CN101404573A - Authorization method, system and apparatus - Google Patents

Authorization method, system and apparatus Download PDF

Info

Publication number
CN101404573A
CN101404573A CNA2008102252088A CN200810225208A CN101404573A CN 101404573 A CN101404573 A CN 101404573A CN A2008102252088 A CNA2008102252088 A CN A2008102252088A CN 200810225208 A CN200810225208 A CN 200810225208A CN 101404573 A CN101404573 A CN 101404573A
Authority
CN
China
Prior art keywords
client
features information
key
client features
information type
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2008102252088A
Other languages
Chinese (zh)
Other versions
CN101404573B (en
Inventor
汤帜
高飞
洪献文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New Founder Holdings Development Co ltd
Peking University
Founder Apabi Technology Ltd
Original Assignee
Peking University
Peking University Founder Group Co Ltd
Beijing Founder Apabi Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Peking University, Peking University Founder Group Co Ltd, Beijing Founder Apabi Technology Co Ltd filed Critical Peking University
Priority to CN200810225208.8A priority Critical patent/CN101404573B/en
Publication of CN101404573A publication Critical patent/CN101404573A/en
Application granted granted Critical
Publication of CN101404573B publication Critical patent/CN101404573B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses an authorization method, a system and a device thereof which are used for realizing dynamic authorization to a client side for obtaining a key, causing more client sides to obtain the key for accessing the relevant contents, and satisfying the demand that the clients can obtain the same key at a plurality of the client sides. The authorization method provided by the invention comprises a server which receives a key request from the client side, and obtains the type of the client side characteristic information from the request; the server encrypts the key which is requested by the client side; the server generates a certificate of authorization using the type of the client side characteristic information and the encrypted key, and sends the certificate of authorization to the client side. The invention further provides a method and a device thereof which are used for obtaining the key.

Description

A kind of authorization method, system and device
Technical field
The present invention relates to technical field of digital copyright protection, relate in particular to a kind of authorization method, system and device.
Background technology
Along with development of internet technology and universal, the quantity of digital contents such as audio frequency, video, picture, document is more and more, uses also more and more widely the propagation of digital content and shared become convenient and quick.But, because digital content has the characteristics duplicating and propagate of being easy to, cause the digital content illegal circulation, make the digital content of utilizing great amount of cost and manpower to make be easy under unauthorized situation by bootlegging and propagation, thereby digital content right people's interests have been damaged, influence digital content creator's enthusiasm, thereby hinder the development of digital content business.
The technology that occurs for the bootlegging, propagation and the use that effectively prevent digital content is called digital copyright management (DRM, Digital Rights Management) technology.In DRM uses, usually can be by digital content is bound mutually the fail safe of the download use that guarantees digital content with the characteristic information of client.
The scheme of digital content and client binding is had a variety of, comprise the one or more hardware in digital content and a client, the client are bound or the like mutually.But in actual applications, a DRM system only adopts a kind of binding scheme usually.For example, the DRM system that is applied to cell phone apparatus only binds digital content with cell-phone number mutually, and the DRM system that is applied to PC equipment is only with the binding of digital content and PC hard disk.
This shows that there are following 2 deficiencies in the technology of existing right to client granted access digital content:
One, the characteristic information of client has uniqueness, thereby unique digital content authentication formula that may cause the DRM system to be limited lost efficacy, thereby causes client can't use the problem of digital content.For example, certain DRM system utilizes hard disk sequence number and the net card number binding digital content of PC, yet be not the sequence number that the hard disk of all PC equipment can both read self smoothly, if PC equipment does not have network interface card or net card number can't obtain yet, this DRM system can not be applied on this PC equipment so, cause the digital content that the user can't use to be needed.
Two, along with the digital content application and development, the user often needs a DRM system can support the digital content authentication case of multiple client, yet a DRM system only can realize the digital content mandate to a kind of client in the prior art.For example, DRM system for certain e-book, after the user buys this e-book, the user may wish can either be on PC equipment reading electronic book, can on mobile phone, read this e-book again, yet the DRM system of this e-book can only support a kind of digital content mandate of client device, can't support the digital content mandate of PC equipment and cell phone apparatus simultaneously.
In sum, the existing realization client about obtaining the technology underaction of the key that is used for access relevant content, cause some client can't obtain to be used for the key of access relevant content, and can't satisfy the demand that the user wishes can both to obtain to be used to visit in a plurality of clients the same key of identical content.
Summary of the invention
The embodiment of the invention provides a kind of authorization method, system and device, in order to realize client about obtaining the dynamic authorization of key, and make more client obtain to be used for the key of access relevant content, satisfy the user can obtain same key in a plurality of clients demand.
A kind of authorization method that the embodiment of the invention provides comprises:
Server receives the key request that client sends, and therefrom obtains the client features information type;
Described server is encrypted the key of described client-requested;
Key after described client features information type of described server by utilizing and the described encryption generates the certificate of authority, and this certificate of authority is sent to described client.
A kind of key acquisition method that the embodiment of the invention provides comprises:
Client is obtained client features information type and process encrypted secret key from the certificate of authority that server issues;
Described client is extracted client features information according to described client features information type, and utilizes this client features information, perhaps utilizes this client features information and client features information type to described secret key decryption, the key after obtaining deciphering.
A kind of server that the embodiment of the invention provides comprises:
Receive request unit, be used to receive the key request that client sends, and therefrom obtain the client features information type;
Ciphering unit is used for the key of described client-requested is encrypted;
Send certificate of authority unit, be used to utilize the key after described client features information type and the described encryption to generate the certificate of authority, and this certificate of authority is sent to described client.
A kind of client that the embodiment of the invention provides comprises:
Certificate of authority unit is used for obtaining client features information type and process encrypted secret key from the certificate of authority that server issues;
Key acquiring unit, be used for extracting client features information according to described client features information type, and utilize this client features information, perhaps utilize this client features information and client features information type to described secret key decryption, the key after obtaining deciphering.
A kind of authoring system that the embodiment of the invention provides comprises:
Server is used to receive the key request that client sends, and therefrom obtains the client features information type; Key to described client-requested is encrypted; Utilize the key after described client features information type and the described encryption to generate the certificate of authority, and this certificate of authority is sent to described client;
Client is used for obtaining client features information type and process encrypted secret key from the certificate of authority that described server issues; The key that generates by client features information, perhaps the key that generates by this client features information and described client features information type is to the secret key decryption in the described certificate of authority, the key after obtaining deciphering.
The embodiment of the invention receives the key request that client sends by server, and therefrom obtains the client features information type; Described server is encrypted the key of described client-requested; Key after described client features information type of described server by utilizing and the described encryption generates the certificate of authority, and this certificate of authority sent to described client, thereby realized server to client about obtaining the dynamic authorization of key, make more client can obtain to be used for the key of access relevant content, and can satisfy the user obtains to be used to visit the same key of identical content in a plurality of clients demand.
Description of drawings
The structural representation of a kind of authoring system that Fig. 1 provides for the embodiment of the invention;
The structural representation of a kind of server that Fig. 2 provides for the embodiment of the invention;
The structural representation of a kind of client that Fig. 3 provides for the embodiment of the invention;
The schematic diagram of the key that utilizes the protection key that is used for encrypted digital content that three kinds of client features information generate in the certificate of authority that Fig. 4 provides for the embodiment of the invention;
The schematic flow sheet of a kind of authorization method that Fig. 5 provides for the embodiment of the invention;
The schematic flow sheet of a kind of key acquisition method that Fig. 6 provides for the embodiment of the invention.
Embodiment
The embodiment of the invention provides a kind of authorization method, system and device, in order to realize client about obtaining the dynamic authorization of key, and make more client obtain to be used for the key of access relevant content, satisfy the user can obtain same key in a plurality of clients demand.
The key that is used for access relevant content of the described client-requested of the embodiment of the invention can be various keys, for example the protection key of domain key, digital content (as e-book etc.).
The embodiment of the invention is provided with the corresponding relation of client features information type and client features information in advance in client, for example, the client features information type is a hard disk, and then the clients corresponding characteristic information is the sequence number of hard disk.The corresponding relation of client device type and client features information type further can also be set, after making that client is learnt the device type of self by detection, can find corresponding client features information type, thereby extract corresponding client features information according to this client features information type.If the corresponding a plurality of client features information types of the device type of a certain client are then according to the selected a kind of client features information type of the priority of predefined client features information type.Described client features information is exactly the characteristic information that is used to identify this client.Certainly, further can also in server, set in advance above-mentioned corresponding relation.
Below in conjunction with accompanying drawing the embodiment of the invention is elaborated.
Referring to Fig. 1, a kind of authoring system that the embodiment of the invention provides comprises: server 11 and at least one client 12.
Server 11 is used to receive the key request that client 12 sends, and therefrom obtains the client features information type; Key to described client 12 requests is encrypted; Utilize this client features information type and encrypt after key generate the certificate of authority, and this certificate of authority is sent to described client 12.
Client 12 is used for obtaining client features information type and process encrypted secret key according to the certificate of authority that user's request issues from described server 11; The key that generates by client features information, perhaps the key that generates by this client features information and described client features information type is to the secret key decryption in the described certificate of authority, the key after obtaining deciphering.
Preferably, described server 11 further obtains client features information from the key request that described client 12 sends, utilize this client features information and/or described client features information type that the key of described client 12 requests is encrypted.When described server 11 receives the key of a plurality of clients 12 requests when identical, described server 11 utilizes the client features information of these a plurality of clients 12 and/or described client features information type that the same key of these a plurality of clients 12 requests is encrypted; Client features information and the client features information type of utilizing described a plurality of client 12 to submit to generate the certificate of authority.
Preferably, described server 11 adopts certain algorithm (as Message Digest 5 etc.) to generating encryption key after the client features information processing; Perhaps, adopt certain algorithm that client features information and client features information type are handled back generation encryption key;
Described server 11 adopts encryption key that the key of described client 12 requests is encrypted.
Preferably, described server 11 further obtains encryption key from the key request that described client 12 sends, utilize this encryption key that the key of described client 12 requests is encrypted.That is to say, generate encryption key after described client 12 adopts certain algorithm to the client features information processing; Perhaps, adopt certain algorithm that client features information and client features information type are handled back generation encryption key, the encryption key that generates is sent to server 11.
Preferably, client 12 is selected the client features information type according to user's request according to the priority of predefined client features information type, and is extracted and the corresponding client features information of this client features information type; This client features information and selected client features information type are sent to server 11.
Preferably, the client features information of a plurality of clients 12 of utilizing server 11 adopts complete public key broadcasts to encrypt scheduling algorithm the protection key of same digital content is encrypted, and makes wherein arbitrary client 12 can utilize the client features information of self that the key that obtains from the certificate of authority is decrypted; The key that server 11 utilizes after encrypting, and the client features information type that a plurality of clients 12 are submitted to generates the certificate of authority, that is to say the client features information type that has comprised the key after encrypting in the certificate of authority and asked all clients submissions of same key.
Preferably, before the client 12 selected client features information types, extract the device type of self earlier, obtain the pairing client features information type of self device type, under the situation of the corresponding a plurality of client features information types of equipment of itself type, according to the selected a kind of client features information type of the priority of predefined client features information type, and according to this client features information type extraction client features information, if extract failure, then select the client features information type of suboptimum according to the priority of client features information type, and extract and the corresponding client features information of this client features information type, know the operation success of extracting client features information.
Preferably, the client features information type obtained from the certificate of authority of client 12 comprises multiple client features information type; From this multiple client features information type, select a kind of client features information type, and from self extraction and the corresponding client features information of this client features information type, if extract failure, then from multiple client features information type, select another kind of client features information type, up to extracting the success of client features information.Wherein, when in the multiple client features information type from the certificate of authority, selecting a kind of client features information type, can select according to the priority of the client features information type that sets in advance.
Provide the concrete structure explanation of above-mentioned server 11 and client 12 below.
Referring to Fig. 2, preferably, described server 11 comprises:
Receive request unit 21, be used to receive the key request that client 12 sends, and therefrom obtain client features information and client features information type.
Ciphering unit 22 is used to utilize client features information that the key of client 12 requests is encrypted.
Send certificate of authority unit 23, be used to utilize the client features information type and encrypt after key generate the certificate of authority, and this certificate of authority is sent to client 12.
Referring to Fig. 3, preferably, described client 12 comprises:
Information extraction unit 31 is used for selecting the client features information type according to user's request according to the priority of predefined client features information type, and extracts and the corresponding client features information of this client features information type.
Encryption key unit 32 is used to utilize described client features information, perhaps utilizes described client features information and described selected client features information type to generate encryption key.
Transmitting element 33 is used for described selected client features information type, and described encryption key or described client features information send to described server 11.
Certificate of authority unit 34 is used for obtaining client features information type and process encrypted secret key according to the certificate of authority that user's request issues from server 11.
Key acquiring unit 35 is used for extracting client features information according to the client features information type, and utilizes this client features information to described secret key decryption, the key after obtaining deciphering.
Provide several specific embodiments below.
Embodiment 1:
The digital content that is subjected to the DRM protection need preset in certain electronic reader manufacturer in a collection of reader that does not have an extension storage card.At first in general reader client and authorization server, preset multinomial mandated program.The higher mandated program of priority is: but the device number of electronic reader and the card number of extension storage card are bound with digital content simultaneously, and the mandated program that priority is lower is: digital content is only bound with device number.Authorization server is encrypted the protection key of digital content according to the characteristic information of this batch client; The type and the encrypted content key of the characteristic information of this batch client are described in the certificate of authority subsequently.This certificate of authority can use for this batch electronic reader.
Embodiment 2:
On the authorization server and on a plurality of PC equipment apparatus characteristic information type and the corresponding equipment characteristic information thereof with different priorities being set, make certain e-book DRM protection system can support these special P C equipment in advance.Because on PC, usually for the hardware of binding, all might not exist as equipment such as video card, network interface cards, the hard disk sequence number may detect to come out yet, and therefore need preset the characteristic information extraction scheme that many covers possess priority on client software at these characteristics.As preferential extraction hard disk, network interface card, video card, next extracts mainboard, CPU, internal memory, and more secondly, above-mentioned 6 kinds of device numbers that utilization can be extracted are used and bound such as " hardware adaptive mechanism method ".For example, when certain user PC did not contain network interface card, the user bought e-book by this PC.After obtaining the RO voucher, client learns that by the checkout equipment type equipment is PC, learn PC equipment clients corresponding characteristic information type according to preset scheme, and choose the higher client features information type of priority (as being hard disk, network interface card, video card), and corresponding client features information is obtained in detection, this obtains failure, then choose the client features information type (as being mainboard, CPU, internal memory) of PC equipment corresponding priorities suboptimum, and detect and obtain corresponding client features information, this obtains success.Digest value, the client features information type of this client features information and characteristic information type (as are designated: PC hardware binding type 2), send to the RO authorization server together with the RO voucher.The RO server is after judging that the RO voucher effectively; use client features information and characteristic information type as parameter; calculate encryption key K1 by the algorithm (as Message Digest 5) that generates key, and the protection key K c of digital content is encrypted, generate K2 with this encryption key K1.Protection key K 2 after in the certificate of authority, describing the client features information type again and utilizing the K1 encryption, as follows:
<bindtype〉PC hardware binding type 2</bindtype 〉
<ECK>K2</ECK>
The RO server returns to client with this certificate of authority.After client obtains this certificate of authority, with its preservation.When the user prepared to use e-book, client detected this certificate of authority, and the protection key after getting access to corresponding client features information type and utilizing the client features information encryption; Client is obtained corresponding client features information according to the client features information type, uses client features information generating solution decryption key, and obtains Kc to protecting key K 2 to be decrypted.Utilize Kc deciphering e-book again, thereby make that the user can reading electronic book.
Embodiment 3:
When certain e-book DRM protection system is also supported mobile phone except supporting PC equipment; client is after having obtained the RO voucher that server issues; learn that by the checkout equipment type equipment of itself is a mobile phone; and learn mobile phone clients corresponding characteristic information type according to predetermined scheme; and detect and to obtain corresponding client features information (as being SIM card number, cell phone apparatus number etc.), it is sent to the RO authorization server together with the RO voucher.The RO authorization server is after the validity of judging the RO voucher; after will carrying out encryption to the protection key of digital content according to client features information; together with the client features information type, add in the certificate of authority of generation, and this certificate of authority is returned to this mobile phone.After this mobile phone has obtained the certificate of authority, with its preservation.When the user prepared to use e-book, this mobile phone detected this certificate of authority, and got access to client features information type and the protection key after the client features information encryption; Mobile phone obtains corresponding client features information according to the client features information type, uses client features information that the protection key is decrypted; Utilize the protection secret key decryption e-book after deciphering again, thereby obtain the e-book content that the user needs.
Embodiment 4:
When the user wishes can both read same e-book on 2 PC and mobile phone.On first PC, client learns that by the checkout equipment type equipment is PC, learn the client features information type (as being hard disk, network interface card) that preecedence requirement is obtained according to preset scheme, and corresponding client features information is obtained in detection, obtain success, client features information, client features information type are sent to authorization server; On second PC, client learns that by the checkout equipment type equipment is PC, learn the client features information type (as being hard disk, network interface card) that preecedence requirement is obtained according to preset scheme, and corresponding client features information is obtained in detection, obtain failure, so in the preset scheme of PC correspondence, search the client features information type (as being mainboard, CPU, internal memory) of suboptimum again, and detect and obtain corresponding client features information, obtain success.This client features information, client features information type are sent to authorization server.On mobile phone, client learns that by the checkout equipment type equipment is mobile phone, learn the client features information (as being cell phone apparatus ID) that preecedence requirement is obtained according to preset scheme, and corresponding client features information is obtained in detection, obtain success, client features information, client features information type are sent to authorization server.Authorization server is after client features information that gets access to these 3 equipment and client features information type; protection key with three's client features information encryption e-book; the client features information type that these three clients are submitted to, the protection key after the encryption are described in the certificate of authority respectively then; as shown in Figure 4; authorization server sends this certificate of authority these three client devices of user to, thereby makes the user to read same e-book by this certificate of authority on these three equipment.
On first PC, client learns that by detecting client features information type on the certificate of authority successively the most preferred client features information type of PC correspondence is hard disk, network interface card, obtains corresponding client features information immediately, obtains success; Use this client features decrypts information to obtain the protection key of e-book.
On second PC, client learns that by detecting client features information type on the certificate of authority successively the most preferred client features information type of PC correspondence is hard disk, network interface card, obtains corresponding client features information immediately, obtains failure; The next preferred client features information type that detects the PC correspondence is mainboard, CPU, internal memory, obtains corresponding client features information immediately, obtains success; Use this client features decrypts information to obtain the protection key of e-book.
On mobile phone, client learns that by detecting client features information type on the certificate of authority successively the most preferred client features information type of mobile phone correspondence is a device id, obtains corresponding client features information immediately, obtains success; Use this client features decrypts information to obtain the protection key of e-book.
Obviously, the technical scheme that provides of the embodiment of the invention can also be applied in other field.For example, in the management process of territory, usually need be with the same apparatus bound of territory certificate.When territory certificate need be with special P C apparatus bound, client learns that by the checkout equipment type equipment is PC, learn the most preferred client features information type (as being hard disk, network interface card) of PC correspondence according to preset scheme, and corresponding client features information is obtained in detection, obtain failure, so choose the less preferred client features information type (as being mainboard, CPU, internal memory) of PC correspondence, and obtain corresponding client features information, obtain success.This client features information, client features information type are sent to field managing server.The client features information that field managing server uses client to send is encrypted domain key; Domain key after in the certificate of territory, describing the client features information type and utilizing the client features information encryption, as follows:
<bindtype〉binding of PC hardware adaptive mechanism</bindtype 〉
<EDK>XXX</EDK>
Field managing server returns to client with this territory certificate.After client obtains the territory certificate, with its preservation.When the user need use this territory certificate, the domain key after client is obtained the client features information type in this territory certificate and utilized the client features information encryption; Client is obtained corresponding client features information according to the client features information type, uses this client features information that domain key is decrypted.
Introduce the method that the embodiment of the invention provides below.
Referring to Fig. 5, a kind of authorization method that the embodiment of the invention provides comprises step:
S501, server receive the key request that client sends, and therefrom obtain the client features information type.
S502, server are encrypted the key of client-requested.
Key after S503, server by utilizing client features information type and the encryption generates the certificate of authority, and this certificate of authority is sent to client.
Referring to Fig. 6, a kind of key acquisition method that the embodiment of the invention provides comprises step:
S601, client are obtained client features information type and process encrypted secret key according to user's request from the certificate of authority that server issues.
S602, client are extracted client features information according to the client features information type, and utilize this client features information to secret key decryption, the key that is used for access relevant content after obtaining deciphering.
In sum, the embodiment of the invention receives the key request that client sends by server, and therefrom obtains the client features information type; Server is encrypted the key of client-requested; Key after server by utilizing client features information type and the encryption generates the certificate of authority, and this certificate of authority sent to client, thereby realized server to client about obtaining the dynamic authorization of key, make more client can obtain to be used for the key of access relevant content, and can satisfy the user obtains to be used to visit the same key of identical content in a plurality of clients demand.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.

Claims (21)

1, a kind of authorization method is characterized in that, this method comprises:
Server receives the key request that client sends, and therefrom obtains the client features information type;
Described server is encrypted the key of described client-requested;
Key after described client features information type of described server by utilizing and the described encryption generates the certificate of authority, and this certificate of authority is sent to described client.
2, method according to claim 1, it is characterized in that, described server further obtains client features information from the key request that described client sends, utilize this client features information, perhaps utilize this client features information and described client features information type that the key of described client-requested is encrypted.
3, method according to claim 2, it is characterized in that, when described server receives the key of a plurality of client-requested when identical, the client features information of described these a plurality of clients of server by utilizing, the client features information type of perhaps utilizing these a plurality of client features information and described a plurality of client to send is encrypted the same key of these a plurality of client-requested;
Client features information and client features information type that the described a plurality of clients of described server by utilizing are submitted to generate the described certificate of authority.
According to claim 2 or 3 described methods, it is characterized in that 4, the step that described client features information of described server by utilizing and client features information type are encrypted the key of described client-requested comprises:
Described client features information of described server by utilizing and described client features information type generate encryption key, adopt this encryption key that the key of described client-requested is encrypted.
5, method according to claim 1 is characterized in that, described server further obtains encryption key from the key request that described client sends, utilize this encryption key that the key of described client-requested is encrypted.
6, method according to claim 5 is characterized in that, described encryption key is to utilize client features information, perhaps utilizes this client features information and client features information type to generate.
7, method according to claim 1 is characterized in that, the key of described client-requested is the protection key of domain key or digital content.
8, a kind of key acquisition method is characterized in that, this method comprises:
Client is obtained client features information type and process encrypted secret key from the certificate of authority that server issues;
Described client is extracted client features information according to described client features information type, and utilizes this client features information, perhaps utilizes this client features information and client features information type to described secret key decryption, the key after obtaining deciphering.
9, method according to claim 8 is characterized in that, described client is obtained from the described certificate of authority before described client features information type and the key, and this method also comprises:
Described client is selected the client features information type according to user's request according to the priority of predefined client features information type, and extracts and the corresponding client features information of this client features information type;
Described client sends to described server with described client features information and described selected client features information type.
10, method according to claim 9, it is characterized in that, described client asks to extract the device type of self according to the user, according to the corresponding relation of predefined device type and client features information type, obtain the pairing alternative client features information type of self device type;
Described client is selected the client features information type according to the priority of predefined client features information type from described alternative client features information type.
11, according to claim 9 or 10 described methods, it is characterized in that, when described client extraction is failed with the corresponding client features information of described selected client features information type, described client is according to the selected again client features information type of the priority of described client features information type, and extraction and the corresponding client features information of this client features information type.
12, method according to claim 8 is characterized in that, the client features information type that described client is obtained from the described certificate of authority comprises multiple client features information type;
Described client is selected a kind of client features information type from described multiple client features information type, and extract and the corresponding client features information of this client features information type, if extract failure, then from described multiple client features information type, select another kind of client features information type, up to extracting the success of client features information.
13, method according to claim 12 is characterized in that, described client is selected the client features information type according to the priority of the client features information type that sets in advance from described multiple client features information type.
14, method according to claim 8 is characterized in that, the key that described client is obtained is the protection key of domain key or digital content.
15, a kind of server is characterized in that, this server comprises:
Receive request unit, be used to receive the key request that client sends, and therefrom obtain the client features information type;
Ciphering unit is used for the key of described client-requested is encrypted;
Send certificate of authority unit, be used to utilize the key after described client features information type and the described encryption to generate the certificate of authority, and this certificate of authority is sent to described client.
16, server according to claim 15 is characterized in that,
Described reception request unit further obtains client features information from the key request that described client sends;
Described ciphering unit utilizes described client features information, perhaps utilizes this client features information and described client features information type that the key of described client-requested is encrypted.
17, a kind of client is characterized in that, this client comprises:
Certificate of authority unit is used for obtaining client features information type and process encrypted secret key from the certificate of authority that server issues;
Key acquiring unit, be used for extracting client features information according to described client features information type, and utilize this client features information, perhaps utilize this client features information and client features information type to described secret key decryption, the key after obtaining deciphering.
18, client according to claim 17 is characterized in that, this client also comprises:
Information extraction unit is used for selecting the client features information type according to user's request according to the priority of predefined client features information type, and extracts and the corresponding client features information of this client features information type;
The encryption key unit is used to utilize described client features information, perhaps utilizes described client features information and described selected client features information type to generate encryption key;
Transmitting element is used for described selected client features information type, and described encryption key or described client features information send to described server.
19, a kind of authoring system is characterized in that, this system comprises:
Server is used to receive the key request that client sends, and therefrom obtains the client features information type; Key to described client-requested is encrypted; Utilize the key after described client features information type and the described encryption to generate the certificate of authority, and this certificate of authority is sent to described client;
Client is used for obtaining client features information type and process encrypted secret key from the certificate of authority that described server issues; The key that generates by client features information, perhaps the key that generates by this client features information and described client features information type is to the secret key decryption in the described certificate of authority, the key after obtaining deciphering.
20, system according to claim 19 is characterized in that, described client comprises:
Information extraction unit is used for according to the selected client features information type of the priority of predefined client features information type, and extracts and the corresponding client features information of this client features information type;
Transmitting element is used for described client features information and described selected client features information type are sent to described server;
Certificate of authority unit is used for obtaining client features information type and process encrypted secret key from the certificate of authority that server issues;
Key acquiring unit, be used for extracting client features information according to described client features information type, and the key that utilizes this client features information to generate, perhaps the key that generates by this client features information and described client features information type is to the secret key decryption in the described certificate of authority, the key after obtaining deciphering.
21, according to claim 19 or 20 described systems, it is characterized in that described server comprises:
Receive request unit, be used to receive the key request that client sends, and therefrom obtain client features information and client features information type;
Ciphering unit is used to utilize described client features information that the key of described client-requested is encrypted;
Send certificate of authority unit, be used to utilize the key after described client features information type and the described encryption to generate the certificate of authority, and this certificate of authority is sent to described client.
CN200810225208.8A 2008-10-27 2008-10-27 Authorization method, system and apparatus Expired - Fee Related CN101404573B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200810225208.8A CN101404573B (en) 2008-10-27 2008-10-27 Authorization method, system and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200810225208.8A CN101404573B (en) 2008-10-27 2008-10-27 Authorization method, system and apparatus

Publications (2)

Publication Number Publication Date
CN101404573A true CN101404573A (en) 2009-04-08
CN101404573B CN101404573B (en) 2014-11-19

Family

ID=40538451

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200810225208.8A Expired - Fee Related CN101404573B (en) 2008-10-27 2008-10-27 Authorization method, system and apparatus

Country Status (1)

Country Link
CN (1) CN101404573B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102868687A (en) * 2012-09-05 2013-01-09 四川长虹电器股份有限公司 Method for improving security of intelligent street lamp control system
CN103034788A (en) * 2011-10-10 2013-04-10 上海无戒空间信息技术有限公司 Verification method and system of electronic readings, server, client and terminal
CN103258151A (en) * 2012-10-30 2013-08-21 中国科学院沈阳自动化研究所 Real-time authorization software License control method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7290149B2 (en) * 2003-03-03 2007-10-30 Microsoft Corporation Verbose hardware identification for binding a software package to a computer system having tolerance for hardware changes
CN101252432B (en) * 2007-12-19 2011-03-30 北大方正集团有限公司 Field managing server and system, digital authority managing method based on field

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103034788A (en) * 2011-10-10 2013-04-10 上海无戒空间信息技术有限公司 Verification method and system of electronic readings, server, client and terminal
CN102868687A (en) * 2012-09-05 2013-01-09 四川长虹电器股份有限公司 Method for improving security of intelligent street lamp control system
CN102868687B (en) * 2012-09-05 2015-07-15 四川长虹电器股份有限公司 Method for improving security of intelligent street lamp control system
CN103258151A (en) * 2012-10-30 2013-08-21 中国科学院沈阳自动化研究所 Real-time authorization software License control method
CN103258151B (en) * 2012-10-30 2016-01-20 中国科学院沈阳自动化研究所 A kind of software License control method of real-time authorization

Also Published As

Publication number Publication date
CN101404573B (en) 2014-11-19

Similar Documents

Publication Publication Date Title
RU2347266C2 (en) Method and device for reception and removal of information concerning objects of digital rights
CN100583083C (en) Apparatus and method for processing digital rights object
US8417966B1 (en) System and method for measuring and reporting consumption of rights-protected media content
US20040039932A1 (en) Apparatus, system and method for securing digital documents in a digital appliance
CN109040026A (en) A kind of authorization method of digital asset, device, equipment and medium
JP2015181010A (en) System and method for protecting user privacy in multimedia uploaded to internet sites
CN101151606B (en) Encryption/decryption method and apparatus for controlling content use based on license information
CN101355569A (en) Control method, apparatus and system for downloading digital content
CN102427442A (en) Combining request-dependent metadata with media content
CN104284213A (en) Hotlink protection method, client side and system
CN109145617B (en) Block chain-based digital copyright protection method and system
CN101651714A (en) Downloading method and related system and equipment
CN101425112B (en) Digital exequatur sending system and digital work decipher operation method
Peng et al. Secure and traceable copyright management system based on blockchain
US20230109369A1 (en) First copyright holder authentication system using blockchain, and method therefor
CN101501724A (en) Rights management system for streamed multimedia content
JP5399268B2 (en) Access to documents with encrypted control
CN101399663B (en) Method, system and device for digital content authentication
CN110955909B (en) Personal data protection method and block link point
CN101404573B (en) Authorization method, system and apparatus
GB2404828A (en) Copyright management where encrypted content and corresponding key are in same file
KR101952139B1 (en) A method for providing digital right management function in gateway server communicated with user terminal
JP2008177752A (en) Key management device, terminal device, content management device, and computer program
CN104462872A (en) Terminal, server and authorization method of digital contents
KR101478526B1 (en) System and method of managing and offering cryptographic key with using authentication information

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220616

Address after: 100871 No. 5, the Summer Palace Road, Beijing, Haidian District

Patentee after: Peking University

Patentee after: New founder holdings development Co.,Ltd.

Patentee after: FOUNDER APABI TECHNOLOGY Ltd.

Address before: 100871 No. 5, the Summer Palace Road, Beijing, Haidian District

Patentee before: Peking University

Patentee before: PEKING UNIVERSITY FOUNDER GROUP Co.,Ltd.

Patentee before: FOUNDER APABI TECHNOLOGY Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20141119