CN101814990A - Home network-oriented digital rights certificate management system - Google Patents
Home network-oriented digital rights certificate management system Download PDFInfo
- Publication number
- CN101814990A CN101814990A CN 201010146701 CN201010146701A CN101814990A CN 101814990 A CN101814990 A CN 101814990A CN 201010146701 CN201010146701 CN 201010146701 CN 201010146701 A CN201010146701 A CN 201010146701A CN 101814990 A CN101814990 A CN 101814990A
- Authority
- CN
- China
- Prior art keywords
- subscriber equipment
- home gateway
- territory
- module
- digital rights
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a home network-oriented digital rights certificate management system. In the system, a home network establishes a domain and allocates a pair of public and private keys for all the equipment, wherein the public key is included in the equipment certificate to identify the equipment. A group key can be generated based on the public key of all the equipment. A home gateway applies for a digital rights certificate to a digital rights server on behalf of all the equipment in the domain; the certificate is encrypted by using the group key so as to ensure that the certificate can only be decrypted and used by legal equipment. The system has the characteristics that: (1) the digital rights certificate needs only to be applied once for the same digital content so as to be shared in the entire domain to relieve the load of the digital rights server; (2) the user in the domain can share the digital content through a super distribution method; and (3) the public key can be issued publicly without worrying about the security of key transmission.
Description
Technical field
The invention belongs to the multi-media safety technology, be specifically related to a kind of digital rights certificate management system towards home network, this system realizes the distribution ﹠ management of digital rights certificate based on the group key technology.
Background technology
Universal day by day along with the maturation of wireless communication technology and consumption electronic product, the focus that technology relevant with home network and standard have become industry research and paid close attention to.Home network is meant by family gateway equipment public network functions and application extended to family, and connects various information terminals with wired or wireless network, reach information within the family net and outside public network abundant circulation and share.The user can enjoy such as services such as access to netwoks, IP phone, interactive games by home network.Correspondingly, copyright very easily duplicates in network and propagates, and on the one hand it brings conveniently to people, opportunity is provided also for simultaneously bootlegging and spreading digital works, the digital abuse that occurs in the net is very serious, and this has greatly damaged the interests of content supplier.At present, addressing this problem main method is to adopt digital copyright management (Digital Rights Management, DRM) technology.Yet the unique distinction of home network makes that existing DRM system is not suitable fully to it.For example, existing most DRM system does not support that the digital content between the user is shared in the home network.Like this, even digital content is Already in the home network on certain subscriber equipment, when miscellaneous equipment need use this content, still need to initiate to be connected and to ask again digital rights certificate with the digital rights service device, this shares for user's content and has brought inconvenience, and has limited the application of DRM technology in home network to a certain extent.
At the content sharing problem between a plurality of users that exist in the existing DRM system, Open Mobile Alliance has proposed the notion in " territory " in the DRM 2.0 of its issue.The digital rights service device can be tied to right and other relevant information on all DRM agencies in this territory.Therefore, even they also can carry out sharing of digital content under the situation of off-line.Some researchers utilize this thought, at the home network applied environment different DRM solutions has been proposed, but can see by analysis to these schemes, they exist some shortcomings at the aspects such as flexibility of existing digital rights management pattern, management, therefore the present invention is based on the group key technology, intend proposing a kind of digital rights certificate management system towards home network to realize in the home network that the convenience of digital content is shared between the user.
Summary of the invention
The present invention proposes a kind of digital rights certificate management system towards home network.In this system, all subscriber equipmenies are assigned with a pair of special public private key pair in the home network, and wherein PKI is included in the middle of the device certificate, and it can carry out unique identification to this subscriber equipment.If a certain subscriber equipment wants to use a certain digital content in the home network, at first, home gateway is based on the PKI of all validated user equipment in the home network, generate a group key, this group key has such characteristic, the content of its encryption, all validated user equipment all can be used own private key deciphering; Then, home gateway is represented all validated user equipment in the home network, with the encryption key of this group key as digital rights certificate, to digital rights service device application digital rights certificate.Usually, digital content is the packet that exists with encrypted form, this bag can be realized sharing by super distribution between subscriber equipment, and the digital rights certificate that the digital rights service device is issued can guarantee as long as this digital content can be deciphered and play to validated user equipment just.
The concrete technical scheme that adopts is as follows:
A kind of digital rights certificate management system towards home network, comprise home gateway, subscriber equipment and DRM server zone, wherein, described home gateway is used for establishment and management domain, for the user generates public private key pair and generates and the update group key, and carry out the application of digital content and digital rights certificate as the agency of subscriber equipment; Described subscriber equipment is used for application and uses digital content and digital rights certificate, and can carry out the distribution of digital content in the territory; Described DRM server zone is used for generating and issue digital content and digital rights certificate, and generation, distribution ﹠ management letter of identity, and the online query service of described letter of identity state is provided.
Home gateway of the present invention comprises territory establishment and Registering modules, territory administration module, digital content acquisition module, digital rights certificate acquisition module and letter of identity customer management module, create in described territory and Registering modules is used for creating the territory and this territory being safeguarded at home gateway, the service of having only the subscriber equipment that adds this territory could use described system to provide; Described territory administration module is used to handle the adding of the subscriber equipment in the home network or withdraw from the territory request; Described digital content acquisition module is used to receive the digital content application of subscriber equipment, to this digital content of DRM server zone request, and the gained result is returned; Described digital rights certificate acquisition module is used to receive the digital rights certificate application of subscriber equipment, to this digital rights certificate of DRM server zone request, and the result is returned; Described letter of identity customer management module is used for to the application of DRM server zone and obtains letter of identity, and carries out the online query of letter of identity state when needed.
Subscriber equipment of the present invention comprises territory Registering modules, territory cancellation module, digital content acquisition module, digital rights certificate acquisition module, content play module and the super distribution module of content, and described territory Registering modules and territory cancellation module are respectively applied for to home gateway application adding and withdraw from the territory; Described digital content acquisition module and digital rights certificate acquisition module are respectively applied for to the home gateway application and obtain digital content and digital rights certificate; Described content play module is used to decipher the digital content of obtaining and plays; The subscriber equipment that the super distribution module of described content is used in the territory obtains digital content by super distribution mode other subscriber equipment in the territory, thereby realizes the shared of digital content in the territory.
DRM server zone of the present invention comprises that home network registration and administration module, digital content distribution module, digital rights certificate generate and provide module and letter of identity server management module; Described home network registration and administration module are used to accept and handle application for registration, the acceptance of home gateway and handle the area update of home gateway; Described digital content distribution module and digital rights certificate generate and provide module and be respectively applied for digital content request and the digital rights certificate request of accepting and handling home gateway; Described letter of identity server management module is used to accept and handle the letter of identity request of home gateway, and the online query of letter of identity state is provided when needed.
When new subscriber equipment will add in the territory of home network, the workflow of described territory administration module was as follows among the present invention:
1) sets up being connected of this new subscriber equipment and home gateway;
2) this new subscriber equipment is submitted the facility information of oneself to home gateway;
3) facility information that this subscriber equipment is submitted to is verified and write down to home gateway, is that it produces a public private key pair then as follows:
A) produce two prime number p
iAnd q
i, wherein i is this new subscriber equipment corresponding sequence number, p
iAnd q
iAdopt the prime number of 256bit, p
iAnd q
iAfter using, will be dropped to guarantee that it is not obtained by other people;
B) calculate N
i=p
i* q
i
C) calculate Φ (N
i)=(p
i-1) * (q
i-1), and select positive integer e to make e and Φ (N
i) relatively prime,
Promptly satisfy gcd (e, Φ (N
i))=1, e is open as common parameter;
D) calculate d
i, make it satisfy formula: ed
i=1mod Φ (N
i), parameter combinations is constituted PKI K
i=<e, N
iAnd private key
4) the described home gateway PKI K that generates
iProduce the device certificate of this new subscriber equipment, and with the device private K of this device certificate and generation
i -1Be transferred to this subscriber equipment;
5) described home gateway is created or is upgraded validated user list of devices its territory in, and by following method generation or update group key GPK:
A) take out the PKI N that each validated user equipment is had in the territory
j, N
j∈ S
r, wherein j is the sequence number of validated user equipment, S
rRepresent the PKI set of all validated user equipment;
B) according to N
iAnd S
rGenerate group key GPK, here
6) home gateway and DRM server zone connect;
7) home gateway and DRM server zone exchange letter of identity separately, the validity of the letter of identity that the authentication center's checking home gateway in the DRM server zone is submitted to is if then carry out next step by checking; Otherwise the DRM server zone returns error message and termination to home gateway;
8) home gateway is submitted its validated user list of devices and group key to the DRM server zone;
9) the DRM server zone is handled and the storage relevant information, and returns confirmation to home gateway.
The subscriber equipment A of the present invention in family's network domains has digital content, and when another subscriber equipment B wished to use this digital content in the territory, the course of work of the super distribution module of described content was:
1) subscriber equipment B and subscriber equipment A connect;
2) subscriber equipment B and subscriber equipment A exchange device certificate separately, and the digital content distribution request is proposed;
3) subscriber equipment A and home gateway connect;
4) subscriber equipment A submits the device certificate of oneself to home gateway;
5) validity of home gateway verifying user equipment A device certificate, if then continue next step by checking, otherwise home gateway returns error message and termination to subscriber equipment A;
6) subscriber equipment A submits device certificate and the requests verification of subscriber equipment B to home gateway;
7) validity of the device certificate of home gateway verifying user equipment B, and return the checking result to subscriber equipment A, if then continue next step by checking, otherwise subscriber equipment A returns error message and stops to subscriber equipment B;
8) subscriber equipment A returns authentication to subscriber equipment B and passes through information;
9) subscriber equipment B is to the request of subscriber equipment A proposition to certain digital content;
10) subscriber equipment A transmits this digital content to subscriber equipment B.
Digital rights certificate management system towards home network provided by the invention, its major function comprises.
1) home gateway is created the territory and is registered to the DRM server zone;
2) subscriber equipment adds the territory to the home gateway application, and home gateway generates a pair of public and private key for the subscriber equipment that application adds this territory; Home gateway generates group key according to the PKI of all subscriber equipmenies, and this group key is sent to the DRM server zone;
3) subscriber equipment is to home gateway application digital content and digital rights certificate, home gateway is acted on behalf of to DRM server zone application digital content and digital rights certificate as it, wherein its digital rights certificate of applying for is used group key to encrypt by the DRM server zone, therefore has only validated user equipment could decipher use;
4) subscriber equipment can carry out the super distribution of content to realize sharing of digital content in the territory.
Utilization of the present invention has realized the flexible management of digital rights certificate based on the group key technology of RSA Algorithm, has realized that the convenience of digital content in home network domain share.Specifically, the present invention has following characteristics:
(1) among the present invention, use group key to encrypt to digital rights certificate, the application that makes home network only need digital content to be carried out a digital rights certificate can realize that the digital content in the entire domain is shared, the load that can alleviate the digital rights service device like this.
(2) among the present invention, the home network intra domain user can realize that the convenience of digital content is shared by super ways of distribution.
When (3) group key generates among the present invention, be based on the PKI of all legitimate device,, thereby need not worry security of key transmission owing to PKI can openly be issued; The group key of Sheng Chenging is a special RSA PKI simultaneously, and the content of its encryption has only legitimate device to use the private key of oneself to decipher, because RSA Algorithm is the high cryptographic algorithm of present fail safe, thereby it has good fail safe.
In a word, under the support of digital rights certificate management system of the present invention, digital rights certificate and digital content can realize sharing in home network domain easily and safely.
Description of drawings
Fig. 1 is based on the structure chart of system proposed by the invention.
Fig. 2 is the system function module schematic diagram.
Embodiment
As shown in Figure 1, the digital rights certificate management system towards home network of the present invention's proposition comprises three parts: home gateway 10, subscriber equipment 20, DRM server zone 30.Wherein home gateway 10 is private servers; Subscriber equipment 20 may be equipment such as PC, portable computer; And DRM server zone 30 comprises content server, digital rights service device and authentication center.
Below in conjunction with accompanying drawing 2, specifically introduce the major function of the functional module that is comprised in each part.
One, home gateway 10
The function that home gateway 10 is mainly finished comprises: create and the managing family network domains, receive the digital content and the digital rights certificate request of subscriber equipment 20, and send request to DRM server zone 30, and the result is returned to subscriber equipment 20 as their agency.Main functional modules in the home gateway 10 comprises: create and Registering modules 11, territory administration module 12, digital content acquisition module 13, digital rights certificate acquisition module 14 and letter of identity customer management module 15 in the territory.Below each module functions is described.
1. create and Registering modules 11 in the territory
This module is mainly used in territory of home gateway establishment and this territory is safeguarded.The service of having only the subscriber equipment that adds this territory could using system to provide.Home network registration in this module and the DRM server zone 30 and administration module 31 are alternately to finish function.The main contents of this module are as follows:
1) home gateway initialization relevant information, and generate a domain identifier DID.
2) home gateway and content server connect.
3) home gateway and content server exchange letter of identity separately.
4) content server is verified the validity of the letter of identity that home gateway is submitted to authentication center, if then carry out next step by checking; Otherwise stop.
5) home gateway is submitted relevant informations such as domain identifier number to content server, and proposes application for registration.
6) content server is handled this information, if agree this application, then returns confirmation, and carries out next step; Otherwise return error message and termination.
7) home gateway is created information and corresponding domain identifier number to all subscriber equipment broadcast domains.
After home gateway had been created a territory, all subscriber equipmenies in the home network can freely add or withdraw from this territory according to the needs of oneself.In addition, content server need send to the relevant information of home gateway the digital rights service device.
2. the territory administration module 12
This module is mainly used in the territory of handling the subscriber equipment in the home network and adds (or withdrawing from) request.After having subscriber equipment to add (or withdrawing from) territory, home gateway need be submitted to content server with lastest imformation.Home network registration in territory Registering modules 21 in this module and the subscriber equipment 20, territory cancellation module 22 and the DRM server zone 30 and administration module 31 are alternately to finish function.
When new subscriber equipment added the territory, the workflow of this module was as follows:
1) when new subscriber equipment will add in the territory of home network, can connect with home gateway.
2) subscriber equipment is submitted relevant information (as the CPU sequence number of equipment, hard disk identification number etc.) to home gateway.
3) relevant information that home gateway is verified and recording user equipment is submitted to is that it produces a public private key pair then as follows:
A) for i subscriber equipment arbitrarily, produce two prime number p
iAnd q
i
B) calculate N
I=p
i* q
i, p here
iAnd q
iAdopt the prime number of 256bit, and p
iAnd q
iAfter using, will be dropped to guarantee that it is not obtained by other people.
C) calculate Φ (N
i)=(p
i-1) * (q
i-1), and select positive integer e to make e and Φ (N
I) relatively prime, promptly satisfy gcd (e, Φ (N
i))=1, e is open as common parameter.
D) calculate d
i, make it satisfy formula: ed
i=1mod Φ (N
i).Parameter combinations is constituted PKI K
i=<e, N
iAnd private key
4) the home gateway PKI K that generates
iProduce the device certificate of subscriber equipment, and with the device private K of this device certificate and generation
i -1Be transferred to subscriber equipment.
5) home gateway is created the validated user list of devices in (or renewal) its territory, and generates (or renewal) group key GPK by following method:
A) take out the PKI N that each validated user equipment is had in the territory
j, N
j∈ S
r(wherein j is the sequence number of subscriber equipment, S
rRepresent the PKI set of all validated user equipment).
B) according to N
iAnd S
rGenerate group key GPK.Here
6) home gateway and content server connect.
7) home gateway and content server exchange letter of identity separately, content server is to the validity of the letter of identity of authentication center's checking home gateway submission, if then carry out next step by checking; Otherwise content server returns error message and termination to home gateway.
8) home gateway is submitted its validated user list of devices and group key to content server.
9) content server is handled and the storage relevant information, and returns confirmation to home gateway.
After subscriber equipment in the home network adds the territory by home gateway, can come to the request of DRM server zone its required digital content and digital rights certificate by home gateway, can also be easily with the territory in other subscriber equipment carry out sharing of digital content.After the member changed in the territory, home gateway was used the group key of renewal the enciphered message in its digital rights certificate that has is handled again.The lastest imformation that content server then needs in time home gateway to be submitted to is transferred to the digital rights service device.
When subscriber equipment wishes to withdraw from home network domain, can file an application its workflow and adding home network domain broadly similar to home gateway.
3. the digital content acquisition module 13
This module is mainly used in the digital content application that home gateway 10 receives subscriber equipmenies 20, this digital content of content server request in DRM server 30, and the gained result returned.Digital content acquisition module 23 and the digital content distribution module in the DRM server zone 32 in this module and the subscriber equipment 20 are carried out alternately to finish function.
4. the digital rights certificate acquisition module 14
This module is mainly used in the digital rights certificate application that home gateway 10 receives subscriber equipmenies 20, this certificate of digital rights service device request in digital rights service device 30, and the result returned.Digital rights certificate acquisition module 24 in this module and the subscriber equipment 20 and the digital rights certificate in the DRM server zone 30 generate and provide module 33 to carry out alternately to finish function.
The main contents of this module are as follows:
1) the content play instrument of subscriber equipment before playing digital content and home gateway connect.
2) subscriber equipment is submitted its device certificate to home gateway, and home gateway is verified the validity of this certificate, if then continue next step by checking; Otherwise return error message and termination.
3) subscriber equipment is to this digital content corresponding digital rights certificate of home gateway request.
4) home gateway is checked its local data base, has (home gateway has obtained this digital rights certificate) if play the required digital rights certificate of this digital content, then directly it is transferred to subscriber equipment and termination; Otherwise home gateway and digital rights service device connect.
5) home gateway and digital rights service device exchange letter of identity separately.The digital rights service device, also stops otherwise the digital rights service device returns error message to home gateway if then carry out next step by checking to the validity of the letter of identity of authentication center's checking home gateway submission;
6) home gateway is transmitted the digital rights certificate request of subscriber equipment to the digital rights service device.
7) the digital rights service device is asked according to it, collects corresponding cost to home gateway.Generate the corresponding digital rights certificate for it then.
8) the digital rights service device is transferred to home gateway with this digital rights certificate.
9) home gateway is transmitted to the requesting users equipment that sends with this digital rights certificate.
5. the letter of identity customer management module 15
This module be mainly used in home gateway 10 in DRM server zone 30 authentication center application and obtain letter of identity, and carry out the online query of letter of identity state when needed.Letter of identity server management module 34 in this module and the DRM server zone 30 is alternately to finish corresponding function.
Two, subscriber equipment 20
The function that subscriber equipment 20 is mainly finished comprises: apply for adding or withdrawing from home network domain; Application is also obtained digital content and digital rights certificate; Playing digital content; In home network domain, carry out the super distribution of digital content.Main functional modules in the subscriber equipment 20 comprises territory Registering modules 21, territory cancellation module 22, digital content acquisition module 23, digital rights certificate acquisition module 24, content play module 25 and the super distribution module 26 of content.Function to each module is described below.
1. the territory Registering modules 21
This module is mainly used in subscriber equipment 20 and adds the territory to home gateway 10 applications.Territory administration module 12 in it and the home gateway 10 carries out alternately to finish function.
2. module 22 is nullified in the territory
This module is mainly used in subscriber equipment 20 and withdraws from the territory to home gateway 10 applications.Territory administration module 12 in it and the home gateway 10 carries out alternately to finish function.
3. the digital content acquisition module 23
This module is mainly used in subscriber equipment 20 and applies for and obtain digital content to home gateway 10.Digital content acquisition module 13 in it and the home gateway 10 carries out alternately to finish function.
4. the digital rights certificate acquisition module 24
This module is mainly used in subscriber equipment 20 and applies for and obtain digital rights certificate to home gateway 10.Digital rights certificate acquisition module 14 in it and the home gateway 10 carries out alternately to finish function.
5. the content play module 25
This module is mainly used in subscriber equipment 20 decrypts digital content and plays.Attention must have corresponding digital rights certificate when playing digital content, if do not have, then need call number rights certificate acquisition module 24 to obtain.Subscriber equipment j can utilize the private key K of oneself after obtaining this digital rights certificate
j -1Decipher in this digital rights certificate by group key information encrypted (as contents encryption key CK).Decrypting process (in the formula implication of related symbol can referring to the territory administration module 12 in the home gateway 10) as follows:
(t is other subscriber equipment except j in the territory here, and x is a positive integer)
After the user obtains contents encryption key CK, available it come decrypts digital content and use (digital content generally adopts the symmetric cryptography mode, and encryption key is identical with decruption key).
6. the super distribution module 26 of content
This module is mainly used in certain subscriber equipment and obtains digital content by super distribution mode from other subscriber equipment, realizes that the convenience of digital content in the territory is shared.Suppose such typical scenarios: subscriber equipment A has certain digital content, and subscriber equipment B wishes to use this digital content.In this case, the main contents of this module are as follows:
1) subscriber equipment B and subscriber equipment A connect.
2) subscriber equipment B and subscriber equipment A exchange device certificate separately, and the digital content distribution request is proposed.
3) subscriber equipment A and home gateway connect.
4) subscriber equipment A submits the device certificate of oneself to home gateway.
5) validity of home gateway verifying user equipment A device certificate is if then continue next step by checking; Otherwise home gateway returns error message and termination to subscriber equipment A.
6) subscriber equipment A submits device certificate and the requests verification of subscriber equipment B to home gateway.
7) validity of the device certificate of home gateway verifying user equipment B, and return the checking result to subscriber equipment A.If then continue next step by checking, otherwise subscriber equipment A returns error message and termination to subscriber equipment B.
8) subscriber equipment A returns authentication to subscriber equipment B and passes through information.
9) subscriber equipment B is to the request of subscriber equipment A proposition to certain digital content.
10) subscriber equipment A transmits this digital content to subscriber equipment B.
After subscriber equipment B obtains digital content from subscriber equipment A, when needs are play this digital content, can call number rights certificate acquisition module 24, to the home gateway application and obtain the corresponding digital rights certificate.And because the digital rights certificate that is used to play this digital content home gateway place Already in, so home gateway can directly send to it with this certificate after the legal identity of confirming subscriber equipment B.Subscriber equipment B can call content play module 25 and come play content after obtaining this certificate.
There is following problem to need explanation in this module.
(1) will carry out authentication by home gateway between the subscriber equipment, and subscriber equipment B is not to subscriber equipment A but ask digital rights certificate to home gateway.This is because the validated user equipment in the home network domain is dynamic change, in case there is certain subscriber equipment to be removed out the validated user list of devices of home gateway, its device certificate can be cancelled, and group key also can be updated, and information such as the content decryption key in the digital rights certificate also can regenerate.Therefore, carry out authentication (promptly obtaining up-to-date device certificate state) or obtain up-to-date digital rights certificate, must pass through home gateway.
(2) subscriber equipment B does not need subscriber equipment A is carried out authentication.This is because subscriber equipment B applies for digital content to subscriber equipment A, is a side who accepts service, and therefore subscriber equipment A not being carried out authentication can not produce adverse consequences to it, also can alleviate the burden of home gateway simultaneously.
Three, the DRM server zone 30
Comprise content server, digital rights service device, authentication center in the DRM server zone 30.The function that it is mainly finished comprises: accept and handle territory registration and update request, acceptance and the digital content of processing home gateway 10 and the distribution ﹠ management of digital rights certificate request and letter of identity of home gateway 10.Main functional modules in the DRM server zone 30 comprises that home network registration and administration module 31, digital content distribution module 32, digital rights certificate generate and provide module 33 and letter of identity server management module 34.Function to each module is described below.
1. home network is registered and administration module 31
This module is mainly used in the area update (when the home network domain member changes, needing the update group key) that DRM server zone 30 was accepted and handled the application for registration of home gateway 10, acceptance and handles home gateway 10.The territory establishment of this module and home gateway 10 and Registering modules 11 and territory administration module 12 are alternately to finish function.
2. the digital content distribution module 32
This module is mainly used in the content server acceptance in the DRM server zone 30 and handles the digital content request of home gateway 10.The digital content acquisition module 13 of this module and home gateway 10 is alternately to finish function.
3. digital rights certificate generates and provides module 33
This module is mainly used in the digital rights service device acceptance in the DRM server zone 30 and handles the digital rights certificate request of home gateway 10.The digital rights certificate acquisition module 14 of this module and home gateway 10 is alternately to finish function.
The generative process of digital rights certificate is as follows:
1) the digital rights service device is accepted the digital rights certificate application of home gateway and is collected relevant information (using information, contents encryption key etc. as digital content information, home gateway information, right).
2) the digital rights service device is encrypted sensitive information entrained in the digital rights certificate (as contents encryption key CK) with the group key GPK that this home gateway provided, encryption method as the following formula shown in:
3) the digital rights service device uses key after this encryption and other relevant information (as the right use information of digital content etc.) to generate digital rights certificate.
In the system, the digital rights certificate that home gateway 10 is applied for to DRM server zone 30 wants to guarantee that all the validated user equipment in the home network domain can both use that the digital rights service device can be realized this point by aforesaid certificate ciphering process.
4. the letter of identity server management module 34
The authentication center that this module is mainly used in the DRM server zone 30 accepts and handles the letter of identity request of home gateway 10, and the online query of letter of identity state is provided when needed.Letter of identity customer management module 15 in this module and the home gateway 10 is carried out alternately to finish corresponding function.
Claims (6)
1. the digital rights certificate management system towards home network comprises home gateway (10), subscriber equipment (20) and DRM server zone (30), wherein,
Described home gateway (10) is used for establishment and management domain, for the user generates public private key pair and generates and the update group key, and carry out the application of digital content and digital rights certificate as the agency of subscriber equipment (20);
Described subscriber equipment (20) is used for application and uses digital content and digital rights certificate, and can carry out the distribution of digital content in the territory;
Described DRM server zone (30) is used for generating and issue digital content and digital rights certificate, and generation, distribution ﹠ management letter of identity, and the online query service of described letter of identity state is provided.
2. a kind of digital rights certificate management system according to claim 1 towards home network, it is characterized in that, described home gateway (10) comprises territory establishment and Registering modules (11), territory administration module (12), digital content acquisition module (13), digital rights certificate acquisition module (14) and letter of identity customer management module (15)
Create in described territory and Registering modules (11) is used for creating the territory and this territory being safeguarded at home gateway (10), the service of having only the subscriber equipment that adds this territory could use described system to provide;
Described territory administration module (12) is used to handle the adding of the subscriber equipment in the home network or withdraw from the territory request;
Described digital content acquisition module (13) is used to receive the digital content application of subscriber equipment (20), asks this digital content to DRM server zone (30), and the gained result is returned;
Described digital rights certificate acquisition module (14) is used to receive the digital rights certificate application of subscriber equipment (20), asks this digital rights certificate to DRM server zone (30), and the result is returned;
Described letter of identity customer management module (15) is used for applying for and obtain letter of identity to DRM server zone (30), and carries out the online query of letter of identity state when needed.
3. a kind of digital rights certificate management system according to claim 1 and 2 towards home network, it is characterized in that, described subscriber equipment (20) comprises territory Registering modules (21), territory cancellation module (22), digital content acquisition module (23), digital rights certificate acquisition module (24), content play module (25) and the super distribution module of content (26)
Described territory Registering modules (21) and territory cancellation module (22) are respectively applied for to home gateway (10) application adding and withdraw from the territory;
Described digital content acquisition module (23) and digital rights certificate acquisition module (24) are respectively applied for to home gateway (10) applies for and obtains digital content and digital rights certificate;
Described content play module (25) is used to decipher the digital content of obtaining and plays;
The subscriber equipment that the super distribution module of described content (26) is used in the territory obtains digital content by super distribution mode other subscriber equipment in the territory, thereby realizes the shared of digital content in the territory.
4. according to the described a kind of digital rights certificate management system of one of claim 1-3 towards home network, it is characterized in that described DRM server zone (30) comprises that home network registration and administration module (31), digital content distribution module (32), digital rights certificate generate and provide module (33) and letter of identity server management module (34);
Described home network registration and administration module (31) are used to accept and handle application for registration, the acceptance of home gateway and handle the area update of home gateway;
Described digital content distribution module (32) and digital rights certificate generate and provide module (33) and be respectively applied for digital content request and the digital rights certificate request of accepting and handling home gateway (10);
Described letter of identity server management module (34) is used for accepting and handling the letter of identity request of home gateway (10), and the online query of letter of identity state is provided when needed.
5. according to the described a kind of digital rights certificate management system of one of claim 2-4, it is characterized in that when new subscriber equipment will add in the territory of home network, the workflow of described territory administration module (12) was as follows towards home network:
1) sets up being connected of this new subscriber equipment and home gateway (10);
2) this new subscriber equipment is submitted the facility information of oneself to home gateway (10);
3) facility information that this subscriber equipment is submitted to is verified and write down to home gateway (10), then by as follows
Step produces a public private key pair for it:
A) produce two prime number p
iAnd q
i, wherein i is this new subscriber equipment corresponding sequence number, p
iAnd q
iAdopt the prime number of 256bit, p
iAnd q
iAfter using, will be dropped to guarantee that it is not by other people
Obtain;
B) calculate N
i=p
i* q
i
C) calculate Φ (N
i)=(p
i-1) * (q
i-1), and select positive integer e to make e and Φ (N
i) relatively prime, promptly satisfy gcd (e, Φ (N
i))=1, e is open as common parameter;
D) calculate d
i, make it satisfy formula: ed
i=1mod Φ (N
i), parameter combinations is constituted PKI K
i=<e, N
iAnd private key
4) described home gateway (10) the PKI K that generates
iProduce the device certificate of this new subscriber equipment, and with the device private K of this device certificate and generation
i -1Be transferred to this new subscriber equipment;
5) described home gateway (10) is created or is upgraded validated user list of devices in its territory, and generates or update group key GPK by following method:
A) take out the PKI N that each validated user equipment is had in the territory
j, N
j∈ S
r, wherein j is the sequence number of validated user equipment, S
rRepresent the PKI set of all validated user equipment;
B) according to N
iAnd S
rGenerate group key GPK, here
6) home gateway (10) and DRM server zone (30) connect;
7) home gateway (10) and DRM server zone (30) exchange letter of identity separately, the validity of the letter of identity that the authentication center's checking home gateway (10) in the DRM server zone (30) is submitted to is if then carry out next step by checking; Otherwise DRM server zone (30) returns error message and termination to home gateway (10);
8) home gateway (10) is submitted its validated user list of devices and group key to DRM server zone (30);
9) DRM server zone (30) is handled and the storage relevant information, and returns confirmation to home gateway (10).
6. according to the described a kind of digital rights certificate management system of one of claim 2-5 towards home network, it is characterized in that, subscriber equipment A in family's network domains has digital content, and when another subscriber equipment B wished to use this digital content in the territory, the course of work of the super distribution module of described content (26) was:
1) subscriber equipment B and subscriber equipment A connect;
2) subscriber equipment B and subscriber equipment A exchange device certificate separately, and the digital content distribution request is proposed;
3) subscriber equipment A and home gateway (10) connect;
4) subscriber equipment A submits the device certificate of oneself to home gateway (10);
5) validity of home gateway (10) verifying user equipment A device certificate, if then continue next step by checking, otherwise home gateway (10) returns error message and termination to subscriber equipment A;
6) subscriber equipment A submits device certificate and the requests verification of subscriber equipment B to home gateway (10);
7) validity of the device certificate of home gateway (10) verifying user equipment B, and return the checking result to subscriber equipment A, if then continue next step by checking, otherwise subscriber equipment A returns error message and stops to subscriber equipment B;
8) subscriber equipment A returns authentication to subscriber equipment B and passes through information;
9) subscriber equipment B is to the request of subscriber equipment A proposition to certain digital content;
10) subscriber equipment A transmits this digital content to subscriber equipment B.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010146701 CN101814990A (en) | 2010-04-15 | 2010-04-15 | Home network-oriented digital rights certificate management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010146701 CN101814990A (en) | 2010-04-15 | 2010-04-15 | Home network-oriented digital rights certificate management system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101814990A true CN101814990A (en) | 2010-08-25 |
Family
ID=42622117
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010146701 Pending CN101814990A (en) | 2010-04-15 | 2010-04-15 | Home network-oriented digital rights certificate management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101814990A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102142067A (en) * | 2011-03-09 | 2011-08-03 | 中山大学 | Digital family network-based digital rights management system |
| CN102394869A (en) * | 2011-10-21 | 2012-03-28 | 河南科技大学 | Digital content sharing method and system for digital network |
| CN102497581A (en) * | 2011-12-14 | 2012-06-13 | 广州杰赛科技股份有限公司 | Digital-certificate-based video monitoring data transmission method and system |
| CN103312686A (en) * | 2012-03-12 | 2013-09-18 | 索尼公司 | Digital rights management for live streaming based on trusted relationships |
| CN104253794A (en) * | 2013-06-27 | 2014-12-31 | 华为软件技术有限公司 | Method and device for controlling the range of content use |
| CN105075219A (en) * | 2013-03-28 | 2015-11-18 | 汤姆逊许可公司 | Network system comprising a security management server and a home network, and method for including a device in the network system |
| CN108055128A (en) * | 2017-12-18 | 2018-05-18 | 数安时代科技股份有限公司 | Generation method, device, storage medium and the computer equipment of RSA key |
| CN111901119A (en) * | 2020-06-21 | 2020-11-06 | 苏州浪潮智能科技有限公司 | Security domain isolation method, system and device based on trusted root |
| CN114650182A (en) * | 2022-04-08 | 2022-06-21 | 深圳市欧瑞博科技股份有限公司 | Identity authentication method, system, device, gateway equipment, equipment and terminal |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859246A (en) * | 2005-11-02 | 2006-11-08 | 华为技术有限公司 | Copyright managing method for digit household network and digital household network system |
| CN1878092A (en) * | 2006-07-12 | 2006-12-13 | 华为技术有限公司 | Domain management system, method for building local domain and method for acquisition of local domain licence |
| WO2007047638A2 (en) * | 2005-10-14 | 2007-04-26 | Bader David M | System and method for managing protected content in a network system |
| CN101043403A (en) * | 2007-03-15 | 2007-09-26 | 西安电子科技大学 | Field based digital copyright protecting family network system |
-
2010
- 2010-04-15 CN CN 201010146701 patent/CN101814990A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007047638A2 (en) * | 2005-10-14 | 2007-04-26 | Bader David M | System and method for managing protected content in a network system |
| CN1859246A (en) * | 2005-11-02 | 2006-11-08 | 华为技术有限公司 | Copyright managing method for digit household network and digital household network system |
| CN1878092A (en) * | 2006-07-12 | 2006-12-13 | 华为技术有限公司 | Domain management system, method for building local domain and method for acquisition of local domain licence |
| CN101043403A (en) * | 2007-03-15 | 2007-09-26 | 西安电子科技大学 | Field based digital copyright protecting family network system |
Non-Patent Citations (2)
| Title |
|---|
| 《International Conference on Convergence and Hybrid Information Technology 2008》 20081231 Young Gu Lee 等 A Study on Secure Contents Transmission in Home Domain 139-144页 1-6 , 2 * |
| 《计算机科学》 20091130 李平 等 一个面向家庭网络的数字版权管理系统 116-119页 1-6 第36卷, 第11期 2 * |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102142067A (en) * | 2011-03-09 | 2011-08-03 | 中山大学 | Digital family network-based digital rights management system |
| CN102394869A (en) * | 2011-10-21 | 2012-03-28 | 河南科技大学 | Digital content sharing method and system for digital network |
| CN102394869B (en) * | 2011-10-21 | 2013-05-01 | 河南科技大学 | Digital content sharing method and system for digital network |
| CN102497581A (en) * | 2011-12-14 | 2012-06-13 | 广州杰赛科技股份有限公司 | Digital-certificate-based video monitoring data transmission method and system |
| CN102497581B (en) * | 2011-12-14 | 2014-06-25 | 广州杰赛科技股份有限公司 | Digital-certificate-based video monitoring data transmission method and system |
| CN103312686A (en) * | 2012-03-12 | 2013-09-18 | 索尼公司 | Digital rights management for live streaming based on trusted relationships |
| CN105075219A (en) * | 2013-03-28 | 2015-11-18 | 汤姆逊许可公司 | Network system comprising a security management server and a home network, and method for including a device in the network system |
| CN104253794A (en) * | 2013-06-27 | 2014-12-31 | 华为软件技术有限公司 | Method and device for controlling the range of content use |
| CN104253794B (en) * | 2013-06-27 | 2017-12-01 | 华为软件技术有限公司 | A kind of method and device for the scope that control content uses |
| CN108055128A (en) * | 2017-12-18 | 2018-05-18 | 数安时代科技股份有限公司 | Generation method, device, storage medium and the computer equipment of RSA key |
| CN108055128B (en) * | 2017-12-18 | 2021-11-19 | 数安时代科技股份有限公司 | RSA key generation method, RSA key generation device, storage medium and computer equipment |
| CN111901119A (en) * | 2020-06-21 | 2020-11-06 | 苏州浪潮智能科技有限公司 | Security domain isolation method, system and device based on trusted root |
| CN111901119B (en) * | 2020-06-21 | 2022-08-16 | 苏州浪潮智能科技有限公司 | Security domain isolation method, system and device based on trusted root |
| CN114650182A (en) * | 2022-04-08 | 2022-06-21 | 深圳市欧瑞博科技股份有限公司 | Identity authentication method, system, device, gateway equipment, equipment and terminal |
| CN114650182B (en) * | 2022-04-08 | 2024-02-27 | 深圳市欧瑞博科技股份有限公司 | Identity authentication method, system, device, gateway equipment, equipment and terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112989415B (en) | Private data storage and access control method and system based on block chain | |
| CN101814990A (en) | Home network-oriented digital rights certificate management system | |
| Popescu et al. | A DRM security architecture for home networks | |
| CN101189827B (en) | Method for inclusive authentication and management of service provider, terminal and user identity module, and system and terminal device using the method | |
| KR100746030B1 (en) | Method and apparatus for generating rights object with representation by commitment | |
| RU2352985C2 (en) | Method and device for authorisation of operations with content | |
| CN109660485A (en) | A kind of authority control method and system based on the transaction of block chain | |
| WO2014086166A1 (en) | Method and system for preventively preserving electronic data | |
| US20090049556A1 (en) | Method for redistributing drm protected content | |
| CN103780607B (en) | The method of the data de-duplication based on different rights | |
| TW201012166A (en) | Virtual subscriber identity module | |
| CN101951360B (en) | Interoperable keychest | |
| JPH06223041A (en) | Rarge-area environment user certification system | |
| KR20090133112A (en) | Method and system for secure communication | |
| CN101546366B (en) | Digital copyright management system and management method | |
| CN108696360A (en) | A kind of CA certificate distribution method and system based on CPK keys | |
| CN102546660A (en) | Digital rights protection method supporting dynamic licensing authorization | |
| CN108566273A (en) | Identity authorization system based on quantum network | |
| CN113645195B (en) | Cloud medical record ciphertext access control system and method based on CP-ABE and SM4 | |
| CN104683351A (en) | System and method for controlling anonymous hospitalizing and security access of medical information based on property | |
| Win et al. | Privacy enabled digital rights management without trusted third party assumption | |
| CN102999710B (en) | A kind of safety shares the method for digital content, equipment and system | |
| Gao et al. | A privacy-preserving identity authentication scheme based on the blockchain | |
| JP2011012511A (en) | Electric lock control system | |
| Rana et al. | Secure and ubiquitous authenticated content distribution framework for IoT enabled DRM system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20100825 |