CN101833623B - Digital rights management method and system - Google Patents

Digital rights management method and system Download PDF

Info

Publication number
CN101833623B
CN101833623B CN2010101700741A CN201010170074A CN101833623B CN 101833623 B CN101833623 B CN 101833623B CN 2010101700741 A CN2010101700741 A CN 2010101700741A CN 201010170074 A CN201010170074 A CN 201010170074A CN 101833623 B CN101833623 B CN 101833623B
Authority
CN
China
Prior art keywords
server
drm
mandate
publisher
acting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2010101700741A
Other languages
Chinese (zh)
Other versions
CN101833623A (en
Inventor
胡汉平
王茂才
罗耀平
陈国乔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Device Shenzhen Co Ltd
Huazhong University of Science and Technology
Original Assignee
Huawei Device Co Ltd
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Device Co Ltd, Huazhong University of Science and Technology filed Critical Huawei Device Co Ltd
Priority to CN2010101700741A priority Critical patent/CN101833623B/en
Publication of CN101833623A publication Critical patent/CN101833623A/en
Application granted granted Critical
Publication of CN101833623B publication Critical patent/CN101833623B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the invention relates to a digital rights management (DRM) method and a DRM system. The method comprises the following steps that: a private key generating server distributes a private key of a DRM proxy server to the DRM proxy server; a content publishing server performs encryption package on original digital contents according to an encryption key generated locally, transmits packed data contents to the DRM proxy server and transmits the encryption key to an authorized publishing server; the authorized publishing server performs the encryption package on the encryption key according to a pubic key of the DRM proxy server and transmits the encryption key after the encryption package to the DRM proxy server; and the DRM proxy server extracts the encryption key after the encryption package according to the private key of the DRM proxy server and uses decrypted digital contents by using a default authority according to the encryption key. Because the public key of a user and the identity information of the user do not need to be bound by a pubic key certificate, the management of the DRM system to the public key is simplified by using the method and the system of the embodiment of the invention.

Description

Digital copyright management method and system
Technical field
The embodiment of the invention relates to field of information security technology, especially a kind of digital copyright management method and system.
Background technology
Along with the development of mobile digital value-added service, download, transmit the part that picture, music and the video oneself liked have become people's daily life gradually by network.Because how the inherent characteristic of numerical information provides effective protection to digital publishing rights, prevent that digital content from being become a necessary problems of concern by random the propagation.Digital version version management (Digital Rights Management; be called for short: DRM) be a kind of digital content to be used and propagate the copyright protection regime of controlling; (the ContentProvider of content supplier; be called for short: (Personal Digital Assistant is called for short: the authority of PDA) etc. using digital content on the equipment at portable terminal, personal digital assistant CP) can to control the user by DRM.
Initial Open Mobile Alliance (Open Mobile Alliance, be called for short: OMA) by WAP (wireless application protocol) (Wireless Application Protocol, be called for short: WAP) two standardization bodies of forum and open type moving architecture set up by merging, development so far, the member company that OMA has developed has surpassed 350, has comprised main in the world mobile operator, equipment and Network Provider, information technology companies, application development merchant and content supplier.Member on the whole value chain cooperates jointly, to guarantee providing seamless mobile service as global terminal user.OMA began one's study and develops the DRM standard from calendar year 2001, and the multimedia digital service is developed corresponding DRM integrated chip by the standard that adopts OMA DRM, provides protected digit content is encrypted and analysis service.(for example: RSA (Rivest, Shamirh, Adleman) need to arrange certificate granting center (Certificate Authority based on the encryption of public-key cryptosystem and analysis service, be called for short: CA), CA is as the network mechanism that manages and sign and issue security credence and enciphered message safe key, the backward applicant's grant a certificate of digital certificate that CA checking applicant provides, digital certificate is as the foundation of online identity proof, and the content of digital certificate comprises applicant's personal information, PKI and authentication valid period.
Public-key cryptosystem of the prior art need to could be realized by means of the public key certificate that issue at the CA center, be applicable to the less single system of customer group.Along with informationalized development, the scale of customer group constantly enlarges, the CA center to the management of public key certificate, obtain and become day by day complicated, be difficult to satisfy the development of informationized society to the demand of public-key cryptosystem based on the conventional public-key cipher system of public key certificate.
Summary of the invention
The purpose of the embodiment of the invention is to provide a kind of digital copyright management method and system, need not by the PKI of public key certificate bundled user and user's identity information, simplify the management of PKI.
The embodiment of the invention provides a kind of digital copyright management method, comprising:
The private key generation server is the private key that digital copyright management DRM acting server is distributed described DRM acting server;
Content distribution server is encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content of encrypting after packing is sent to described DRM acting server, and described encryption key is sent to the mandate publisher server;
Described mandate publisher server is encrypted encapsulation according to the PKI of described DRM acting server with described encryption key, and the encryption key after the described encryption encapsulation is sent to described DRM acting server;
Described DRM acting server extracts encryption key after the described encryption encapsulation according to the private key of described DRM acting server, and uses digital content after the deciphering according to described encryption key with default access;
Described method also comprises:
Described DRM acting server sends for the request of obtaining described right objects to described mandate publisher server after registering to described mandate publisher server by right objects acquisition agreement;
Described mandate publisher server carries out digital signature to described request be used to obtaining described right objects;
After described digital signature was passed through, described mandate publisher server was right to false proof PKI, signature that described DRM acting server sends described right objects, described mandate publisher server;
Described DRM acting server obtains the PKI of described mandate publisher server at local computing according to the false proof PKI of the identity information of described mandate publisher server and described mandate publisher server.
The embodiment of the invention provides a kind of system for numeral copyright management, comprising: private key generation server, content distribution server, mandate publisher server, digital copyright management DRM acting server;
Described private key generation server is the private key that described DRM acting server is distributed described DRM acting server when described DRM acting server adds the DRM system for the first time;
Described content distribution server is encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content of encrypting after packing is sent to described DRM acting server, and described encryption key is sent to described mandate publisher server;
Described mandate publisher server is encrypted encapsulation according to the PKI of described DRM acting server with described encryption key, and the encryption key after the described encryption encapsulation is sent to described DRM acting server;
Described DRM acting server extracts encryption key after the described encryption encapsulation according to the private key of described DRM acting server, and uses digital content after the deciphering according to described encryption key with default access;
Further, described DRM acting server sends for the request of obtaining described right objects to described mandate publisher server after registering to described mandate publisher server by right objects acquisition agreement;
Described mandate publisher server carries out digital signature to described request be used to obtaining described right objects;
After described digital signature was passed through, described mandate publisher server was right to false proof PKI, signature that described DRM acting server sends described right objects, described mandate publisher server;
Described DRM acting server obtains the PKI of described mandate publisher server at local computing according to the false proof PKI of the identity information of described mandate publisher server and described mandate publisher server.
The digital copyright management method that the embodiment of the invention provides and system, private key by private key generation server generating content publisher server, and be content distribution server distribution private key when content distribution server adds this DRM system for the first time, after the encryption key that content distribution server generates according to this locality is encrypted packing to original digital content, encryption key is sent to the mandate publisher server, send to the DRM acting server after authorizing publisher server according to the PKI of DRM acting server this encryption key to be encrypted encapsulation, so that the DRM acting server extracts the encryption key of encrypting after the encapsulation according to the private key of DRM acting server, thereby use digital content after the deciphering according to this encryption key with default access, owing to no longer needing to have simplified the management of DRM system to PKI by the PKI of public key certificate bundled user and user's identity information.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, the below will do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art, apparently, accompanying drawing in the following describes only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the schematic flow sheet of an embodiment of digital copyright management method of the present invention;
Fig. 2 is the schematic flow sheet of another embodiment of digital copyright management method of the present invention;
Fig. 3 is the structural representation of an embodiment of system for numeral copyright management of the present invention;
Fig. 4 is the structural representation of another embodiment of system for numeral copyright management of the present invention;
Fig. 5 is the structural representation of embodiment of the invention institute applicable copyright rights management system architecture.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
Fig. 1 is the schematic flow sheet of an embodiment of digital copyright management method of the present invention, and as shown in Figure 1, the embodiment of the invention comprises the steps:
Step 101, private key generation server are the private key of DRM acting server distribution DRM acting server when the DRM acting server adds the DRM system for the first time;
Step 102, content distribution server are encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content that will encrypt after packing sends to the DRM acting server, and encryption key is sent to the mandate publisher server;
Step 103, mandate publisher server are encrypted encapsulation according to the PKI of DRM acting server with encryption key, and the encryption key that will encrypt after the encapsulation sends to the DRM acting server;
Step 104, DRM acting server are extracted the encryption key of encrypting after the encapsulation according to the private key of DRM acting server, and use digital content after the deciphering according to encryption key with default access.
The digital copyright management method that the embodiment of the invention provides, private key by private key generation server generating content publisher server, and be content distribution server distribution private key when content distribution server adds this DRM system for the first time, after the encryption key that content distribution server generates according to this locality is encrypted packing to original digital content, encryption key is sent to the mandate publisher server, send to the DRM acting server after authorizing publisher server according to the PKI of DRM acting server this encryption key to be encrypted encapsulation, so that the DRM acting server extracts the encryption key of encrypting after the encapsulation according to the private key of DRM acting server, thereby use digital content after the deciphering according to this encryption key with default access, owing to no longer needing to have simplified the management of DRM system to PKI by the PKI of public key certificate bundled user and user's identity information.
Fig. 2 is the schematic flow sheet of another embodiment of digital copyright management method of the present invention, and as shown in Figure 2, the embodiment of the invention comprises the steps:
Step 201, private key generation server obtain the public-key cryptography of system's private key and system according to systematic parameter;
Wherein, this systematic parameter comprises: elliptic curve E:y 2=x 3+ ax+b, the first finite group G 1With the second finite group G 2, Tate pairing function t, the first hash function H 1With the second hash function H 2Can determine to choose suitable systematic parameter by DRM security of system intensity, when security intensity reaches 160 bits (bits), can adopt existing various elliptic curve to generate this systematic parameter, for example: generate elliptic curve E, choose two different subgroups respectively as the first finite group G at elliptic curve E 1With the second finite group G 2, and at the first finite group G 1With the second finite group G 2A kind of data transformation of upper definition is as Tate pairing function t, simultaneously according to the first finite group G 1With the second finite group G 2Define the first hash function
Figure DEST_PATH_GSB00000725843800051
With the second hash function
Figure DEST_PATH_GSB00000725843800052
Wherein,
Figure DEST_PATH_GSB00000725843800053
Expression set 1,2 ..., q-1}, q represent the number of the point from the elliptic curve E; The private key generation server is from the first finite group G 1In choose randomly the element of a non-zero entry as public-key cryptography (P, Q TA) in P, from
Figure DEST_PATH_GSB00000725843800054
Choose a random number as the private key s of system, the private key generation server calculates P and the private key s of system is point multiplication operation acquisition public-key cryptographic keys (P, Q TA) in Q TA
Step 202, private key generation server are the DRM acting server at the DRM acting server with when authorizing publisher server to add for the first time the DRM system and authorize publisher server distribution private key separately;
Particularly, the DRM acting server sends to private key generation server with false proof PKI separately with authorizing publisher server when adding the DRM system for the first time; The private key generation server generates the private key of DRM acting server according to the false proof PKI of DRM acting server, generate the private key of authorizing publisher server according to the false proof PKI of authorizing publisher server, and the private key of DRM acting server sent to the DRM acting server, will authorize the private key of publisher server to send to the mandate publisher server.
Step 203, content distribution server are encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content that will encrypt after packing sends to the DRM acting server, and encryption key is sent to the mandate publisher server;
Particularly, local random generation of content distribution server held encryption key CEK; Content distribution server is distributed to the DRM acting server after using encryption key CEK that original digital content is encrypted packing by the symmetric cryptography method, and encryption key CEK is offered the mandate publisher server; For example: when DRM acting server and mandate publisher server entered digital content management system first, the DRM acting server was chosen at random
Figure DEST_PATH_GSB00000725843800055
As the anti-counterfeiting private key of DRM acting server, authorize publisher server to choose at random
Figure DEST_PATH_GSB00000725843800056
As the anti-counterfeiting private key of authorizing publisher server, DRM acting server Q FDA=S FDAP authorizes publisher server to calculate Q as the false proof PKI of DRM acting server FRI=S FRIP is as the false proof PKI of authorizing publisher server, and the DRM acting server is with the false proof PKI Q of DRM acting server FDaSend to the private key generation server, authorize publisher server will authorize the false proof PKI Q of publisher server FRISend to the private key generation server.
Step 204, mandate publisher server are encrypted encapsulation according to the PKI of DRM acting server with encryption key, and the encryption key that will encrypt after the encapsulation sends to the DRM acting server;
Particularly, authorize publisher server to generate the right objects that includes encryption key according to the default access of original digital content, this right objects is ordered for the user; Authorize publisher server according to the PKI of DRM acting server to right objects (Right Object, be called for short: the encryption key RO) is encrypted encapsulation; Authorize publisher server to require to generate right objects (RO) according to the authority that the user orders this original data content, and with the PKI Q of DRM acting server DAEncryption key CEK among the RO is encrypted encapsulation; The DRM acting server obtains agreement by right objects, and (Rights Object Aequisition Protocol is called for short: ROAP) register to and authorize publisher server, and to authorizing publisher server acquisition request right objects.
Step 205, DRM acting server obtain agreement after authorizing publisher server to register by right objects, to authorizing publisher server to send for the request of obtaining described right objects;
Particularly, the DRM acting server is downloaded from content distribution server and is obtained the digital content of encrypting after encapsulating, because deciphering this digital content required encryption key CEK is included in the right objects (RO) that this user orders, and authorizes publisher server according to the identity information of DRM acting server and the false proof PKI Q of DRM acting server FDADirectly calculate the PKI Q of DRM acting server in this locality DA
Step 206, mandate publisher server are to carrying out digital signature for the request of obtaining right objects;
Particularly, authorize publisher server by following process implementation digital signature: the mandate publisher server is chosen an integer at random
Figure DEST_PATH_GSB00000725843800061
According to the PKI Q that authorizes publisher server RIWith the Q in the public-key cryptography TACalculate the tate pairing function f=t (Q of the two RI, Q TA) r, further obtain signature to the v=H among σ=(u, the v) according to pairing function f and right objects 2(RO, f) further obtains signature to the u=rS among σ=(u, the v) according to signature to v among σ=(u, the v) RI-vS FRIQ RIThereby, obtain signature to σ=(u, v), wherein, S RIFor authorizing the private key of publisher server, S FRIFor authorizing the anti-counterfeiting private key of publisher server, Q RIFor authorizing the PKI of publisher server; Authorize publisher server to send right objects, authorize the false proof PKI Q of publisher server to the DRM acting server FRIAnd signature is to σ=(u, v).
Step 207, after digital signature is passed through, authorize publisher server to the DRM acting server send right objects, authorize the false proof PKI of publisher server, signature is right;
Step 208, DRM acting server are according to the identity information of authorizing publisher server and authorize the false proof PKI of publisher server at the PKI of the authorized publisher server of local computing;
In above-mentioned steps 207 and the step 208, the DRM acting server receives from the right objects of authorizing publisher server, authorizes the false proof PKI Q of publisher server FRIAnd sign to σ=(u, v), the DRM acting server is according to the identity information of authorizing publisher server and authorize the false proof PKI Q of publisher server FRIDirectly calculate the PKI Q that authorizes publisher server in this locality RI
Step 209, DRM acting server are extracted the encryption key of encrypting after the encapsulation according to the private key of DRM acting server, and use digital content after the deciphering according to encryption key with default access;
The DRM acting server adopts the private key S of DRM acting server DAThe default access that deciphering is extracted content key CEK and used this content; The DRM acting server adopts the content key among the right objects RO that digital content is decrypted, and by the digital content after the corresponding default access use deciphering.
The digital copyright management method that the embodiment of the invention provides, private key by private key generation server generating content publisher server, and be content distribution server distribution private key when content distribution server adds this DRM system for the first time, after the encryption key that content distribution server generates according to this locality is encrypted packing to original digital content, encryption key is sent to the mandate publisher server, send to the DRM acting server after authorizing publisher server according to the PKI of DRM acting server this encryption key to be encrypted encapsulation, so that the DRM acting server extracts the encryption key of encrypting after the encapsulation according to the private key of DRM acting server, thereby use digital content after the deciphering according to this encryption key with default access, owing to no longer needing to have simplified the management of DRM system to PKI by the PKI of public key certificate bundled user and user's identity information.
Further, on above-mentioned basis embodiment illustrated in fig. 2, forge the identity information of mandate publisher server and sign if the mandate publisher server is known the private key generation server, then authorize publisher server according to the false proof public key acquisition arbitration result of signature with the mandate publisher server of the forgery of private key generation server; Particularly, when identity is the right objects of ID when finding to have false signer to forge its signature, identity is the private key generation server that the right objects of ID can provide effective evidence and point out to forge to arbitration equipment trusty (Judgment).
Arbitration process is as follows: authorize publisher server to send and will authorize the false proof PKI Q of publisher server FRIGive arbitration equipment; The private key S that authorizes publisher server to utilize knowledge proof to make arbitration equipment (Judgment) be sure of to authorize publisher server to have to authorize publisher server RI=sH 1(ID, Q FRI); Arbitration equipment is chosen random number
Figure DEST_PATH_GSB00000725843800081
Calculate random number α and public-key cryptography (P, Q TA) in the product α P of P, and with product α P and send to the mandate publisher server; Authorize publisher server to calculate t (S ID, α P) and send to arbitration equipment; Arbitration equipment calculates t (S ID, α P) and t (Q ID, Q TA) αIf, t (S ID, α P)=t (Q ID, Q TA) αSet up, arbitration equipment identification private key generation server has been forged signature, if t is (S ID, α P)=t (Q ID, Q TA) αBe false, arbitration equipment assert that the private key generation server does not forge a signature.By said process as can be known, arbitration equipment can effectively be taken precautions against based on the private key generation server fraud problems that exists in the identification cipher system.
Fig. 3 is the structural representation of an embodiment of system for numeral copyright management of the present invention, and as shown in Figure 3, the present embodiment comprises: private key generation server 31, content distribution server 32, mandate publisher server 33, DRM acting server 34;
Wherein, private key generation server 31 is the private key of DRM acting server 34 distribution DRM acting servers 34 when DRM acting server 34 adds the DRM system for the first time; Content distribution server 32 is encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content of encrypting after packing is sent to DRM acting server 34, encryption key is sent to authorize publisher server 33; Authorize publisher server 33 according to the PKI of DRM acting server 34 encryption key to be encrypted encapsulation, and the encryption key after the described encryption encapsulation is sent to DRM acting server 34; DRM acting server 34 extracts encryption key after the described encryption encapsulation according to the private key of DRM acting server, and uses digital content after the deciphering according to described encryption key with default access.
The system for numeral copyright management that the embodiment of the invention provides, private key by private key generation server 31 generating content publisher servers, and be content distribution server 32 distribution private keys when content distribution server 32 adds this DRM system for the first time, after the encryption key that content distribution server 32 generates according to this locality is encrypted packing to original digital content, encryption key is sent to mandate publisher server 33, send to DRM acting server 34 after authorizing publisher server 33 according to the PKI of DRM acting server 34 this encryption key to be encrypted encapsulation, so that DRM acting server 34 extracts the encryption key of encrypting after the encapsulation according to the private key of DRM acting server, thereby use digital content after the deciphering according to this encryption key with default access, owing to no longer needing to have simplified the management of DRM system to PKI by the PKI of public key certificate bundled user and user's identity information.
Fig. 4 is the structural representation of another embodiment of system for numeral copyright management of the present invention, and as shown in Figure 4, the present embodiment comprises: private key generation server 41, content distribution server 42, mandate publisher server 43, DRM acting server 44, arbitration equipment 45;
Private key generation server 41 is the private key of DRM acting server 44 distribution DRM acting servers when DRM acting server 44 adds the DRM system for the first time; Content distribution server 42 is encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content of encrypting after packing is sent to DRM acting server 44, encryption key is sent to authorize publisher server 43; Authorize publisher server 43 according to the PKI of DRM acting server 44 encryption key to be encrypted encapsulation, and the encryption key after the described encryption encapsulation is sent to DRM acting server 44; DRM acting server 44 extracts encryption key after the described encryption encapsulation according to the private key of DRM acting server, and uses digital content after the deciphering according to described encryption key with default access;
Private key generation server 41 is the private key of authorizing publisher server 43 distribution authorization publisher servers when authorizing publisher server 43 to add the DRM system for the first time; Authorize publisher server 43 to obtain the PKI of DRM acting server 44 at local computing according to the identity information of DRM acting server 44; Authorize publisher server 43 to generate right objects according to the default access of described original digital content, comprise encryption key in the described right objects; Content distribution server 42 is encrypted encapsulation according to the PKI of DRM acting server 44 to the encryption key in the described right objects; After DRM acting server 44 is registered to mandate publisher server 43 by right objects acquisition agreement, to authorizing publisher server 43 to send for the request of obtaining right objects; Authorize 43 pairs of described requests be used to obtaining described right objects of publisher server to carry out digital signature; After described digital signature is passed through, authorize publisher server 43 right to false proof PKI, signature that DRM acting server 44 sends described right objects, described mandate publisher server; DRM acting server 44 is according to the identity information of authorizing publisher server 43 and authorize the false proof PKI of publisher server 43 at the PKI of the authorized publisher server 43 of local computing; Authorize the identity information of publisher server 43 to sign if mandate publisher server 43 is known to forge, then authorize publisher server 43 according to the false proof public key acquisition arbitration result of the signature of forging with mandate publisher server 43.
When identity is the right objects of ID when finding to have false signer to forge its signature, identity is the private key generation server that the right objects of ID can provide effective evidence and point out to forge to arbitration equipment 45 trusty (Judgment).
Arbitration process is as follows: authorize publisher server 43 will authorize the false proof PKI Q of publisher server 43 FRISend to arbitration equipment 45; Authorize publisher server 43 to utilize knowledge proof to make arbitration equipment 45 (Judgment) be sure of to authorize publisher server 43 to have the private key S that authorizes publisher server 43 RI=sH 1(ID, Q FRI), wherein, s is system's private key; Arbitration equipment is chosen random number
Figure DEST_PATH_GSB00000725843800101
Figure DEST_PATH_GSB00000725843800102
Expression set 1,2 ..., q-1}, q represent the number of the point from the elliptic curve E, calculate random number α and public-key cryptography (P, Q TA) in the product α P of P, and with product α P and send to the mandate publisher server; Authorize publisher server 43 to calculate t (S ID, α P) and send to arbitration equipment 45; Arbitration equipment 45 calculates t (S ID, α P) and t (Q ID, Q TA) αIf, t (S ID, α P)=t (Q ID, Q TA) αSet up, arbitration equipment 45 identification private key generation servers 41 have been forged signature, if t is (S ID, α P)=t (Q ID, Q TA) αBe false, arbitration equipment 45 assert that private key generation server 41 does not forge a signature.By said process as can be known, arbitration equipment 45 can effectively be taken precautions against based on the private key generation server fraud problems that exists in the identification cipher system.
The system for numeral copyright management that the embodiment of the invention provides, private key by private key generation server 41 generating content publisher servers, and be content distribution server 42 distribution private keys when content distribution server 42 adds this DRM system for the first time, after the encryption key that content distribution server 42 generates according to this locality is encrypted packing to original digital content, encryption key is sent to mandate publisher server 43, send to DRM acting server 44 after authorizing publisher server 43 according to the PKI of DRM acting server 44 this encryption key to be encrypted encapsulation, so that DRM acting server 44 extracts the encryption key of encrypting after the encapsulation according to the private key of DRM acting server, thereby use digital content after the deciphering according to this encryption key with default access, owing to no longer needing to have simplified the management of DRM system to PKI by the PKI of public key certificate bundled user and user's identity information.
Fig. 5 is the structural representation of embodiment of the invention institute applicable copyright rights management system architecture, as shown in Figure 5, DRM acting server 51 (DRM Agent, be called for short: DA), content distribution server 52 (Content Issuer, be called for short: CI), authorize publisher server 53 (Right Issuer, be called for short: RI), (Private Key Generation is called for short: PKG), arbitration equipment 55 (Judgment) private key generation server 54.
Wherein, DRM acting server 51 is the believable functional entity of being responsible for carrying out the drm agent function in the system architecture, compulsory execution attaches the access rights control function on the DRM content, realization is to the controlled access of DRM content, in DRM acting server 51, include computing module (CAL), be used for calculating the PKI of authorizing publisher server 53 according to the identity information of authorizing publisher server 53 to obtain; Use the user (User) of DRM content only can access the DRM contents by DRM acting server 51.
Content distribution server 52 is for being responsible for the logical functional entity of DRM contents distribution, since the OMADRM normalized definition send to DRM content format (the DRM Content Format of DRM acting server 51, be called for short: DCF), therefore can adopt multiple transmission mechanism that the DRM content is sent to DRM acting server 51 by content distribution server 52; Content distribution server 52 is encrypted packing according to the DRM content packaging form of OMA DCF definition to original digital content, and the content that will encrypt after packing by multiple carrying and load mode is sent to DRM acting server 51.
Authorize publisher server 53 for being responsible for arranging the logical functional entity of DRM content rights, for the DRM content is specified license and constraint, and (Right Object is called for short: RO) to generate authorization object.RO is one and is used for representing the usage license of DRM content and the XML document of constraint, is the XML document that meets OMA REL standard; Right objects is being controlled how the DRM content is used that the DRM content can't break away from authorization object and is being used separately, can only use according to the mode of authorization object appointment.Authorize publisher server 53 to comprise a computing module (CAL), the identity information that is used for getting access to by DRM acting server 51 calculates the PKI of DA.
Private key generation server 54 is safe foundation of whole system, main each open parameter of selecting system and the private key of system be responsible for, for each user in the system generates private key and distribute private key when the user adds system for the first time, and private key generation server 54 no longer participates in the Encrypt and signature process in public key encryption afterwards and the signature process.
Arbitration equipment 55 is the 3rd arbitration side trusty, and when authorizing publisher server 53 to suspect that private key generation server 54 pretends to be its identity to forge a signature, whether trusted is arbitrated to private key generation server 54 according to the request of authorizing publisher server 53; Arbitration equipment 55 does not participate in the copyright protection process, arbitrates when the signature of private key generation server 54 trustless forgery mandate publisher servers 53 with the signature that private key generation server 54 is forged and assert.
The invention described above embodiment, owing in the process of digital copyright protecting, only needing DRM acting server 51, content distribution server 52 and authorizing publisher server 53 to participate in, in the process of copyright protection, do not need again to access private key generation server 54, therefore simplified the management of DRM system to PKI; In the process of certifying signature, need not be by the PKI of public key certificate bundled user and user's identity information, do not need access certificate server CA, management and the distribution of PKI have been simplified, avoided setting up the public keys database of certificate server CA, the safety problem that has reduced greatly financial cost and caused therefrom.
The those skilled in the art can be well understood to, and is the convenience described and succinct, and the specific works process of the system of foregoing description, equipment, module and unit can with reference to the corresponding process among the preceding method embodiment, not repeat them here.
One of ordinary skill in the art will appreciate that: all or part of step that realizes above-described embodiment can be finished by the relevant hardware of programmed instruction, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: the various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment puts down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (8)

1. a digital copyright management method is characterized in that, comprising:
The private key generation server is the private key that digital copyright management DRM acting server is distributed described DRM acting server;
Content distribution server is encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content of encrypting after packing is sent to described DRM acting server, and described encryption key is sent to the mandate publisher server;
Described mandate publisher server is encrypted encapsulation according to the PKI of described DRM acting server with described encryption key, and the encryption key after the described encryption encapsulation is sent to described DRM acting server;
Described DRM acting server extracts encryption key after the described encryption encapsulation according to the private key of described DRM acting server, and uses digital content after the deciphering according to described encryption key with default access;
Described method also comprises:
Described DRM acting server sends for the request of obtaining described right objects to described mandate publisher server after registering to described mandate publisher server by right objects acquisition agreement;
Described mandate publisher server carries out digital signature to described request be used to obtaining described right objects;
After described digital signature was passed through, described mandate publisher server was right to false proof PKI, signature that described DRM acting server sends described right objects, described mandate publisher server;
Described DRM acting server obtains the PKI of described mandate publisher server at local computing according to the false proof PKI of the identity information of described mandate publisher server and described mandate publisher server.
2. method according to claim 1 is characterized in that, described private key generation server is that the private key that digital copyright management DRM acting server is distributed described DRM acting server comprises:
The DRM acting server sends to the private key generation server with the false proof PKI of described DRM acting server when adding the DRM system for the first time;
Described private key generation server generates the private key of described DRM acting server according to the false proof PKI of described DRM acting server, and the private key of described DRM acting server is sent to described DRM acting server.
3. method according to claim 1 is characterized in that, described mandate publisher server is encrypted encapsulation according to the PKI of described DRM acting server with described encryption key and comprises:
Described mandate publisher server generates right objects according to the default access of described original digital content, comprises encryption key in the described right objects;
Described mandate publisher server is encrypted encapsulation according to the PKI of described DRM acting server to the encryption key in the described right objects.
4. arbitrary described method is characterized in that according to claim 1~3, also comprises:
Sign if described mandate publisher server is known the identity information that described private key generation server is forged described mandate publisher server, then described mandate publisher server is according to the signature of forging and the false proof public key acquisition arbitration result of described mandate publisher server.
5. a system for numeral copyright management is characterized in that, comprising: private key generation server, content distribution server, mandate publisher server, digital copyright management DRM acting server;
Described private key generation server is the private key that described DRM acting server is distributed described DRM acting server when described DRM acting server adds the DRM system for the first time;
Described content distribution server is encrypted packing according to the encryption key that this locality generates to original digital content, and the digital content of encrypting after packing is sent to described DRM acting server, and described encryption key is sent to described mandate publisher server;
Described mandate publisher server is encrypted encapsulation according to the PKI of described DRM acting server with described encryption key, and the encryption key after the described encryption encapsulation is sent to described DRM acting server;
Described DRM acting server extracts encryption key after the described encryption encapsulation according to the private key of described DRM acting server, and uses digital content after the deciphering according to described encryption key with default access;
Further, described DRM acting server sends for the request of obtaining described right objects to described mandate publisher server after registering to described mandate publisher server by right objects acquisition agreement;
Described mandate publisher server carries out digital signature to described request be used to obtaining described right objects;
After described digital signature was passed through, described mandate publisher server was right to false proof PKI, signature that described DRM acting server sends described right objects, described mandate publisher server;
Described DRM acting server obtains the PKI of described mandate publisher server at local computing according to the false proof PKI of the identity information of described mandate publisher server and described mandate publisher server.
6. system according to claim 5 is characterized in that, also comprises:
Described private key generation server is the private key that described mandate publisher server is distributed described mandate publisher server when authorizing publisher server to add for the first time the DRM system;
Described mandate publisher server obtains the PKI of described DRM acting server at local computing according to the identity information of described DRM acting server.
7. system according to claim 6 is characterized in that, also comprises:
Described mandate publisher server generates right objects according to the default access of described original digital content, comprises encryption key in the described right objects;
Described mandate publisher server is encrypted encapsulation according to the PKI of described DRM acting server to the encryption key in the described right objects.
8. arbitrary described system is characterized in that according to claim 5~7, also comprises:
Sign if described mandate publisher server is known the identity information of forging described mandate publisher server, then described mandate publisher server is according to the signature of forging and the false proof public key acquisition arbitration result of described mandate publisher server.
CN2010101700741A 2010-05-07 2010-05-07 Digital rights management method and system Active CN101833623B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2010101700741A CN101833623B (en) 2010-05-07 2010-05-07 Digital rights management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010101700741A CN101833623B (en) 2010-05-07 2010-05-07 Digital rights management method and system

Publications (2)

Publication Number Publication Date
CN101833623A CN101833623A (en) 2010-09-15
CN101833623B true CN101833623B (en) 2013-02-13

Family

ID=42717690

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010101700741A Active CN101833623B (en) 2010-05-07 2010-05-07 Digital rights management method and system

Country Status (1)

Country Link
CN (1) CN101833623B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120284804A1 (en) * 2011-05-02 2012-11-08 Authentec, Inc. System and method for protecting digital contents with digital rights management (drm)
CN102907041B (en) 2011-08-12 2016-01-13 华为技术有限公司 A kind of data-sharing systems, data distribution systems and data guard method
CN103595698B (en) * 2012-08-16 2017-05-03 福建福昕软件开发股份有限公司 Management method for digital rights
CN107688729B (en) * 2017-07-27 2020-11-27 大唐高鸿信安(浙江)信息科技有限公司 Application program protection system and method based on trusted host
CN109284615B (en) * 2018-08-10 2022-01-25 广东电网有限责任公司信息中心 Mobile equipment digital resource safety management method
CN109460636B (en) * 2018-10-22 2020-12-11 高斯贝尔数码科技股份有限公司 Digital copyright management method and system and reverse proxy device
CN111506882B (en) 2019-01-30 2024-02-27 京东方科技集团股份有限公司 Electronic equipment and digital file management method
CN110752929B (en) * 2019-09-29 2022-04-22 华为终端有限公司 Application program processing method and related product

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1851604A (en) * 2005-07-20 2006-10-25 华为技术有限公司 Digital copyright protection system and method
CN101055608A (en) * 2006-04-14 2007-10-17 陆明 Digital copyright management and protection method
CN101158998A (en) * 2007-11-16 2008-04-09 北京握奇数据系统有限公司 Management method and device of DRM licenses

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1851604A (en) * 2005-07-20 2006-10-25 华为技术有限公司 Digital copyright protection system and method
CN101055608A (en) * 2006-04-14 2007-10-17 陆明 Digital copyright management and protection method
CN101158998A (en) * 2007-11-16 2008-04-09 北京握奇数据系统有限公司 Management method and device of DRM licenses

Also Published As

Publication number Publication date
CN101833623A (en) 2010-09-15

Similar Documents

Publication Publication Date Title
CN101833623B (en) Digital rights management method and system
EP1686504B1 (en) Flexible licensing architecture in content rights management systems
CN102224506B (en) Method and device for managing digital content
CN102073826B (en) Utilize the system and method for the digital copyright management of lightweight digital watermark adding component
CN102129532B (en) Method and system for digital copyright protection
CN107146120B (en) Electronic invoice generation method and generation device
CN101390134B (en) Method for redistributing DRM protected content
EP3761203A1 (en) Information processing method, blockchain node, and electronic apparatus
US8488785B2 (en) Secure storage and retrieval of confidential information
CN109905360B (en) Data verification method and terminal equipment
CN111027028A (en) Copyright data processing method and device based on intelligent contract
CN102025507B (en) Digital copyright management method for protecting digital content consumer privacy
CN101107611A (en) Private and controlled ownership sharing
KR100502580B1 (en) Method for distrubution of copyright protected digital contents
CN101470782A (en) Revocation status checking for digital rights managment
US20130124849A1 (en) System And Method For Individualizing Content For A Consumer
CN114401268A (en) Cross-link data sharing method, system, equipment and readable storage medium
CN107306254A (en) Digital literary property protection method and system based on double layer encryption
CN105678598A (en) Method and system for issuing online invoice with two-dimension code
Win et al. Privacy enabled digital rights management without trusted third party assumption
Chen A secure and traceable E-DRM system based on mobile device
US7640438B2 (en) System and method for protected content rendering
CN111079190A (en) Block chain supply chain transaction hiding dynamic supervision system and method
CN114726630A (en) License-based information security authorization method and device, electronic equipment and medium
KR20030078485A (en) Publication and settlement of account for an electronic check

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 518129 Building 2, B District, Bantian HUAWEI base, Longgang District, Shenzhen, Guangdong.

Co-patentee after: Huazhong University of Science and Technology

Patentee after: Huawei Terminal (Shenzhen) Co., Ltd.

Address before: 518129 Building 2, B District, Bantian HUAWEI base, Longgang District, Shenzhen, Guangdong.

Co-patentee before: Huazhong University of Science and Technology

Patentee before: Huawei Device Co., Ltd.

CP01 Change in the name or title of a patent holder