 2006-08-23 | Safety system for implementing use right of digital content |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101132275A CN101132275A (en) | 2008-02-27 |
| CN101132275B true CN101132275B (en) | 2010-05-12 |
Family
ID=39129408
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200610112550A Active CN101132275B (en) | 2006-08-23 | 2006-08-23 | Safety system for implementing use right of digital content |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101132275B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101585057B1 (en) * | 2008-09-05 | 2016-01-14 | 삼성전자주식회사 | Method and apparatus for managing digital rights management module |
| CN104809364A (en) * | 2014-01-24 | 2015-07-29 | 中辉世纪传媒发展有限公司 | Method and device for processing of application program of digital rights management (DRM) client |
| CN106656476B (en) * | 2017-01-18 | 2020-12-01 | 腾讯科技(深圳)有限公司 | Password protection method and device and computer readable storage medium |
| CN107688463B (en) * | 2017-09-21 | 2020-08-18 | 杭州全维技术股份有限公司 | Method for packaging version file of embedded equipment |
| CN108809939B (en) * | 2018-04-25 | 2021-08-24 | 安克创新科技股份有限公司 | Audio and video processing method, playing method and base station |
| CN111339578A (en) * | 2020-02-21 | 2020-06-26 | 苏州浪潮智能科技有限公司 | Key access method, device, system, equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1392700A (en) * | 2001-06-15 | 2003-01-22 | 三星电子株式会社 | System and method for protecting content data |
| CN1525682A (en) * | 2003-02-25 | 2004-09-01 | Issuing a publisher use license off-line in a digital rights management (DRM) system |
-
2006
- 2006-08-23 CN CN200610112550A patent/CN101132275B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1392700A (en) * | 2001-06-15 | 2003-01-22 | 三星电子株式会社 | System and method for protecting content data |
| CN1525682A (en) * | 2003-02-25 | 2004-09-01 | Issuing a publisher use license off-line in a digital rights management (DRM) system |
Non-Patent Citations (7)
| Title |
|---|
| 俞银燕等.数字版权保护技术研究综述.计算机学报28 12.2005,28(12),1957-1967. |
| 俞银燕等.数字版权保护技术研究综述.计算机学报28 12.2005,28(12),1957-1967. * |
| 李栋栋 |
| 李栋栋;谭建龙.基于本体的权限管理系统的研究与实现.计算机工程31 13.2005,31(13),43-45. * |
| 谭建龙.基于本体的权限管理系统的研究与实现.计算机工程31 13.2005,31(13),43-45. |
| 谭建龙等.一种实用Internet内容版权保护系统的设计与实现.计算机研究与发展38 10.2001,38(10),1999-1203. |
| 谭建龙等.一种实用Internet内容版权保护系统的设计与实现.计算机研究与发展38 10.2001,38(10),1999-1203. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101132275A (en) | 2008-02-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101729550B (en) | Digital content safeguard system based on transparent encryption and decryption, and encryption and decryption method thereof | |
| US8856521B2 (en) | Methods and systems for performing secure operations on an encrypted file | |
| CN101364984B (en) | Method for guarantee safety of electronic file | |
| CN100592313C (en) | Electric document anti-disclosure system and its implementing method | |
| JP4759513B2 (en) | Data object management in dynamic, distributed and collaborative environments | |
| JP4304220B2 (en) | Computer-readable recording medium having recorded self-protecting document and method of using self-protecting document | |
| US8296585B2 (en) | Method of encrypting/decrypting the document and a safety management storage device and system method of its safety management | |
| CN102084373B (en) | Backing up digital content that is stored in a secured storage device | |
| JP5033916B2 (en) | Digital copyright management method for compressed files | |
| JP4662138B2 (en) | Information leakage prevention method and system | |
| CN104834835B (en) | A kind of general digital rights protection method under windows platform | |
| CN101132275B (en) | Safety system for implementing use right of digital content | |
| CN102053925A (en) | Realization method of data encryption in hard disk | |
| US20080320601A1 (en) | Providing access rights to portions of a software application | |
| WO2007035453A1 (en) | Transactional sealed storage | |
| KR100440037B1 (en) | Document security system | |
| CN104778954B (en) | A kind of CD subregion encryption method and system | |
| CN104580083A (en) | System and method for providing safety protection for financial system | |
| JP4471129B2 (en) | Document management system, document management method, document management server, work terminal, and program | |
| CA2475384A1 (en) | System and method for digital content management and controlling copyright protection | |
| US8321915B1 (en) | Control of access to mass storage system | |
| JP5631251B2 (en) | Information leakage prevention method | |
| JP3624971B2 (en) | Software usage control method | |
| TWI381285B (en) | Rights management system for electronic files | |
| CN105205403A (en) | Method and system for managing and controlling file data of local area network based on file filtering |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |