CN101833623A - Digital rights management method and system - Google Patents

Digital rights management method and system Download PDF

Info

Publication number
CN101833623A
CN101833623A CN201010170074A CN201010170074A CN101833623A CN 101833623 A CN101833623 A CN 101833623A CN 201010170074 A CN201010170074 A CN 201010170074A CN 201010170074 A CN201010170074 A CN 201010170074A CN 101833623 A CN101833623 A CN 101833623A
Authority
CN
China
Prior art keywords
server
drm
mandate
publisher
acting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201010170074A
Other languages
Chinese (zh)
Other versions
CN101833623B (en
Inventor
胡汉平
王茂才
罗耀平
陈国乔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Device Shenzhen Co Ltd
Huazhong University of Science and Technology
Original Assignee
Huawei Device Co Ltd
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Device Co Ltd, Huazhong University of Science and Technology filed Critical Huawei Device Co Ltd
Priority to CN2010101700741A priority Critical patent/CN101833623B/en
Publication of CN101833623A publication Critical patent/CN101833623A/en
Application granted granted Critical
Publication of CN101833623B publication Critical patent/CN101833623B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the invention relates to a digital rights management (DRM) method and a DRM system. The method comprises the following steps that: a private key generating server distributes a private key of a DRM proxy server to the DRM proxy server; a content publishing server performs encryption package on original digital contents according to an encryption key generated locally, transmits packed data contents to the DRM proxy server and transmits the encryption key to an authorized publishing server; the authorized publishing server performs the encryption package on the encryption key according to a pubic key of the DRM proxy server and transmits the encryption key after the encryption package to the DRM proxy server; and the DRM proxy server extracts the encryption key after the encryption package according to the private key of the DRM proxy server and uses decrypted digital contents by using a default authority according to the encryption key. Because the public key of a user and the identity information of the user do not need to be bound by a pubic key certificate, the management of the DRM system to the public key is simplified by using the method and the system of the embodiment of the invention.

Description

Digital copyright management method and system
Technical field
The embodiment of the invention relates to field of information security technology, especially a kind of digital copyright management method and system.
Background technology
Along with the development of mobile digital value-added service, by network download, transmit the part that picture, music and the video oneself liked have become people's daily life gradually.Because how the inherent characteristic of numerical information provides effective protection to digital publishing rights, prevent that digital content from being become the problem that must pay close attention to by random the propagation.Digital version version management (Digital Rights Management; be called for short: DRM) be a kind of digital content to be used and propagate the copyright protection regime of controlling; (the ContentProvider of content supplier; be called for short: (Personal Digital Assistant is called for short: PDA) wait the authority of using digital content on the equipment portable terminal, personal digital assistant CP) can to control the user by DRM.
Initial Open Mobile Alliance (Open Mobile Alliance, be called for short: OMA) by WAP (wireless application protocol) (Wireless Application Protocol, be called for short: WAP) two standardization bodies of forum and open mobile architecture set up by merging, development so far, the member company that OMA has developed has surpassed 350 families, has comprised main in the world mobile operator, equipment and Network Provider, information technology companies, application development merchant and content supplier.Member on the whole value chain cooperates jointly, to guarantee providing seamless mobile service for global terminal user.OMA began one's study and develops the DRM standard from calendar year 2001, and the multimedia digital service is developed corresponding D RM integrated chip by the standard that adopts OMA DRM, provides protected digit content is encrypted and analysis service.(for example: RSA (Rivest, Shamirh, Adleman) need be provided with certificate granting center (Certificate Authority based on the encryption of public-key cryptosystem and analysis service, be called for short: CA), CA is as the network mechanism that manages and sign and issue security credence and enciphered message safe key, behind the CA checking digital certificate that the applicant provided to applicant's grant a certificate, digital certificate is as the foundation of online identity proof, and the content of digital certificate comprises applicant's personal information, PKI and authentication valid period.
Public-key cryptosystem of the prior art need could be realized by means of the public key certificate that issue at the CA center, be applicable to the single system that customer group is less.Along with informationalized continuous development, the scale of customer group constantly enlarges, the CA center to the management of public key certificate, obtain and become complicated day by day, be difficult to satisfy the demand of the development of informationized society based on the conventional public-key cipher system of public key certificate to public-key cryptosystem.
Summary of the invention
The purpose of the embodiment of the invention is to provide a kind of digital copyright management method and system, need not simplify the management of PKI by the PKI of public key certificate bundled user and user's identity information.
The embodiment of the invention provides a kind of digital copyright management method, comprising:
It is the private key that digital copyright management DRM acting server is distributed described DRM acting server that private key generates server;
Content distribution server is encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content of encrypting after packing is sent to described DRM acting server, and described encryption key is sent to described mandate publisher server;
Described mandate publisher server carries out encryption and package according to the PKI of described DRM acting server with described encryption key, and the encryption key after the described encryption and package is sent to described DRM acting server;
Described DRM acting server extracts encryption key after the described encryption and package according to the private key of described DRM acting server, and uses digital content after the deciphering according to described encryption key with default access.
The embodiment of the invention provides a kind of system for numeral copyright management, comprising: private key generates server, content distribution server, mandate publisher server, digital copyright management DRM acting server;
It is the private key that described DRM acting server is distributed described DRM acting server when described DRM acting server adds the DRM system for the first time that described private key generates server;
Described content distribution server is encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content of encrypting after packing is sent to described DRM acting server, and described encryption key is sent to described mandate publisher server;
Described mandate publisher server carries out encryption and package according to the PKI of described DRM acting server with described encryption key, and the encryption key after the described encryption and package is sent to described DRM acting server;
Described DRM acting server extracts encryption key after the described encryption and package according to the private key of described DRM acting server, and uses digital content after the deciphering according to described encryption key with default access.
Digital copyright management method that the embodiment of the invention provides and system, generate the private key that server generates content distribution server by private key, and when content distribution server adds this DRM system for the first time content distribution server distribution private key, after the encryption key that content distribution server generates according to this locality is encrypted packing to original digital content, encryption key is sent to the mandate publisher server, authorize publisher server this encryption key to be carried out sending to the DRM acting server after the encryption and package according to the PKI of DRM acting server, encryption key after making the DRM acting server according to the private key extraction encryption and package of DRM acting server, thereby use digital content after the deciphering with default access according to this encryption key, owing to no longer need to have simplified of the management of DRM system to PKI by the PKI of public key certificate bundled user and user's identity information.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of an embodiment of digital copyright management method of the present invention;
Fig. 2 is the schematic flow sheet of another embodiment of digital copyright management method of the present invention;
Fig. 3 is the structural representation of an embodiment of system for numeral copyright management of the present invention;
Fig. 4 is the structural representation of another embodiment of system for numeral copyright management of the present invention;
Fig. 5 is the structural representation of embodiment of the invention institute applicable copyright rights management system architecture.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
Fig. 1 is the schematic flow sheet of an embodiment of digital copyright management method of the present invention, and as shown in Figure 1, the embodiment of the invention comprises the steps:
Step 101, private key generate server private key for DRM acting server distribution DRM acting server when the DRM acting server adds the DRM system for the first time;
Step 102, content distribution server are encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content that will encrypt after packing sends to the DRM acting server, and encryption key is sent to the mandate publisher server;
Step 103, mandate publisher server carry out encryption and package according to the PKI of DRM acting server with encryption key, and the encryption key after the encryption and package are sent to the DRM acting server;
Step 104, DRM acting server are extracted encryption key after the encryption and package according to the private key of DRM acting server, and use digital content after the deciphering according to encryption key with default access.
The digital copyright management method that the embodiment of the invention provides, generate the private key that server generates content distribution server by private key, and when content distribution server adds this DRM system for the first time content distribution server distribution private key, after the encryption key that content distribution server generates according to this locality is encrypted packing to original digital content, encryption key is sent to the mandate publisher server, authorize publisher server this encryption key to be carried out sending to the DRM acting server after the encryption and package according to the PKI of DRM acting server, encryption key after making the DRM acting server according to the private key extraction encryption and package of DRM acting server, thereby use digital content after the deciphering with default access according to this encryption key, owing to no longer need to have simplified of the management of DRM system to PKI by the PKI of public key certificate bundled user and user's identity information.
Fig. 2 is the schematic flow sheet of another embodiment of digital copyright management method of the present invention, and as shown in Figure 2, the embodiment of the invention comprises the steps:
Step 201, private key generate server obtains system's private key and system according to systematic parameter public-key cryptography;
Wherein, this systematic parameter comprises: elliptic curve E:y 2=x 3+ ax+b, the first finite group G 1With the second finite group G 2, Tate pairing function t, the first hash function H 1With the second hash function H 2Can determine to choose suitable systematic parameter by the security intensity of DRM system, when security intensity reaches 160 bits (bits), can adopt existing various elliptic curve to generate this systematic parameter, for example: generate elliptic curve E, on elliptic curve E, choose two different subgroups respectively as the first finite group G 1With the second finite group G 2, and at the first finite group G 1With the second finite group G 2A kind of data conversion of last definition is as Tate pairing function t, simultaneously according to the first finite group G 1With the second finite group G 2Define first hash function
Figure GSA00000098057100051
With second hash function
Figure GSA00000098057100052
Wherein, Z q *Expression set 1,2 ..., q-1}, q represent the number of the point from the elliptic curve E; Private key generates server from the first finite group G 1In choose the element of a non-zero entry randomly as public-key cryptography (P, Q TA) in P, from Z q *Choose a random number as the private key s of system, private key generates server calculating P and the private key s of system is point multiplication operation acquisition public-key cryptographic keys (P, Q TA) in Q TA
Step 202, private key generate server at the DRM acting server be the DRM acting server when authorizing publisher server to add the DRM system for the first time and authorize publisher server distribution private key separately;
Particularly, DRM acting server and mandate publisher server send to private key generation server with false proof PKI separately when adding the DRM system for the first time; Private key generates server generates the DRM acting server according to the false proof PKI of DRM acting server private key, generate the private key of authorizing publisher server according to the false proof PKI of authorizing publisher server, and the private key of DRM acting server sent to the DRM acting server, will authorize the private key of publisher server to send to the mandate publisher server.
Step 203, content distribution server are encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content that will encrypt after packing sends to the DRM acting server, and encryption key is sent to the mandate publisher server;
Particularly, content distribution server this locality generates at random and holds encryption key CEK; Content distribution server is distributed to the DRM acting server after using encryption key CEK that original digital content is encrypted packing by the symmetric cryptography method, and encryption key CEK is offered the mandate publisher server; For example: when DRM acting server and mandate publisher server enter digital content management system first, DRM acting server picked at random
Figure GSA00000098057100061
As the anti-counterfeiting private key of DRM acting server, authorize the publisher server picked at random
Figure GSA00000098057100062
As the anti-counterfeiting private key of authorizing publisher server, DRM acting server Q FDA=S FDAP authorizes publisher server to calculate Q as the false proof PKI of DRM acting server FRI=S FRIP is as the false proof PKI of authorizing publisher server, and the DRM acting server is with the false proof PKI Q of DRM acting server FDASend to private key and generate server, authorize publisher server will authorize the false proof PKI Q of publisher server FRISend to private key and generate server.
Step 204, mandate publisher server carry out encryption and package according to the PKI of DRM acting server with encryption key, and the encryption key after the encryption and package are sent to the DRM acting server;
Particularly, authorize publisher server to generate the right objects that includes encryption key according to the default access of original digital content, this right objects is ordered for the user; Authorize publisher server according to the PKI of DRM acting server to right objects (Right Object, be called for short: the encryption key RO) carries out encryption and package; Authorize publisher server to require to generate right objects (RO) according to the authority that the user orders this original data content, and with the PKI Q of DRM acting server DAEncryption key CEK among the RO is carried out encryption and package; The DRM acting server obtains agreement by right objects, and (Rights ObjectAequisition Protocol is called for short: ROAP) register and authorize publisher server, and to authorizing publisher server acquisition request right objects.
Step 205, DRM acting server obtain agreement after authorizing publisher server to register by right objects, to authorizing publisher server to send the request that is used to obtain described right objects;
Particularly, the DRM acting server is downloaded the digital content obtain after the encryption and package from content distribution server, because deciphering this digital content required encryption key CEK is included in the right objects (RO) that this user orders, and authorizes publisher server according to the identity information of DRM acting server and the false proof PKI Q of DRM acting server FDADirectly calculate the PKI Q of DRM acting server in this locality DA
Step 206, authorize publisher server that digital signature is carried out in the request that is used to obtain right objects;
Particularly, authorize publisher server to realize digital signature: to authorize integer of publisher server picked at random by following process According to the PKI Q that authorizes publisher server RIWith the Q in the public-key cryptography TACalculate the tate pairing function f=t (Q of the two RI, Q TA) r, further obtain signature to σ=(u, the v) v=H in according to pairing function f and right objects 2(RO, f), further according to signing to σ=(u, v) middle v's obtains signature to σ=(u, the v) u=rS in RI-vS FRIQ RIThereby, obtain the signature to σ=(u, v), wherein, S RIFor authorizing the private key of publisher server, S FRIFor authorizing the anti-counterfeiting private key of publisher server, Q RIFor authorizing the PKI of publisher server; Authorize publisher server to send right objects, authorize the false proof PKI Q of publisher server to the DRM acting server FRIAnd the signature to σ=(u, v).
Step 207, after digital signature is passed through, authorize publisher server to the DRM acting server send right objects, authorize the false proof PKI of publisher server, signature is right;
Step 208, DRM acting server calculate the PKI of authorizing publisher server according to the false proof PKI of identity information of authorizing publisher server and mandate publisher server in this locality;
In above-mentioned steps 207 and the step 208, the DRM acting server receives from the right objects of authorizing publisher server, authorizes the false proof PKI Q of publisher server FRIAnd signature is to σ=(u, v), the DRM acting server is according to the identity information of authorizing publisher server and authorize the false proof PKI Q of publisher server FRIDirectly calculate the PKI Q that authorizes publisher server in this locality RI
Step 209, DRM acting server are extracted encryption key after the encryption and package according to the private key of DRM acting server, and use digital content after the deciphering according to encryption key with default access;
The DRM acting server adopts the private key S of DRM acting server DAThe default access that deciphering is extracted content key CEK and used this content; The DRM acting server adopts the content key among the right objects RO that digital content is decrypted, and by the digital content after the corresponding default access use deciphering.
The digital copyright management method that the embodiment of the invention provides, generate the private key that server generates content distribution server by private key, and when content distribution server adds this DRM system for the first time content distribution server distribution private key, after the encryption key that content distribution server generates according to this locality is encrypted packing to original digital content, encryption key is sent to the mandate publisher server, authorize publisher server this encryption key to be carried out sending to the DRM acting server after the encryption and package according to the PKI of DRM acting server, encryption key after making the DRM acting server according to the private key extraction encryption and package of DRM acting server, thereby use digital content after the deciphering with default access according to this encryption key, owing to no longer need to have simplified of the management of DRM system to PKI by the PKI of public key certificate bundled user and user's identity information.
Further, on above-mentioned basis embodiment illustrated in fig. 2, if the mandate publisher server knows that private key generates the server forgery and authorizes the identity information of publisher server to sign, then authorize publisher server to generate the false proof public key acquisition arbitration result of signature with the mandate publisher server of server forgery according to private key; Particularly, when identity is the right objects of ID when finding to have false signer to forge its signature, identity is that the right objects of ID can provide effective evidences and the private key pointing out to forge generates server to arbitration equipment trusty (Judgment).
Arbitration process is as follows: authorize publisher server to send and will authorize the false proof PKI Q of publisher server FRIGive arbitration equipment; The private key S that authorizes publisher server to utilize knowledge proof to make arbitration equipment (Judgment) be sure of to authorize publisher server to have to authorize publisher server RI=sH 1(ID, Q FRI); Arbitration equipment is chosen random number
Figure GSA00000098057100081
Calculate random number α and public-key cryptography (P, Q TA) in the product α P of P, and with product α P and send to the mandate publisher server; Authorize publisher server to calculate t (S ID, α P) and send to arbitration equipment; Arbitration equipment calculates t (S ID, α P) and t (Q ID, Q TA) α, if t (S ID, α P)=t (Q ID, Q TA) αSet up, arbitration equipment assert that private key generates server and forged signature, if t (S ID, α P)=t (Q ID, Q TA) αBe false, arbitration equipment assert that private key generates server and do not forge a signature.By said process as can be known, arbitration equipment can effectively be taken precautions against based on the private key that exists in the identification cipher system and generate the server fraud problems.
Fig. 3 is the structural representation of an embodiment of system for numeral copyright management of the present invention, and as shown in Figure 3, present embodiment comprises: private key generates server 31, content distribution server 32, authorizes publisher server 33, DRM acting server 34;
Wherein, private key generates the private key that server 31 is DRM acting server 34 distribution DRM acting servers 34 when DRM acting server 34 adds the DRM system for the first time; Content distribution server 32 is encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content of encrypting after packing is sent to DRM acting server 34, encryption key is sent to authorize publisher server 33; Authorize publisher server 33 encryption key to be carried out encryption and package, and the encryption key after the described encryption and package is sent to DRM acting server 34 according to the PKI of DRM acting server 34; DRM acting server 34 extracts encryption key after the described encryption and package according to the private key of DRM acting server, and uses digital content after the deciphering according to described encryption key with default access.
The system for numeral copyright management that the embodiment of the invention provides, generate the private key that server 31 generates content distribution server by private key, and when content distribution server 32 adds this DRM system for the first time content distribution server 32 distribution private keys, after the encryption key that content distribution server 32 generates according to this locality is encrypted packing to original digital content, encryption key is sent to mandate publisher server 33, authorize publisher server 33 this encryption key to be carried out sending to DRM acting server 34 after the encryption and package according to the PKI of DRM acting server 34, encryption key after making DRM acting server 34 according to the private key extraction encryption and package of DRM acting server, thereby use digital content after the deciphering with default access according to this encryption key, owing to no longer need to have simplified of the management of DRM system to PKI by the PKI of public key certificate bundled user and user's identity information.
Fig. 4 is the structural representation of another embodiment of system for numeral copyright management of the present invention, and as shown in Figure 4, present embodiment comprises: private key generates server 41, content distribution server 42, authorizes publisher server 43, DRM acting server 44, arbitration equipment 45;
Private key generates the private key that server 41 is DRM acting server 44 distribution DRM acting servers when DRM acting server 44 adds the DRM system for the first time; Content distribution server 42 is encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content of encrypting after packing is sent to DRM acting server 44, encryption key is sent to authorize publisher server 43; Authorize publisher server 43 encryption key to be carried out encryption and package, and the encryption key after the described encryption and package is sent to DRM acting server 44 according to the PKI of DRM acting server 44; DRM acting server 44 extracts encryption key after the described encryption and package according to the private key of DRM acting server, and uses digital content after the deciphering according to described encryption key with default access;
It is the private key of authorizing publisher server 43 distribution authorization publisher servers when authorizing publisher server 43 to add the DRM system for the first time that private key generates server 41; Authorize publisher server 43 to calculate the PKI of DRM acting server 44 in this locality according to the identity information of DRM acting server 44; Authorize publisher server 43 to generate right objects, comprise encryption key in the described right objects according to the default access of described original digital content; Content distribution server 42 carries out encryption and package according to the PKI of DRM acting server 44 to the encryption key in the described right objects; DRM acting server 44 obtains agreement after authorizing publisher server 43 to register by right objects, to authorizing publisher server 43 to send the request that is used to obtain right objects; Authorize the described request that is used to obtain described right objects of 43 pairs of publisher servers to carry out digital signature; After described digital signature is passed through, authorize publisher server 43 right to false proof PKI, signature that DRM acting server 44 sends described right objects, described mandate publisher server; DRM acting server 44 is according to the identity information of authorizing publisher server 43 and authorize the false proof PKI of publisher server 43 to calculate the PKI of authorizing publisher server 43 in this locality; Authorize the identity information of publisher server 43 to sign if mandate publisher server 43 is known to forge, then authorize publisher server 43 according to the false proof public key acquisition arbitration result of the signature of forging with mandate publisher server 43.
When identity is the right objects of ID when finding to have false signer to forge its signature, identity is that the right objects of ID can provide effective evidences and the private key pointing out to forge generates server to arbitration equipment 45 trusty (Judgment).
Arbitration process is as follows: authorize publisher server 43 will authorize the false proof PKI Q of publisher server 43 FRISend to arbitration equipment 45; Authorize publisher server 43 to utilize knowledge proof to make arbitration equipment 45 (Judgment) be sure of to authorize publisher server 43 to have the private key S that authorizes publisher server 43 RI=sH 1(ID, Q FRI), wherein, s is system's private key; Arbitration equipment is chosen random number Z q *Expression set 1,2 ..., q-1}, q represent the number of the point from the elliptic curve E, calculate random number α and public-key cryptography (P, Q TA) in the product α P of P, and with product α P and send to the mandate publisher server; Authorize publisher server 43 to calculate t (S ID, α P) and send to arbitration equipment 45; Arbitration equipment 45 calculates t (S ID, α P) and t (Q ID, Q TA) α, if t (S ID, α P)=t (Q ID, Q TA) the α establishment, arbitration equipment 45 assert that private keys generate servers 41 and forged signature, if t (S ID, α P)=t (Q ID, Q TA) αBe false, arbitration equipment 45 assert that private key generates server 41 and do not forge a signature.By said process as can be known, arbitration equipment 45 can effectively be taken precautions against based on the private key that exists in the identification cipher system and generate the server fraud problems.
The system for numeral copyright management that the embodiment of the invention provides, generate the private key that server 41 generates content distribution server by private key, and when content distribution server 42 adds this DRM system for the first time content distribution server 42 distribution private keys, after the encryption key that content distribution server 42 generates according to this locality is encrypted packing to original digital content, encryption key is sent to mandate publisher server 43, authorize publisher server 43 this encryption key to be carried out sending to DRM acting server 44 after the encryption and package according to the PKI of DRM acting server 44, encryption key after making DRM acting server 44 according to the private key extraction encryption and package of DRM acting server, thereby use digital content after the deciphering with default access according to this encryption key, owing to no longer need to have simplified of the management of DRM system to PKI by the PKI of public key certificate bundled user and user's identity information.
Fig. 5 is the structural representation of embodiment of the invention institute applicable copyright rights management system architecture, as shown in Figure 5, DRM acting server 51 (DRM Agent, be called for short: DA), content distribution server 52 (Content Issuer, be called for short: CI), authorize publisher server 53 (Right Issuer, be called for short: RI), private key generates server 54 (Private Key Generation is called for short: PKG), arbitration equipment 55 (Judgment).
Wherein, DRM acting server 51 is a believable functional entity of being responsible for carrying out the drm agent function in the system architecture, compulsory execution attaches the access rights control function on the DRM content, realization is to the controlled visit of DRM content, in DRM acting server 51, include computing module (CAL), be used for calculating the PKI of authorizing publisher server 53 according to the identity information of authorizing publisher server 53 to obtain; Use the user (User) of DRM content only can visit the DRM contents by DRM acting server 51.
Content distribution server 52 is for being responsible for the logical functional entity of DRM distribution of contents, since the OMADRM normalized definition send to DRM content format (the DRM ContentFormat of DRM acting server 51, be called for short: DCF), therefore can adopt multiple transmission mechanism that the DRM content is sent to DRM acting server 51 by content distribution server 52; Content distribution server 52 is encrypted packing according to the DRM content packaging form of OMA DCF definition to original digital content, and the content that will encrypt after packing by multiple carrying and load mode is sent to DRM acting server 51.
Authorize publisher server 53 for being responsible for being provided with the logical functional entity of DRM content rights, for the DRM content is specified permission and constraint, and (Right Object is called for short: RO) to generate authorization object.RO is one and is used for representing the usage license of DRM content and the XML document of constraint, is to meet OMA REL standard XML document; Right objects is being controlled how the DRM content is used that the DRM content can't break away from authorization object and is being used separately, can only use according to the mode of authorization object appointment.Authorize publisher server 53 to comprise a computing module (CAL), the identity information that is used for getting access to by DRM acting server 51 calculates the PKI of DA.
It is safe foundation of total system that private key generates server 54, main each the open parameter of selecting system and the private key of system be responsible for, for each user in the system generates private key and distribute private key when the user adds system for the first time, and private key generation server 54 no longer participates in encrypting and signature process in public key encryption afterwards and the signature process.
Arbitration equipment 55 is the 3rd arbitration side trusty, and when authorizing publisher server 53 to suspect that private key generation server 54 pretends to be its identity to forge a signature, whether trusted is arbitrated according to the request of authorizing publisher server 53 private key to be generated server 54; Arbitration equipment 55 does not participate in the copyright protection process, arbitrates when private key generates the signature of server 54 trustless forgery mandate publisher servers 53 with the signature that private key is generated server 54 forgeries and assert.
The invention described above embodiment, owing in the process of digital copyright protecting, only need DRM acting server 51, content distribution server 52 and authorize publisher server 53 to participate in, in the process of copyright protection, do not need to visit once more private key and generate server 54, therefore simplified of the management of DRM system PKI; In the process of certifying signature, need not be by the PKI of public key certificate bundled user and user's identity information, do not need access certificate server CA, the management and the distribution of PKI have been simplified, avoided setting up the public keys database of certificate server CA, the safety problem that has reduced financial cost greatly and caused therefrom.
The those skilled in the art can be well understood to, and is the convenience described and succinct, and the concrete course of work of the system of foregoing description, equipment, module and unit can not repeat them here with reference to the corresponding process among the preceding method embodiment.
One of ordinary skill in the art will appreciate that: all or part of step that realizes the foregoing description can be finished by the relevant hardware of programmed instruction, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (10)

1. a digital copyright management method is characterized in that, comprising:
It is the private key that digital copyright management DRM acting server is distributed described DRM acting server that private key generates server;
Content distribution server is encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content of encrypting after packing is sent to described DRM acting server, and described encryption key is sent to described mandate publisher server;
Described mandate publisher server carries out encryption and package according to the PKI of described DRM acting server with described encryption key, and the encryption key after the described encryption and package is sent to described DRM acting server;
Described DRM acting server extracts encryption key after the described encryption and package according to the private key of described DRM acting server, and uses digital content after the deciphering according to described encryption key with default access.
2. method according to claim 1 is characterized in that, it is that the private key that digital copyright management DRM acting server is distributed described DRM acting server comprises that described private key generates server:
The DRM acting server sends to private key generation server with the false proof PKI of described DRM acting server when adding the DRM system for the first time;
Described private key generates server and generates the private key of described DRM acting server according to the false proof PKI of described DRM acting server, and the private key of described DRM acting server is sent to described DRM acting server.
3. method according to claim 1 is characterized in that, described mandate publisher server carries out encryption and package according to the PKI of described DRM acting server with described encryption key and comprises:
Described mandate publisher server generates right objects according to the default access of described original digital content, comprises encryption key in the described right objects;
Described mandate publisher server carries out encryption and package according to the PKI of described DRM acting server to the encryption key in the described right objects.
4. method according to claim 3 is characterized in that, also comprises:
Described DRM acting server obtains agreement after described mandate publisher server is registered by right objects, sends the request that is used to obtain described right objects to described mandate publisher server;
Described mandate publisher server carries out digital signature to the described request that is used to obtain described right objects;
After described digital signature was passed through, described mandate publisher server was right to false proof PKI, signature that described DRM acting server sends described right objects, described mandate publisher server;
Described DRM acting server calculates the PKI of described mandate publisher server in this locality according to the false proof PKI of the identity information of described mandate publisher server and described mandate publisher server.
5. according to the arbitrary described method of claim 1~4, it is characterized in that, also comprise:
Sign if described mandate publisher server is known the identity information that described private key generation server is forged described mandate publisher server, then described mandate publisher server is according to the signature of forging and the false proof public key acquisition arbitration result of described mandate publisher server.
6. a system for numeral copyright management is characterized in that, comprising: private key generates server, content distribution server, mandate publisher server, digital copyright management DRM acting server;
It is the private key that described DRM acting server is distributed described DRM acting server when described DRM acting server adds the DRM system for the first time that described private key generates server;
Described content distribution server is encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content of encrypting after packing is sent to described DRM acting server, and described encryption key is sent to described mandate publisher server;
Described mandate publisher server carries out encryption and package according to the PKI of described DRM acting server with described encryption key, and the encryption key after the described encryption and package is sent to described DRM acting server;
Described DRM acting server extracts encryption key after the described encryption and package according to the private key of described DRM acting server, and uses digital content after the deciphering according to described encryption key with default access.
7. system according to claim 6 is characterized in that, also comprises:
It is the private key that described mandate publisher server is distributed described mandate publisher server when authorizing publisher server to add the DRM system for the first time that described private key generates server;
Described mandate publisher server calculates the PKI of described DRM acting server in this locality according to the identity information of described DRM acting server.
8. system according to claim 7 is characterized in that, also comprises:
Described mandate publisher server generates right objects according to the default access of described original digital content, comprises encryption key in the described right objects;
Described mandate publisher server carries out encryption and package according to the PKI of described DRM acting server to the encryption key in the described right objects.
9. system according to claim 8 is characterized in that, also comprises:
Described DRM acting server obtains agreement after described mandate publisher server is registered by right objects, sends the request that is used to obtain described right objects to described mandate publisher server;
Described mandate publisher server carries out digital signature to the described request that is used to obtain described right objects;
After described digital signature was passed through, described mandate publisher server was right to false proof PKI, signature that described DRM acting server sends described right objects, described mandate publisher server;
Described DRM acting server calculates the PKI of described mandate publisher server in this locality according to the false proof PKI of the identity information of described mandate publisher server and described mandate publisher server.
10. according to the arbitrary described system of claim 6~9, it is characterized in that, also comprise:
Sign if described mandate publisher server is known the identity information of forging described mandate publisher server, then described mandate publisher server is according to the signature of forging and the false proof public key acquisition arbitration result of described mandate publisher server.
CN2010101700741A 2010-05-07 2010-05-07 Digital rights management method and system Active CN101833623B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2010101700741A CN101833623B (en) 2010-05-07 2010-05-07 Digital rights management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010101700741A CN101833623B (en) 2010-05-07 2010-05-07 Digital rights management method and system

Publications (2)

Publication Number Publication Date
CN101833623A true CN101833623A (en) 2010-09-15
CN101833623B CN101833623B (en) 2013-02-13

Family

ID=42717690

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010101700741A Active CN101833623B (en) 2010-05-07 2010-05-07 Digital rights management method and system

Country Status (1)

Country Link
CN (1) CN101833623B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012119389A1 (en) * 2011-08-12 2012-09-13 华为技术有限公司 Data sharing system, data distribution system and data protection method
WO2014026462A1 (en) * 2012-08-16 2014-02-20 福州福昕软件开发有限公司北京分公司 Digital rights management method
CN103649962A (en) * 2011-05-02 2014-03-19 英赛瑟库尔公司 System and method for protecting digital contents with digital rights management (DRM)
CN107688729A (en) * 2017-07-27 2018-02-13 大唐高鸿信安(浙江)信息科技有限公司 Protection system of application program and method based on trusted host
CN109284615A (en) * 2018-08-10 2019-01-29 广东电网有限责任公司信息中心 Mobile device digital resource method for managing security
CN109460636A (en) * 2018-10-22 2019-03-12 高斯贝尔数码科技股份有限公司 A kind of digital copyright management method and system and reverse proxy device
CN110752929A (en) * 2019-09-29 2020-02-04 华为终端有限公司 Application program processing method and related product
WO2020156400A1 (en) * 2019-01-30 2020-08-06 京东方科技集团股份有限公司 Digital artwork display device, management method, and electronic device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1851604A (en) * 2005-07-20 2006-10-25 华为技术有限公司 Digital copyright protection system and method
CN101055608A (en) * 2006-04-14 2007-10-17 陆明 Digital copyright management and protection method
CN101158998A (en) * 2007-11-16 2008-04-09 北京握奇数据系统有限公司 Management method and device of DRM licenses

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1851604A (en) * 2005-07-20 2006-10-25 华为技术有限公司 Digital copyright protection system and method
CN101055608A (en) * 2006-04-14 2007-10-17 陆明 Digital copyright management and protection method
CN101158998A (en) * 2007-11-16 2008-04-09 北京握奇数据系统有限公司 Management method and device of DRM licenses

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103649962A (en) * 2011-05-02 2014-03-19 英赛瑟库尔公司 System and method for protecting digital contents with digital rights management (DRM)
CN103649962B (en) * 2011-05-02 2017-02-15 英赛瑟库尔公司 System and method for protecting digital contents with digital rights management (DRM)
WO2012119389A1 (en) * 2011-08-12 2012-09-13 华为技术有限公司 Data sharing system, data distribution system and data protection method
US8539606B2 (en) 2011-08-12 2013-09-17 Huawei Technologies Co., Ltd. Data protection method and data protection system
WO2014026462A1 (en) * 2012-08-16 2014-02-20 福州福昕软件开发有限公司北京分公司 Digital rights management method
US9202023B2 (en) 2012-08-16 2015-12-01 Fujian Foxit Software Development Joint Stock Co., Ltd. Digital rights management method
CN107688729A (en) * 2017-07-27 2018-02-13 大唐高鸿信安(浙江)信息科技有限公司 Protection system of application program and method based on trusted host
CN109284615A (en) * 2018-08-10 2019-01-29 广东电网有限责任公司信息中心 Mobile device digital resource method for managing security
CN109284615B (en) * 2018-08-10 2022-01-25 广东电网有限责任公司信息中心 Mobile equipment digital resource safety management method
CN109460636A (en) * 2018-10-22 2019-03-12 高斯贝尔数码科技股份有限公司 A kind of digital copyright management method and system and reverse proxy device
CN109460636B (en) * 2018-10-22 2020-12-11 高斯贝尔数码科技股份有限公司 Digital copyright management method and system and reverse proxy device
WO2020156400A1 (en) * 2019-01-30 2020-08-06 京东方科技集团股份有限公司 Digital artwork display device, management method, and electronic device
US11861021B2 (en) 2019-01-30 2024-01-02 Boe Technology Group Co., Ltd. Digital artwork display device, management method, and electronic device
CN110752929A (en) * 2019-09-29 2020-02-04 华为终端有限公司 Application program processing method and related product
CN110752929B (en) * 2019-09-29 2022-04-22 华为终端有限公司 Application program processing method and related product

Also Published As

Publication number Publication date
CN101833623B (en) 2013-02-13

Similar Documents

Publication Publication Date Title
CN101833623A (en) Digital rights management method and system
JP2022003536A (en) Method implemented by block chain for digital content control and distribution
JP2020145733A (en) Method for managing a trusted identity
CN102129532B (en) Method and system for digital copyright protection
CN107146120B (en) Electronic invoice generation method and generation device
EP3761203A1 (en) Information processing method, blockchain node, and electronic apparatus
CN101546407B (en) Electronic commerce system and management method thereof based on digital certificate
CN102224506B (en) Method and device for managing digital content
US20020049906A1 (en) Digital signature system, digital signature method, digital signature mediation method, digital signature mediation system, information terminal and storage medium
CN111027028A (en) Copyright data processing method and device based on intelligent contract
CN102073826A (en) System and method for digital copyright management using lightweight digital watermark adding component
CN102025507B (en) Digital copyright management method for protecting digital content consumer privacy
CN105453483A (en) Image based key derivation function
CN101107611A (en) Private and controlled ownership sharing
CN101470782A (en) Revocation status checking for digital rights managment
US20130124849A1 (en) System And Method For Individualizing Content For A Consumer
CN107306254A (en) Digital literary property protection method and system based on double layer encryption
Chen A secure and traceable E-DRM system based on mobile device
CN116453644A (en) Medicine traceability supervision method and system based on blockchain
CN111079190A (en) Block chain supply chain transaction hiding dynamic supervision system and method
CN104363268A (en) Payment incentive mechanism based safety deduplication system
KR100468031B1 (en) Publication and settlement of account for an electronic check
CN102609842B (en) A kind of payment cipher device based on hardware signature equipment and application process thereof
WO2015079004A1 (en) Method and apparatus for supporting verification of a contract
Kuechler et al. Digital signatures: A business view

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 518129 Building 2, B District, Bantian HUAWEI base, Longgang District, Shenzhen, Guangdong.

Co-patentee after: Huazhong University of Science and Technology

Patentee after: Huawei Terminal (Shenzhen) Co., Ltd.

Address before: 518129 Building 2, B District, Bantian HUAWEI base, Longgang District, Shenzhen, Guangdong.

Co-patentee before: Huazhong University of Science and Technology

Patentee before: Huawei Device Co., Ltd.