CN101833623A - Digital rights management method and system - Google Patents
Digital rights management method and system Download PDFInfo
- Publication number
- CN101833623A CN101833623A CN201010170074A CN201010170074A CN101833623A CN 101833623 A CN101833623 A CN 101833623A CN 201010170074 A CN201010170074 A CN 201010170074A CN 201010170074 A CN201010170074 A CN 201010170074A CN 101833623 A CN101833623 A CN 101833623A
- Authority
- CN
- China
- Prior art keywords
- server
- drm
- mandate
- publisher
- acting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the invention relates to a digital rights management (DRM) method and a DRM system. The method comprises the following steps that: a private key generating server distributes a private key of a DRM proxy server to the DRM proxy server; a content publishing server performs encryption package on original digital contents according to an encryption key generated locally, transmits packed data contents to the DRM proxy server and transmits the encryption key to an authorized publishing server; the authorized publishing server performs the encryption package on the encryption key according to a pubic key of the DRM proxy server and transmits the encryption key after the encryption package to the DRM proxy server; and the DRM proxy server extracts the encryption key after the encryption package according to the private key of the DRM proxy server and uses decrypted digital contents by using a default authority according to the encryption key. Because the public key of a user and the identity information of the user do not need to be bound by a pubic key certificate, the management of the DRM system to the public key is simplified by using the method and the system of the embodiment of the invention.
Description
Technical field
The embodiment of the invention relates to field of information security technology, especially a kind of digital copyright management method and system.
Background technology
Along with the development of mobile digital value-added service, by network download, transmit the part that picture, music and the video oneself liked have become people's daily life gradually.Because how the inherent characteristic of numerical information provides effective protection to digital publishing rights, prevent that digital content from being become the problem that must pay close attention to by random the propagation.Digital version version management (Digital Rights Management; be called for short: DRM) be a kind of digital content to be used and propagate the copyright protection regime of controlling; (the ContentProvider of content supplier; be called for short: (Personal Digital Assistant is called for short: PDA) wait the authority of using digital content on the equipment portable terminal, personal digital assistant CP) can to control the user by DRM.
Initial Open Mobile Alliance (Open Mobile Alliance, be called for short: OMA) by WAP (wireless application protocol) (Wireless Application Protocol, be called for short: WAP) two standardization bodies of forum and open mobile architecture set up by merging, development so far, the member company that OMA has developed has surpassed 350 families, has comprised main in the world mobile operator, equipment and Network Provider, information technology companies, application development merchant and content supplier.Member on the whole value chain cooperates jointly, to guarantee providing seamless mobile service for global terminal user.OMA began one's study and develops the DRM standard from calendar year 2001, and the multimedia digital service is developed corresponding D RM integrated chip by the standard that adopts OMA DRM, provides protected digit content is encrypted and analysis service.(for example: RSA (Rivest, Shamirh, Adleman) need be provided with certificate granting center (Certificate Authority based on the encryption of public-key cryptosystem and analysis service, be called for short: CA), CA is as the network mechanism that manages and sign and issue security credence and enciphered message safe key, behind the CA checking digital certificate that the applicant provided to applicant's grant a certificate, digital certificate is as the foundation of online identity proof, and the content of digital certificate comprises applicant's personal information, PKI and authentication valid period.
Public-key cryptosystem of the prior art need could be realized by means of the public key certificate that issue at the CA center, be applicable to the single system that customer group is less.Along with informationalized continuous development, the scale of customer group constantly enlarges, the CA center to the management of public key certificate, obtain and become complicated day by day, be difficult to satisfy the demand of the development of informationized society based on the conventional public-key cipher system of public key certificate to public-key cryptosystem.
Summary of the invention
The purpose of the embodiment of the invention is to provide a kind of digital copyright management method and system, need not simplify the management of PKI by the PKI of public key certificate bundled user and user's identity information.
The embodiment of the invention provides a kind of digital copyright management method, comprising:
It is the private key that digital copyright management DRM acting server is distributed described DRM acting server that private key generates server;
Content distribution server is encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content of encrypting after packing is sent to described DRM acting server, and described encryption key is sent to described mandate publisher server;
Described mandate publisher server carries out encryption and package according to the PKI of described DRM acting server with described encryption key, and the encryption key after the described encryption and package is sent to described DRM acting server;
Described DRM acting server extracts encryption key after the described encryption and package according to the private key of described DRM acting server, and uses digital content after the deciphering according to described encryption key with default access.
The embodiment of the invention provides a kind of system for numeral copyright management, comprising: private key generates server, content distribution server, mandate publisher server, digital copyright management DRM acting server;
It is the private key that described DRM acting server is distributed described DRM acting server when described DRM acting server adds the DRM system for the first time that described private key generates server;
Described content distribution server is encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content of encrypting after packing is sent to described DRM acting server, and described encryption key is sent to described mandate publisher server;
Described mandate publisher server carries out encryption and package according to the PKI of described DRM acting server with described encryption key, and the encryption key after the described encryption and package is sent to described DRM acting server;
Described DRM acting server extracts encryption key after the described encryption and package according to the private key of described DRM acting server, and uses digital content after the deciphering according to described encryption key with default access.
Digital copyright management method that the embodiment of the invention provides and system, generate the private key that server generates content distribution server by private key, and when content distribution server adds this DRM system for the first time content distribution server distribution private key, after the encryption key that content distribution server generates according to this locality is encrypted packing to original digital content, encryption key is sent to the mandate publisher server, authorize publisher server this encryption key to be carried out sending to the DRM acting server after the encryption and package according to the PKI of DRM acting server, encryption key after making the DRM acting server according to the private key extraction encryption and package of DRM acting server, thereby use digital content after the deciphering with default access according to this encryption key, owing to no longer need to have simplified of the management of DRM system to PKI by the PKI of public key certificate bundled user and user's identity information.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of an embodiment of digital copyright management method of the present invention;
Fig. 2 is the schematic flow sheet of another embodiment of digital copyright management method of the present invention;
Fig. 3 is the structural representation of an embodiment of system for numeral copyright management of the present invention;
Fig. 4 is the structural representation of another embodiment of system for numeral copyright management of the present invention;
Fig. 5 is the structural representation of embodiment of the invention institute applicable copyright rights management system architecture.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
Fig. 1 is the schematic flow sheet of an embodiment of digital copyright management method of the present invention, and as shown in Figure 1, the embodiment of the invention comprises the steps:
The digital copyright management method that the embodiment of the invention provides, generate the private key that server generates content distribution server by private key, and when content distribution server adds this DRM system for the first time content distribution server distribution private key, after the encryption key that content distribution server generates according to this locality is encrypted packing to original digital content, encryption key is sent to the mandate publisher server, authorize publisher server this encryption key to be carried out sending to the DRM acting server after the encryption and package according to the PKI of DRM acting server, encryption key after making the DRM acting server according to the private key extraction encryption and package of DRM acting server, thereby use digital content after the deciphering with default access according to this encryption key, owing to no longer need to have simplified of the management of DRM system to PKI by the PKI of public key certificate bundled user and user's identity information.
Fig. 2 is the schematic flow sheet of another embodiment of digital copyright management method of the present invention, and as shown in Figure 2, the embodiment of the invention comprises the steps:
Wherein, this systematic parameter comprises: elliptic curve E:y
2=x
3+ ax+b, the first finite group G
1With the second finite group G
2, Tate pairing function t, the first hash function H
1With the second hash function H
2Can determine to choose suitable systematic parameter by the security intensity of DRM system, when security intensity reaches 160 bits (bits), can adopt existing various elliptic curve to generate this systematic parameter, for example: generate elliptic curve E, on elliptic curve E, choose two different subgroups respectively as the first finite group G
1With the second finite group G
2, and at the first finite group G
1With the second finite group G
2A kind of data conversion of last definition is as Tate pairing function t, simultaneously according to the first finite group G
1With the second finite group G
2Define first hash function
With second hash function
Wherein, Z
q *Expression set 1,2 ..., q-1}, q represent the number of the point from the elliptic curve E; Private key generates server from the first finite group G
1In choose the element of a non-zero entry randomly as public-key cryptography (P, Q
TA) in P, from Z
q *Choose a random number as the private key s of system, private key generates server calculating P and the private key s of system is point multiplication operation acquisition public-key cryptographic keys (P, Q
TA) in Q
TA
Particularly, DRM acting server and mandate publisher server send to private key generation server with false proof PKI separately when adding the DRM system for the first time; Private key generates server generates the DRM acting server according to the false proof PKI of DRM acting server private key, generate the private key of authorizing publisher server according to the false proof PKI of authorizing publisher server, and the private key of DRM acting server sent to the DRM acting server, will authorize the private key of publisher server to send to the mandate publisher server.
Particularly, content distribution server this locality generates at random and holds encryption key CEK; Content distribution server is distributed to the DRM acting server after using encryption key CEK that original digital content is encrypted packing by the symmetric cryptography method, and encryption key CEK is offered the mandate publisher server; For example: when DRM acting server and mandate publisher server enter digital content management system first, DRM acting server picked at random
As the anti-counterfeiting private key of DRM acting server, authorize the publisher server picked at random
As the anti-counterfeiting private key of authorizing publisher server, DRM acting server Q
FDA=S
FDAP authorizes publisher server to calculate Q as the false proof PKI of DRM acting server
FRI=S
FRIP is as the false proof PKI of authorizing publisher server, and the DRM acting server is with the false proof PKI Q of DRM acting server
FDASend to private key and generate server, authorize publisher server will authorize the false proof PKI Q of publisher server
FRISend to private key and generate server.
Particularly, authorize publisher server to generate the right objects that includes encryption key according to the default access of original digital content, this right objects is ordered for the user; Authorize publisher server according to the PKI of DRM acting server to right objects (Right Object, be called for short: the encryption key RO) carries out encryption and package; Authorize publisher server to require to generate right objects (RO) according to the authority that the user orders this original data content, and with the PKI Q of DRM acting server
DAEncryption key CEK among the RO is carried out encryption and package; The DRM acting server obtains agreement by right objects, and (Rights ObjectAequisition Protocol is called for short: ROAP) register and authorize publisher server, and to authorizing publisher server acquisition request right objects.
Particularly, the DRM acting server is downloaded the digital content obtain after the encryption and package from content distribution server, because deciphering this digital content required encryption key CEK is included in the right objects (RO) that this user orders, and authorizes publisher server according to the identity information of DRM acting server and the false proof PKI Q of DRM acting server
FDADirectly calculate the PKI Q of DRM acting server in this locality
DA
Particularly, authorize publisher server to realize digital signature: to authorize integer of publisher server picked at random by following process
According to the PKI Q that authorizes publisher server
RIWith the Q in the public-key cryptography
TACalculate the tate pairing function f=t (Q of the two
RI, Q
TA)
r, further obtain signature to σ=(u, the v) v=H in according to pairing function f and right objects
2(RO, f), further according to signing to σ=(u, v) middle v's obtains signature to σ=(u, the v) u=rS in
RI-vS
FRIQ
RIThereby, obtain the signature to σ=(u, v), wherein, S
RIFor authorizing the private key of publisher server, S
FRIFor authorizing the anti-counterfeiting private key of publisher server, Q
RIFor authorizing the PKI of publisher server; Authorize publisher server to send right objects, authorize the false proof PKI Q of publisher server to the DRM acting server
FRIAnd the signature to σ=(u, v).
In above-mentioned steps 207 and the step 208, the DRM acting server receives from the right objects of authorizing publisher server, authorizes the false proof PKI Q of publisher server
FRIAnd signature is to σ=(u, v), the DRM acting server is according to the identity information of authorizing publisher server and authorize the false proof PKI Q of publisher server
FRIDirectly calculate the PKI Q that authorizes publisher server in this locality
RI
The DRM acting server adopts the private key S of DRM acting server
DAThe default access that deciphering is extracted content key CEK and used this content; The DRM acting server adopts the content key among the right objects RO that digital content is decrypted, and by the digital content after the corresponding default access use deciphering.
The digital copyright management method that the embodiment of the invention provides, generate the private key that server generates content distribution server by private key, and when content distribution server adds this DRM system for the first time content distribution server distribution private key, after the encryption key that content distribution server generates according to this locality is encrypted packing to original digital content, encryption key is sent to the mandate publisher server, authorize publisher server this encryption key to be carried out sending to the DRM acting server after the encryption and package according to the PKI of DRM acting server, encryption key after making the DRM acting server according to the private key extraction encryption and package of DRM acting server, thereby use digital content after the deciphering with default access according to this encryption key, owing to no longer need to have simplified of the management of DRM system to PKI by the PKI of public key certificate bundled user and user's identity information.
Further, on above-mentioned basis embodiment illustrated in fig. 2, if the mandate publisher server knows that private key generates the server forgery and authorizes the identity information of publisher server to sign, then authorize publisher server to generate the false proof public key acquisition arbitration result of signature with the mandate publisher server of server forgery according to private key; Particularly, when identity is the right objects of ID when finding to have false signer to forge its signature, identity is that the right objects of ID can provide effective evidences and the private key pointing out to forge generates server to arbitration equipment trusty (Judgment).
Arbitration process is as follows: authorize publisher server to send and will authorize the false proof PKI Q of publisher server
FRIGive arbitration equipment; The private key S that authorizes publisher server to utilize knowledge proof to make arbitration equipment (Judgment) be sure of to authorize publisher server to have to authorize publisher server
RI=sH
1(ID, Q
FRI); Arbitration equipment is chosen random number
Calculate random number α and public-key cryptography (P, Q
TA) in the product α P of P, and with product α P and send to the mandate publisher server; Authorize publisher server to calculate t (S
ID, α P) and send to arbitration equipment; Arbitration equipment calculates t (S
ID, α P) and t (Q
ID, Q
TA)
α, if t (S
ID, α P)=t (Q
ID, Q
TA)
αSet up, arbitration equipment assert that private key generates server and forged signature, if t (S
ID, α P)=t (Q
ID, Q
TA)
αBe false, arbitration equipment assert that private key generates server and do not forge a signature.By said process as can be known, arbitration equipment can effectively be taken precautions against based on the private key that exists in the identification cipher system and generate the server fraud problems.
Fig. 3 is the structural representation of an embodiment of system for numeral copyright management of the present invention, and as shown in Figure 3, present embodiment comprises: private key generates server 31, content distribution server 32, authorizes publisher server 33, DRM acting server 34;
Wherein, private key generates the private key that server 31 is DRM acting server 34 distribution DRM acting servers 34 when DRM acting server 34 adds the DRM system for the first time; Content distribution server 32 is encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content of encrypting after packing is sent to DRM acting server 34, encryption key is sent to authorize publisher server 33; Authorize publisher server 33 encryption key to be carried out encryption and package, and the encryption key after the described encryption and package is sent to DRM acting server 34 according to the PKI of DRM acting server 34; DRM acting server 34 extracts encryption key after the described encryption and package according to the private key of DRM acting server, and uses digital content after the deciphering according to described encryption key with default access.
The system for numeral copyright management that the embodiment of the invention provides, generate the private key that server 31 generates content distribution server by private key, and when content distribution server 32 adds this DRM system for the first time content distribution server 32 distribution private keys, after the encryption key that content distribution server 32 generates according to this locality is encrypted packing to original digital content, encryption key is sent to mandate publisher server 33, authorize publisher server 33 this encryption key to be carried out sending to DRM acting server 34 after the encryption and package according to the PKI of DRM acting server 34, encryption key after making DRM acting server 34 according to the private key extraction encryption and package of DRM acting server, thereby use digital content after the deciphering with default access according to this encryption key, owing to no longer need to have simplified of the management of DRM system to PKI by the PKI of public key certificate bundled user and user's identity information.
Fig. 4 is the structural representation of another embodiment of system for numeral copyright management of the present invention, and as shown in Figure 4, present embodiment comprises: private key generates server 41, content distribution server 42, authorizes publisher server 43, DRM acting server 44, arbitration equipment 45;
Private key generates the private key that server 41 is DRM acting server 44 distribution DRM acting servers when DRM acting server 44 adds the DRM system for the first time; Content distribution server 42 is encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content of encrypting after packing is sent to DRM acting server 44, encryption key is sent to authorize publisher server 43; Authorize publisher server 43 encryption key to be carried out encryption and package, and the encryption key after the described encryption and package is sent to DRM acting server 44 according to the PKI of DRM acting server 44; DRM acting server 44 extracts encryption key after the described encryption and package according to the private key of DRM acting server, and uses digital content after the deciphering according to described encryption key with default access;
It is the private key of authorizing publisher server 43 distribution authorization publisher servers when authorizing publisher server 43 to add the DRM system for the first time that private key generates server 41; Authorize publisher server 43 to calculate the PKI of DRM acting server 44 in this locality according to the identity information of DRM acting server 44; Authorize publisher server 43 to generate right objects, comprise encryption key in the described right objects according to the default access of described original digital content; Content distribution server 42 carries out encryption and package according to the PKI of DRM acting server 44 to the encryption key in the described right objects; DRM acting server 44 obtains agreement after authorizing publisher server 43 to register by right objects, to authorizing publisher server 43 to send the request that is used to obtain right objects; Authorize the described request that is used to obtain described right objects of 43 pairs of publisher servers to carry out digital signature; After described digital signature is passed through, authorize publisher server 43 right to false proof PKI, signature that DRM acting server 44 sends described right objects, described mandate publisher server; DRM acting server 44 is according to the identity information of authorizing publisher server 43 and authorize the false proof PKI of publisher server 43 to calculate the PKI of authorizing publisher server 43 in this locality; Authorize the identity information of publisher server 43 to sign if mandate publisher server 43 is known to forge, then authorize publisher server 43 according to the false proof public key acquisition arbitration result of the signature of forging with mandate publisher server 43.
When identity is the right objects of ID when finding to have false signer to forge its signature, identity is that the right objects of ID can provide effective evidences and the private key pointing out to forge generates server to arbitration equipment 45 trusty (Judgment).
Arbitration process is as follows: authorize publisher server 43 will authorize the false proof PKI Q of publisher server 43
FRISend to arbitration equipment 45; Authorize publisher server 43 to utilize knowledge proof to make arbitration equipment 45 (Judgment) be sure of to authorize publisher server 43 to have the private key S that authorizes publisher server 43
RI=sH
1(ID, Q
FRI), wherein, s is system's private key; Arbitration equipment is chosen random number
Z
q *Expression set 1,2 ..., q-1}, q represent the number of the point from the elliptic curve E, calculate random number α and public-key cryptography (P, Q
TA) in the product α P of P, and with product α P and send to the mandate publisher server; Authorize publisher server 43 to calculate t (S
ID, α P) and send to arbitration equipment 45; Arbitration equipment 45 calculates t (S
ID, α P) and t (Q
ID, Q
TA)
α, if t (S
ID, α P)=t (Q
ID, Q
TA) the α establishment, arbitration equipment 45 assert that private keys generate servers 41 and forged signature, if t (S
ID, α P)=t (Q
ID, Q
TA)
αBe false, arbitration equipment 45 assert that private key generates server 41 and do not forge a signature.By said process as can be known, arbitration equipment 45 can effectively be taken precautions against based on the private key that exists in the identification cipher system and generate the server fraud problems.
The system for numeral copyright management that the embodiment of the invention provides, generate the private key that server 41 generates content distribution server by private key, and when content distribution server 42 adds this DRM system for the first time content distribution server 42 distribution private keys, after the encryption key that content distribution server 42 generates according to this locality is encrypted packing to original digital content, encryption key is sent to mandate publisher server 43, authorize publisher server 43 this encryption key to be carried out sending to DRM acting server 44 after the encryption and package according to the PKI of DRM acting server 44, encryption key after making DRM acting server 44 according to the private key extraction encryption and package of DRM acting server, thereby use digital content after the deciphering with default access according to this encryption key, owing to no longer need to have simplified of the management of DRM system to PKI by the PKI of public key certificate bundled user and user's identity information.
Fig. 5 is the structural representation of embodiment of the invention institute applicable copyright rights management system architecture, as shown in Figure 5, DRM acting server 51 (DRM Agent, be called for short: DA), content distribution server 52 (Content Issuer, be called for short: CI), authorize publisher server 53 (Right Issuer, be called for short: RI), private key generates server 54 (Private Key Generation is called for short: PKG), arbitration equipment 55 (Judgment).
Wherein, DRM acting server 51 is a believable functional entity of being responsible for carrying out the drm agent function in the system architecture, compulsory execution attaches the access rights control function on the DRM content, realization is to the controlled visit of DRM content, in DRM acting server 51, include computing module (CAL), be used for calculating the PKI of authorizing publisher server 53 according to the identity information of authorizing publisher server 53 to obtain; Use the user (User) of DRM content only can visit the DRM contents by DRM acting server 51.
Authorize publisher server 53 for being responsible for being provided with the logical functional entity of DRM content rights, for the DRM content is specified permission and constraint, and (Right Object is called for short: RO) to generate authorization object.RO is one and is used for representing the usage license of DRM content and the XML document of constraint, is to meet OMA REL standard XML document; Right objects is being controlled how the DRM content is used that the DRM content can't break away from authorization object and is being used separately, can only use according to the mode of authorization object appointment.Authorize publisher server 53 to comprise a computing module (CAL), the identity information that is used for getting access to by DRM acting server 51 calculates the PKI of DA.
It is safe foundation of total system that private key generates server 54, main each the open parameter of selecting system and the private key of system be responsible for, for each user in the system generates private key and distribute private key when the user adds system for the first time, and private key generation server 54 no longer participates in encrypting and signature process in public key encryption afterwards and the signature process.
The invention described above embodiment, owing in the process of digital copyright protecting, only need DRM acting server 51, content distribution server 52 and authorize publisher server 53 to participate in, in the process of copyright protection, do not need to visit once more private key and generate server 54, therefore simplified of the management of DRM system PKI; In the process of certifying signature, need not be by the PKI of public key certificate bundled user and user's identity information, do not need access certificate server CA, the management and the distribution of PKI have been simplified, avoided setting up the public keys database of certificate server CA, the safety problem that has reduced financial cost greatly and caused therefrom.
The those skilled in the art can be well understood to, and is the convenience described and succinct, and the concrete course of work of the system of foregoing description, equipment, module and unit can not repeat them here with reference to the corresponding process among the preceding method embodiment.
One of ordinary skill in the art will appreciate that: all or part of step that realizes the foregoing description can be finished by the relevant hardware of programmed instruction, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (10)
1. a digital copyright management method is characterized in that, comprising:
It is the private key that digital copyright management DRM acting server is distributed described DRM acting server that private key generates server;
Content distribution server is encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content of encrypting after packing is sent to described DRM acting server, and described encryption key is sent to described mandate publisher server;
Described mandate publisher server carries out encryption and package according to the PKI of described DRM acting server with described encryption key, and the encryption key after the described encryption and package is sent to described DRM acting server;
Described DRM acting server extracts encryption key after the described encryption and package according to the private key of described DRM acting server, and uses digital content after the deciphering according to described encryption key with default access.
2. method according to claim 1 is characterized in that, it is that the private key that digital copyright management DRM acting server is distributed described DRM acting server comprises that described private key generates server:
The DRM acting server sends to private key generation server with the false proof PKI of described DRM acting server when adding the DRM system for the first time;
Described private key generates server and generates the private key of described DRM acting server according to the false proof PKI of described DRM acting server, and the private key of described DRM acting server is sent to described DRM acting server.
3. method according to claim 1 is characterized in that, described mandate publisher server carries out encryption and package according to the PKI of described DRM acting server with described encryption key and comprises:
Described mandate publisher server generates right objects according to the default access of described original digital content, comprises encryption key in the described right objects;
Described mandate publisher server carries out encryption and package according to the PKI of described DRM acting server to the encryption key in the described right objects.
4. method according to claim 3 is characterized in that, also comprises:
Described DRM acting server obtains agreement after described mandate publisher server is registered by right objects, sends the request that is used to obtain described right objects to described mandate publisher server;
Described mandate publisher server carries out digital signature to the described request that is used to obtain described right objects;
After described digital signature was passed through, described mandate publisher server was right to false proof PKI, signature that described DRM acting server sends described right objects, described mandate publisher server;
Described DRM acting server calculates the PKI of described mandate publisher server in this locality according to the false proof PKI of the identity information of described mandate publisher server and described mandate publisher server.
5. according to the arbitrary described method of claim 1~4, it is characterized in that, also comprise:
Sign if described mandate publisher server is known the identity information that described private key generation server is forged described mandate publisher server, then described mandate publisher server is according to the signature of forging and the false proof public key acquisition arbitration result of described mandate publisher server.
6. a system for numeral copyright management is characterized in that, comprising: private key generates server, content distribution server, mandate publisher server, digital copyright management DRM acting server;
It is the private key that described DRM acting server is distributed described DRM acting server when described DRM acting server adds the DRM system for the first time that described private key generates server;
Described content distribution server is encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content of encrypting after packing is sent to described DRM acting server, and described encryption key is sent to described mandate publisher server;
Described mandate publisher server carries out encryption and package according to the PKI of described DRM acting server with described encryption key, and the encryption key after the described encryption and package is sent to described DRM acting server;
Described DRM acting server extracts encryption key after the described encryption and package according to the private key of described DRM acting server, and uses digital content after the deciphering according to described encryption key with default access.
7. system according to claim 6 is characterized in that, also comprises:
It is the private key that described mandate publisher server is distributed described mandate publisher server when authorizing publisher server to add the DRM system for the first time that described private key generates server;
Described mandate publisher server calculates the PKI of described DRM acting server in this locality according to the identity information of described DRM acting server.
8. system according to claim 7 is characterized in that, also comprises:
Described mandate publisher server generates right objects according to the default access of described original digital content, comprises encryption key in the described right objects;
Described mandate publisher server carries out encryption and package according to the PKI of described DRM acting server to the encryption key in the described right objects.
9. system according to claim 8 is characterized in that, also comprises:
Described DRM acting server obtains agreement after described mandate publisher server is registered by right objects, sends the request that is used to obtain described right objects to described mandate publisher server;
Described mandate publisher server carries out digital signature to the described request that is used to obtain described right objects;
After described digital signature was passed through, described mandate publisher server was right to false proof PKI, signature that described DRM acting server sends described right objects, described mandate publisher server;
Described DRM acting server calculates the PKI of described mandate publisher server in this locality according to the false proof PKI of the identity information of described mandate publisher server and described mandate publisher server.
10. according to the arbitrary described system of claim 6~9, it is characterized in that, also comprise:
Sign if described mandate publisher server is known the identity information of forging described mandate publisher server, then described mandate publisher server is according to the signature of forging and the false proof public key acquisition arbitration result of described mandate publisher server.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010101700741A CN101833623B (en) | 2010-05-07 | 2010-05-07 | Digital rights management method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010101700741A CN101833623B (en) | 2010-05-07 | 2010-05-07 | Digital rights management method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101833623A true CN101833623A (en) | 2010-09-15 |
CN101833623B CN101833623B (en) | 2013-02-13 |
Family
ID=42717690
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2010101700741A Active CN101833623B (en) | 2010-05-07 | 2010-05-07 | Digital rights management method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101833623B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012119389A1 (en) * | 2011-08-12 | 2012-09-13 | 华为技术有限公司 | Data sharing system, data distribution system and data protection method |
WO2014026462A1 (en) * | 2012-08-16 | 2014-02-20 | 福州福昕软件开发有限公司北京分公司 | Digital rights management method |
CN103649962A (en) * | 2011-05-02 | 2014-03-19 | 英赛瑟库尔公司 | System and method for protecting digital contents with digital rights management (DRM) |
CN107688729A (en) * | 2017-07-27 | 2018-02-13 | 大唐高鸿信安(浙江)信息科技有限公司 | Protection system of application program and method based on trusted host |
CN109284615A (en) * | 2018-08-10 | 2019-01-29 | 广东电网有限责任公司信息中心 | Mobile device digital resource method for managing security |
CN109460636A (en) * | 2018-10-22 | 2019-03-12 | 高斯贝尔数码科技股份有限公司 | A kind of digital copyright management method and system and reverse proxy device |
CN110752929A (en) * | 2019-09-29 | 2020-02-04 | 华为终端有限公司 | Application program processing method and related product |
WO2020156400A1 (en) * | 2019-01-30 | 2020-08-06 | 京东方科技集团股份有限公司 | Digital artwork display device, management method, and electronic device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1851604A (en) * | 2005-07-20 | 2006-10-25 | 华为技术有限公司 | Digital copyright protection system and method |
CN101055608A (en) * | 2006-04-14 | 2007-10-17 | 陆明 | Digital copyright management and protection method |
CN101158998A (en) * | 2007-11-16 | 2008-04-09 | 北京握奇数据系统有限公司 | Management method and device of DRM licenses |
-
2010
- 2010-05-07 CN CN2010101700741A patent/CN101833623B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1851604A (en) * | 2005-07-20 | 2006-10-25 | 华为技术有限公司 | Digital copyright protection system and method |
CN101055608A (en) * | 2006-04-14 | 2007-10-17 | 陆明 | Digital copyright management and protection method |
CN101158998A (en) * | 2007-11-16 | 2008-04-09 | 北京握奇数据系统有限公司 | Management method and device of DRM licenses |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103649962A (en) * | 2011-05-02 | 2014-03-19 | 英赛瑟库尔公司 | System and method for protecting digital contents with digital rights management (DRM) |
CN103649962B (en) * | 2011-05-02 | 2017-02-15 | 英赛瑟库尔公司 | System and method for protecting digital contents with digital rights management (DRM) |
WO2012119389A1 (en) * | 2011-08-12 | 2012-09-13 | 华为技术有限公司 | Data sharing system, data distribution system and data protection method |
US8539606B2 (en) | 2011-08-12 | 2013-09-17 | Huawei Technologies Co., Ltd. | Data protection method and data protection system |
WO2014026462A1 (en) * | 2012-08-16 | 2014-02-20 | 福州福昕软件开发有限公司北京分公司 | Digital rights management method |
US9202023B2 (en) | 2012-08-16 | 2015-12-01 | Fujian Foxit Software Development Joint Stock Co., Ltd. | Digital rights management method |
CN107688729A (en) * | 2017-07-27 | 2018-02-13 | 大唐高鸿信安(浙江)信息科技有限公司 | Protection system of application program and method based on trusted host |
CN109284615A (en) * | 2018-08-10 | 2019-01-29 | 广东电网有限责任公司信息中心 | Mobile device digital resource method for managing security |
CN109284615B (en) * | 2018-08-10 | 2022-01-25 | 广东电网有限责任公司信息中心 | Mobile equipment digital resource safety management method |
CN109460636A (en) * | 2018-10-22 | 2019-03-12 | 高斯贝尔数码科技股份有限公司 | A kind of digital copyright management method and system and reverse proxy device |
CN109460636B (en) * | 2018-10-22 | 2020-12-11 | 高斯贝尔数码科技股份有限公司 | Digital copyright management method and system and reverse proxy device |
WO2020156400A1 (en) * | 2019-01-30 | 2020-08-06 | 京东方科技集团股份有限公司 | Digital artwork display device, management method, and electronic device |
US11861021B2 (en) | 2019-01-30 | 2024-01-02 | Boe Technology Group Co., Ltd. | Digital artwork display device, management method, and electronic device |
CN110752929A (en) * | 2019-09-29 | 2020-02-04 | 华为终端有限公司 | Application program processing method and related product |
CN110752929B (en) * | 2019-09-29 | 2022-04-22 | 华为终端有限公司 | Application program processing method and related product |
Also Published As
Publication number | Publication date |
---|---|
CN101833623B (en) | 2013-02-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101833623A (en) | Digital rights management method and system | |
JP2022003536A (en) | Method implemented by block chain for digital content control and distribution | |
JP2020145733A (en) | Method for managing a trusted identity | |
CN102129532B (en) | Method and system for digital copyright protection | |
CN107146120B (en) | Electronic invoice generation method and generation device | |
EP3761203A1 (en) | Information processing method, blockchain node, and electronic apparatus | |
CN101546407B (en) | Electronic commerce system and management method thereof based on digital certificate | |
CN102224506B (en) | Method and device for managing digital content | |
US20020049906A1 (en) | Digital signature system, digital signature method, digital signature mediation method, digital signature mediation system, information terminal and storage medium | |
CN111027028A (en) | Copyright data processing method and device based on intelligent contract | |
CN102073826A (en) | System and method for digital copyright management using lightweight digital watermark adding component | |
CN102025507B (en) | Digital copyright management method for protecting digital content consumer privacy | |
CN105453483A (en) | Image based key derivation function | |
CN101107611A (en) | Private and controlled ownership sharing | |
CN101470782A (en) | Revocation status checking for digital rights managment | |
US20130124849A1 (en) | System And Method For Individualizing Content For A Consumer | |
CN107306254A (en) | Digital literary property protection method and system based on double layer encryption | |
Chen | A secure and traceable E-DRM system based on mobile device | |
CN116453644A (en) | Medicine traceability supervision method and system based on blockchain | |
CN111079190A (en) | Block chain supply chain transaction hiding dynamic supervision system and method | |
CN104363268A (en) | Payment incentive mechanism based safety deduplication system | |
KR100468031B1 (en) | Publication and settlement of account for an electronic check | |
CN102609842B (en) | A kind of payment cipher device based on hardware signature equipment and application process thereof | |
WO2015079004A1 (en) | Method and apparatus for supporting verification of a contract | |
Kuechler et al. | Digital signatures: A business view |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CP01 | Change in the name or title of a patent holder | ||
CP01 | Change in the name or title of a patent holder |
Address after: 518129 Building 2, B District, Bantian HUAWEI base, Longgang District, Shenzhen, Guangdong. Co-patentee after: Huazhong University of Science and Technology Patentee after: Huawei Terminal (Shenzhen) Co., Ltd. Address before: 518129 Building 2, B District, Bantian HUAWEI base, Longgang District, Shenzhen, Guangdong. Co-patentee before: Huazhong University of Science and Technology Patentee before: Huawei Device Co., Ltd. |