CN102236753B - Copyright managing method and system - Google Patents
Copyright managing method and system Download PDFInfo
- Publication number
- CN102236753B CN102236753B CN201010173630.0A CN201010173630A CN102236753B CN 102236753 B CN102236753 B CN 102236753B CN 201010173630 A CN201010173630 A CN 201010173630A CN 102236753 B CN102236753 B CN 102236753B
- Authority
- CN
- China
- Prior art keywords
- right objects
- drm
- certificate
- management module
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a kind of copyright managing method and system, this copyright management system includes: digital copyright management DRM customer data base, for the information of managing drm user; Entitlement management module, for information, strategy and the DRM content ordered according to DRM user, generates right objects; Right objects data base, is used for managing right objects; Certificate management module, for the digital certificate of managing drm user, digital certificate provides key right objects being encrypted and/or deciphering. The copyright management system process to right objects is specify that by the present invention.
Description
Technical field
The present invention relates to the communications field, in particular to a kind of copyright managing method and system.
Background technology
Digital copyright management (DigitalRightsManagement, referred to as DRM) is as electronics audio/video program wide-scale distribution on the internet and a kind of new technique of growing up. The purpose of digital copyright management is the copyright of protection digital content, and its major technique related to includes the technology such as Digital ID, safety and encryption, storage and electronic transaction.
Fig. 1 is the mobile open alliance (OpenMobileAlliance according to correlation technique, referred to as OMA) DRM system configuration diagram, this system includes: content center (ContentIssuer), copyright center (RightsIssuer), DRM agent, removable medium (RemovableMedia). Wherein, the DRM content sent can be carried out packing and process and can also receive the content come from the packing of other entity by content center, and content center sends DRM content to DRM agent. DRM agent is the trusted entity of terminal unit, for DRM content carries out the control of authority. Copyright center is the entity of authority and the copyright generation distributing DRM content. Removable medium is to share the entity of content and copyright between DRM agent and DRM agent.
Any system for numeral copyright management all includes three basic key elements: the content of encryption, right objects (RightsObject, referred to as RO) and content key (ContentEncryptionKey, referred to as CEK), the only program media after terminal obtains encryption, and have right objects and relevant content key could program be watched. Content key is typically all and is encapsulated in inside right objects, so system for numeral copyright management to have in transmitting to terminal: the content of encryption and right objects.
The transmission of encryption content and right objects is defined Three models by mobile open alliance: forbid that forwarding, combination send, send respectively.
Wherein, Fig. 2 is the schematic diagram forbidding forwarding of the OMADRM according to correlation technique, Fig. 3 is the OMADRM combination according to correlation technique or the schematic diagram sent respectively, wherein: forbid that forwarding refers to that a media object is encapsulated in a DRM message and is transferred to user, user is allowed to use content, but content can not be forwarded to other users, and user can not revise this media object.Combination transmission refers to that a right objects and a media file are encapsulated in a DRM message and are sent to user, and user can use content according to the regulation of right objects, but can not revise, forward right objects and media file. Send respectively and refer to that content object is packaged into a kind of special DRM content form (DRMContentFormat, referred to as DCF), adopt symmetric cryptosystem, it is necessary to use content key (CEK) can access media content, CEK is stored in right objects. So, content can through non-security delivering path transmission, and the transmission of right objects (RO) then needs the transmission channel of greater security.
Although OMA defines the multiple issuing mechanism of right objects, but, to how processing right objects, explanation is not given to for copyright management system inside.
Summary of the invention
A kind of copyright managing method of offer and system are provided, solve copyright management system internal control right objects problem.
According to an aspect of the invention, it is provided a kind of copyright management system, including: digital copyright management DRM customer data base, for managing the information of described DRM user; Entitlement management module, for information, strategy and the DRM content ordered according to described DRM user, generates right objects; Right objects data base, is used for managing described right objects; Certificate management module, for managing the digital certificate of described DRM user, described digital certificate provides key right objects being encrypted and/or deciphering.
According to a further aspect in the invention, it is provided that a kind of copyright managing method, including the information of DRM user described in digital copyright management DRM user data library management; Information, strategy and the DRM content that entitlement management module is ordered according to described DRM user, generates right objects and described right objects is sent to right objects data base; Right objects described in right objects data base administration; Certificate management module manages the digital certificate of described DRM user, and described digital certificate provides key right objects being encrypted and/or deciphering.
The copyright management system of the present invention includes: right objects data base, is used for managing right objects; DRM customer data base, for the user profile of managing drm; Entitlement management module, for according to user's purchase order information, strategy and DRM content, generating right objects; Certificate management module, for the digital certificate of managing drm user; Digital certificate provides key right objects being encrypted and/or deciphering.
By the invention solves to how processing the problem that right objects is not given to illustrate inside copyright management system, and then specify that the copyright management system process to right objects.
Accompanying drawing explanation
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, and the schematic description and description of the present invention is used for explaining the present invention, is not intended that inappropriate limitation of the present invention. In the accompanying drawings:
Fig. 1 is the OMADRM system architecture schematic diagram according to correlation technique;
Fig. 2 is the schematic diagram forbidding forwarding of the OMADRM according to correlation technique;
Fig. 3 is the OMADRM combination according to correlation technique or the schematic diagram sent respectively;
Fig. 4 is the structured flowchart of copyright management system according to embodiments of the present invention;
Fig. 5 is the preferred structured flowchart of copyright management system according to embodiments of the present invention;
Fig. 6 is the flow chart that copyright management system according to embodiments of the present invention carries out copyright management;
Fig. 7 is the flow chart of the copyright managing method of IPTV according to embodiments of the present invention;
Fig. 8 is the preferred flow chart of IPTV copyright managing method according to embodiments of the present invention.
Detailed description of the invention
Below with reference to accompanying drawing and describe the present invention in detail in conjunction with the embodiments. It should be noted that when not conflicting, the embodiment in the application and the feature in embodiment can be mutually combined.
Below example can apply to the digital copyright management of IPTV system, but is not limited to this.
In one embodiment of the invention, provide a kind of copyright management system, Fig. 4 is the structured flowchart of copyright management system according to embodiments of the present invention, this copyright management system includes: right objects data base 42, DRM customer data base 44, entitlement management module 46, certificate management module 48, is explained below.
Right objects data base 42, is used for managing right objects, and wherein, right objects can according to the purchase order information of DRM user and one right objects relevant to DRM content of strategy generating; DRM customer data base 44, for the information of managing drm user; Entitlement management module 46, for information, strategy and the DRM content ordered according to DRM user, generates right objects; Certificate management module 48, for the digital certificate of managing drm user, this digital certificate provides key right objects being encrypted and/or deciphering. It should be noted that above-mentioned " management " includes storage function.
Fig. 5 is the preferred structured flowchart of copyright management system according to embodiments of the present invention, this system also includes: territory management module 52, this module is for carrying out territory management to user, use domain key that right objects is encrypted, and send the right objects after encryption, wherein, domain key can be produced by the digital certificate of territory user. User is carried out territory management can include user create territory, add territory, exit territory;
Preferably, management module 52 in territory can be the set of one group of equipment. Device within the domain shares a unique domain identifier and one or more domain key. User sets up territory, Set Top Box and other types equipment (such as PC, mobile phone etc.) can be added territory, permit server uses domain key encrypted content encryption key, being placed in the right objects of territory and be handed down to Set Top Box, Set Top Box can with the content of this territory right objects of other collaborative share in territory and correspondence thereof.
Preferably, certificate management module 48 is additionally operable to obtain agreement (RightsObjectAcquisitionProtocol, referred to as ROAP) by right objects and interacts with DRM agent, and provides certificate download service for DRM agent. Such as, certificate management module 48 can provide terminal certificate information inquiry interface to support that the right objects between copyright management system and DRM agent obtains protocol interaction.
Preferably, certificate management module 48 is additionally operable to obtain up-to-date Certificate Revocation information or from certificate center (CertificationAuthority, referred to as CA) downloadable authentication revokes chained list (CertificateRevocationList, referred to as CRL). Such as, certificate management system is by revoking chained list list from certificate center downloadable authentication or providing certificate online protocol (OnlineCertificateStatusProtocol, referred to as OCSP) respondent to obtain up-to-date Certificate Revocation information alternately with CA.
Preferably, entitlement management module 46 is additionally operable to receive DRM agent before right objects after to terminal authentication success generating, the message that the request of transmission is corresponding with DRM content.
Preferably, certificate management system can provide certificate download service for terminal D RM agency.
Preferably, certificate management module is additionally operable to obtain Certificate Revocation information or certificate revocation chained list from certificate center.
In another embodiment of the present invention, it is provided that use the method that above-mentioned copyright management system carries out copyright management, Fig. 6 is the flow chart that copyright management system according to embodiments of the present invention carries out copyright management, and this flow process includes:
Step S602, information, strategy and the DRM content that entitlement management module 46 is ordered according to DRM user, generate right objects and this right objects is sent to right objects data base 42;
Step S604, right objects data base 42 manages this right objects.
Preferably, certificate management module 48 manages the digital certificate of described DRM user, and wherein, this digital certificate provides key right objects being encrypted and/or deciphering. Certificate management module 48 manages the step of data certificate does not have sequencing with above-mentioned steps S602 and step S604. It should be noted that, above-mentioned steps S604 can also be corresponding right objects is encrypted of DRM content using the digital certificate of the DRM user obtained from certificate management module 48 that DRM user is asked, that is, step right objects being encrypted can be completed by the above-mentioned module in copyright management system.
It is, of course, preferable to ground, in step s 604, copyright data data base 42 this right objects of right objects data base administration can include right objects is encrypted.
Preferably, it is also possible to including: the step of the information of DRM customer data base 44 managing drm user, this step and above-mentioned steps S602 and step S604 can also not have sequencing.
Preferably, territory management module 52 uses domain key that right objects is encrypted, and sends the right objects after encryption, and wherein, domain key is to be produced by the digital certificate of territory user.
Preferably, before entitlement management module 46 generates right objects, entitlement management module 46 receives the message of the DRM agent right objects corresponding with DRM content in the request that terminal authentication is sent after successful. Then, regeneration right objects.
Preferably, after right objects is encrypted, right objects is sent to DRM agent; DRM agent module uses right objects to obtain agreement and certificate management module 48 and interacts, and from certificate management module 48 downloading digital certificate;
DRM agent uses the digital certificate downloaded from certificate management module 48 that right objects is decrypted.
In another embodiment of the present invention, it is provided that a kind of copyright managing method, the method comprises the steps:
Step S2, the terminal of request DRM content is authenticated by DRM agent by certificate server;
Step S4, after certification success, DRM agent asks the right objects of this DRM content to copyright management system;
Step S6, copyright management system generates right objects according to this DRM content and right objects is sent to DRM agent.
By above-mentioned steps S2 to step S6, DRM agent is made just terminal to be authenticated before request right objects, right objects is asked again after certification success, just illegal terminal can be shielded before request right objects, thus improve safety, and the burden of copyright management system can be reduced to a certain extent.
Preferably, right objects is carried out signing and/or encrypting by copyright management system, then, the right objects after signature or encryption is sent to DRM agent.So can improve the safety of system further. Such as, the right objects after copyright management system uses the PKI of terminal that right objects is encrypted and uses the private key pair encryption of copyright management system is signed.
Preferably, if introducing territory management, then by copyright management system, DRM agent can verify that whether this terminal is legal territory user, and when being proved to be successful, use domain key that right objects is encrypted, and the right objects after encryption is sent to terminal.
Preferably, copyright management system can search the encryption key of DRM content according to the key identification of the mark of DRM content or DRM content, and is loaded in right objects by encryption key.
Below in conjunction with Fig. 7, each embodiment variant embodiment above-mentioned is illustrated.
Fig. 7 is the flow chart of the copyright managing method of IPTV according to embodiments of the present invention, and this flow process comprises the steps:
Step S701, the relevant information of user and terminal (also referred to as equipment) can be registered in DRM agent, and it, when the copyright receiving DRM agent is asked, is authenticated, it is judged that whether this terminal is legal by entitlement management module 46;
Step S702, certification is passed through, and DRM agent request issues the right objects with integrity protection. When DRM agent sends authorization requests, the authorization request message comprising the relevant information of user and equipment, DRM agent uniquely identifies, request content identifies or contents encryption key identifies is sent to entitlement management module 46. Entitlement management module 46 inquires about corresponding contents encryption key according to content identification or the content key mark of user's order program to content cipher key management unit, and the authority according to user's request creates and manages right objects, finally content key mark and encryption key are encapsulated in right objects;
Entitlement management module 46 obtains the PKI of terminal unit from certificate management module 48, with this PKI, right objects is encrypted, ensure the terminal of its validated user that is not stolen and can arrive safe and sound in the process of transmission, simultaneously, can also the right objects of private key pair encryption of use authority management sign, it is ensured that the right objects of encryption be not tampered with in the process of transmission and be legal empowerment management issue;
Step S703, after terminal use's (or DRM agent) receives right objects, is first verified with the PKI of empowerment management, and confirmation right objects is not modified in the process of transmission and is that the empowerment management specified issues;
Step S704, after being verified, terminal uses the rights object acquisition contents encryption key of the private key deciphering encryption of oneself.
By the above embodiments, terminal authentication could be asked right objects, copyright management to be responsible for DRM content to copyright management system by rear DRM agent and be specified license and constraint, and generates right objects according to license and constraint. Right objects controls how DRM content uses, i.e. DRM content cannot depart from right objects and be used alone, and the mode specified only in right objects uses. The safe transmission of right objects ensures based on the certificate encryption mechanism of PKI.
Fig. 8 is the preferred flow chart of IPTV copyright managing method according to embodiments of the present invention, and this flow process comprises the steps:
Step S801:DRM acts on behalf of debarkation authentication server, asks certificate server certification terminal unit;
Step S802: certification success;
The right objects of step S803:DRM proxy requests DRM content;
Step S804: empowerment management is to the PKI of certificate management requesting terminal equipment;
Step S805: the PKI of certificate management feedback terminal equipment;
Step S806: right objects is encrypted by the PKI of empowerment management terminal unit, guarantee that only legal terminal unit could be deciphered, sign by the right objects of the private key pair encryption of empowerment management, it is ensured that it is not tampered with in the process of transmission and can verify is legal right objects simultaneously;
Step S807: the right objects after encryption passes to DRM agent;
Step S808:DRM acts on behalf of the PKI of use authority management and carries out signature verification, and checking right objects is not tampered with in the process of transmission, and after being verified, the private key re-using terminal unit is decrypted;
Step S809:DRM proxy requests territory this terminal of admin-authentication is legal territory user;
Step S810: authenticate successfully;
Step S811: sending domain right objects, this right objects domain key is encrypted.
In sum, by the above embodiment of the present invention, solve to how processing the problem that right objects is not given to illustrate inside copyright management system, and then specify that the copyright management system process to right objects. Improve the safety of system.
Obviously, those skilled in the art should be understood that, each module of the above-mentioned present invention or each step can realize with general calculation element, they can concentrate on single calculation element, or it is distributed on the network that multiple calculation element forms, alternatively, they can realize with the executable program code of calculation element, thus, can be stored in storage device is performed by calculation element, and in some cases, shown or described step can be performed with the order being different from herein, or they are fabricated to respectively each integrated circuit modules, or the multiple modules in them or step are fabricated to single integrated circuit module realize. so, the present invention is not restricted to the combination of any specific hardware and software.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations. All within the spirit and principles in the present invention, any amendment of making, equivalent replacement, improvement etc., should be included within protection scope of the present invention.
Claims (9)
1. a copyright management system, it is characterised in that including:
Digital copyright management DRM customer data base, for managing the information of described DRM user;
Entitlement management module, for information, strategy and the DRM content ordered according to described DRM user, generates right objects;
Right objects data base, is used for managing described right objects;
Certificate management module, for managing the digital certificate of described DRM user, described digital certificate provides key right objects being encrypted and/or deciphering;
Wherein, described entitlement management module, it is additionally operable to generating before described right objects, receives DRM agent after to terminal authentication success, the message of the right objects that the request of transmission is corresponding with DRM content.
2. system according to claim 1, it is characterised in that also include:
Territory management module, for described user carries out territory management, uses domain key that right objects is encrypted, and sends the described right objects after encryption; Described domain key is to be produced by the digital certificate of territory user.
3. system according to any one of claim 1 to 2, it is characterised in that
Described certificate management module, is also used for right objects acquisition agreement and interacts with DRM agent, and provide certificate download service for described DRM agent.
4. system according to any one of claim 1 to 2, it is characterised in that
Described certificate management module, is additionally operable to obtain Certificate Revocation information or certificate revocation chained list from certificate center.
5. a copyright managing method, it is characterised in that including:
The information of DRM user described in digital copyright management DRM user data library management;
Information, strategy and the DRM content that entitlement management module is ordered according to described DRM user, generates right objects and described right objects is sent to right objects data base;
Right objects described in right objects data base administration;
Certificate management module manages the digital certificate of described DRM user, and described digital certificate provides key right objects being encrypted and/or deciphering;
Wherein, described entitlement management module, before generating described right objects, also includes:
Described entitlement management module receives DRM agent after to terminal authentication success, sends the message of the request described right objects corresponding with DRM content.
6. method according to claim 5, it is characterised in that right objects described in described right objects data base administration includes: described right objects is encrypted.
7. method according to claim 5, it is characterised in that also include:
Territory management module uses domain key that described right objects is encrypted, and sends the described right objects after encryption, and wherein, described domain key is to be produced by the digital certificate of territory user.
8. method according to claim 6, it is characterised in that after described right objects is encrypted, also include:
Described right objects is sent to DRM agent;
Described DRM agent module uses right objects to obtain agreement and described certificate management module and interacts, and from described certificate management module downloading digital certificate;
Described DRM agent uses the digital certificate downloaded from described certificate management module that described right objects is decrypted.
9. the method according to any one of claim 5 to 8, it is characterised in that also include:
Described certificate management module obtains Certificate Revocation information or certificate revocation chained list from certificate center.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010173630.0A CN102236753B (en) | 2010-05-07 | 2010-05-07 | Copyright managing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010173630.0A CN102236753B (en) | 2010-05-07 | 2010-05-07 | Copyright managing method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102236753A CN102236753A (en) | 2011-11-09 |
| CN102236753B true CN102236753B (en) | 2016-06-08 |
Family
ID=44887396
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010173630.0A Expired - Fee Related CN102236753B (en) | 2010-05-07 | 2010-05-07 | Copyright managing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102236753B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105281895B (en) * | 2014-07-09 | 2018-09-14 | 国家广播电影电视总局广播科学研究院 | A kind of digital media content guard method and device |
| GB201505438D0 (en) * | 2015-03-30 | 2015-05-13 | Irdeto Bv | Accessing content at a device |
| CN106713224B (en) * | 2015-11-12 | 2019-12-06 | 福建福昕软件开发股份有限公司 | Document authority control method |
| CN110858804B (en) * | 2018-08-25 | 2022-04-05 | 华为云计算技术有限公司 | Method for determining certificate status |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1794128A (en) * | 2005-08-12 | 2006-06-28 | 华为技术有限公司 | Method and system of adding region and obtaining authority object of mobile terminal |
| EP1804514A1 (en) * | 2006-01-03 | 2007-07-04 | Samsung Electronics Co., Ltd. | Method and apparatus for acquiring domain information and domain-related data |
| CN101118579A (en) * | 2006-08-01 | 2008-02-06 | 华为技术有限公司 | Verification permissive method and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100483435C (en) * | 2006-09-15 | 2009-04-29 | 华为技术有限公司 | Method and system for replacing copyright object in digital copyright management system |
-
2010
- 2010-05-07 CN CN201010173630.0A patent/CN102236753B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1794128A (en) * | 2005-08-12 | 2006-06-28 | 华为技术有限公司 | Method and system of adding region and obtaining authority object of mobile terminal |
| EP1804514A1 (en) * | 2006-01-03 | 2007-07-04 | Samsung Electronics Co., Ltd. | Method and apparatus for acquiring domain information and domain-related data |
| CN101118579A (en) * | 2006-08-01 | 2008-02-06 | 华为技术有限公司 | Verification permissive method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102236753A (en) | 2011-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7224805B2 (en) | Consumption of content | |
| Popescu et al. | A DRM security architecture for home networks | |
| Taban et al. | Towards a secure and interoperable DRM architecture | |
| KR100746030B1 (en) | Method and apparatus for generating rights object with representation by commitment | |
| US8336105B2 (en) | Method and devices for the control of the usage of content | |
| EP2063675B1 (en) | Robust and flexible Digital Rights Management (DRM) involving a tamper-resistant identity module | |
| CA2456400C (en) | Publishing digital content within a defined universe such as an organization in accordance with a digital rights management (drm) system | |
| US9548859B2 (en) | Ticket-based implementation of content leasing | |
| CA2457291C (en) | Issuing a publisher use license off-line in a digital rights management (drm) system | |
| CN102057382B (en) | Temporary domain membership for content sharing | |
| KR101944800B1 (en) | Method and apparatus for downloading drm module | |
| EP2289013B1 (en) | A method and a device for protecting private content | |
| US20040019801A1 (en) | Secure content sharing in digital rights management | |
| Messerges et al. | Digital rights management in a 3G mobile phone and beyond | |
| US7995766B2 (en) | Group subordinate terminal, group managing terminal, server, key updating system, and key updating method therefor | |
| US8220059B2 (en) | Method and apparatus for generating rights object by reauthorization | |
| EP2517431B1 (en) | Usage control of digital data exchanged between terminals of a telecommunications network | |
| CN102236753B (en) | Copyright managing method and system | |
| KR100989371B1 (en) | DRM security mechanism for the personal home domain | |
| KR100982059B1 (en) | System and Method for Converting Compatible DRM Contents from Cooperation DRM Contents and Recording Medium for Recording Computer Program of Function Thereof | |
| WO2003005174A1 (en) | Consumption of digital data content with digital rights management | |
| US9237310B2 (en) | Method and system digital for processing digital content according to a workflow | |
| Liu et al. | Protecting Privacy of Personal Content on an OMA DRM Platform | |
| KR20070097611A (en) | An efficient key distribution method for digital contents distribution | |
| KR20100015081A (en) | Apparatus for protecting digital contents and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201218 Address after: 251900 Chengkou Town East, Wudi County, Binzhou City, Shandong Province Patentee after: Wudi Xinyue Chemical Group Co.,Ltd. Address before: 518057 No. 55 South Science and technology road, Shenzhen, Guangdong, Nanshan District Patentee before: ZTE Corp. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160608 |