CN101315654A - Method and system for validating permission - Google Patents
Method and system for validating permission Download PDFInfo
- Publication number
- CN101315654A CN101315654A CNA2007101058989A CN200710105898A CN101315654A CN 101315654 A CN101315654 A CN 101315654A CN A2007101058989 A CNA2007101058989 A CN A2007101058989A CN 200710105898 A CN200710105898 A CN 200710105898A CN 101315654 A CN101315654 A CN 101315654A
- Authority
- CN
- China
- Prior art keywords
- license
- permission
- equipment
- relevant information
- checking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a method for permission verification, which is used for guaranteeing and improving the safety of a network. The method comprises the steps that: a digital copyright management terminal receives permission; verification is carried out to the permission according to the relevant information of permission generating equipment which generates or inducts the permission in a domain manager; furthermore, the digital copyright management terminal installs the permission after passing the verification. The invention also discloses various domain managers, digital copyright management terminals and systems.
Description
Technical field
The present invention relates to the communications field, particularly relate to the method and system of checking permission.
Background technology
In order to protect the possessory legitimate rights and interests of digital content; digital copyright management (DigitalRights Management has now been proposed; DRM) solution; by contents encryption key (the ContentEncryption Key that comprises encryption; CEK) and permission (the Rights Object of the use right of this content correspondence and restriction; RO) control use to digital content; digital copyright management terminal (Digital Rights Management Agent with digital rights management function; DRM Agent) have only and have content data packets and permission simultaneously, could be according to authority in the permission and the digital content of curbing consumption and being bought.Wherein the validity of checking license is one of key link that guarantees digital content security.
The process of brief description prior art checking permission is referring to structural drawing shown in Figure 1.
The user sets up the territory at domain manager, wherein comprises DRM Agent1 and DRM Agent2.(Rights Issuer RI) generates the mandate that permission must obtain domain manager before for the territory to permit server.It is that the term of validity (ExpiresAfter) of territory issue permission signs that (Validation Token VT), and sends to RI with VT in authorized statement that domain manager allows RI to the PKI (RIPublicKey) of RI and domain manager.RI sends to DRM Agent1 together with VT and license.DRM Agent1 uses the PKI of domain manager that the signature of VT is verified, and verifies whether before the deadline this license.If domain manager was ended the mandate to RI before the term of validity, and RI breaks one's promise, then RI may still use former VT to send permission to DRM Agent1 after being ended to authorize, because DRM Agent1 can't be known RI and be ended to authorize, so still can installation license, cause digital content illegally to be used.
DRM Agent1 need be when DRM Agent2 sends permission, and (Domain KeyDiversification KD) calculates the MAC (being DeviceMAC) of RO, and DeviceMAC, RO and VT are sent to DRM Agent2 together to use domain key.DRM Agent2 uses the public key verifications VT signature of domain manager, uses domain key checking DeviceMAC, but installation license after checking is all passed through.DRM Agent1 needs to calculate MAC when sending license at every turn, operates comparatively loaded down with trivial details.And,, cause illegally permitting in the territory infinitely propagating owing to DRM Agent2 does not verify the term of validity of permission.
To sum up, because RI breaks one's promise and the term of validity from the license of DRM Agent1 is not verified that cause illegally permitting infinitely propagation in the territory, digital content is by illegal use.And, by above description as can be known, when sending permission, DRM Agent2 all to send VT simultaneously to DRM Agent1 transmission permission and DRM Agent1 at RI at every turn at every turn, and VT is repeatedly repeated transmission, causes the redundancy in the transmission.
Summary of the invention
The embodiment of the invention provides a kind of method and system of verifying license, is used for guaranteeing and improving the security of digital content.
A kind of method of verifying permission may further comprise the steps:
Digital copyright management terminal receives permission;
The relevant information that generates equipment according to the permission that generates or import described permission in the domain manager verifies described permission, and, by verifying that the back digital copyright management terminal installing described permission.
A kind of domain manager comprises:
Memory module is used to store the relevant information that the permission that generates or import permission generates equipment;
Receiver module is used for the request message that Receipt Validation is permitted, described request message comprises the information of needs checking;
Authentication module, be used for according to described request message, and the described memory module license that generates or the import described license relevant information that generates equipment described license is verified, and checking by the time generate the result that expression allows installation license;
Sending module is used for sending described the result to described digital copyright management terminal.
A kind of digital copyright management terminal comprises:
Receiver module be used for to receive license, and the generation that sends of acceptance domain manager or the license that imports described license generate the relevant information of equipment;
Control module be used for indicating when receiving license authentication module that described license is verified, and the result of making according to described authentication module operates accordingly;
Authentication module is used for according to described relevant information described permission being verified, and generates the checking result that expression allows installation license in checking by the back.
A kind of digital copyright management terminal comprises:
Receiver module is used for receiving permission;
Sending module is used for to outside equipment sending message;
Control module is used for indicating when receiving described license described sending module to send the request that is used for verifying described license to domain manager, and this request comprises the information of needs checking;
Judge module is used for judging that whether the result that domain manager that described receiver module receives returns is to allow described license is installed, and notify described control module to operate accordingly.
A kind of system for numeral copyright management comprises:
Domain manager is used for when change generates the mandate of equipment to the permission that is used to generate or import permission or the permission that increases generated device authorization the relevant information of determining and preserving this permission generation equipment;
Digital copyright management terminal is used for receiving permission, and according to the relevant information that the generation that obtains from described domain manager or the permission that imports this permission generate equipment this permission is verified, and by the checking back this permission is being installed.
A kind of system for numeral copyright management comprises:
Digital copyright management terminal is used for receiving permission, and sends the request that is used to verify this permission, and operates accordingly according to the checking result who receives; Wherein, described request comprises the information of needs checking;
Domain manager, the relevant information of the permission generation equipment that is used for the generation of preserving according to request and this locality of described data copyright management terminal or imports described permission is verified this permission, and generate and allow to described digital copyright management terminal transmission the checking result of installation license after checking is passed through.
In the embodiment of the invention, the permission that generates or import permission according to domain manager being used to of preserving generates the relevant information of equipment permission is verified, avoided DRM Agent to be ended to authorize the back that the situation of the permission of this permission generation equipment issue, the security that guarantees and improved digital content are installed at permission generation equipment.
Description of drawings
Fig. 1 is the synoptic diagram of checking permission in the prior art;
Fig. 2 is the main method flow chart of checking license in the embodiment of the invention;
Fig. 3 is the structural drawing of system in the embodiment of the invention;
Fig. 4 is by the structure chart of DRM Agent when license checking domain manager in the embodiment of the invention;
Fig. 5 is by the structural drawing of DRM Agent when permission checking DRM Agent in the embodiment of the invention;
Fig. 6 is the concrete grammar flow chart of first kind of checking license in the embodiment of the invention;
Fig. 7 is the concrete grammar flow chart of second checking license in the embodiment of the invention;
Fig. 8 is the concrete grammar flow chart of the third checking license in the embodiment of the invention;
Fig. 9 is the concrete grammar flow chart of the 4th kind of checking license in the embodiment of the invention;
Figure 10 is the concrete grammar flow chart of the 5th kind of checking license in the embodiment of the invention;
Figure 11 A is by the structure chart of domain manager when license checking domain manager in the embodiment of the invention;
Figure 11 B is by the structural drawing of domain manager when permission checking DRM Agent in the embodiment of the invention;
Figure 12 is the method flow diagram of the 6th kind of checking license in the embodiment of the invention;
Figure 13 is the flow chart of domain manager checking license in the embodiment of the invention.
Embodiment
In embodiments of the present invention, domain manager has the relevant information of permission generation equipment, preserved according to this locality by domain manager or DRM Agent verifies permission according to the relevant information that the permission of obtaining from domain manager generates equipment, to guarantee the security of digital content.
Domain manager is in charge of user domain (being called for short the territory in the present embodiment) in the present embodiment, comprises that control DRM Agent adds/leave user domain, authorization generation equipment is user domain or the equipment generation of domain manager management or imports license etc.
Permission generation equipment comprises permit server (Rights Issuer in the present embodiment, RI) and/or local permit manager (Local Rights Manager, LRM), wherein, RI is responsible for the corresponding permission of generation and distribution and digital content, permission comprise encryption contents encryption key (Content Encryption Key, CEK) and the use right and the restriction of this content correspondence; LRM is used to import the content and the permission of other DRM system protection.LRM can be individual equipment importing content and license, also can be territory importing content and license.Permission in the present embodiment is the permission of RI generation or the permission that is imported by LRM, and the permission that generates with RI is that example describes below.
The relevant information of permission generation equipment comprises that permission generates equipment mark in the present embodiment, PKI, be used for the domain identifier tabulation (present embodiment is labeled as DomainIDList) of recording domain sign, be used for the device identification tabulation (present embodiment is labeled as DeviceIDList) of recording unit sign, be used for controlling the term of validity (present embodiment is labeled as TSInstallRO) that permission generation equipment is issued the term of validity (present embodiment claims TSCreateRO) of permission and is used for controlling the permission of installation license generation equipment generation, can also comprise: certificate chain (comprise certificate, certificate comprises PKI) and certificate revocation state etc.Wherein, the domain identifier among the DomainIDList is represented to allow or is forbidden permitting generation equipment to generate or the issue permission for the territory of this domain identifier correspondence.Device identification among the DeviceIDList is represented to allow or is forbidden permitting generation equipment to generate for this device identification corresponding equipment or the issue permission.TSCreateRO is illustrated in the interior permission of this term of validity or forbids permitting generation equipment to generate or the issue permission.TSInstallRO is illustrated in the permission that allows in this term of validity or forbid generation of installation license generation equipment or issue.About above-mentioned DomainIDList, DeviceIDList, TSCreateRO and TSInstallRO, present embodiment describes as an example of expression permission issue license example.
Permit the corresponding one or more DomainIDList of generation equipment and/or DeviceIDList for one, different DomainIDList or DeviceIDList can corresponding different TSCreateRO and/or TSInstallRO.Wherein, TSCreateRO and TSInstallRO can represent with single termination constantly, as 2007/6/1, also can constantly represent with an initial moment and a termination, as 2007/1/1,2007/6/1.
Domain manager is known the information such as the PKI of this license generation equipment and certificate chain in the present embodiment when mutually authenticating with license generation equipment.When the mandate of license generation equipment changes, its relevant information (PKI, certificate, DomainIDList, DeviceIDList, TSCreateRO and TSInstallRO) is determined voluntarily by domain manager, and/or is determined with the negotiation of license generation equipment is rear by domain manager.Wherein, domain manager the process that mutually authenticates with license generation equipment can for license generation equipment in the process of domain manager registration or generate the process of facility registration in license for domain manager.The process that domain manager and license generation equipment are consulted can have multiple, is that domain manager arranges concurrent serving and states relevant information and give license generation equipment such as a kind of implementation, is confirmed and is sent response message to domain manager by license generation equipment; Be that license generation equipment arranges concurrent serving and states relevant information and give domain manager such as another kind of implementation, confirm and send response message to license generation equipment by domain manager.Domain manager and license generation equipment all have above-mentioned relevant information.
Referring to Fig. 2, the main method flow process of checking permission is as follows in the present embodiment:
Step 201:DRM Agent receives license from license generation equipment or other DRM Agent.
Step 202: the relevant information that generates equipment according to the permission that generates described permission in the domain manager is verified described permission, if by the checking to permission, then continue step 203, otherwise continues step 204;
Step 203:DRM Agent installs described license.
Step 204: refusal DRM Agent installs described license.
Wherein, the relevant information of permission generation equipment comprises among PKI/certificate, TSCreateRO, TSInstallRO, DomainIDList and the DeviceIDList of permission generation equipment one or multinomial.Concrete verification mode is:
When described relevant information comprised the PKI of described permission generation equipment, whether correct for the signature of this permission setting according to permission generation equipment in the public key verifications permission of permission generation equipment, if correct, then this checking was passed through, otherwise does not pass through.Wherein, this PKI can directly be included in the relevant information of permission generation equipment, or is included in the certificate.Described signature comprises that described license generates equipment to the signature of the authority of described license, can comprise that also described license generates equipment to the signature of the issuing time of described license.
When relevant information comprises TSCreateRO, judge that the issuing time of license is whether in TSCreateRO, if then this checking is passed through, otherwise does not pass through.
When relevant information comprises TSInstallRO, judge that the current time is whether in TSInstallRO, if then this checking is passed through, otherwise does not pass through.
When relevant information comprises that DomainIDList and license permits for the territory, judge and permit the territory ID that binds whether in DomainIDList, if then this checking is passed through, otherwise does not pass through.
When relevant information comprises that DeviceIDList and license permits for equipment, judge and permit the device id bound whether in DeviceIDList, if then this checking is passed through, otherwise does not pass through.
Wherein, permit by rear permission installation license according to all Information Authentications in the relevant information.
Domain manager can be deleted corresponding sign from DomainIDList or DeviceIDList when ending to permit that generation equipment is the mandate of territory or equipment issue license.
As domain manager or DRM Agent during only according to the described license of TSInstallRO checking, the scope of TSInstallRO and domain manager are that the time limit of described license generation device authorization is consistent.
License is generated in the situation of device authorization in the PKI control of domain manager by license generation equipment, domain manager will permit the PKI of generation equipment to delete from this locality when ending the mandate of license generation equipment.The mode of its checking permission is: whether the relevant information of judging the described permission generation equipment that domain manager provides comprises the PKI that described permission generates equipment, if comprise, then whether correct for the signature that this permission is provided with according to permission generation equipment in the public key verifications permission of permission generation equipment, if it is correct, then this checking is passed through, otherwise does not pass through; If do not comprise, then do not pass through.Wherein, this PKI can directly be included in the relevant information of permission generation equipment, or is included in the certificate.Similar to the implementation of permitting in the present embodiment according to certification authentication according to the public key verifications permission, below so that permission is that example describes according to public key verifications.
Present embodiment provides the specific implementation of multiple checking permission, as first kind of implementation be: the permission that DRMAgent preserves according to this locality generates the relevant information of equipment permission is verified, wherein permit the relevant information of generation equipment only to comprise an information that is used to verify permission, referring to shown in Figure 2.Such as the second implementation be: the license that DRM Agent preserves according to this locality generates the relevant information of equipment license is verified, wherein permits the relevant information of generation equipment only to comprise two information that are used for the checking license; Such as the third implementation be: the license of preserving according to this locality generates the relevant information of equipment license is verified, wherein permits the relevant information of generation equipment only to comprise three information that are used for the checking license; Such as the 4th kind of implementation be: DRM Agent verifies to license that according to the relevant information that the license of preserving generates equipment relevant information comprises PKI, DomainIDList, DeviceIDList, TSCreateRO and TSInstallRO; Such as the 5th kind of implementation be: DRM Agent obtains the relevant information of license generation equipment from domain manager when the checking license, and license is verified; Such as the 6th kind of implementation be: DRM Agent obtains the relevant information that the license that generates license generates equipment from domain manager when the checking license, comprise one or more among DomainIDList, DeviceIDList, TSCreateRO and the TSInstallRO, and license verified, and according to the PKI that corresponding license generates equipment license is verified; Such as the 7th kind of implementation be: there is the relevant information of license generation equipment domain manager this locality, comprise one or more among PKI, DomainIDList, DeviceIDList, TSCreateRO and the TSInstallRO, DRM Agent request domain manager after receiving license is verified license according to the relevant information of license generation equipment.
Referring to Fig. 3, the system when by DRM Agent permission being verified in the present embodiment comprises domain manager 301, permission generation equipment 302 and DRM Agent303.
DRM Agent303 receives and preserves the relevant information of the license generation equipment of domain manager 301 transmissions, and the license that receives license generation equipment 302 or other DRM Agent303 transmission, and the relevant information that the license that provides according to domain manager 301 generates equipment verifies the license of receiving, and operates accordingly according to the result.DRM Agent303 can obtain the information such as PKI, certificate chain and revocation status of certificate from license generation equipment 302 when needed.
Referring to Fig. 4, domain manager 301 comprises receiver module 401, information module 402, memory module 403, control module 404 and sending module 405 in the present embodiment.
Sending module 405 is at information module 402 and relevant information or the response message of permitting that transmission is determined in 302 negotiations processes of generation equipment, and the relevant information that sends trigger and license generation equipment according to the indication of control module 404 to DRM Agent303.
Referring to Fig. 5, DRM Agent303 comprises receiver module 501, control module 502, authentication module 503, memory module 504 and sending module 505 in the present embodiment.
The license that receiver module 501 acceptance domain managers 301 send generates relevant information and the trigger of equipment, receives the license that license generation equipment 302 or other DRM Agent303 send.
The relevant information of memory module 504 storing authorizations generation equipment and license etc.
Sending module 505 sends various request messages according to the indication of control module 502.
The second implementation is: the license that DRM Agent303 preserves according to this locality generates the relevant information of equipment license is verified, wherein permits the relevant information of generation equipment only to comprise two information that are used for the checking license.Present embodiment is that example describes with TSCreateRO and PKI, and idiographic flow is referring to shown in Figure 6:
Step 601:DRM Agent303 sends to domain manager 301 and asks, and acquisition request is used for verifying that the license of license generates the relevant information of equipment, perhaps the information such as further acquisition request certificate chain and revocation status of certificate.DRM Agent303 can initiatively send request to domain manager 301, also can send corresponding request after receiving the trigger that domain manager 301 sends.
Described request is register requirement, adds the territory request or obtain request.Described trigger is registration trigger, adding territory trigger or the trigger (hereinafter to be referred as obtaining trigger) that is used to obtain the relevant information of permitting generation equipment.DRM Agent303 can be regular active send the request of obtaining to domain manager 301, perhaps domain manager 301 regularly or when needed sends to DRM Agent303 and obtains trigger.
Step 602: domain manager 301 operates accordingly according to the request of receiving, this operation comprises that at least the relevant information with all license generation equipment sends to DRM Agent303, perhaps further sends the information such as certificate chain and revocation status of certificate to it.Domain manager 301 can will permit the relevant information of generation equipment to return in response message when receiving the request of the relevant information of obtaining license generation equipment.Domain manager 301 also can when receiving registration request or adding the territory request, send the relevant information of license generation equipment to DRM Agent303 in registration response or adding domain response message.
Repeating step 601 and 602, the relevant information that the license generation equipment of domain manager mandate is worked as in realization changes, perhaps domain manager has increased the license of authorizing newly and has generated equipment 302, when perhaps no longer allowing some license generation equipment 302 for concrete territory or equipment generation license, DRM Agent303 can generate according to accurate believable license the relevant information checking license of equipment, preferably installation license is controlled.
If domain manager 301 initiatively sends the relevant information of license generation equipment to the DRM Agent303 in this locality registration when the relevant information of license generation equipment changes, but skips steps 601 then.
DRM Agent303 can return response message at the relevant information back domain manager 301 of receiving license generation equipment.
In the present embodiment, before receiving license, the secure permission relevant information of generation equipment of DRM Agent303, the relevant information that need to all not carry license generation equipment when each transmission permission has reduced the redundancy in the transmission.
Step 603:DRM Agent303 receives license, and this license can be equipment license or the territory license from permitting that generation equipment 302 or other DRM Agent303 receive; And according to the sign of permitting generation equipment in the license, from the information that preserve this locality, search and identify the relevant information that corresponding license generates equipment 302.The relevant information that is used for the checking license of these license generation equipment 302 correspondences comprises PKI and TSCreateRO.
The example fragment of a permission is as follows:
<ro id=" DomainRO1 " domainRO=" true "〉// permissive sign, and mark this permission and be the territory permission
<LRMID〉LRM1</LRMID〉// expression permission generation equipment mark
<rights〉// authority that comprises of this permission of expression
…
</rights>
<timestamp〉on March 1st, 2007</timestamp〉// permissive issuing time
<signature〉// signature that expression license generation equipment is made for this license
<SignatureValue>j61wx3rvEPO0vKtMup4NbeVu8nk=</SignatureValue>
</signature>
<encKey?Id=″K_MAC_and_K_REK″>
<ds:KeyInfo>
<roap:domainID〉Domain-XYZ-001</roap:domainID〉// the representative domain sign, also can demonstrate,prove
Bright this permitted and is the territory permission, if the equipment permission then is device identification herein
</ds:KeyInfo>
</encKey>
</roap:ro>
Step 604:DRMAgent303 judges that the issuing time of permission is whether in TSCreateRO, if then continue step 605, otherwise continue step 607.Present embodiment has guaranteed the security of digital content by generation and the installation of comparatively accurately TSCreateRO control license.For the issuing time that guarantees to permit and the integrality of authority, can sign to it by license generation equipment 302.
Step 605:DRM Agent303 judges the local PKI that the permission that generates this permission generates equipment that whether has, if have, then permit according to the public key verifications of permission generation equipment whether the signature of generation equipment is correct, if, then continue step 606, otherwise continue step 607; If do not have, then continue step 607.
Step 606:DRM Agent303 installs this permission.
Step 607:DRM Agent303 refusal is installed this permission.
Step 604 and step 605 are two independently operations in the present embodiment, and the sequencing of execution does not have strict regulation.
The third implementation is: the license that DRM Agent303 preserves according to this locality generates the relevant information of equipment license is verified, wherein permits the relevant information of generation equipment only to comprise three information that are used for the checking license.Present embodiment is verified as example with PKI, TSCreateRO and TSInstallRO to permission and describes, and idiographic flow is referring to shown in Figure 7:
Step 701:DRM Agent303 sends to domain manager 301 and asks, and acquisition request is used for verifying that the license of license generates the relevant information of equipment, perhaps the information such as further acquisition request certificate chain and revocation status of certificate.DRM Agent303 can initiatively send request to domain manager 301, also can send corresponding request after receiving the trigger that domain manager 301 sends.
Step 702: domain manager 301 operates accordingly according to the request of receiving, this operation comprises that at least the relevant information with all license generation equipment sends to DRM Agent30, also can send to it information such as certificate chain and revocation status of certificate.
If domain manager 301 initiatively sends the relevant information of license generation equipment to the DRM Agent303 in this locality registration when the relevant information of license generation equipment changes, but skips steps 701 then.
DRM Agent303 can return response message at the relevant information back domain manager 301 of receiving license generation equipment.
Step 703:DRM Agent303 receives license, and this license can be equipment license or the territory license from permitting that generation equipment 302 or other DRM Agent303 receive; And the relevant information of from the information that preserve this locality, searching the license generation equipment 302 that generates this license.The information that is used for the checking license of these license generation equipment 302 correspondences comprises PKI, TSCreateRO and TSInstallRO.
Step 704:DRM Agent303 judges that the issuing time of permission is whether in TSCreateRO, if then continue step 705, otherwise continue step 708.Present embodiment has guaranteed the security of digital content by generation, issue and the installation of comparatively accurately TSCreateRO control license.
Step 705:DRM Agent303 judges that the current time is whether in TSInstallRO, if then continue step 706, otherwise continue step 708.Present embodiment is limited in the installation of license after TSCreateRO that generates and issue before the TSCreateRO by TSInstallRO, the security that has improved digital content, and the installation of more flexibly control license.
Whether step 706:DRM Agent303 is correct according to the signature in the public key verifications license of license generation equipment, if then continue step 707, otherwise continue step 708.
Step 707:DRM Agent303 installs this permission.
Step 708:DRM Agent303 refusal is installed this permission.
The 4th kind of implementation is: DRM Agent303 verifies to license that according to the relevant information of the license generation equipment of up-to-date preservation relevant information comprises PKI, DomainIDList, DeviceIDList, TSCreateRO and TSInstallRO.Idiographic flow is referring to shown in Figure 8:
Step 801:DRM Agent303 sends to domain manager 301 and asks, and acquisition request is used for verifying that the license of license generates the relevant information of equipment, perhaps the information such as further acquisition request certificate chain and revocation status of certificate.DRM Agent303 can initiatively send request to domain manager 301, also can send corresponding request after receiving the trigger that domain manager 301 sends.
Step 802: domain manager 301 operates accordingly according to the request of receiving, this operation comprises that at least the relevant information with all license generation equipment sends to DRM Agent303, also can send to it information such as certificate chain and revocation status of certificate.
If domain manager 301 initiatively sends the relevant information of license generation equipment to the DRM Agent303 in this locality registration when the relevant information of license generation equipment changes, but skips steps 801 then.
DRM Agent303 can return response message at the relevant information back domain manager 301 of receiving license generation equipment.
Step 803:DRM Agent303 receives license, and this license can be equipment license or the territory license from permitting that generation equipment 302 or other DRM Agent303 receive; And the relevant information of from the information that preserve this locality, searching the license generation equipment 302 that generates this license.Being used to of this permission generation equipment 302 correspondences verifies that the relevant information of permission comprises PKI, DomainIDList, DeviceIDList, TSCreateRO and TSInstallRO.The time that for example receives permission is on May 1st, 2007.
Step 804:DRM Agent303 knows that according to the information in the license this license is territory license or equipment license, and in corresponding each DomainIDList or DeviceIDList, search domain identifier or the device identification that license is bound, if inquire, then continue step 805, otherwise continue step 809.Present embodiment is by DomainIDList and the 302 issue licenses of DeviceIDList control license generation equipment, make license generation equipment 302 be specific territory or equipment issue license, more flexibly license generation equipment 302 is controlled, improved the security of digital content.
DomainIDList or the TSCreateRO corresponding to DeviceIDList at the sign place of step 805:DRM Agent303 inquiry license binding, and whether the issuing time of judging license is in TSCreateRO, if then continue step 806, otherwise continue step 809.Present embodiment has guaranteed the security of digital content by the installation of comparatively accurately TSCreateRO control license.For example, the issuing time of permission is on March 1st, 2007, and TSCreateRO is on April 1st, 2007, can be by checking.
DomainIDList or the TSInstallRO corresponding to DeviceIDList at the sign place of step 806:DRM Agent303 inquiry license binding, and judge that the current time is whether in TSInstallRO, if then continue step 807, otherwise continue step 809.Present embodiment is controlled the installation of permitting, the security that has improved digital content more flexibly by TSInstallRO.For example TSInstallRO is on June 1st, 2007, receives the May 1 2007 time of license before 1 day June in 2007, can be by checking.
Whether step 807:DRM Agent303 is correct according to the signature of the public key verifications license generation equipment of license generation equipment, if then continue step 808, otherwise continue step 809.
Step 808:DRM Agent303 installs this permission.
Step 809:DRM Agent303 refusal is installed this permission.
Step 807 is independently to operate with respect to step 804,805 and 806 in the present embodiment, does not have strict execution sequence between step 807 and the step 804,805 and 806. Step 805 and 806 is separate operations, and the sequencing of execution does not have strict regulation yet.
The 5th kind of implementation is: DRM Agent303 obtains the relevant information that the permission that generates described permission generates equipment 302 from domain manager when the checking permission, and permission verified, present embodiment with these permission generation equipment 302 correspondences be used to verify that whole relevant informations of permission are that example describes, idiographic flow is referring to shown in Figure 9:
Step 901:DRM Agent303 receives license, and this license can be equipment license or the territory license from permitting that generation equipment 302 or other DRM Agent203 receive.
Step 902:DRM Agent303 sends the request of obtaining to domain manager 301, and acquisition request generates the relevant information of the license generation equipment of described license, then carries the sign of the license generation equipment in this license in the request of obtaining.DRM Agent303 is information such as acquisition request certificate chain and certificate revocation state further.
Step 903: domain manager 301 receives the request of obtaining, and searches corresponding relevant information and send to DRM Agent303 according to the parameter in the request.Wherein, the relevant information of these permission generation equipment 302 correspondences comprises PKI, DomainIDList, DeviceIDList, TSCreateRO and TSInstallRO.
If domain manager 301 does not inquire corresponding information, then return error code to DRM Agent303.DRM Agent303 finds to receive when being error code, continues step 909.
The license that step 904:DRM Agent303 acceptance domain manager 301 sends generates the relevant information of equipment, and know that according to the information in the license this license is permitted for the territory or equipment is permitted, and in corresponding each DomainIDList or DeviceIDList, search domain identifier or the device identification that license is bound, if inquire, then continue step 905, otherwise continue step 909.Present embodiment is by DomainIDList and the 302 issue licenses of DeviceIDList control license generation equipment, make license generation equipment 302 be specific territory or equipment issue license, more flexibly license generation equipment 302 is controlled, improved the security of digital content.
DomainIDList or the TSCreateRO corresponding to DeviceIDList at the sign place of step 905:DRM Agent303 inquiry license binding, and whether the issuing time of judging license is in TSCreateRO, if then continue step 906, otherwise continue step 909.Present embodiment has guaranteed the security of digital content by the installation of comparatively accurately TSCreateRO control license.
DomainIDList or the TSInstallRO corresponding to DeviceIDList at the sign place of step 906:DRM Agent303 inquiry license binding, and judge that the current time is whether in TSInstallRO, if then continue step 907, otherwise continue step 909.Present embodiment is controlled the installation of permitting, the security that has improved digital content more flexibly by TSInstallRO.And present embodiment combines DomainIDList or DeviceIDList with TSCreateRO or TSInstallRO, makes the control of permission and permission generation equipment 302 more flexible.
Whether step 907:DRM Agent303 is correct according to the signature of the public key verifications license generation equipment of license generation equipment, if then continue step 908, otherwise continue step 909.
Step 908:DRM Agent303 installs this permission.
Step 909:DRM Agent303 refusal is installed this permission.
Certifying signature independently operates with checking DomainIDList, DeviceIDList, TSCreateRO and TSInstallRO in the present embodiment, and certifying signature does not have strict requirement with the execution sequence of checking DomainIDList, DeviceIDList, TSCreateRO and TSInstallRO.Step 905 and 906 also is separate operation, and the sequencing of execution does not have strict regulation yet.
The 6th kind of implementation is: DRM Agent303 obtains the relevant information that the permission that generates permission generates equipment from domain manager when the checking permission, comprise among DomainIDList, DeviceIDList, TSCreateRO and the TSInstallRO one or multinomial, and permission verified, and permission is verified according to the PKI that corresponding permission generates equipment idiographic flow is referring to shown in Figure 10:
Step 1001:DRM Agent303 receives license, and this license can be equipment license or the territory license from permitting that generation equipment 302 or other DRM Agent303 receive.
Step 1002:DRM Agent303 judges the local information that the license corresponding with the license of receiving generates equipment 302 that whether has, this information spinner will comprise the PKI of license generation equipment, can also comprise certificate chain and revocation status of certificate etc., if, then continue step 1005, otherwise continue step 1003 or step 1006.
Step 1003:DRM Agent303 selects to obtain from license generation equipment 302 PKI of license generation equipment, judges whether to relate to license generation equipment 302, if then continue step 1004, otherwise continue step 1006.
DRM Agent303 also can select to obtain the PKI of license generation equipment and continue step 1005 from miscellaneous equipment.Miscellaneous equipment such as certificate verification center (Certificate Authority, CA) or DRM Agent etc.
Step 1004:DRM Agent303 obtains PKI from license generation equipment 302, and continues step 1005.
Step 1005:DRM Agent303 sends the request of obtaining to domain manager 301, and acquisition request is used for the relevant information of the license generation equipment of checking license, and represents not need to obtain PKI by flag bit.Wherein, obtain and also comprise this in the request and permitted the sign that portable license generates equipment.
Step 1006:DRM Agent303 sends the request of obtaining to domain manager 301, and the license that acquisition request is used for the checking license generates the relevant information of equipment and the PKI of license generation equipment etc.Wherein, obtain the sign that also comprises license generation equipment in the request.
Step 1007: domain manager 301 is searched corresponding information according to the request of obtaining of receiving, and returns Query Result to DRMAgent303.The mandate by PKI control license generation equipment 302 of domain manager 301 in the present embodiment, so the item of information that checking permits that is used for of these license generation equipment 302 correspondences of providing of domain manager 301 comprises DomainIDList, DeviceIDList, TSCreateRO and TSInstallRO.
Step 1008:DRM Agent303 judges that to the Query Result that receives Query Result is if the relevant information of license generation equipment then continues step 1009; If error code or empty information then continue step 1014.
Step 1009:DRM Agent303 knows that according to the information in the license this license is territory license or equipment license, and in corresponding each DomainIDList or DeviceIDList, search domain identifier or the device identification that license is bound, if inquire, then continue step 1010, otherwise continue step 1014.If permitting, this is the equipment permission, and domain manager 301 only authorization generate equipment 302 and permit for the territory distribution, then the content of DeviceIDList is empty, perhaps relevant information does not comprise DeviceIDList, continues step 1014 when then DRM Agent303 inquiry does not inquire device identification less than DeviceIDList or in DeviceIDList.Present embodiment is controlled license generation equipment 302 more flexibly by DomainIDList and the 302 issue licenses of DeviceIDList control license generation equipment, has improved the security of digital content.
DomainIDList or the TSCreateRO corresponding to DeviceIDList at the sign place of step 1010:DRM Agent303 inquiry license binding, and whether the issuing time of judging license is in TSCreateRO, if then continue step 1011, otherwise continue step 1014.Present embodiment has guaranteed the security of digital content by the installation of comparatively accurately TSCreateRO control license.
DomainIDList or the TSInstallRO corresponding to DeviceIDList at the sign place of step 1011:DRM Agent303 inquiry license binding, and judge that the current time is whether in TSInstallRO, if then continue step 1012, otherwise continue step 1014.Present embodiment is controlled the installation of permitting, the security that has improved digital content more flexibly by TSInstallRO.
Whether step 1012:DRM Agent303 is correct according to the signature of the public key verifications license generation equipment of license generation equipment, if then continue step 1013, otherwise continue step 1014.
Step 1013:DRM Agent303 installs this permission.
Step 1014:DRM Agent303 refusal is installed this permission.
In step 1005 and 1006, DRM Agent303 can carry the sign of license binding in the request that sends, when domain manager 301 receives domain identifier, only need to send DomainIDList and corresponding TSInstallRO and the TSCreateRO that comprises this domain identifier to DRMAgent303; If when receiving device identification, only need to send DeviceIDList and corresponding TSInstallRO and the TSCreateRO that comprises this device identification to DRM Agent303; And can skips steps 1009.
Certifying signature independently operates with respect to checking DomainIDList, DeviceIDList, TSCreateRO and TSInstallRO in the present embodiment, so judge that whether this locality has the PKI of license generation equipment and acquisition request relevant information also is two independently operations.DRM Agent303 can first acquisition request relevant information, according to this relevant information checking license, judges the local PKI whether license generation equipment is arranged again, and at last the signature of license is verified; Perhaps after the acquisition request relevant information, judge the local PKI whether license generation equipment is arranged, and then carry out each verification operation.Step 1010 and 1011 also is separate operation, and the sequencing of execution does not have strict regulation yet.
System when being verified by 301 pairs of permissions of domain manager in the present embodiment comprises domain manager 301, permission generation equipment 302 and DRMAgent303, referring to shown in Figure 3.
DRM Agent303 receives the license of license generation equipment 302 or other DRM Agent303 transmission, and 301 pairs of licenses of request domain manager verify whether inquiry allows installation license, and installs or the refusal installation license according to the return results of domain manager 301.
Referring to Figure 11 A, comprise receiver module 401, information module 402, memory module 403, control module 404, sending module 405 and authentication module 406 when domain manager 301 need be verified permission in the present embodiment.
After authentication module 406 is received the indication of control module 404, the relevant information and the installation license request that generate equipment according to the license of storing in the memory module 403 are verified the license that DRM Agent303 receives, and the result are sent to DRM Agent303 by sending module 405.
Sending module 405 sends relevant information or the response message that the license of determining generates equipment in information module 402 and 302 negotiations processes of license generation equipment, and sends the result that authentication module 406 is made to DRM Agent303.
When being verified by 301 pairs of permissions of domain manager in the present embodiment, DRM Agent303 comprises receiver module 501, control module 502, judge module 506, memory module 504 and sending module 505, shown in Figure 11 B.
Sending module 505 sends the message such as installation license request according to the indication of control module 502.
The 7th kind of implementation is: the request that domain manager 301 sends after receiving license according to DRM Agent303 and the local relevant information that has license generation equipment (comprise among PKI, DomainIDList, DeviceIDList, TSCreateRO and the TSInstallRO one or more) verify that to license idiographic flow is referring to shown in Figure 12:
Step 1201:DRM Agent303 receives license, and this license can be equipment license or the territory license from permitting that generation equipment 302 or other DRM Agent203 receive.
Step 1202:DRM Agent303 sends the installation license request to domain manager 301,301 pairs of licenses of request domain manager are verified, comprise the information that to verify in the installation license request, such as the issuing time of the sign of the sign of license generation equipment, license binding, license and signature etc.
Step 1203: domain manager 301 is after receiving the installation license request, and the relevant information that generates equipment according to the license of this locality storage is verified license, and returned the result to DRM Agent303.
Step 1204:DRM Agent303 judges that to the result that receives the result then continues step 1205 if allow installation license; If error code then continues step 1206.
Step 1205:DRM Agent303 installs this permission.
Step 1206:DRM Agent303 refusal is installed this permission.
The idiographic flow of domain manager 301 checking permissions is as follows, referring to shown in Figure 13:
Steps A: domain manager 301 receives the installation license request that DRM Agent303 sends.
Step B: the license that domain manager 301 is preserved according to this locality generates the relevant information of equipment, judge local whether have with request in the license of carrying generate relevant information corresponding to device identification, if having, then according to this relevant information license is verified, continue step C, otherwise continue step K.Present embodiment comprises that with relevant information PKI, DomainIDList, DeviceIDList, TSCreateRO and TSInstallRO are that example describes.
Step C: domain manager 301 judges that license is territory license or equipment license, if the territory license then continues step D, if the equipment license then continues step e according to the sign of license binding.
Step D: domain manager 301 is searched the DomainIDList at domain identifier place in the DomainIDList of permission generation equipment 302 correspondences, if inquire DomainIDList, then continue step F, otherwise continues step K.
Step e: domain manager 301 is searched the DeviceIDList at device identification place in the DeviceIDList of license generation equipment 302 correspondences, if inquire DeviceIDList, then continue step F, otherwise continues step K.
Step F: domain manager 301 is searched the TSCreateRO and the TSInstallRO of definite DomainIDList or DeviceIDList correspondence.
Step G: domain manager 301 judges that the current time is whether in TSInstallRO, if then continue step H, otherwise continue step K.
Step H: domain manager 301 judges that the issuing time of permission is whether in TSCreateRO, if then continue step I, otherwise continue step K.
Step I: whether domain manager 301 is correct according to the public key verifications signature of license generation equipment, if then continue step J, otherwise continue step K.
Step J: domain manager 301 returns response message to DRM Agent303, and expression allows the DRMAgent303 installation license.
Step K: domain manager 301 returns error code to DRM Agent303, and expression does not allow the DRMAgent303 installation license.
When the item of information that is used for the checking license corresponding to all license generation equipment was identical, by DRM Agent303 is configured, the installation license request that DRM Agent303 is sent can only comprise the information that needs are verified.For example only need verify to permission that according to TSCreateRO the installation license request can only comprise the issuing time that permission generates equipment mark and permission that this issuing time of 301 needs checkings of domain manager is whether in TSCreateRO accordingly.
The embodiment of the invention provides the specific implementation of license being verified according to the relevant information of license generation equipment by DRM Agent303 or domain manager 301 respectively, also can jointly be verified license according to the relevant information of license generation equipment by DRM Agent303 and domain manager 301, for example by the issuing time of DRMAgent303 checking license whether in TSCreateRO, by current time of domain manager 301 checkings whether in TSInstallRO.
In the embodiment of the invention, only permission is verified effective control that just can realize to the permission installation according to an information in the domain manager, avoided DRM Agent that the situation of the permission of this permission generation equipment issue still can be installed after permission generation equipment is ended to authorize, and limited at permission generation equipment and ended to authorize the back the installation from the permission of other DRM Agent, the security that guarantees and improved digital content.The embodiment of the invention is also controlled generation, issue and installation license flexibly by DomainIDList, DeviceIDList, TSCreateRO and TSInstallRO, and has further improved the security of digital content.In addition, the embodiment of the invention need to not generate the PKI of equipment and the information such as the term of validity of permission license generation equipment issue license by transmission permission when each transmission permission, reduced the redundancy on the Internet Transmission, and the security that has improved network.And other DRM Agent no longer needs to calculate and transmission MAC when sending license, has saved equipment and Internet resources.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (18)
1, a kind of method of verifying permission is characterized in that, may further comprise the steps:
Digital copyright management terminal receives permission;
The relevant information that generates equipment according to the permission that generates or import described permission in the domain manager verifies described permission, and, by verifying that the back digital copyright management terminal installing described permission.
2, the method for checking permission as claimed in claim 1 is characterized in that, described digital copyright management terminal obtains described relevant information from domain manager before receiving described permission, and is verified by this digital copyright management terminal; Or
Digital copyright management terminal obtains described relevant information by sending a request message from domain manager after receiving described license, and the checking license.
3, the method for checking license as claimed in claim 2 is characterized in that, digital copyright management terminal obtains described relevant information from domain manager and specifically comprises before receiving described license:
Digital copyright management terminal active request domain manager sends described relevant information; Perhaps
Digital copyright management terminal sends request to domain manager after receiving the trigger that domain manager sends, to obtain described relevant information from domain manager; Perhaps
Domain manager initiatively sends described relevant information to digital copyright management terminal.
4, the method for checking permission as claimed in claim 3, it is characterized in that the one or more of request-related information that described permission generates equipment are obtained in register requirement, the adding territory request that sends when adding the territory that the request that digital copyright management terminal sends sends when being included in registration on the domain manager and being used for; Accordingly, described trigger comprises the registration trigger, adds territory trigger and triggered digital copyright management terminal and obtain one or more in the trigger of the relevant information that described permission generates equipment.
5, the method for checking permission as claimed in claim 1, it is characterized in that, digital copyright management terminal request domain manager is verified described permission and the information that will need to verify sends to domain manager, and when receiving notice by checking of described permission that domain manager sends described permission is installed.
The method of 6, permitting such as each described checking in the claim 1 to 5, it is characterized in that, described relevant information comprise license generation equipment PKI/certificate, be used for the recording domain sign the domain identifier tabulation, be used for the recording equipment sign the device identification tabulation, be used for first term of validity of control license generation equipment issue license and be used for second term of validity one or more of the license that control installation license generation equipment generates.
7, the method for checking permission as claimed in claim 6, it is characterized in that, after domain manager or digital copyright management terminal checking domain identifier tabulation or device identification tabulation comprise the domain identifier or device identification of permission binding, further according to this domain identifier tabulation or corresponding described first term of validity and the permission of described second validity verification of device identification tabulation.
The method of 8, permitting such as each described checking in the claim 1 to 5, it is characterized in that described relevant information comprises domain identifier tabulation for recording domain sign at least, be used for the device identification tabulation of recording equipment sign, be used for first term of validity of control license generation equipment issue license and be used for of second term of validity of the license that control installation license generation equipment generates; Digital copyright management terminal is in the time need to generating the public key verifications license of equipment according to described license, judge the local PKI that described license generates equipment that whether has, and determining locally when not having described license and generating the PKI of equipment, further obtain PKI and the checking license that described license generates equipment according to generate equipment, other digital copyright management terminal or certificate verification center from described license.
9, such as the method for each described checking license in the claim 1 to 5, it is characterized in that the step of described license being verified according to described relevant information specifically comprises:
The PKI that generates equipment at domain manager by described license is controlled under the authorization conditions of described license generation equipment, the PKI that generates equipment according to described license verifies the signature in the described license, and determining that described relevant information comprises that described license generates the PKI of equipment and signing according to this public key verifications to determine that this checking passes through when correct;
The PKI that generates equipment at domain manager by described permission is controlled under the authorization conditions of described permission generation equipment, when described relevant information comprises the PKI of described permission generation equipment, the PKI that generates equipment according to described permission verifies the signature in the described permission, and determines that when certifying signature is correct this checking passes through;
When described relevant information comprises first term of validity that allows license generation equipment issue license, according to described first term of validity issuing time of described license is verified, and determined that when definite this issuing time is in described first term of validity this checking passes through;
When described relevant information comprises second term of validity of the license that allows the generation of installation license generation equipment, according to described second term of validity current time of verifying described when license is verified, and determined that when definite this current time is in described second term of validity this checking passes through;
When described license is that territory license, described relevant information comprise for the domain identifier tabulation of recording domain sign and this domain identifier tabulation expression and allow license generation equipment to generate for the corresponding territory of the domain identifier of record or when importing license, according to the tabulation of described domain identifier the sign of described license binding is verified, and determined that this checking passes through when in described domain identifier tabulation, inquiring the sign of described license binding;
When described license is that equipment license, described relevant information comprise for the device identification tabulation of recording equipment sign and this domain identifier tabulation expression and allow license generation equipment to generate for the corresponding equipment of the device identification of record or when importing license, according to described device identification tabulation the sign of described license binding is verified, and determined that this checking passes through when in described device identification tabulation, inquiring the sign of described license binding.
10, the method for checking permission as claimed in claim 9, it is characterized in that, described signature comprises that described permission generates the signature of equipment to the authority of described permission, perhaps, comprises that described permission generates equipment to the signature of the authority of described permission with to the signature of the issuing time of described permission.
11, a kind of domain manager is characterized in that, comprising:
Memory module is used to store the relevant information that the permission that generates or import permission generates equipment;
Receiver module is used for the request message that Receipt Validation is permitted, described request message comprises the information of needs checking;
Authentication module, be used for according to described request message, and the described memory module license that generates or the import described license relevant information that generates equipment described license is verified, and checking by the time generate the result that expression allows installation license;
Sending module is used for sending described the result to described digital copyright management terminal.
12, domain manager as claimed in claim 11 is characterized in that, also comprises:
Information module, be used for when the mandate of the permission generation equipment that generates or import described permission changes, determine the relevant information of this permission generation equipment, be kept at described memory module perhaps by described receiver module and described sending module and this definite its relevant information in permission generation equipment negotiation back, and with the relevant information of determining; Wherein, described relevant information comprise PKI/certificate, be used for recording domain sign the domain identifier tabulation, be used for the recording unit sign the device identification tabulation, be used to control the term of validity of permission generation equipment issue permission and be used to control one of the term of validity of the permission that installation license generation equipment generates or multinomial.
13, a kind of digital copyright management terminal is characterized in that, comprising:
Receiver module be used for to receive license, and the generation that sends of acceptance domain manager or the license that imports described license generate the relevant information of equipment;
Control module be used for indicating when receiving license authentication module that described license is verified, and the result of making according to described authentication module operates accordingly;
Authentication module is used for according to described relevant information described permission being verified, and generates the checking result that expression allows installation license in checking by the back.
14, digital copyright management terminal as claimed in claim 13, it is characterized in that, described relevant information comprise permission generation equipment PKI/certificate, be used for the recording domain sign the domain identifier tabulation, be used for the recording unit sign the device identification tabulation, be used to control the term of validity of permission generation equipment issue permission and be used to control one of the term of validity of the permission that installation license generation equipment generates or multinomial.
15, a kind of digital copyright management terminal is characterized in that, comprising:
Receiver module is used for receiving permission;
Sending module is used for to outside equipment sending message;
Control module is used for indicating when receiving described license described sending module to send the request that is used for verifying described license to domain manager, and this request comprises the information of needs checking;
Judge module is used for judging that whether the result that domain manager that described receiver module receives returns is to allow described license is installed, and notify described control module to operate accordingly.
16, a kind of system for numeral copyright management is characterized in that, comprising:
Domain manager is used for when change generates the mandate of equipment to the permission that is used to generate or import permission or the permission that increases generated device authorization the relevant information of determining and preserving this permission generation equipment;
Digital copyright management terminal is used for receiving permission, and according to the relevant information that the generation that obtains from described domain manager or the permission that imports this permission generate equipment this permission is verified, and by the checking back this permission is being installed.
17, system for numeral copyright management as claimed in claim 16, it is characterized in that, described relevant information comprise permission generation equipment PKI/certificate, be used for the recording domain sign the domain identifier tabulation, be used for the recording unit sign the device identification tabulation, be used to control the term of validity of permission generation equipment issue permission and be used to control one of the term of validity of the permission that installation license generation equipment generates or multinomial.
18, a kind of system for numeral copyright management is characterized in that, comprising:
Digital copyright management terminal is used for receiving permission, and sends the request that is used to verify this permission, and operates accordingly according to the checking result who receives; Wherein, described request comprises the information of needs checking;
Domain manager, the relevant information of the permission generation equipment that is used for the generation of preserving according to request and this locality of described data copyright management terminal or imports described permission is verified this permission, and generate and allow to described digital copyright management terminal transmission the checking result of installation license after checking is passed through.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101058989A CN101315654B (en) | 2007-06-01 | 2007-06-01 | Method and system for validating permission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101058989A CN101315654B (en) | 2007-06-01 | 2007-06-01 | Method and system for validating permission |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101315654A true CN101315654A (en) | 2008-12-03 |
| CN101315654B CN101315654B (en) | 2013-02-27 |
Family
ID=40106662
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101058989A Active CN101315654B (en) | 2007-06-01 | 2007-06-01 | Method and system for validating permission |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101315654B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107679369A (en) * | 2016-08-02 | 2018-02-09 | 华为技术有限公司 | A kind of method, apparatus and system of the licensing of shared digital content |
| CN109962815A (en) * | 2019-04-04 | 2019-07-02 | 北京奇艺世纪科技有限公司 | A kind of method, apparatus, server and the client device of publication configuration |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100337175C (en) * | 2005-08-12 | 2007-09-12 | 华为技术有限公司 | Method and system of adding region and obtaining authority object of mobile terminal |
| CN100479386C (en) * | 2006-07-12 | 2009-04-15 | 华为技术有限公司 | Domain management system, method for building local domain and method for acquisition of local domain licence |
-
2007
- 2007-06-01 CN CN2007101058989A patent/CN101315654B/en active Active
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107679369A (en) * | 2016-08-02 | 2018-02-09 | 华为技术有限公司 | A kind of method, apparatus and system of the licensing of shared digital content |
| CN109962815A (en) * | 2019-04-04 | 2019-07-02 | 北京奇艺世纪科技有限公司 | A kind of method, apparatus, server and the client device of publication configuration |
| CN109962815B (en) * | 2019-04-04 | 2021-08-13 | 北京奇艺世纪科技有限公司 | Configuration publishing method, device, server and client device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101315654B (en) | 2013-02-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109190410B (en) | Log behavior auditing method based on block chain in cloud storage environment | |
| KR101366277B1 (en) | Method and terminal for verifying membership in order to move rights object in domain | |
| US7243238B2 (en) | Person authentication system, person authentication method, information processing apparatus, and program providing medium | |
| CN100399225C (en) | Method for determining use permission of information and content distribution system using the method | |
| US7059516B2 (en) | Person authentication system, person authentication method, information processing apparatus, and program providing medium | |
| US7310732B2 (en) | Content distribution system authenticating a user based on an identification certificate identified in a secure container | |
| KR100765774B1 (en) | Method and apparatus for managing domain | |
| US7287158B2 (en) | Person authentication system, person authentication method, information processing apparatus, and program providing medium | |
| US8321673B2 (en) | Method and terminal for authenticating between DRM agents for moving RO | |
| KR102426930B1 (en) | Method for managing digital key of mobile device for vehicle-sharing and key server using the same | |
| US20020027992A1 (en) | Content distribution system, content distribution method, information processing apparatus, and program providing medium | |
| US20070219917A1 (en) | Digital License Sharing System and Method | |
| US20080097921A1 (en) | Digital distribution management system and contents distribution management method using the same | |
| KR20040034518A (en) | Management apparatus, terminal apparatus and management system | |
| CN101340278A (en) | License management system and method | |
| CN101192261A (en) | Method and apparatus for generating proxy-signature on right object and issuing proxy signature certificate | |
| US20080052388A1 (en) | Substitutable domain management system and method for substituting the system | |
| CN100527144C (en) | Method and device for accurate charging in digital copyright management | |
| US8220059B2 (en) | Method and apparatus for generating rights object by reauthorization | |
| US8112623B2 (en) | Communication terminal apparatus, server terminal apparatus, and communication system using the same | |
| CN103186721A (en) | Digital copyright service control method, device and system | |
| US20230412400A1 (en) | Method for suspending protection of an object achieved by a protection device | |
| JP2003046499A (en) | Communication system, user terminal, ic card, authentication system, and control system and program for access and communication | |
| CN101315654B (en) | Method and system for validating permission | |
| JP3606148B2 (en) | Digital content usage control method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |