CN102394869B - Digital content sharing method and system for digital network - Google Patents
Digital content sharing method and system for digital network Download PDFInfo
- Publication number
- CN102394869B CN102394869B CN2011103142369A CN201110314236A CN102394869B CN 102394869 B CN102394869 B CN 102394869B CN 2011103142369 A CN2011103142369 A CN 2011103142369A CN 201110314236 A CN201110314236 A CN 201110314236A CN 102394869 B CN102394869 B CN 102394869B
- Authority
- CN
- China
- Prior art keywords
- digital
- equipment
- license passport
- certificate
- content
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention relates to the technical field of network communication and digital copyright, in particular to a digital content sharing method and system for a digital network. The system provided by the invention comprises a content publishing client, a copyright publishing client and a local domain management control end, wherein the content publishing client is used for providing a digital content publishing and downloading business; the copyright publishing client is responsible for generating and issuing a permission certificate corresponding to the digital content; the local domain management control end is used for storing a list of digital network members and equipment in all domains and is responsible for managing each member and each equipment in the digital network, registering each member and each equipment in the network and assuring identification and authority of the members. In the method provided by the invention, by utilizing a way based on an access control model and a certificate chain table of a role, an access authority of family members and equipment is controlled. According to the method and the system provided by the invention, the number of the published certificate and the resource consumed by managing the certificate are greatly reduced and the workload of the copyright publishing client is lightened.
Description
Technical field
The present invention relates to network service and digital copyright technology field, relate in particular to a kind of digital content for digital network and share method and system.
Background technology
Network technology adopts in office, family in a large number, and multimedia computer is shared broadband connection by wired or wireless network, and the digital device in home network is in continuous increase.The development of network is so that the distribution of digital multimedia content is easier, digital content provides more convenient, easier copy, and content and the initial content of copy are in full accord, when still bringing advantage to the user, also caused the generation of illegal factor, for example pirate and illegal copies.
In recent years, digital copyright management (DRM) technology is for the illegal copies and the distribution that prevent from carrying out without crossing the possessory agreement of copyright.By electronic channel, as using the license passport of apparatus control, DRM allows the distribution of copyright owner's control and management digital content.Recent years, DRM was very fast in the development of research and development field, and a large amount of related systems have had commercial application.
From domestic consumer's viewpoint, the user wishes that the digital content bought uses on can freedom and flexibility ground equipment in the family and transmit, and realizes unified management.General DRM is fit to general networking environment rather than digital household environment, and this home environment has kinsfolk and equipment, and the concept of Authorized Domain (AD) is proposed for and addresses these problems.Each equipment has identical right to access to digital content, as long as this equipment is registered at home network.Yet some content does not allow to allow children watch such as adult's content, needs access control management, and namely in the one family network, different users has different rights.
Summary of the invention
Technical problem for above-mentioned existence, the purpose of this invention is to provide a kind of digital content for digital network and share method and system, the method can be controlled the right to access of network members and equipment based on role access control model (RBAC) and digital certificate chained list.
For achieving the above object, the present invention adopts following technical scheme:
A kind of digital content shared system for digital network:
Comprise computer, smart phone, camera, Digital Television, personal digital assistant, described computer, smart phone, camera, Digital Television, personal digital assistant all have the certificate that certificate issuance office (CA) promulgates separately, and all have separately a pair of PKI and private key, PKI is open with certificate form, and private key is placed in the anti-tamper internal memory of equipment; Couple together by digital network between described computer, smart phone, camera, Digital Television, the personal digital assistant;
Also comprise content distribution client (CI), described content distribution client provides digital content issue and downloading service, by the content distribution client digital content packaging ciphering (being called digital rights management content through the content of encrypting) of user's request is provided to legal user domain and with copyright distribution client (RI) communication to make it generate corresponding license passport;
Also comprise copyright distribution client (RI): described copyright distribution client is responsible for generation and the granting of the license passport corresponding with digital content, license passport corresponding to Information generation digital content that described copyright distribution client is sent according to the content distribution client first provided to the legal user domain of this digital content again;
Also comprise local domain management control end (LDM), described local domain management control end has the tabulation of digital network member and equipment in all territories, be in charge of each member and equipment in the digital network, each member and equipment in the network are registered, determine member's identity and authority, management adds the equipment in territory, the user of identification use equipment, to content distribution client and copyright distribution client application digital copyright management (DRM) content and corresponding license passport, and be member and equipment distribution of digital rights organize content and usage license certificate;
Digital network between described local domain management control end and described computer, smart phone, camera, Digital Television, the personal digital assistant is interconnected, described content distribution client and described local domain management control end are by network connection, and described copyright distribution client and described local domain management control end are passed through network connection.
Described digital network connects in wired or wireless mode, and described computer, smart phone, camera, Digital Television, personal digital assistant all will just can become through the digital authenticating of described local domain management control end respectively the equipment in the territory.
Described system adopts the certificate chained list, and described certificate chained list is used for license passport, and with the information of record digital network member and equipment, described certificate chained list is managed by described local domain management control end.
Described system comes member and equipment in the administering digital network by the access control method based on the role.
A kind of digital content for digital network is shared method, may further comprise the steps:
When a digital network member applied for obtaining digital content and license passport, local domain management control end (LDM) was asked and receiving digital contents and corresponding license passport from content distribution client (CI) and copyright distribution client (RI);
The digital network member sends a message to the local domain management control end, the digital content that comprises user ID, device id and request, whether user ID and device id on the main inquiry local domain management control end of territory be legal, inquiring user, Role and privilege relation table determine according to this relation table whether this digital network member possesses the access rights to this digital content;
Have corresponding authority if inquire this digital network member, just the digital content of encrypting is issued the equipment that this digital network member is using, the digital content of encryption can be stored in any apparatus in digital network and can be transmitted between equipment;
If in the local domain management control end license passport operating position table is arranged, then record license passport information corresponding to digital copyright management (DRM) digital content, main the tabling look-up through the territory, if license passport is on the local domain management control end, then the territory master keeps a record at chained list, then after license passport and subsidiary chained list being used the public key encryption of requesting service, issue the equipment that the digital network member is using, and license passport sequence number, recipient's user ID, device id are recorded in the license passport operating position table of local domain management control end;
Main the tabling look-up through the territory if license passport sends out message on other equipment, then for this equipment, notifies this equipment that license passport is issued the requestor;
Just the digital network member at usage license certificate keeps a record at chained list, then after license passport and subsidiary chained list being used the public key encryption of requesting service, issue the equipment that the requestor is using, and recipient's user ID, device id sent out message to the local domain management control end, upgrade license passport operating position table on the local domain management control end;
After the digital network member obtains license passport, with the private key of oneself license passport of receiving and the chained list of attaching are deciphered first, thereby obtain content decryption key, then use the decrypted digital content key that the digital copyright management digital content of encrypting is decrypted, the digital network member can use or playing digital content after the deciphering.
License passport information corresponding to described digital copyright management (DRM) digital content comprises license passport sequence number, the user ID of using, device id.
The digital network member is namely destroyed after the content of having deciphered is finished using, and any equipment is forbidden storage and copy content after the deciphering all.
In digital network, prepare the equipment of reception license passport and must confirm as mutually equipment in the territory with the equipment that sends license passport, transmit leg must use the PKI of receiving equipment to be encrypted when sending license passport, and receiving equipment uses the private key of oneself just can obtain content decryption key after receiving license passport.
The present invention has the following advantages and good effect:
1) digital network of the present invention has adopted the territory concept, so that the license passport of digital content can once be bound with one group of equipment mutually, between content distribution client, copyright distribution client and the home network device terminal for protecting communicating by letter that copyrighted digital content carries out greatly to simplify, greatly reduce the quantity of issuing certificate and managed the resource that certificate consumes, alleviated the workload of copyright distribution client;
2) the present invention has realized sharing of the interior license passport of digital network by license passport and digital network binding, so that the user can freely transmit in the territory, use digital content, reaches real convenience and shared freely;
3) the present invention combines the certificate chained list for the method with RBAC, and this technical scheme has realized that tracking and the DRM authority of license passport shifts in the territory, does not change the content of license passport simultaneously;
4) RBAC of the present invention has realized by for each network members distributes suitable role, thereby distributes suitable DRM authority, can realize the function that some users such as secret protection, managing children need, and the authority difference is controlled more flexible.
Description of drawings
Fig. 1 is role based safe access control illustraton of model provided by the invention.
Fig. 2 is graduation actor model schematic diagram provided by the invention.
Fig. 3 is digital network Digital Rights Management System Framework structure chart provided by the invention.
Embodiment
Digital network is the main application form of Authorized Domain (AD), and it comprises wireless and mixed form wired connection, comprises some equipment, such as PC, printer and smart phone, camera etc.
It is multiple to allow the method for different rights to have at present in the territory, and a kind of direct method is exactly to introduce differently when buying right, and the user can define different rights for different territory members at once, and content supplier adds this coding at license passport.Yet, quite fixing, dumb, the easy invasion of privacy of this method.
In addition, another kind of method is to introduce different rights in the process that the DRM right is converted to DRM right in the territory.Here, a people who buys digital content (the territory member of domain administrator or first access permission certificate) allows to increase further restriction or right on original rights, and this restriction or right being used and accessing for Control the content in the territory.Yet, strong requirement is arranged for digital content provider, he is Control the content distribution and use fully.Usually, digital content provider is not believed and is not allowed original license passport is changed.
Also having a kind of possible method is certificate chained list scheme, and domain administrator increases chained list for the license passport that each is assigned to this territory, and the chain table record broadcast DRM content and got facility information.This scheme has realized the tracking of license passport in the territory, and do not change the content of right objects (RO) simultaneously, but weak point is: this scheme can't be each territory member and the only DRM authority of devices allocation.
In digital network, if a user has bought digital content, other digital network user also allows to access this digital content.This can cause much destroying privacy and safety problem.Under certain scene, the owner in territory does not wish that for reasons such as privacy, father and mother's position, personal interests other users in territory use some digital content in the territory yet, do not wish that such as father and mother child watches some adult's content, perhaps only allow child to watch some content at official hour, to prevent that him from consuming the too much time in the above, affect child's study and rest; Friend adds your territory with his equipment for another example, and you only are ready to share with him your music or film, but do not wish that he sees other digital content.Therefore, in order to solve these potential safety and privacy concerns, we propose the right to access that a kind of new method is controlled each digital network member.
Other concept terms belong to content well known in the art in this specification, do not repeat them here, and the below is introduced related notion related in the method provided by the invention, fully to disclose the application's technology contents:
(1) based on role access control model (RBAC)
Access control (Role-Based Access Control) based on the role becomes the mode that substitutes traditional access control (autonomous access, pressure access), in RBAC, authority is associated with the role, and the user obtains these roles' authority by the member who becomes suitable role.RBAC has greatly simplified the management of authority.In a tissue, the role creates in order to finish various work, and the user then is assigned corresponding role according to its responsibility and qualification, and the user can be assigned to another role from a role at an easy rate.The demand of role Ke Yixin and the merging of system and give new authority, and authority also can reclaim from certain role as required.Role and role's relation can set up to include widely objective circumstances.
The core concept of RBAC interrelates access rights and role exactly, by giving the suitable role of user assignment, user and access rights is interrelated.The role according in the constituent parts for finishing the setting of various task needs, the role who sets them according to user's responsibility and responsibility.About the RBAC model, more famous in the prior art is the R. Sandhu professor's of U.S. George Mason university RBAC96 model, and the below is introduced the role based safe access control model.
Role based safe access control illustraton of model as shown in Figure 1 has three kinds of entity setses, is called user, Role and privilege.Shown the set of session among Fig. 1, the user is the main body to the data Object Operations, is the people in this model, and the role is in-house work functions or work title, about authorizing some roles with authority and responsibility.The role connects user and authority as middle bridge; Authority is to be intended to together the one or more objects of access in the system, the term mandate, and right to access and privilege also are used to indicate authority.Authority normally has positive effect, and the holder of granted rights finishes some activity.Constraint is to be additional in the RBAC system on each element, is used for expressing the executable condition of being permitted; Session is a dynamic concept, and the user activates the role and in time sets up session.
(2) Partition of role of digital network
According to the relation between user type in the digital network and each user, the Graded Roles model as shown in Figure 3:
Graded Roles is the method for nature, is used for setting up role structure, authority and the responsibility of reflection tissue.By convention, more authoritative or senior role is presented at high level, and authoritative or not rudimentary role is presented at bottom.
In this model, the rank of model from low to high, being divided into is 4 grades, the 4th grade is lowermost level, interim member is in this rank.In most of the cases, this is the interim and shared digital content of digital network member of a user, has part to use the authority of DRM content, and authority is minimum.
The rank-and-file member is the third level, and this member is more senior than interim member, has therefore inherited all authorities of interim member.The rank-and-file member can have the authority except inheriting interim member, this role's authority comprises requirement and uses DRM content and license passport, but be subject to certain restrictions, for example the child in the family can be used as this role's user, as can only can play some content (such as 8:00-21:00) within certain time period.
The succession of authority is transferable, and in Fig. 2, the high-ranking member is in the second level.This role succession interim member and rank-and-file member's authority.The high-ranking member can have extra authority, and for example the adult user in the family such as father and mother can distribute this role, has the overwhelming majority of all authorities.
The territory master only has a member in the first order, is the owner of digital network territory registration, also is the director in territory and the keeper of highest ranking. this role succession the high-ranking member, rank-and-file member and interim member's authority can realize all authorities.
(3) delineation of power of digital network
The role gives certain role as the intermediary between user and the access rights to the user, and again the authority type ascribed role, the user obtains corresponding accessing operation authority by the role.Authority is divided into polytype in digital network: as creating, nullify the territory, add, delete user or equipment, acquisition, usage license certificate, use DRM content etc.
According to role above-mentioned, the digital network member can play the part of these roles, thereby has different authorities, and for example, father or mother can play the part of the territory master, have all authorities, and child belong to general user role, and authority is smaller.In some perhaps equipment need to be limited use by the head of a family, and can only use at official hour.Certain friend adds digital network temporarily, can only share certain item of digital content, and such as music or film, other digital content is limited to use.Set up the relation table of user, Role and privilege, user's that can each role of fast finding associated rights or the user's of certain authority set.
When new user registration being arranged or old user's leaving domain is arranged, when user's role changes, or when digital copyright management (DRM) content that new application arrives is arranged, dynamically determine the authority that this role's user is all or the operation that the DRM content is carried out.
The digital content that is used for digital network that the below proposes the present invention by reference to the accompanying drawings with specific embodiment is shared method and is described in detail:
Digital content is shared method based on role access control model (RBAC) in the digital network that this method proposes, and has adopted the certificate chained list in the design, and this chained list is used for license passport, the information of record digital network member and equipment.
(1) Home DRM system frame structure
Fig. 3 is digital network DRM system frame structure, and this structure is made of following several functional entitys:
Content distribution client (CI): CI provides digital content issue and downloading service, and by CI digital content packaging ciphering (being called the DRM content through the content of the encrypting) granting of user's request being communicated by letter to legal user domain and with RI makes it generate corresponding license passport.
Copyright distribution client (RI): RI is responsible for generation and the granting of the license passport corresponding with digital content: license passport corresponding to Information generation digital content of sending according to CI first, provide again to the legal user domain of this digital content.
Local domain management control end (LDM): the nucleus equipment that is digital network, there is the tabulation of digital network member and equipment in all territories, be in charge of each member of digital network and equipment, the registration on LDM such as kinsfolk and equipment, determine kinsfolk's identity and authority, management adds the equipment in territory, can identify the user of use equipment, to CI and RI application DRM content and corresponding license passport, and be member and equipment distribution DRM content and usage license certificate.LDM can not be special equipment and being served as by member devices such as PC, notebooks, but this equipment must possess enough memory spaces and disposal ability, can take preferably safety measure, and a digital network has and only have a LDM.
Equipment (such as PC, printer, smart phone, camera, Digital Television, personal digital assistant PDA) is in native system, equipment all is believable, must have the certificate that certificate issuance office (CA) promulgates, and have a pair of public affairs/private key, PKI is open with certificate form, and private key is placed in the anti-tamper internal memory and only has this equipment to know.These equipment couple together by digital network, and digital network can wired or wireless mode connect, and all will authenticate the equipment that just can become in the territory through LDM.Equipment can Local or Remote the mode of access access the DRM content.Equipment comes display field to describe by the digital network member with them.
The digital network member is the user of equipment, after must registering in the territory first.They can share a plurality of equipment, and play the DRM content at equipment.
(2) license passport is described
When a digital network member buys the DRM content, pay to content supplier, CI is transmitted to LDM with the DRM content.This digital content also should be able to be play at other member devices of digital network.In order to support this ability, RI transmits license passport for the digital content of buying, and this certificate directly sends to LDM.
The license passport form is followed ITUTX. 509 international standards, and the representation of license passport is as follows among the present invention:
Certificate information: the signature algorithm that the version number of license passport, certificate serial number, certificate use;
Owner's sign of certificate: possessory public-key cryptography
Resource information: digital content ID, the decrypted digital content key
Rights of using: the use restriction of resource, the valid expiration date of using
The digital signature of license server
Certificate information comprises the version number of certificate; The sequence number of certificate (each certificate has a unique certificate serial number); The employed signature algorithm of certificate (such as RSA Algorithm).The possessory information of certificate comprises owner's sign; The possessory public-key cryptography of certificate.Resource information comprises unique resource identification, the decruption key of resource (being used for the deciphering to digital content).Rights of using provide the use restriction of resource, and multiple form can be arranged, and such as the access times restriction of resource, use simultaneously the number of devices restriction of resource, the term of validity that resource is used etc.; Certificate generally adopts the UTC time format to represent the term of validity.The person's of containing the certificate authority in the certificate signature is to guarantee the integrality of certificate.License passport just must not be revised after buying.
The DRM license passport can be described by right to use descriptive language REL (Rights Expression Language), REL is the important technology content in DRM field, be used for describing the right to use of digital content or service, namely describe the right to use that the participant has resource.Right (Rights), resource (Asset) and participant (Party) are three entities the most basic of REL.Right is about the use of resource or access permission, comprises authority, precondition and restrictive condition etc.Resource refers to relevant with right have uniquely identified digital content or service.The participant is and corporate entity or the individual of resource dependency, comprises copyright owner, author, content provider and user etc.
REL must be conveniently easy-to-use, possesses opening, flexibility, extensibility and machine readable, supports the description of all kinds of rights to use of various digital contents.XrML(eXtensible rightsMarkup Language) and ODRL(Open Digital Rights Language) be the right expression language of two the most perfect XML-baseds of current development, adopted by the related standards tissue respectively.
(3) certificate chain list structure
Adopt the increase chained list to record digital network member and the equipment that uses the DRM digital content based on this license passport, record simultaneously the content operating position, this chained list is managed by LDM, be only limited in the digital network and use, in chained list, identify current digital network member and the equipment that is using, guarantee that the same time can only have a digital network member and equipment to have license passport, in case namely license passport is changed to other users and equipment and used, user originally and equipment just can not use this license passport play content.Can limit better and the authorities such as broadcasting time that counting user is bought, time like this.List structure is as follows:
Record?1:?Content?ID,
Sender?(family?member?ID1,?device?ID1),
Receiver?(family?member?ID1’,?device?ID1’),
Timestamp?1,
Digital?signature?of?family?member?ID1.
Record?2:?…
Record?n:?Content?ID,
Sender?(family?member?IDn,?device?IDn),
Receiver?(family?member?IDn’,?device?IDn’),
Timestamp?n,
Digital?signature?of?family?member?IDn.
Current?device?n
Have many to use record in the chained list, every record comprises content ID, Sender information, Receiver information, Timestamp, the digital signature of Family member IDn.
The step that the below shares method to the digital content for digital network provided by the invention is described in detail:
1, wants to obtain digital content and license passport when member's application of a digital network, at first entrust LDM from CI and RI request and receiving digital contents and corresponding license passport;
2, the digital network member sends a message to LDM, comprise user ID, the digital content of device id and request, whether user ID, device id on the main inquiry in the territory LDM be legal, the relation table of inquiring user, Role and privilege determines according to relation table whether this user possesses the access rights to this digital content;
Have corresponding authority if 3 inquire the user, just the digital content of encrypting is issued the equipment that the member is using, the digital content of encryption can be stored in any apparatus in digital network and can be transmitted between equipment;
If 4 have individual license passport operating position table at LDM, license passport information corresponding to record DRM digital content comprises license passport sequence number, the user ID of using, device id.Main the tabling look-up through the territory, if license passport is on LDM, then the territory master keeps a record at chained list, then after license passport and subsidiary chained list being used the public key encryption of requesting service, issue the equipment that the digital network member is using, and license passport sequence number, recipient's user ID, device id are recorded to the upper license passport operating position table of LDM;
5, main the tabling look-up through the territory if license passport sends out message on other equipment, then for this equipment, notifies this equipment that license passport is issued the requestor;
6, just keep a record at chained list the digital network member of usage license certificate, then after license passport and subsidiary chained list being used the public key encryption of requesting service, issue the equipment that the requestor is using, and recipient's user ID, device id sent out message to LDM, upgrade the upper license passport operating position table of LDM;
7, after the digital network member obtains license passport, with the private key of oneself license passport of receiving and the chained list of attaching are deciphered first, thereby obtain content decryption key, then use the decrypted digital content key that the DRM digital content of encrypting is decrypted, can use or playing digital content, namely destroyed after the content of having deciphered is finished using, any equipment is forbidden storage and copy content after the deciphering all.
The below shares method to the digital content for digital network provided by the invention and carries out safety analysis:
1, system adopts the DRM architecture, the energy realization separates when digital content is distributed with license passport, separating of digital content and license passport strengthened the flexibility of managing on the one hand: the modification on digital content can not affect the mandate of having made, also improved on the other hand the security of system performance, can prevent that content and certificate from distributing arbitrarily, even the disabled user has obtained digital content, also can be owing to its certificate that do not secure permission, can not get decruption key can not accessed content, has effectively taken precautions against user's illegal operation.
2, in the system work process, the digital network member uses digital content at every turn, whether all legal by user ID, device id on the main inquiry in the territory LDM, this working method can be identified disabled user or equipment effectively, takes precautions against the disabled user and uses digital content at non-authority computer.
3, the equipment of preparing the reception license passport in digital network must be confirmed as mutually equipment in the territory with the equipment that sends license passport, transmit leg must use the PKI of receiving equipment to be encrypted when sending license passport, and receiving equipment uses the private key of oneself just can obtain content decryption key after receiving license passport.Like this, except transmit leg and recipient, license passport can not be stolen by other people, and is not tampered in transmission course, guarantees that license passport is true and reliable.
4, at one time, can only be play and the use digital content at an equipment by a digital member, after using, the content after the deciphering is destroyed immediately at every turn, can not be kept in any form on any equipment, can prevent that multimedia digital content from not copied arbitrarily.
The below compares technical scheme provided by the invention and existing other two kinds of technical schemes:
The DRM digital right management scheme is " buying different license passport schemes " and " reallocation scheme " in existing two kinds of main territories at present: the present invention compares in many aspects and existing two schemes:
Fail safe: aspect the fail safe of protection digital content; these three kinds of methods all adopt the DRM architecture; can protect preferably digital content; prevent any distribution; digital content all is to be to play and to use in that decruption key is arranged only; after finally using, digital content is namely destroyed, and fail safe is higher.
Complexity: aspect complexity, buying different license passport schemes is to allow content supplier directly add coding in content supplier in license passport, and the traffic between territory member and the content supplier increases, and it is heavy that burden becomes, and complexity improves.The reallocation scheme is to be that the license passport that is distributed to other territories member increases condition restriction by domain administrator or the member that buys digital content, and then is distributed to the territory member, owing to will create new authentication or sub-certificate, the burden of domain administrator increases, and complexity improves.And new method has adopted the certificate chained list that license passport is followed the trail of, and has used simultaneously the RBAC model, by form 1 DRM authority and user role is closely connected, and has realized the unified effectively management of territory member and DRM authority, and complexity is low.
Flexibility: buying different license passport schemes is just to obtain different license passports when buying digital content at the content supplier place, and the authority that different territory members needs is different, all will again obtain new license passport from content supplier at every turn, and is very dumb.Reallocation scheme and new method are efficiently managed authority information by domain administrator, have higher flexibility.
Secret protection: aspect protection digital network member's privacy; buying different license passport schemes is directly to customize digital content and license passport keeper or territory member for other members; reveal easily other other territories members' privacy, and additive method is not easy to expose privacy.
Change the license passport structure: buy the 26S Proteasome Structure and Function that different license passport schemes and new method have all kept the original license book, and license passport reallocation scheme can change the form of license passport.
Can find out that by upper table contrast the present invention has possessed the advantage of other two schemes, overcome again the shortcoming of the two simultaneously, realize the unified effectively management of territory member and DRM authority, be a kind of scheme that is fit to very much digital network DRM rights management.
In typical DRM system realizes, license passport and apparatus bound, the digital resource that the user buys only allows could use on purchase of equipment, limited like this flexibility that the user uses digital content.Digital network DRM system can satisfy user's actual demand, and digital content can freely be transmitted, be used to the user in digital network.
Digital content for digital network provided by the invention is shared method makes system work process more effective.
Above embodiment is only for explanation the present invention, but not limitation of the present invention, person skilled in the relevant technique; in the situation that does not break away from the spirit and scope of the present invention; can also make various conversion or modification, so all technical schemes that are equal to, all fall into protection scope of the present invention.
Claims (1)
1. a digital content that is used for digital network is shared method, it is characterized in that, may further comprise the steps:
When a digital network member applied for obtaining digital content and license passport, the local domain management control end was from content distribution client and copyright distribution client request and receive digital content and the corresponding license passport of encrypting;
The digital network member sends a message to the local domain management control end, the digital content that comprises user ID, device id and request, whether user ID and device id on the main inquiry local domain management control end of territory be legal, inquiring user, Role and privilege relation table determine according to this relation table whether this digital network member possesses the access rights to this digital content;
Have corresponding authority if inquire this digital network member, just the digital content of encrypting is issued the equipment that this digital network member is using, the digital content of encryption can be stored in any apparatus in digital network and can be transmitted between equipment;
In the local domain management control end license passport operating position table is arranged, this license passport operating position table is used for the license passport information corresponding to digital content of recording of encrypted, the main license passport operating position table of looking into through the territory, if license passport is on the local domain management control end, then the territory master keeps a record at the certificate chained list, behind the public key encryption of the equipment that then license passport and subsidiary certificate chained list is being used with the digital network member who asks digital content, issue the equipment that the digital network member is using, and the license passport sequence number, the digital network member's of request digital content user ID, device id is recorded in the license passport operating position table of local domain management control end;
Mainly through the territory look into license passport operating position table, if license passport sends out message on other equipment, then for this equipment, notify this equipment license passport to be issued the digital network member of request digital content;
Just the digital network member at usage license certificate keeps a record at the certificate chained list, behind the public key encryption of the equipment that then license passport and subsidiary certificate chained list is being used with the digital network member who asks digital content, issue the equipment that using of digital network member of request digital content, and the digital network member's of request digital content user ID, a device id are sent out message to the local domain management control end, license passport operating position table on the renewal local domain management control end;
After the digital network member obtains license passport, close to the license passport of receiving and the certificate chain tabulation of attaching with the private key of oneself first, thereby obtain the decrypted digital content key, then use the decrypted digital content key that the digital content of encrypting is decrypted, the digital network member can use or playing digital content after the deciphering;
The digital network member is namely destroyed after the digital content of having deciphered is finished using, and any equipment is forbidden storage and copy content after the deciphering all;
In digital network, prepare the equipment of reception license passport and must confirm as mutually equipment in the territory with the equipment that sends license passport, transmit leg must use the PKI of the equipment that the digital network member of request digital content using to be encrypted when sending license passport, and the equipment that the digital network member of request digital content is using receives that the private key with oneself just can obtain the decrypted digital content key behind the license passport;
The certificate chained list that adopts in the described method is used for license passport, and with the information of record digital network member and equipment, described certificate chained list is managed by described local domain management control end; Know in certificate chained list acceptance of the bid and current digital network member and the equipment that is using, guarantee that the same time can only have a digital network member and equipment to have license passport, in case license passport is changed to other users and equipment and is used, user originally and equipment just can not use this license passport play content, with restriction and broadcasting time that counting user is bought, time; Comprise in the described certificate chained list that many are used record, every record comprises the digital signature of content ID, caller information, recipient's information, timestamp, member id;
The expression form of described license passport is: certificate information comprises the version number of certificate, the sequence number of certificate, the employed signature algorithm of certificate; The possessory information of certificate comprises owner's sign, the possessory public-key cryptography of certificate; Resource information comprises unique resource identification, the decruption key of resource; Rights of using provide the use restriction of resource, and multiple form is arranged, and comprise the access times restriction of resource, the term of validity that resource is used; Certificate adopts the universal time form shfft to show the term of validity; The person's of containing the certificate authority in the certificate signature is to guarantee the integrality of certificate;
Described license passport right to use descriptive language is described, and described right expression language is used for describing the right to use of digital content, comprises describing the right to use that the participant has resource; Right, resource and participant are three entities of right expression language; Right is about the use of resource or access permission, comprises authority, precondition and restrictive condition; Resource is relevant with the right uniquely identified digital content that has; The participant is and the entity of resource dependency, comprises copyright owner, author, content provider and user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011103142369A CN102394869B (en) | 2011-10-21 | 2011-10-21 | Digital content sharing method and system for digital network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011103142369A CN102394869B (en) | 2011-10-21 | 2011-10-21 | Digital content sharing method and system for digital network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102394869A CN102394869A (en) | 2012-03-28 |
| CN102394869B true CN102394869B (en) | 2013-05-01 |
Family
ID=45862078
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011103142369A Expired - Fee Related CN102394869B (en) | 2011-10-21 | 2011-10-21 | Digital content sharing method and system for digital network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102394869B (en) |
Families Citing this family (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105100228B (en) * | 2012-07-03 | 2020-06-26 | 厦门润丰投资有限公司 | Cloud server and copy system of digital resources |
| US10574749B2 (en) | 2012-07-03 | 2020-02-25 | Xiamen Geeboo Information Technology Co. Ltd. | Cloud server and digital resource duplication method and system |
| CN102739793B (en) * | 2012-07-03 | 2016-05-18 | 厦门简帛信息科技有限公司 | The management system of intelligent terminal, digital resource and method |
| CN102916812B (en) * | 2012-10-19 | 2015-11-25 | 雷欧尼斯(北京)信息技术有限公司 | The live authentication management system of movie theatre and method |
| CN103873248B (en) * | 2012-12-16 | 2017-04-12 | 航天信息股份有限公司 | Encryption method and device with certificate based on identity |
| CN103399751A (en) * | 2013-08-08 | 2013-11-20 | 百度在线网络技术(北京)有限公司 | Method, system and terminal for file sharing |
| CN103617377B (en) * | 2013-08-22 | 2017-05-03 | 北京数字太和科技有限责任公司 | Content and right packaging method |
| US20150161360A1 (en) * | 2013-12-06 | 2015-06-11 | Microsoft Corporation | Mobile Device Generated Sharing of Cloud Media Collections |
| CN104244030B (en) * | 2014-09-17 | 2017-11-07 | 四川迪佳通电子有限公司 | One kind records program sharing method and system |
| CN104866736B (en) * | 2015-05-26 | 2017-10-03 | 武汉大学 | The system for numeral copyright management and method of a kind of non-proliferation |
| CN105959406A (en) * | 2016-06-27 | 2016-09-21 | 乐视控股(北京)有限公司 | User right splitting method and system |
| CN111212090A (en) * | 2020-02-20 | 2020-05-29 | 上海聚力传媒技术有限公司 | Terminal list acquisition method and device, computer equipment and storage medium |
| CN113411291A (en) * | 2020-03-17 | 2021-09-17 | 国广融合(北京)传媒科技发展有限公司 | File transmission protection method and device |
| CN114741674B (en) * | 2022-06-15 | 2022-09-09 | 深圳市智能派科技有限公司 | Internet-based 3D printing equipment management method and system |
| CN117314476B (en) * | 2023-11-28 | 2024-02-27 | 四川隧唐科技股份有限公司 | Certificate data integration method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1878092A (en) * | 2006-07-12 | 2006-12-13 | 华为技术有限公司 | Domain management system, method for building local domain and method for acquisition of local domain licence |
| CN101814990A (en) * | 2010-04-15 | 2010-08-25 | 华中科技大学 | Home network-oriented digital rights certificate management system |
-
2011
- 2011-10-21 CN CN2011103142369A patent/CN102394869B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1878092A (en) * | 2006-07-12 | 2006-12-13 | 华为技术有限公司 | Domain management system, method for building local domain and method for acquisition of local domain licence |
| CN101814990A (en) * | 2010-04-15 | 2010-08-25 | 华中科技大学 | Home network-oriented digital rights certificate management system |
Non-Patent Citations (1)
| Title |
|---|
| 裴庆祺.数字版权管理关键技术及应用研究.《中国博士学位论文全文数据库,信息科技辑》.2009,(第1期), * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102394869A (en) | 2012-03-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102394869B (en) | Digital content sharing method and system for digital network | |
| KR100763193B1 (en) | System and Method for providing DRM license | |
| AU2005225953B2 (en) | Method and apparatus for acquiring and removing information regarding digital rights objects | |
| US20080195548A1 (en) | License Data Structure and License Issuing Method | |
| CN102073819B (en) | Digital rights management methods | |
| US20060080529A1 (en) | Digital rights management conversion method and apparatus | |
| JP2005228346A (en) | Method for associating content with user | |
| US20040133797A1 (en) | Rights management enhanced storage | |
| CN101951360B (en) | Interoperable keychest | |
| AU2005225951A1 (en) | Method and apparatus for playing back content based on digital rights management between portable storage and device, and portable storage for the same | |
| CN100471110C (en) | Method and apparatus for managing digital rights using portable storage device | |
| JP2008271564A (en) | Transmission distribution system and transmission distribution method under off-line environment of license | |
| CN201349220Y (en) | Digital content copyright management device and receiving terminal | |
| KR100765794B1 (en) | Method and apparatus for sharing content using sharing license | |
| CN101261670A (en) | Method, system and device for group control over content consumption in a domain | |
| CN203233428U (en) | Digital signal safety encryption system | |
| JP2003280522A (en) | Time cipher key module, and time managing system using the same | |
| JP2003279675A (en) | Time code distributing system and time managing system using the same | |
| Liu et al. | Protecting Privacy of Personal Content on an OMA DRM Platform | |
| Fan et al. | A novel usage control protocol model for DRM system | |
| MXPA06011034A (en) | Method and apparatus for acquiring and removing information regarding digital rights objects |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent for invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Zhang Zhiyong Inventor after: Niu Danmei Inventor after: Huang Tao Inventor after: Wu Ying Inventor after: Zhang Lili Inventor after: Li Yanxia Inventor after: Zhang Xiaoling Inventor before: Niu Danmei Inventor before: Wang Shaofeng Inventor before: Zhang Zhiyong Inventor before: Wu Ying Inventor before: Zhang Lili Inventor before: Huang Tao Inventor before: Li Yanxia Inventor before: Zhang Xiaoling |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: NIU DANMEI WANG SHAOFENG ZHANG ZHIYONG WU YING ZHANG LILI HUANG TAO LI YANXIA ZHANG XIAOLING TO: ZHANG ZHIYONG NIU DANMEI HUANG TAO WU YING ZHANG LILI LI YANXIA ZHANG XIAOLING |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130501 Termination date: 20141021 |
|
| EXPY | Termination of patent right or utility model |