CN101977190B - Digital content encryption transmission method and server side - Google Patents
Digital content encryption transmission method and server side Download PDFInfo
- Publication number
- CN101977190B CN101977190B CN 201010518019 CN201010518019A CN101977190B CN 101977190 B CN101977190 B CN 101977190B CN 201010518019 CN201010518019 CN 201010518019 CN 201010518019 A CN201010518019 A CN 201010518019A CN 101977190 B CN101977190 B CN 101977190B
- Authority
- CN
- China
- Prior art keywords
- client
- content
- hardware
- digital content
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 73
- 230000005540 biological transmission Effects 0.000 title claims abstract description 36
- 238000013475 authorization Methods 0.000 claims description 47
- 230000008569 process Effects 0.000 claims description 10
- 238000006243 chemical reaction Methods 0.000 claims description 7
- 230000004044 response Effects 0.000 claims description 6
- 230000000903 blocking effect Effects 0.000 claims description 5
- 238000002360 preparation method Methods 0.000 claims 1
- 238000004891 communication Methods 0.000 abstract description 3
- 238000000638 solvent extraction Methods 0.000 abstract 1
- 238000005516 engineering process Methods 0.000 description 12
- 230000007547 defect Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000007480 spreading Effects 0.000 description 4
- 238000003892 spreading Methods 0.000 description 4
- 230000003068 static effect Effects 0.000 description 4
- 238000003860 storage Methods 0.000 description 4
- 238000005336 cracking Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 2
- 241000283074 Equus asinus Species 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000009792 diffusion process Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a digital content encryption transmission method and a server side for providing digital contents in an encryption mode, which is characterized in that the server side provides the digital contents to a client side; the server side encrypts the digital contents in a mode relative to the hardware identification (ID) of the client side; and the digital content encryption transmission method comprises the following steps: the digital content partitioning step, the initial encryption step, the subsequent encryption step, the generation step of an escaping controller and the decryption step. The invention has the advantages that the hardware ID information of the client side is utilized in the identification course and the encryption course; the safety in the communication course is ensured; and the encryption efficiency is enhanced.
Description
Technical Field
The invention relates to a digital content encryption transmission method and a server side for providing digital content in an encrypted mode.
Background
With the rapid development and popularization of the internet, users increasingly transmit data, issue resources, download resources and the like through the internet. Various digital resources, such as downloading music, downloading movie and television plays, or downloading computer software from the internet, have been common. The rapid development of the internet inherently facilitates the demand of users for rapid information acquisition, but on the other hand, challenges are brought to the copyright protection of various digital resources. In daily life, there are various websites providing unauthorized music resources, movie and television resources, and software resources, and users can conveniently obtain free pirated resources from these websites. And the wide popularization and application of P2P software such as donkey (eMule) software further facilitate the diffusion of pirated resources and bring greater difficulty to copyright protection. The random spread of pirated resources on the internet is really related to the low legal awareness of the vast users, but is irrelevant to the lack of a corresponding copyright management system for legal digital resources. Although there are copyright protection methods for digital resources in the prior art, such as encrypting the digital resources, authenticating the acquirer of the digital content, etc., these methods are not implemented in a complete copyright management system, so that the existing methods protect the digital resources, but at the same time, are not convenient for the legitimate users to acquire the digital resources by legitimate means. In addition, in order to distribute digital resources securely over the internet to expand their business impact, owners of digital resources also need a secure and reliable copyright management system. Digital Rights Management (DRM) is a new technology related to application requirements that has been developed along with the widespread of Digital media programs such as Digital audio and video programs in the environment such as the internet. DRM typically employs encryption techniques: for the digital program which is processed by coding and compressing, a digital program authorization center (License issue) is established, and the content which needs to be protected in the program is encrypted by using a key. When the user plays back the program, the user needs to obtain the related key provided by the digital program authorization center to decrypt the program, so that the program can be played. Because the program is encrypted, even if the program is downloaded, stored and disseminated to others by a user, the program cannot be played back without being authenticated and authorized by a digital program authorization center, thereby protecting the copyright of the program. Under DRM conditions, media processing devices with only decoding functionality are no longer available and need to incorporate decryption functionality on a decoding basis. In the prior art, there is a media processor with decryption function, where a decryption module and a decoding module of the media processor are independently located on two devices, for example, the decryption module and the decoding module are divided into two independent chips or software, and a decrypted media data stream may still be illegally intercepted before being decoded. In the prior art, there is also a media processor, the decryption and decoding functions of which are integrated in one device, so that the decrypted media data stream can be effectively protected, but in such a device, the key from the outside (usually the digital program authorization center) can still be stolen, and a special solution is needed.
On the other hand, in the development of various related services of streaming media, the streaming media content is easy to copy and distribute, and when security measures are lacked to protect the streaming media content, the piracy problem inevitably occurs. Therefore, a streaming media encryption protection technology is introduced, and through encryption protection of streaming media contents, content providers can protect own contents and control distribution of the contents. A CA System (Conditional Access System) is one of the current stream media encryption protection systems, and it implements protection of stream media contents by encrypting and Access controlling the stream media contents. The CA system mainly generates two types of messages, one of which is an ECM (entitlement control Message) Message, also called entitlement control Message, which is an electronic key signal in a special form, and is transmitted to a receiving end together with streaming media content after being encrypted at a transmitting end, where the ECM is used to control a descrambler. Another is an EMM (Entitlement Management Message) Message, which is also called Entitlement Management Message, and is information that authorizes a certain user or certain users to descramble a certain service or certain services. It is encrypted at the sending end and then transmitted to the receiving end along with the streaming media content, as well as the entitlement control information.
The encryption protection of the streaming media content greatly improves the security of the streaming media content, inhibits piracy to a certain extent, and protects the benefits of content providers and operators, so the technology is widely applied. The following describes a scheme for encryption protection of streaming media content provided in the prior art. In the prior art, a technical solution has been disclosed in which a real-time streaming media service is encrypted by an encryption device and then reaches a user terminal device via a transmission network. The media content sent from the stream media content source is processed by the CA system, the encryption equipment and other related equipment to generate stream media content cipher text, and the stream media content cipher text reaches the terminal equipment through the transmission network. Wherein the streaming media encryption device may be part of the CA system, depending on the implementation of the respective manufacturer.
A solution is also known from the prior art, in which media content in non-real-time streaming media service is encrypted and protected and then stored on a network storage device, and when a user needs to view the media content, a terminal device applies for and obtains a related media content ciphertext from the network storage device, which is generally referred to as a streaming server. The non-real-time streaming media content is not directly transmitted to the terminal equipment through a network after being encrypted, but is stored on a streaming server side in a file form, and the ECM and the media content are simultaneously stored on the streaming server side and are stored in the same file with the media content according to a certain time sequence.
Because the existing digital copyright protection technology only considers the safety storage of the digital content on the server and the safety of the key in the transmission process, the copyright protection is stopped along with the safety transmission of the decryption key to the authorized user, and the safety of the media data in the reading process and after the reading is finished is not ensured. The encryption of the digital content by the general framework is static and disposable, the digital content is completely exposed after one-time cracking, and the safety factor is lower.
Disclosure of Invention
In view of the above problems in the prior art, the present invention provides a method for transmitting digital content in an encrypted manner and a server for providing digital content in an encrypted manner, by which the digital content can be transmitted more securely.
In order to achieve such an object of the present invention, there is disclosed in accordance with a preferred embodiment of the present invention a digital content encryption transmission method in which digital content is provided to a client by a server side which encrypts digital content in a manner related to a hardware ID of the client. In the preferred embodiment, the digital content is pre-stored by the server side or the server side can be called and processed from other servers. The "manner related to the hardware ID of the client" herein means: the hardware ID information of the client is directly or indirectly used for encryption, wherein the hardware ID information may be used as an encryption key in its entirety, or a part thereof may be used as an encryption key, or the hardware ID information may be processed (logical operation or arithmetic operation). The hardware ID information of the client includes, but is not limited to: CPU ID information, hard disk volume number information, BIOS information, network card MAC address, IP address, other hardware codes capable of being collected or the combination of the above information.
According to a preferred embodiment of the present invention, the digital content encryption transmission method sequentially comprises: dividing digital content, initially encrypting, subsequently encrypting, generating a transcoding controller and decrypting; in the digital content dividing step, dividing the digital content into a plurality of content blocks according to a predetermined sequence or a predetermined time sequence; in the initial encryption step, a first content block of the digital content is encrypted by using information related to a hardware ID of the client as an initial encryption key to obtain a first ciphertext content block; in the subsequent encryption step, encrypting a second content block of the digital content with the first ciphertext content block as a second encryption key to obtain a second ciphertext content block, then encrypting a third content block of the digital content with the second ciphertext content block as a third encryption key to obtain a third ciphertext content block, and so on until all the digital content is encrypted; in the transcoding controller generating step, the server side reads a value of a specified position of the encrypted first ciphertext content block and generates an identification code, and the server side records an order or a timing corresponding to the first ciphertext content block as a time stamp, and the server side records the identification code and the time stamp in a transcoding controller, and so on, until the server side records all the identification codes and the time stamps for the respective ciphertext content blocks in the transcoding controller, and then the server side transmits the transcoding controller to the client side; in the decrypting step, the client uses the information related to the hardware ID of the client as an initial decryption key, finds the position and the order or the timing sequence of each ciphertext content block through the identification code and the timestamp of the transcoding controller, then decrypts the first ciphertext content block using the initial decryption key to obtain the first content block, finds the position and the order or the timing sequence of the second ciphertext content block through the identification code and the timestamp of the second ciphertext content block, decrypts the second ciphertext content block using the first content block to obtain the second content block, then combines the first content block and the second content block according to the order or the timing sequence, and then decrypts the third ciphertext content block using the second content block to obtain the third content block, and combining the encrypted content with the first content block and the second content block according to the sequence or the time sequence, and so on until all the encrypted content is decrypted and combined according to the sequence or the time sequence, and finally the client obtains the plaintext of the digital content.
In the preferred embodiment, the digital content division step, the initial encryption step, the subsequent encryption step, the transcoding controller generation step and the decryption step are performed in sequence, but additional method steps may be added between the various steps and prior to the first step. In the digital content dividing step, if the requested digital content is static digital content such as text information, a PDF format file, a JPG picture, the digital content may be divided in a predetermined order; if the requested digital content is streaming digital content such as online streaming media, the digital content may be divided according to a predetermined timing. Of course, the present invention is not limited to these two ways, but may be divided in various ways that are common to those skilled in the art. For example, the data blocking method mentioned in the chinese patent application 200510021479 and a fast in-place merging algorithm based on data blocking disclosed in 2004-08, computer science may be used. The client receives and arranges the block-wise encrypted ciphertext content blocks, which is known to those skilled in the art. Here, for example, the index may be added; the server side can provide the characteristics of each ciphertext content block to the client side through an agreed rule; accordingly, the client may arrange each ciphertext content block according to the agreed rule after receiving each corresponding ciphertext content block. And decrypts each ciphertext content block in the encrypted "reverse order".
According to a preferred embodiment of the present invention, before the dividing step of the digital content, a registration step is further included, wherein the client sends its hardware ID information to the server, the server records the hardware ID information, and the server generates a private key and a public key, and the server sends the private key to the client and stores the private key and the public key in the server. In the preferred embodiment, an additional registration step is adopted, and the pre-registration is beneficial to the later authentication, so that the pertinence and the validity of the request are ensured. And the security is further improved by adopting an asymmetric encryption mode of a private key and a public key. Of course, here, the invention may also employ symmetric keys.
According to a preferred embodiment of the present invention, after the registering step and before the digital content dividing step, the digital content encryption transmission method further includes a service request step in which the client encrypts a service request message using the private key, the service request message including hardware ID information of the client and a request message of the client for digital content, and then the client transmits the encrypted service request message to the server; and the server decrypts the encrypted service request message by using the public key to obtain the hardware ID information of the client and the request message of the client for the digital content. In the preferred embodiment, the hardware ID information is utilized in the service request step, which is reliable and fast during the authentication process.
According to a preferred embodiment of the present invention, after the service request step, the digital content encryption transmission method further includes a hardware ID matching step, where after the server obtains the hardware ID information of the client and the request message of the client for the digital content by decrypting the service request message, the server compares the hardware ID information with the hardware ID information stored by the server. In the preferred embodiment, the hardware ID information is used for authentication, and the hardware ID information is sent to the server side through encryption. When receiving a service request message, the server determines which client the service request message comes from belongs to the prior art, and is not repeated for the sake of brevity. The server can obtain the hardware ID information after decrypting by using the public key, and can definitely judge whether the client is a fake client in the process.
According to a preferred embodiment of the present invention, after the hardware ID matching step, the digital content encryption transmission method further includes an initial encryption key generation step, wherein, if the hardware ID information received by the server side and the hardware ID information pre-stored by the server side match each other, the server side generates an authorization key, transmits the authorization key to the client side, and the authorization module encrypts the hardware ID information with the authorization key to obtain the initial encryption key. A preferred initial encryption key generation method is specifically defined herein, but the present invention is not limited to this method, and falls within the scope of the present invention as long as hardware ID information can be indirectly used to generate an initial encryption key.
In the digital content encryption transmission method according to the present invention, in which a server side provides a client side with digital content, the client side decrypts the digital content transmitted by the server side in a manner related to a hardware ID thereof. This decryption scheme is the "inverse operation" of the encryption scheme according to the present invention. Here, the client also performs the decryption operation in "manner related to its hardware ID". Here, how the server side processes the hardware ID information of the client side for encryption, the client side also processes the hardware ID information of the client side for decryption accordingly.
According to a preferred embodiment of the present invention, the method further comprises a license generation step in which the server encrypts the initial encryption key using the public key to generate a license, and sends the license to the client; and the client decrypts the received encrypted license by using the private key to obtain the initial encryption key which is used as the initial decryption key of the client. Security may be further enhanced by the use of licenses. Instead of using a license, the server may send the initial encryption key directly to the client.
According to a preferred embodiment of the present invention, after the license generation step, the client decrypts the initial decryption key using the received authorization key, thereby obtaining hardware ID information, and the client compares the hardware ID information obtained by decryption with its own hardware ID information; the client performs the decryption step using the initial decryption key if hardware ID information of the client and hardware ID information obtained by decrypting the initial decryption key match each other. According to the preferred embodiment, the client can first determine whether the received digital content is erroneous content that was sent to it incorrectly before performing decryption. Thereby avoiding the situation that the decryption is time-consuming and labor-consuming and the digital content which can not be used is obtained.
According to another aspect of the present invention, the present invention also discloses a server for providing digital content in an encrypted manner, comprising: the system comprises a user management module, an authorization module content module and a transcoding controller, wherein the user management module is responsible for the registration task of a client at a server and is responsible for storing hardware ID information of the client, after the client is successfully registered, the user management module generates a private key and a public key, sends the private key to the client and stores the private key and the public key in the user management module, and simultaneously authenticates the client by using the hardware ID information, and only after the client passes the authentication, the user management module issues the public key to the authorization module; the authorization module is responsible for decrypting the received service request message with the public key in response to a request of a client to obtain the hardware ID information and the client-side digital content request, and submitting the hardware ID information to the user management module, generating and sending an authorization key to the client only when matching with the hardware ID information stored by the user management module, and encrypting the hardware ID information with the authorization key to obtain an initial encryption key; and the authorisation module being capable of encrypting the initial encryption key with the public key to generate a license and sending the license to the client, and the authorisation module further forwarding the client's request for digital content to the content module; the content module is responsible for blocking digital content requested by the client and forwarded by the authorization module in response to the request of the client, sequentially encrypting a plurality of content blocks according to a preset sequence or time sequence by using the initial encryption key to obtain a plurality of ciphertext content blocks, and sending the ciphertext content blocks to the client, meanwhile, the content module also reads a value of a specified position of the encrypted first ciphertext content block and generates an identification code, records the sequence or time sequence corresponding to the first ciphertext content block as a time stamp, and so on until the server records all the identification code and the time stamp in a code conversion controller, and then the server sends the code conversion controller to the client.
The disclosed method and apparatus divides digital content into a plurality of blocks using a data division technique, and sequentially encrypts and decrypts each block of content using 'information on a hardware ID of a client'. And finally, the encrypted digital content is transmitted in blocks, even if the encrypted digital content is stolen by a hacker, the encryption principle is firstly analyzed, then the digital content blocks are reordered and cracked one by one, and the difficulty of the attack is multiplied by the number of the content blocks. In addition, the method also incorporates the verification process of the user hardware ID, and further prevents illegal copy and illegal transmission. The method utilizes the hardware information binding technology to solve the defect that the traditional technology stops only the copyright protection when the decryption key is safely sent to the authorized user, utilizes the block transcoding multiplexing technology to solve the defect that the encryption of the digital content is static and disposable and the digital content is completely exposed after one-time cracking in the traditional technology, realizes high safety of the digital content in the whole process of spreading, and prevents illegal copying, illegal spreading and tampering.
Although only one or a few of the above-described embodiments of the invention are described herein, it is not intended that the invention be limited to these combinations, but rather that the preferred embodiments can be combined in any meaningful way.
Drawings
Figure 1 shows the method according to the invention according to a first preferred embodiment;
figure 2 shows the method according to the invention according to a second preferred embodiment;
fig. 3 shows an encryption method according to the method of the invention;
fig. 4 shows a decryption method according to the method of the invention;
FIG. 5 shows a schematic diagram of a transcoding controller model;
fig. 6 shows a schematic diagram of a packet format recorded in the transcoding controller.
Detailed Description
Embodiments according to the present invention are described in detail below with reference to the accompanying drawings. It is to be noted that the drawings are merely illustrative and do not constitute a limitation of the scope of the invention.
Fig. 1 shows a flow chart of a first preferred embodiment of the method of the present invention. As shown in fig. 1, digital content transmission is performed from a server side to a client side, wherein encryption and decryption are performed in a manner related to a hardware ID of the client side. The method sequentially comprises the following steps: a digital content dividing step S104, an initial encryption step S105, a subsequent encryption step S106, a transcoding controller generating step S110, and a decryption step S109. The digital content transmission may be implemented by using wireless transmission methods such as bluetooth, GPRS, GSM, WCDMA, WiFi, ZigBee, microwave communication and/or TD-SCDMA, or may be implemented by using wired transmission methods such as packet switching and fiber communication. Encrypting and decrypting in a manner related to the hardware ID of the client means: "directly encrypt and decrypt the code as a key after converting the hardware ID information into a binary code, or use a part of the code as a key, or encrypt and decrypt the code as a key after performing a certain regular operation on the code".
In the digital content dividing step S104, the digital content is divided into a plurality of content blocks according to a predetermined sequence or a predetermined timing, and the division of the digital content may be performed by dividing the original data into a plurality of pieces by using a data dividing technique, for example, one piece per 128 bits. Since the method for dividing digital content is a known technique, the specific implementation of the method is omitted, which is described in "data dividing method and apparatus using xor operation" with patent number 200380106529.1; the predetermined sequence or the predetermined time sequence refers to that media data such as audio, video and the like or streaming media data and text data are transmitted in the form of sub-packets, the routing selected by each packet may be different in the transmission process, the time required for reaching the client is also different, and the situation that the data packet sent first arrives later may occur, so that an incorrect result is obtained after transmission, therefore, a fixed sequence or a time sequence may be marked in the corresponding packet before the transmission of the packet, and when the client receives the packet, the packets are sequenced according to the marked sequence or time sequence, so that a correct result is obtained.
In the initial encryption step S105, a first content block of the digital content is encrypted using information related to a hardware ID of the client as an initial encryption key to obtain a first ciphertext content block, and the first ciphertext content block is transmitted to the client. The hardware ID information of the client includes, but is not limited to: CPU ID information, hard disk volume number information, BIOS information, network card MAC address, IP address, other hardware codes capable of being collected or the combination of the above information.
In the subsequent encryption step S106, a second content block of the digital content is encrypted by using the first ciphertext content block as a second encryption key to obtain a second ciphertext content block, and the second ciphertext content block is sent to the client, a third content block of the digital content is encrypted by using the second ciphertext content block as a third encryption key to obtain a third ciphertext content block, and the third ciphertext content block is sent to the client, and so on until all the digital content is encrypted and sent to the client.
In the transcoding controller generating step S110, reading, by the server side, a value of a specified position of the encrypted first ciphertext content block and generating an identification code, and the server side records an order or a timing corresponding to the first ciphertext content block as a time stamp, and the server side records the identification code and the time stamp in a transcoding controller; and so on, until the server side records all the identification codes and the time stamps for all the ciphertext content blocks in the transcoding controller, and then the server side sends the transcoding controller to the client side. The server may read the first bit value, the last bit value, or any one or more bit values of each ciphertext block, or a combination of these methods as the identification code, or may use the result of the operation of the read value according to a predetermined rule, such as a function transformation rule, as the identification code.
In the decryption step S109, the client uses the information related to the hardware ID of the client as an initial decryption key, finds the position and the sequence or timing of each ciphertext content block through the identification code and the timestamp of the transcoding controller, then decrypts the first ciphertext content block using the initial decryption key to obtain the first content block, finds the position and the sequence or timing of the second ciphertext content block through the identification code and the timestamp of the second ciphertext content block, decrypts the second ciphertext content block using the first content block to obtain the second content block, then combines the first content block and the second content block according to the sequence or timing, and then decrypts the third ciphertext content block using the second content block to obtain the third content block, and combining the encrypted content with the first content block and the second content block according to the sequence or the time sequence, and so on until all the encrypted content is decrypted and combined according to the sequence or the time sequence, and finally the client obtains the plaintext of the digital content. Fig. 2 shows a flow chart of a second preferred embodiment of the method of the present invention.
As shown in fig. 2, the method according to the invention comprises, in sequence: a registration step S200, a service request step S201, a hardware ID matching step S202, an initial encryption key generation step S203, a digital content division step S104, an initial encryption step S105, a subsequent encryption step S106, a transcoding controller generation step S110, a license generation step S207, a client hardware ID matching step S208, and a decryption step S109.
In the registration step S200, the client applies for registration to a user management module of the server, the client sends hardware ID information of the client to the user management module, the hardware ID information may include a combination of one or more of hardware fingerprint information having uniqueness, such as a hardware serial number, an ID of the CPU, an address of the MAC, and the like, the user management module records the hardware ID information, after registration is successful, the user management module generates a private key and a public key as a pair of asymmetric keys, and sends the private key to the client, and stores the private key and the public key in the user management module.
In the service request step S201, the client generates a service request message, where the service request message includes hardware ID information of the client and a request message of the client for digital content, and the client encrypts the service request message using a private key and sends the encrypted service request message to an authorization module of the server, and then the user management module issues the public key to the authorization module, and the authorization module decrypts the encrypted service request message using the public key to obtain the hardware ID information of the client and the request message of the client for digital content.
In the hardware ID matching step S202, the authorization module sends the hardware ID information to the user management module, and the user management module compares the received hardware ID information with the hardware ID information stored by the user management module.
In the initial encryption key generation step S203, if the hardware ID information received by the user management module and the hardware ID information pre-stored therein match with each other, the authorization module generates an authorization key, sends the authorization key to the client, and encrypts the hardware ID information by using the authorization key to obtain the initial encryption key, and the authorization module forwards the requested digital content to the content module of the server.
In the digital content dividing step S104, the content module divides the digital content into a plurality of content blocks according to a predetermined order or a predetermined timing.
In an initial encryption step S105, the content module encrypts a first content block of the digital content using the initial encryption key to obtain a first ciphertext content block.
In the subsequent encryption step S106, the content module encrypts a second content block of the digital content with the first ciphertext content block as a second encryption key to obtain a second ciphertext content block, then encrypts a third content block of the digital content with the second ciphertext content block as a third encryption key to obtain a third ciphertext content block, and so on until all the digital content is encrypted.
In the transcoding controller generating step S110, reading, by the server side, a value of a specified position of the encrypted first ciphertext content block and generating an identification code, and the server side records an order or a timing corresponding to the first ciphertext content block as a time stamp, and the server side records the identification code and the time stamp in a transcoding controller; and so on, until the server side records all the identification codes and the time stamps for all the ciphertext content blocks in the transcoding controller, and then the server side sends the transcoding controller to the client side.
In the license generation step S207, the authorization module encrypts the initial encryption key with the public key to generate a license, and the authorization module sends the license to the client; and the client decrypts the received encrypted license by using the private key to obtain the initial encryption key which is used as the initial decryption key of the client.
In the client hardware ID matching step S208, the client decrypts the initial decryption key using the received authorization key, thereby obtaining hardware ID information, and the client compares the hardware ID information obtained by decryption with its own hardware ID information.
If the hardware ID information of the client and the hardware ID information obtained by decrypting the initial decryption key match each other, the client performs the decryption step S109 using the initial decryption key.
In the decryption step S109, the client uses the information related to the hardware ID of the client as an initial decryption key, finds the position and the sequence or timing of each ciphertext content block through the identification code and the timestamp of the transcoding controller, then decrypts the first ciphertext content block using the initial decryption key to obtain the first content block, finds the position and the sequence or timing of the second ciphertext content block through the identification code and the timestamp of the second ciphertext content block provided by the transcoding controller, decrypts the second ciphertext content block using the first content block to obtain the second content block, then combines the first content block and the second content block according to the sequence or timing, and then decrypts the third ciphertext content block using the second content block to obtain the third content block, and combining the encrypted content with the first content block and the second content block according to the sequence or the time sequence, and so on until all the encrypted content is decrypted and combined according to the sequence or the time sequence, and finally the client obtains the plaintext of the digital content.
Although not shown in the drawings, the steps described above are not necessarily performed according to the flow shown in fig. 2. Some of the steps may also be omitted to form further preferred embodiments and some of the steps may be combined with each other to form further preferred embodiments.
Fig. 3 shows a server side for providing digital content in an encrypted manner, comprising: the system comprises a user management module, an authorization module content module and a transcoding controller, wherein the user management module is responsible for the registration task of a client at a server and is responsible for storing hardware ID information of the client, after the client is successfully registered, the user management module generates a private key and a public key, sends the private key to the client and stores the private key and the public key in the user management module, and simultaneously authenticates the client by using the hardware ID information, and only after the client passes the authentication, the user management module issues the public key to the authorization module; the authorization module is responsible for decrypting the received service request message with the public key in response to a request of a client to obtain the hardware ID information and the client-side digital content request, and submitting the hardware ID information to the user management module, generating and sending an authorization key to the client only when matching with the hardware ID information stored by the user management module, and encrypting the hardware ID information with the authorization key to obtain an initial encryption key; and the authorisation module being capable of encrypting the initial encryption key with the public key to generate a license and sending the license to the client, and the authorisation module further forwarding the client's request for digital content to the content module; the content module is responsible for blocking digital content requested by the client and forwarded by the authorization module in response to the request of the client, sequentially encrypting a plurality of content blocks according to a preset sequence or time sequence by using the initial encryption key to obtain a plurality of ciphertext content blocks, and sending the ciphertext content blocks to the client; and simultaneously, the content module also reads the value of the specified position of the encrypted first ciphertext content block and generates an identification code, records the sequence or time sequence corresponding to the first ciphertext content block as a time stamp, and repeats the steps until the server side records all the identification codes and the time stamp in a code conversion controller, and then the server side sends the code conversion controller to the client side.
Fig. 4 shows a decryption method of the client. The decryption method comprises the following steps: the client decrypts the received encrypted license by using the private key to obtain the initial encryption key which is used as an initial decryption key of the client; the client decrypts the initial decryption key by using the received authorization key so as to obtain hardware ID information, and the client compares the hardware ID information obtained by decryption with the hardware ID information of the client; if the hardware ID information of the client and the hardware ID information obtained by decrypting the initial decryption key match each other, the client performs the decryption step S109 using the initial decryption key, that is, the transcoding controller provides the identification code and the timestamp of the first ciphertext content block so that the client finds the position and the order or the timing sequence of the first ciphertext content block, then the client decrypts the first ciphertext content block using the initial decryption key to obtain the first content block, then the transcoding controller provides the identification code and the timestamp of the second ciphertext content block so that the client finds the position and the order or the timing sequence of the second ciphertext content block, and then decrypts the second ciphertext content block using the first content block to obtain the second content block, and combining the first content block and the second content block according to the sequence or the time sequence, and so on, decrypting the third ciphertext content block by using the second content block to obtain the third content block, combining the third ciphertext content block with the first content block and the second content block according to the sequence or the time sequence until all ciphertext contents are decrypted and combined according to the sequence or the time sequence, and finally obtaining the plaintext of the digital content by the client.
Fig. 5 is a schematic diagram of a transcoding controller model, which illustrates an example of a case where the transcoding controller reads the last bit value of each ciphertext content block and directly generates an identification code without operation, where A, B, … …, N represent the last bit value of each ciphertext content block, and the identification code of each ciphertext content block is directly combined with the sequence numbers 1, 2, … …, N to form a location tag. Other embodiments are contemplated herein, such as collecting the first value of each ciphertext content block, a value at a particular location, or multiple values at different locations, or a combination thereof.
Fig. 6 is a schematic diagram of a data packet format after recording an identification code, a timestamp, and a ciphertext content block in the transcoding controller. The timestamp is an example based on the premise that the digital content is blocked according to the time sequence, the Data Field represents a part for storing the ciphertext content block, and the storage sequence of the identification code, the timestamp and the ciphertext content block can be interchanged at will. The position mark of each encrypted content block is recorded in the code conversion controller, so that the client can conveniently find the time sequence of each ciphertext block, the received ciphertext content blocks are conveniently spliced, and meanwhile, the combination of the identification code and the timestamp also ensures the uniqueness of identification of each ciphertext content block.
The server according to the invention is adapted to perform the method of the invention.
The disclosed method and apparatus divides digital content into a plurality of blocks using a data division technique, and sequentially encrypts and decrypts each block of content using 'information on a hardware ID of a client'. And finally, the encrypted digital content is transmitted in blocks, even if the encrypted digital content is stolen by a hacker, the encryption principle is firstly analyzed, then the digital content blocks are reordered and cracked one by one, and the difficulty of the attack is multiplied by the number of the content blocks. In addition, the method also incorporates the verification process of the user hardware ID, and further prevents illegal copy and illegal transmission. The method utilizes the hardware information binding technology to solve the defect that the traditional technology stops only the copyright protection when the decryption key is safely sent to the authorized user, utilizes the block transcoding multiplexing technology to solve the defect that the encryption of the digital content is static and disposable and the digital content is completely exposed after one-time cracking in the traditional technology, realizes high safety of the digital content in the whole process of spreading, and prevents illegal copying, illegal spreading and tampering.
The specific embodiments described herein are merely illustrative of the spirit of the invention. Various modifications or additions may be made or substituted in a similar manner to the specific embodiments described herein by those skilled in the art without departing from the spirit of the invention or exceeding the scope thereof as defined in the appended claims.
Claims (9)
1. A digital content encryption transmission method in which a digital content is provided to a client by a server side and the digital content is encrypted by the server side in a manner related to a hardware ID of the client,
the digital content encryption transmission method sequentially comprises the following steps: dividing digital content, initially encrypting, subsequently encrypting, generating a transcoding controller and decrypting;
in the digital content dividing step, dividing the digital content into a plurality of content blocks according to a predetermined sequence or a predetermined time sequence;
in the initial encryption step, a first content block of the digital content is encrypted by using information related to a hardware ID of the client as an initial encryption key to obtain a first ciphertext content block;
in the subsequent encryption step, encrypting a second content block of the digital content with the first ciphertext content block as a second encryption key to obtain a second ciphertext content block, then encrypting a third content block of the digital content with the second ciphertext content block as a third encryption key to obtain a third ciphertext content block, and so on until all the digital content is encrypted;
in the transcoding controller generating step, the server side reads a value of a specified position of the encrypted first ciphertext content block and generates an identification code, and the server side records an order or a timing corresponding to the first ciphertext content block as a time stamp, and the server side records the identification code and the time stamp in a transcoding controller; the same process is repeated until the server side records all the identification codes and the time stamps for all the ciphertext content blocks in the transcoding controller, and then the server side sends the transcoding controller to the client side;
in the decryption step, the client uses the information related to the hardware ID of the client as an initial decryption key, finds the position and the order or the timing sequence of each ciphertext content block through the identification code and the timestamp of the transcoding controller, then decrypts the first ciphertext content block using the initial decryption key to obtain the first content block, finds the position and the order or the timing sequence of the second ciphertext content block through the identification code and the timestamp of the second ciphertext content block, decrypts the second ciphertext content block using the first content block to obtain the second content block, then combines the first content block and the second content block according to the order or the timing sequence, and then decrypts the third ciphertext content block using the second content block to obtain the third content block, and combining the encrypted content with the first content block and the second content block according to the sequence or the time sequence, and so on until all the encrypted content is decrypted and combined according to the sequence or the time sequence, and finally the client obtains the plaintext of the digital content.
2. The digital content encryption transmission method according to claim 1, further comprising a registration step before the digital content division step, wherein the client transmits its hardware ID information to the server side, the server side records the hardware ID information, and the server side generates a private key and a public key, the server side transmits the private key to the client side, and stores the private key and the public key in the server side.
3. The digital content encryption transmission method according to claim 2,
after the registering step and before the digital content dividing step, the digital content encryption transmission method further includes a service requesting step,
wherein,
the client encrypts a service request message by using the private key, wherein the service request message comprises hardware ID information of the client and a request message of the client for digital content, and then the client sends the encrypted service request message to the server;
and the server decrypts the encrypted service request message by using the public key to obtain the hardware ID information of the client and the request message of the client for the digital content.
4. The digital content encryption transmission method according to claim 3, wherein after said service request step, said digital content encryption transmission method further comprises a hardware ID matching step, wherein,
after the server side obtains the hardware ID information of the client side and the request information of the client side for the digital content by decrypting the service request information, the server side compares the hardware ID information with the hardware ID information stored by the server side.
5. The digital content encryption transmission method according to claim 4,
after the hardware ID matching step, the digital content encryption transmission method further includes an initial encryption key generation step, in which,
if the hardware ID information received by the server side and the hardware ID information pre-stored by the server side are matched with each other, the server side generates an authorization key, sends the authorization key to the client side, and encrypts the hardware ID information by using the authorization key to obtain the initial encryption key.
6. The digital content encryption transmission method according to one of claims 1 to 5, wherein a server side provides a client with digital content, characterized in that the client decrypts the digital content transmitted by the server side in a manner related to its hardware ID.
7. The digital content encryption transmission method according to claim 5, wherein said method further comprises a license generation step,
wherein the server encrypts the initial encryption key using the public key to generate a license and sends the license to the client;
and the client decrypts the received encrypted license by using the private key to obtain the initial encryption key which is used as the initial decryption key of the client.
8. The digital content encryption transmission method according to claim 7,
after the license generation step, the client decrypts the initial decryption key using the received authorization key, thereby obtaining hardware ID information, and the client compares the hardware ID information obtained by decryption with its own hardware ID information with each other;
the client performs the decryption step using the initial decryption key if hardware ID information of the client and hardware ID information obtained by decrypting the initial decryption key match each other.
9. A server-side for providing digital content in an encrypted manner, comprising: a user management module, an authorization module and a content module,
the user management module is responsible for the registration task of a client at the server and is responsible for storing hardware ID information of the client, after the client is successfully registered, the user management module generates a private key and a public key, sends the private key to the client and stores the private key and the public key in the user management module, and simultaneously authenticates the client by using the hardware ID information, and only after the client passes the authentication, the user management module issues the public key to the authorization module;
the authorization module is responsible for decrypting the received service request message with the public key in response to a request of a client so as to obtain the hardware ID information and the client-side digital content request, and submitting the hardware ID information to the user management module, generating an authorization key and transmitting the authorization key to the client only when the hardware ID information is matched and consistent with the hardware ID information stored by the user management module, and encrypting the hardware ID information with the authorization key so as to obtain an initial encryption key; and the authorisation module being capable of encrypting the initial encryption key with the public key to generate a license and sending the license to the client, and the authorisation module further forwarding the client's request for digital content to the content module;
it is characterized in that the preparation method is characterized in that,
the content module is responsible for blocking digital content requested by the client and forwarded by the authorization module in response to the request of the client, sequentially encrypting a plurality of content blocks according to a preset sequence or time sequence by using the initial encryption key to obtain a plurality of ciphertext content blocks, sending the ciphertext content blocks to the client, reading a value of a specified position of a first ciphertext content block which is encrypted and generating an identification code, recording the sequence or time sequence corresponding to the first ciphertext content block as a time stamp, and so on until the server records all the identification code and the time stamp in a code conversion controller, and then sending the code conversion controller to the client.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310101304.2A CN103237010B (en) | 2010-10-25 | 2010-10-25 | The server end of digital content is cryptographically provided |
| CN 201010518019 CN101977190B (en) | 2010-10-25 | 2010-10-25 | Digital content encryption transmission method and server side |
| CN201310101413.4A CN103237011B (en) | 2010-10-25 | 2010-10-25 | Digital content encryption transmission method and server end |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010518019 CN101977190B (en) | 2010-10-25 | 2010-10-25 | Digital content encryption transmission method and server side |
Related Child Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310101304.2A Division CN103237010B (en) | 2010-10-25 | 2010-10-25 | The server end of digital content is cryptographically provided |
| CN201310101413.4A Division CN103237011B (en) | 2010-10-25 | 2010-10-25 | Digital content encryption transmission method and server end |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101977190A CN101977190A (en) | 2011-02-16 |
| CN101977190B true CN101977190B (en) | 2013-05-08 |
Family
ID=43577035
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010518019 Expired - Fee Related CN101977190B (en) | 2010-10-25 | 2010-10-25 | Digital content encryption transmission method and server side |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101977190B (en) |
Families Citing this family (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102103778B (en) * | 2011-02-23 | 2014-04-30 | 中兴通讯股份有限公司 | Mobile payment system, mobile terminal and method for realizing mobile payment service |
| CN103138922B (en) * | 2011-11-24 | 2016-06-29 | 北大方正集团有限公司 | A kind of method, system and device of digital content transmissions |
| CN102624708A (en) * | 2012-02-23 | 2012-08-01 | 浙江工商大学 | Efficient data encryption, updating and access control method for cloud storage |
| CN103532712B (en) * | 2012-07-04 | 2017-01-18 | 北京奔流网络信息技术有限公司 | digital media file protection method, system and client |
| CN102833077A (en) * | 2012-09-25 | 2012-12-19 | 东信和平科技股份有限公司 | Encryption and decryption methods of remote card-issuing data transmission of financial IC (Integrated Circuit) card and financial social security IC card |
| CN104281612A (en) * | 2013-07-03 | 2015-01-14 | 人人游戏网络科技发展(上海)有限公司 | Data processing method and device |
| CN104378334A (en) * | 2013-08-15 | 2015-02-25 | 北京大学 | Information processing method and system based on mobile device |
| CN106445429A (en) * | 2016-11-23 | 2017-02-22 | 宜春小马快印科技有限公司 | Safe printing method and system |
| CN108595940A (en) * | 2018-03-29 | 2018-09-28 | 深圳市风云实业有限公司 | The Certificate Authority device, method and system of equipment |
| CN110888716A (en) * | 2019-12-17 | 2020-03-17 | 北京天融信网络安全技术有限公司 | Data processing method and device, storage medium and electronic equipment |
| CN111641941A (en) * | 2020-05-29 | 2020-09-08 | 深圳市亿道信息股份有限公司 | Secure downloading method and system for mobile terminal software |
| CN112966284A (en) * | 2021-03-26 | 2021-06-15 | 知印信息技术(天津)有限公司 | File encryption and decryption method and system and computer readable storage medium |
| CN113378241B (en) * | 2021-06-23 | 2023-07-28 | 安徽中电光达通信技术有限公司 | Safety technology protection engineering design system and method |
| CN114119253A (en) * | 2021-09-27 | 2022-03-01 | 平安国际智慧城市科技股份有限公司 | Special drug claim processing method, device, terminal and storage medium |
| CN116668193B (en) * | 2023-07-27 | 2023-10-03 | 高新兴智联科技股份有限公司 | Communication method of terminal equipment and server of Internet of things and computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6892306B1 (en) * | 1998-09-24 | 2005-05-10 | Samsung Electronics Co., Ltd. | Digital content cryptograph and process |
| CN101207794A (en) * | 2006-12-19 | 2008-06-25 | 中兴通讯股份有限公司 | Method for enciphering and deciphering number copyright management of IPTV system |
| CN101729550A (en) * | 2009-11-09 | 2010-06-09 | 西北大学 | Digital content safeguard system based on transparent encryption and decryption method thereof |
-
2010
- 2010-10-25 CN CN 201010518019 patent/CN101977190B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6892306B1 (en) * | 1998-09-24 | 2005-05-10 | Samsung Electronics Co., Ltd. | Digital content cryptograph and process |
| CN101207794A (en) * | 2006-12-19 | 2008-06-25 | 中兴通讯股份有限公司 | Method for enciphering and deciphering number copyright management of IPTV system |
| CN101729550A (en) * | 2009-11-09 | 2010-06-09 | 西北大学 | Digital content safeguard system based on transparent encryption and decryption method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101977190A (en) | 2011-02-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101977190B (en) | Digital content encryption transmission method and server side | |
| CN101431415B (en) | Bidirectional authentication method | |
| CN109218825B (en) | Video encryption system | |
| KR101366243B1 (en) | Method for transmitting data through authenticating and apparatus therefor | |
| KR100724935B1 (en) | Apparatus and method of interlock between entities for protecting contents, and the system thereof | |
| CN107707504B (en) | Streaming media playing method and system, server and client | |
| CN100454921C (en) | Digital copyright protecting method and system | |
| JP5626816B2 (en) | Method and apparatus for partial encryption of digital content | |
| CN101719910B (en) | Terminal equipment for realizing content protection and transmission method thereof | |
| US9177112B2 (en) | Method and device for communicating digital content | |
| CN109151508B (en) | Video encryption method | |
| EP1944905A1 (en) | An encrypted transmission method and equipment system for preventing copying the data resource | |
| KR20130056343A (en) | Improvements in watermark extraction efficiency | |
| CN104980771A (en) | Method and system for stream media-on-demand through internet protocol television (IPTV) | |
| US20090254997A1 (en) | Method and apparatus for content rights management | |
| US20070168293A1 (en) | Method and apparatus for authorizing rights issuers in a content distribution system | |
| CN103237010B (en) | The server end of digital content is cryptographically provided | |
| CN1925392A (en) | Method for identification of equipment validity | |
| CN104243439A (en) | File transfer processing method and system and terminals | |
| CN103237011A (en) | Digital-content encryption transmission method and server side | |
| JP4791425B2 (en) | Method and system for performing DRM function and additional function using DRM (Digital Rights Management) device | |
| US9609279B2 (en) | Method and system for providing secure CODECS | |
| KR20100114321A (en) | Digital content transaction-breakdown the method thereof | |
| KR101360354B1 (en) | Method for authentication and apparatus therefor | |
| JP6631210B2 (en) | Terminal device authentication program, terminal device authentication method, server device, and authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Digital-content encryption transmission method and server side Effective date of registration: 20171019 Granted publication date: 20130508 Pledgee: Haidian Beijing science and technology enterprise financing Company limited by guarantee Pledgor: Beijing Sinobel Technology Co., Ltd. Registration number: 2017990000968 |
|
| PP01 | Preservation of patent right |
Effective date of registration: 20181130 Granted publication date: 20130508 |
|
| PP01 | Preservation of patent right | ||
| DD01 | Delivery of document by public notice | ||
| DD01 | Delivery of document by public notice |
Addressee: Li Dongfang Document name: Notice of preservation procedure |
|
| PD01 | Discharge of preservation of patent | ||
| PD01 | Discharge of preservation of patent |
Date of cancellation: 20211130 Granted publication date: 20130508 |
|
| DD01 | Delivery of document by public notice | ||
| DD01 | Delivery of document by public notice |
Addressee: Li Dongfang Document name: Notice of termination of proceedings |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130508 Termination date: 20181025 |