CN102842008A - Electronic issuing system and publication issuing method - Google Patents

Electronic issuing system and publication issuing method Download PDF

Info

Publication number
CN102842008A
CN102842008A CN 201110167247 CN201110167247A CN102842008A CN 102842008 A CN102842008 A CN 102842008A CN 201110167247 CN201110167247 CN 201110167247 CN 201110167247 A CN201110167247 A CN 201110167247A CN 102842008 A CN102842008 A CN 102842008A
Authority
CN
China
Prior art keywords
digital certificate
key
terminal
certificate
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 201110167247
Other languages
Chinese (zh)
Inventor
张晓华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
XINHUA NEWS AGENCY INFORMATION CENTRAL
Original Assignee
XINHUA NEWS AGENCY INFORMATION CENTRAL
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by XINHUA NEWS AGENCY INFORMATION CENTRAL filed Critical XINHUA NEWS AGENCY INFORMATION CENTRAL
Priority to CN 201110167247 priority Critical patent/CN102842008A/en
Publication of CN102842008A publication Critical patent/CN102842008A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides an electronic issuing system. The electronic issuing system comprises a content processing node and terminal equipment, and is characterized in that the electronic issuing system further comprises a copyright authorizing center and an equipment certificate issuing node, wherein the copyright authorizing center is used for generating a copyright object file, issuing a digital certificate for a user, providing a corresponding private key and providing database service; the content processing node is used for encrypting a publication by using a secret key (Key) so as to generate a content object file; the equipment certificate issuing node is used for receiving the digital certificate and the corresponding private key issued by the copyright authorizing center and burning the digital certificate and the corresponding private key into the terminal equipment; and the terminal equipment is used for acquiring the content object file and the copyright object file, and thus acquiring the secret key (Key) through the private key in the terminal, and decrypting the publication in the content object file into a plaintext. The invention further provides a corresponding electronic issuing method for the publication. Through the electronic issuing system and the electronic issuing method, issued information can be encrypted in a certification process; encrypting levels can be graded; and software encryption and hardware encryption are combined to improve the encrypting security and the encrypting flexibility.

Description

A kind of electronic distribution system and distribution of publications method
Technical field
The present invention relates to the technical field of electronic distribution system, specifically, the present invention relates to a kind of electronic distribution system and distribution of publications method.
Background technology
The electronic distribution system is news information electron-propagation and the internet digital publishing system that is shown as main body with electron-propagation, personal terminal.Different with traditional paper media, bring challenges based on the network issuing way of digitizing media copyright control, because sharing, the virtual property of network if do not take certain technological means, will inevitably be brought the pirate wildness of electronic publication to publication.At present; Traditional electronic distribution system mainly comprises: DBM, information issuing module and user terminal; This system does not use the AES and the encryption technology based on PKIX (Public Key Infrastructure is abbreviated as PKI) of any built-in globality that the copyright of publication is protected.In this system, for the protection of copyright, modal means be the publisher voluntarily when uploading with File Compress and file decompress(ion) password is set, the security of this copyright protection mode is lower, is difficult to effectively ensure publisher and terminal user's rights and interests.And its protected mode is single, is difficult to further realize the graded encryption of different level of securitys, is difficult to provide for the user personalized service of different security level.
Therefore, current press for a kind of safe and the electronic distribution system and the distribution of publications method of the personalized service of different security level can be provided for the user.
Summary of the invention
Therefore, the purpose of this invention is to provide a kind of safe and the electronic distribution system and the distribution of publications method of the personalized service of different security level can be provided for the user.
Be to realize the foregoing invention purpose, the invention provides a kind of electronic distribution system, comprising: contents processing node and terminal device is characterized in that said electronic distribution system also comprises copyright authorization center and device certificate granting node;
The copyright authorization center is used to generate the right objects file, signs and issues digital certificate and corresponding private key is provided and database service is provided for the user; Wherein the right objects file carries public key encryption that uses in the digital certificate and the key K ey that appears with the ciphertext form;
The contents processing node is used to use key K ey to encrypt publication to generate content object file;
Device certificate is provided node and is used for receiving the digital certificate signed and issued at the copyright authorization center and respective private keys and they are provided to terminal device.
Wherein, said terminal device is used to obtain content object file and right objects file, and then utilizes the private key in the terminal to obtain the key K ey in the right objects file, uses key K ey that the deciphering of the publication in the content object file is plaintext again.
Wherein, the digital certificate signed and issued for the user of said copyright authorization center comprises the terminal digital certificate and can plug the memory device digital certificate; Said contents processing node also is used to set the encryption level parameter of publication, and different encryption level parameters correspond respectively to said terminal digital certificate, the said memory device digital certificate that plugs.
Wherein, said copyright authorization center also is used for according to the PKI that the difference of encryption level parameter uses the terminal digital certificate maybe can plug the memory device digital certificate respectively said key K ey being encrypted, and generates said right objects file.
Wherein, The said device certificate granting digital certificate that node received comprises the terminal digital certificate and can plug the memory device digital certificate; When receiving the terminal digital certificate; Said device certificate is provided node said terminal digital certificate and respective private keys thereof is provided to terminal device, and when receiving can plug the memory device digital certificate time, said device certificate is provided node and plugged the memory device digital certificate and respective private keys provides to plugging in the hardware of memory device equipment with said.
Wherein, said terminal device is used for according to encryption level parameter acquiring relevant terminal digital certificate or can plugs the memory device digital certificate, thereby further obtains key K ey and the deciphering of the publication in the content object file is plaintext according to its respective private keys.
Wherein, the said memory device that plugs is SDKey or Ukey, and the said memory device digital certificate that plugs is SDKey or Ukey digital certificate.
Wherein, said copyright authorization center comprises:
Database Systems are used to provide database service;
The authority center is used to generate the right objects file; And
Digital certificate system is used to the user and signs and issues digital certificate.
Wherein, said copyright authorization center comprises external network, middle layer network and internal network, cuts apart through fire wall in the middle of external network and the middle layer network, also cuts apart through fire wall in the middle of middle layer network and the internal network; Said Database Systems are arranged in internal network, can not directly be visited by external network; Authority center, digital certificate system are arranged in layer network, and they can be by visiting from outside.
Wherein, Layer network also inserts the database access server in said; This database access server is connected with external network through vpn gateway; When said contents processing node, said device certificate are provided the data in node or the said terminal device acquisition request Database Systems; At first visit said database access server, be positioned at the Database Systems of internal network, and then provide node or terminal device to contents processing node, device certificate that corresponding data returns to request msg by said database access server access.
The present invention also provides a kind of distribution of publications method based on above-mentioned electronic distribution system, comprises the following steps:
1) the contents processing node uses key K ey to encrypt publication to generate content object file;
2) the copyright authorization center generates the right objects file, and the right objects file carries public key encryption that uses in the digital certificate and the key K ey that appears with the ciphertext form;
3) content object file and right objects file are sent to terminal device.
Wherein, in the said step 1), said contents processing node also is provided with the encryption level parameter of each publication;
Said step 2) in, the PKI that said copyright authorization center uses the terminal digital certificate maybe can plug in the memory device digital certificate respectively according to the difference of encryption level parameter is encrypted said key K ey, and generates said right objects file.
Wherein, said distribution of publications method also comprises step 4),
4) terminal device obtains content object file and right objects file, and then utilizes the corresponding private key deciphering of said digital certificate to obtain weighing the key K ey in the obj ect file, uses key K ey that the deciphering of the publication in the content object file is plaintext again.
Wherein, In the said step 4); Said terminal device is according to encryption level parameter acquiring relevant terminal digital certificate or can plug the memory device digital certificate, thereby further obtains key K ey and the deciphering of the publication in the content object file is plaintext according to its corresponding private key.
Compared with prior art, the present invention has following technique effect:
1, the encryption that information releasing is had verification process.Different with traditional password encryption, the deciphering of native system has comprised the bi-directional verification process based on PKI.
2, can the encryption level classification be combined soft, hardware encipher, improve the security and the dirigibility of encrypting.
Description of drawings
Fig. 1 shows the structural representation of the electronic distribution system of one embodiment of the invention.
Embodiment
Below, in conjunction with accompanying drawing and specific embodiment the present invention is done further description.
With reference to shown in Figure 1, according to one embodiment of present invention, a kind of electronic distribution system is provided, this electronic distribution system comprises four category nodes: copyright authorization center, contents processing node, device certificate are provided node and terminal device (like reader).
Wherein, the copyright authorization center generally is positioned at central machine room, is used to provide right objects (RO) file, signs and issues digital certificate and database service is provided for the user.Right objects (RO) file be the various information according to user in the order generate (when the user clicks when subscribing to through client; User name, terminal models, subscribed various information package such as electronic medium label are formed order; Be sent to the copyright authorization center to generate the RO file); There is the key K ey of ciphertext in decryption content object (CO) file RO file the inside, also has user's associated rights information.Key K ey and user's associated rights information is all used the public key encryption in the pairing digital certificate of this user.
The contents processing node is usually located at ground such as publishing house, library, and its effect is the PKI that utilizes in the digital certificate, with uploaded and encrypt through the information of audit, generate the CO file.
Device certificate is provided node and is used for providing digital certificate to terminal device.This digital certificate is burnt in the terminal device hardware when terminal device (like reader) hardware is produced.In general, the production line of reader production firm cannot be connected on the public network.For handling this situation; The copyright authorization center provides the function of signing and issuing numeral in batch; Can once sign and issue a collection of digital certificate (such as 10,000); Packaging ciphering sends the device certificate that is positioned at the manufacturer address later on to and provides node, so that the manufacturer is burnt to digital certificate in the terminal device hardware.
Terminal device is used for obtaining the CO file from network, and the address of extracting the copyright authorization center in the CO file also obtains corresponding RO file, and then obtains the key K ey in the RO file, use again key K ey with the deciphering of the publication in the CO file for expressly and show.
Further, in another embodiment of the present invention, an electronic distribution system that can realize graded encryption is provided also.With reference to figure 1, this electronic distribution system comprises equally: copyright authorization center, contents processing node, device certificate through the network interconnection are provided node and terminal device (like reader).Introduce each ingredient of this electronic distribution system below respectively.
One, copyright authorization center
In a preferred embodiment, the copyright authorization center comprises Database Systems, authority center and digital certificate system.The authority center can generate the RO file according to order, and there is the key K ey of ciphertext in the deciphering CO file RO file the inside, also has user's associated rights information.They all are through public key encryption, and the PKI of encrypting them is the PKI in the user's that signed and issued by digital certificate system the digital certificate.In the preferred embodiment; Digital certificate is divided into two kinds; First kind be the digital certificate provided to the terminal and corresponding private key (specifically; Be with digital certificate in the corresponding private key of PKI), this certificate and corresponding private key are burnt in the terminal hardware when reader hardware is produced.Second kind is the digital certificate to the SDKey granting at terminal.The digital certificate system of central machine room is that terminal and/or SDKey hardware are signed and issued digital certificate, and the SDKey that the user buys issued certificate is inserted on the terminal device then and uses.A pair of PKI (in digital certificate) and the private key that adds, deciphers that be respectively applied for also arranged among the SDKey.There is special memory block to store digital certificate and private key respectively among the SDKey.Digital certificate system can call cipher machine generation key when generating new authentication right, puts into PKI and user related information certificate and deposit certificate database in, afterwards certificate, private key delivered to the certificate issued node and wait for granting.Wherein, PKI and private key are two keys paired and inequality.They can the encrypting and decrypting data, can decipher with private key behind the public key encryption, can decipher with PKI behind the encrypted private key, and different is, PKI is externally open, and private key has only the owner one people to have.When encrypting data message with " addressee's PKI " with " sender ", have only " addressee " just to have " addressee's private key ", just can open " parcel " and obtain information, i.e. confidentiality in the information security, this process is data encryption.And " sender " is when encrypting data with " sender's private key "; Any " addressee " can use " sender's PKI " to open " parcel " and obtain information, owing to have only " sender " that " sender's private key " just arranged, so " parcel " that its PKI of every usefulness can be opened; Must " sender " rather than other go-betweens or hacker send out; " sender " can't deny, i.e. non-repudiation in the information security, and this process is a digital signature.Need to prove, the SDKey in the present embodiment also can be with UKey etc. other can plug memory device and replace, at this moment, the SDKey digital certificate replaces with digital certificate that other can plug memory device.This is that those skilled in the art are understandable.
Further, in a further advantageous embodiment, said copyright authorization Centroid is made up of the LAN that has three network segments at least.With reference to figure 1; Each network segment of copyright authorization Centroid is divided into three levels; These three levels are respectively external network, middle layer network (like the demilitarized zone), internal network, cut apart through fire wall in the middle of external network and the demilitarized zone, also cut apart through fire wall in the middle of demilitarized zone and the internal network.Database Systems are arranged in the internal network of innermost layer as vital system, and for other system provides the database support, Database Systems can not directly be visited by external network; And authority center, digital certificate system are positioned at the demilitarized zone, and they need be by visiting from outside.In a preferred embodiment, the authority center comprises authority central server crowd, cipher machine and load-balancing device.Digital certificate system comprises diploma system server zone and cipher machine.Also insert the database access server in the demilitarized zone, this database access server is connected with external network through vpn gateway.When contents processing node, device certificate are provided the data in node or the terminal device acquisition request Database Systems; At first visit said database access server; Be positioned at the Database Systems of internal network by the database access server access, and then provide node or terminal device to contents processing node, device certificate that corresponding data returns to request msg.In addition; Aspect software; The copyright authorization Centroid is equipped with platform management system; Platform management system provides management of information functions such as corresponding books, user, certificate for the website to the enterprise internal management personnel for it, be the external form of expression of the office terminal of copyright authorization Centroid.The supvr can utilize platform management system that the copyright authorization Centroid is operated through being positioned at the office terminal of internal network.
Two, contents processing node
In a preferred embodiment, the contents processing node is positioned at ground such as publishing house, library, and its effect is with that uploaded and information (like publication) encryption through examining, formation object (CO) file afterwards.The contents processing node uses key key to information encryption.For protecting the copyright of publication better, the contents processing node also carries out classification to publication, sets the encryption level parameter, and the copyright authorization Centroid will be encrypted key key with different PKIs according to this encryption level parameter.Such as, if High Security Level information (publication), will be with the public key encryption key key in the higher SDKey digital certificate of level of security, otherwise will use the public key encryption key key in the digital certificate of terminal.The contents processing node can have a lot, and along with carrying out of business can be on the increase.With reference to figure 1, the contents processing node comprises content encryption system and cipher machine, is used for information is encrypted generation content object (CO) file.The office terminal also is set in the contents processing node, and the office terminal can be connected to the database access server of central machine room through vpn gateway, through the Database Systems in its service broker visit central machine room Intranet.This access mode through the middleware agency has guaranteed the safety of Database Systems.Aspect software, the contents processing node also is equipped with content delivering system, and this system is the WEB server to the user, and with the B/S structure, the form of webpage function such as uploads for the user provides, and is the external form of expression of the office terminal of contents processing node.The personnel that put on the shelf operate the content processing node through content delivering system.
Three, device certificate is provided node
In a preferred embodiment, device certificate is provided node and is provided digital certificate to the terminal, and this certificate is burnt in the terminal hardware when reader hardware is produced.And the production line of reader production firm cannot be connected on the public network.For handling this situation, digital certificate management system provides the function of signing and issuing numeral in batch, can once sign and issue a collection of digital certificate (such as 10,000), and packaging ciphering sends manufacturer's production line interface message processor (IMP) later on to.Present embodiment provides the api interface that extracts certificate for producing the line interface machine; Through the production line off line is called; Production line can obtain this lot number word certificate, and in each reader hardware digital certificate of burning, there is the PKI that is used for encrypting general information the inside.The corresponding private key that is used for deciphering also will be by burning in the terminal.
On the other hand, the digital certificate system server at copyright authorization center is is also signed and issued digital certificate for SDKey hardware, is burnt to (with the burning mode of reader) in the SDKey hardware by the SDKey manufacturer.The SDKey that the user can buy issued certificate is inserted on the terminal device then and uses.A pair of PKI (in certificate) and the private key that is respectively applied for encryption and decryption also arranged among the SDKey.
Four, terminal device
In a preferred embodiment, terminal device mainly is made up of terminal software, DRM agency and SDKey.It is connected to electronic media issue site through network (like the 3G network of commmunication company) and downloads electronic medium; Promptly obtain content object (CO) file and check its integrality and encryption level, then content object (CO) file transfers is acted on behalf of to DRM through its terminal software.The DRM agency is a software package of client terminal; User terminal extracts the address at the copyright authorization center in content object (CO) file and obtains corresponding right objects (RO) file through it; And completion is to their parsing work; It will be once more when untiing CO and RO file checks that to the validity of their content the plaintext after will deciphering according to encryption level afterwards offers terminal software and carries out display operation.
In the above-mentioned preferred embodiment, adopted the mode of built-in, external certificate digital certificate that the content of sending is encrypted, thereby the cryptographic services of many levels of confidentiality can be provided.For example: 3 grades of encryptions can be realized in the terminal, and being respectively does not have encryption, rudimentary encryption and superencipherment.Wherein the High Security Level cryptographic services is meant the public key encryption with external hardware certificate.External hardware certificate is exactly the hardware digital certificate to the SDKey at terminal.The digital certificate system server of content distribution platform central machine room can be signed and issued digital certificate for SDKey hardware, and the user can be inserted into the SDKey of issued certificate on the terminal device and use, and activates the more service of High Security Level.The user is when using terminal device (like E-book reader etc.); 3G network through operators such as commmunication companies is connected to electronic media issue site download electronic medium; And through its DRM agency acquisition rights certificate file (RO) corresponding with user terminal SDKey; Carry out the operation such as authentication, authority processing, deciphering of DRM then, finally decrypt clear content and offer legal users.
Below introduce the distribution of publications method based on above-mentioned electronic distribution system, the distribution of publications method comprises: publication encryption method and decryption method.
The publication encryption method comprises the following steps:
1. the encryption level sign when being put on the shelf according to electronic medium by the office terminal of contents processing node is confirmed its encryption level; (electronic medium generates the level of confidentiality parameter according to the digital content categorizing system automatically when putting on the shelf to obtain the encryption level parameter; Together be kept in the database table as one of the attribute of digital content and data such as title, size.So directly read when the copyright authorization Centroid needs from lane database) (for example 0 representative do not have to be encrypted, the common encryption of 1 representative, and 2 represent the SDKey superencipherment) and be recorded in the Database Systems at copyright authorization center.
2. generate symmetric cryptographic key Key and key identification KeyID by the content encryption system of contents processing node at random according to media identification and with they storages.Pass through key K ey then to information encryption, generate ciphertext, put into the cryptograph files head to key identification KeyID with the server address of providing the RO file afterwards, thereby generate content object (CO) file.(when generating the CO file, the encryption level parameter also is placed in the CO file, thus the level of confidentiality parameter is passed to terminal device.)
3. from certificate repository (being certificate database), obtain in the digital certificate of user terminal or SDKey by the authority center at copyright authorization center and obtain PKI.Wherein, the encryption level parameter is 1 o'clock, from certificate repository, obtains the PKI of terminal digital certificate, during encryption level parameter 2, from certificate repository, obtains the PKI of SDKey digital certificate.
4. key K ey is encrypted with the PKI in terminal or the SDKey by the authority center at copyright authorization center; Put into right objects (RO) file and with the private key at authority center (PKI, private key that the authority central server has oneself to and certificate, all keys, certificate are all become with the certificate server all living creatures by KMC respectively) the RO file is carried out digital signature.Wherein, the encryption level parameter is 1 o'clock, with the public key encryption of terminal digital certificate, during encryption level parameter 2, with the public key encryption of SDKey digital certificate.
After encrypting completion, content object (CO) file and right objects (RO) file transfers are given user terminal.The publication decryption method comprises the following steps:
1. by terminal device received content object (CO) file and right objects (RO) file and confirm the integrality (for example using the MD5 algorithm to confirm the integrality of file) of file and (this PKI is placed in the certificate, and the same with certificate is disclosed with the PKI at authority center.) certifying digital signature.
By DRM proxy resolution content object (CO) file in the terminal device obtaining security information, key K eyID, to provide the server address and the cryptograph files of right objects (RO) file, and check the above-mentioned information integrity (can use SHA-1 algorithm checks integrality in this step) that is parsed by the DRM agency.
By DRM proxy resolution right objects (RO) file to obtain the integrality of authority informations such as ciphertext key K EY and term of life and checking information.In this step, available SHA-1 proof of algorithm integrality.If right objects (RO) file does not exist or invalid in this step, then DRM agency can visit the server address and the KeyID of granting right objects (RO) file of obtaining in the 2nd step, applies for new right objects (RO) file.
4. in terminal or SDKey, obtain private key according to the encryption level parameter by DRM agency, the key K ey deciphering of ciphertext form is form expressly.
5. act on behalf of with key K ey decrypting ciphertext by DRM, obtain expressly.
After obtaining expressly, the corresponding software that general's plaintext and user right parameter (information such as access times, time) pass to terminal device supplies the user to browse.
The beneficial effect that technical scheme of the present invention is brought comprises:
1, encryption level is distinguished and terminal non-integral structure, and promptly terminal and SDKey are separable.Control through plug SDKey, realizes that the content reading of Low Security Level and High Security Level is switched flexibly.When having only the SDKey of insertion and launching private key, could decipher and check High Security Level information, otherwise can only browse Low Security Level information.
2, with low cost.Hardware SDKey is solidificated in the external SD card special track, when external storage space is provided, the level of confidentiality encryption function is provided, and need not increase extra cost.In addition; Like user's SDKey damage or lose, only need to change external SD card, report lost property to the authorities and through after the identity audit; Can or bind the information of specializing in again according to the user class recovery; Reactivate the informational function of specializing at original terminal, do not need to change separately new terminal, the user cost burden is reduced greatly.
3, safety.SDKey can adopt the double factor authentication technology, and SDKey can generate a random code according to counterpart terminal when dispatching from the factory, and could use the private key of SDKey when only putting into corresponding terminal.Therefore, even user SDKey loses, the High Security Level information of validated user also can't be accessed to; If user's terminal loss, and SDKey be also (can take off respectively and deposit) is picked up the High Security Level information that the terminal person also can't calling party.This makes the safety of the important information of validated user obtain powerful guarantee.
What should explain at last is; Above embodiment is only in order to technical scheme of the present invention to be described but not to its restriction; And on using, can extend to other modification, variation, application and embodiment, think that simultaneously all such modifications, variation, application, embodiment are within the spirit and scope of the present invention.

Claims (14)

1. electronic distribution system comprises: contents processing node and terminal device is characterized in that said electronic distribution system comprises that also copyright authorization center and device certificate provide node;
The copyright authorization center is used to generate the right objects file, signs and issues digital certificate and corresponding private key is provided and database service is provided for the user; Wherein the right objects file carries public key encryption that uses in the digital certificate and the key K ey that appears with the ciphertext form;
The contents processing node is used to use key K ey to encrypt publication to generate content object file;
Device certificate is provided node and is used for receiving the digital certificate signed and issued at the copyright authorization center and respective private keys and they are provided to terminal device.
2. electronic distribution according to claim 1 system; It is characterized in that; Said terminal device is used to obtain content object file and right objects file; And then utilize the private key in the terminal to obtain the key K ey in the right objects file, use key K ey that the deciphering of the publication in the content object file is plaintext again.
3. electronic distribution according to claim 1 system is characterized in that, the digital certificate that sign and issue for the user at said copyright authorization center comprises the terminal digital certificate and can plug the memory device digital certificate; Said contents processing node also is used to set the encryption level parameter of publication, and different encryption level parameters correspond respectively to said terminal digital certificate, the said memory device digital certificate that plugs.
4. electronic distribution according to claim 3 system; It is characterized in that; Said copyright authorization center also is used for according to the PKI that the difference of encryption level parameter uses the terminal digital certificate maybe can plug the memory device digital certificate respectively said key K ey being encrypted, and generates said right objects file.
5. electronic distribution according to claim 4 system; It is characterized in that; The said device certificate granting digital certificate that node received comprises the terminal digital certificate and can plug the memory device digital certificate; When receiving the terminal digital certificate; Said device certificate is provided node said terminal digital certificate and respective private keys thereof is provided to terminal device, and when receiving can plug the memory device digital certificate time, said device certificate is provided node and plugged the memory device digital certificate and respective private keys provides to plugging in the hardware of memory device equipment with said.
6. electronic distribution according to claim 5 system; It is characterized in that; Said terminal device is used for according to encryption level parameter acquiring relevant terminal digital certificate or can plugs the memory device digital certificate, thereby further obtains key K ey and the deciphering of the publication in the content object file is plaintext according to its respective private keys.
7. according to each described electronic distribution system in the claim 3~6, it is characterized in that the said memory device that plugs is SDKey or Ukey, the said memory device digital certificate that plugs is SDKey or Ukey digital certificate.
8. electronic distribution according to claim 1 system is characterized in that said copyright authorization center comprises:
Database Systems are used to provide database service;
The authority center is used to generate the right objects file; And
Digital certificate system is used to the user and signs and issues digital certificate.
9. electronic distribution according to claim 8 system; It is characterized in that; Said copyright authorization center comprises external network, middle layer network and internal network, cuts apart through fire wall in the middle of external network and the middle layer network, also cuts apart through fire wall in the middle of middle layer network and the internal network; Said Database Systems are arranged in internal network, can not directly be visited by external network; Authority center, digital certificate system are arranged in layer network, and they can be by visiting from outside.
10. electronic distribution according to claim 9 system; It is characterized in that; Layer network also inserts the database access server in said; This database access server is connected with external network through vpn gateway, during the interior data of said contents processing node, said device certificate granting node or said terminal device acquisition request Database Systems, at first visits said database access server; Be positioned at the Database Systems of internal network by said database access server access, and then provide node or terminal device to contents processing node, device certificate that corresponding data returns to request msg.
11. a distribution of publications method of utilizing the described electronic distribution of claim 1 system comprises the following steps:
1) the contents processing node uses key K ey to encrypt publication to generate content object file;
2) the copyright authorization center generates the right objects file, and the right objects file carries public key encryption that uses in the digital certificate and the key K ey that appears with the ciphertext form;
3) content object file and right objects file are sent to terminal device.
12. distribution of publications method according to claim 11 is characterized in that, in the said step 1), said contents processing node also is provided with the encryption level parameter of each publication;
Said step 2) in, the PKI that said copyright authorization center uses the terminal digital certificate maybe can plug in the memory device digital certificate respectively according to the difference of encryption level parameter is encrypted said key K ey, and generates said right objects file.
13. distribution of publications method according to claim 11 is characterized in that, also comprises step 4),
4) terminal device obtains content object file and right objects file, and then utilizes the corresponding private key deciphering of said digital certificate to obtain weighing the key K ey in the obj ect file, uses key K ey that the deciphering of the publication in the content object file is plaintext again.
14. distribution of publications method according to claim 13; It is characterized in that; In the said step 4); Said terminal device is according to encryption level parameter acquiring relevant terminal digital certificate or can plug the memory device digital certificate, thereby further obtains key K ey and the deciphering of the publication in the content object file is plaintext according to its corresponding private key.
CN 201110167247 2011-06-21 2011-06-21 Electronic issuing system and publication issuing method Pending CN102842008A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201110167247 CN102842008A (en) 2011-06-21 2011-06-21 Electronic issuing system and publication issuing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201110167247 CN102842008A (en) 2011-06-21 2011-06-21 Electronic issuing system and publication issuing method

Publications (1)

Publication Number Publication Date
CN102842008A true CN102842008A (en) 2012-12-26

Family

ID=47369358

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201110167247 Pending CN102842008A (en) 2011-06-21 2011-06-21 Electronic issuing system and publication issuing method

Country Status (1)

Country Link
CN (1) CN102842008A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104008460A (en) * 2014-06-11 2014-08-27 公安部交通管理科学研究所 Method for issuing legal document of motor vehicle registration certificates in digitization mode
CN104243439A (en) * 2013-11-12 2014-12-24 新华瑞德(北京)网络科技有限公司 File transfer processing method and system and terminals
CN106375093A (en) * 2016-08-31 2017-02-01 芜湖市振华戎科智能科技有限公司 Encrypted compact disc system based on watermark and authentication server
CN107086920A (en) * 2017-06-20 2017-08-22 无锡井通网络科技有限公司 Copyright based on block chain really weighs method
CN107204917A (en) * 2016-03-16 2017-09-26 无锡十月中宸科技有限公司 A kind of Yunan County's full gateway and cloud security system
CN107204918A (en) * 2016-03-16 2017-09-26 无锡十月中宸科技有限公司 A kind of Yunan County's full gateway and cloud security system
CN110688627A (en) * 2019-08-30 2020-01-14 华为技术有限公司 3D material protection method and device
CN111641507A (en) * 2020-05-18 2020-09-08 湖南智领通信科技有限公司 Software communication system structure component registration management method and device

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104243439A (en) * 2013-11-12 2014-12-24 新华瑞德(北京)网络科技有限公司 File transfer processing method and system and terminals
CN104243439B (en) * 2013-11-12 2018-03-02 大唐网络有限公司 Document transmission processing method, system and terminal
CN104008460A (en) * 2014-06-11 2014-08-27 公安部交通管理科学研究所 Method for issuing legal document of motor vehicle registration certificates in digitization mode
CN104008460B (en) * 2014-06-11 2017-10-13 公安部交通管理科学研究所 Method for the legal certificate digitlization distribution of the motor vehicle certificate of registration
CN107204917A (en) * 2016-03-16 2017-09-26 无锡十月中宸科技有限公司 A kind of Yunan County's full gateway and cloud security system
CN107204918A (en) * 2016-03-16 2017-09-26 无锡十月中宸科技有限公司 A kind of Yunan County's full gateway and cloud security system
CN106375093A (en) * 2016-08-31 2017-02-01 芜湖市振华戎科智能科技有限公司 Encrypted compact disc system based on watermark and authentication server
CN107086920A (en) * 2017-06-20 2017-08-22 无锡井通网络科技有限公司 Copyright based on block chain really weighs method
CN110688627A (en) * 2019-08-30 2020-01-14 华为技术有限公司 3D material protection method and device
CN110688627B (en) * 2019-08-30 2023-11-10 华为技术有限公司 3D material protection method and device
CN111641507A (en) * 2020-05-18 2020-09-08 湖南智领通信科技有限公司 Software communication system structure component registration management method and device
CN111641507B (en) * 2020-05-18 2023-09-19 湖南智领通信科技有限公司 Software communication architecture component registration management method and device

Similar Documents

Publication Publication Date Title
US11470054B2 (en) Key rotation techniques
CN110417750B (en) Block chain technology-based file reading and storing method, terminal device and storage medium
CN1689297B (en) Method of preventing unauthorized distribution and use of electronic keys using a key seed
CN100533456C (en) Security code production method and methods of using the same, and programmable device therefor
GB2538052B (en) Encoder, decoder, encryption system, encryption key wallet and method
CN102842008A (en) Electronic issuing system and publication issuing method
Zou et al. Phosphor: A cloud based DRM scheme with sim card
US20060072745A1 (en) Encryption system using device authentication keys
CN101919202B (en) Information distribution system and program for the same
US20060280297A1 (en) Cipher communication system using device authentication keys
CN101720071B (en) Short message two-stage encryption transmission and secure storage method based on safety SIM card
CN104662870A (en) Data security management system
CN102687132A (en) Trustworthy extensible markup language for trustworthy computing and data services
CN101305375A (en) System and method for controlling distribution of electronic information
CN105450395A (en) Information encryption and decryption processing method and system
WO2008085917A2 (en) Token passing technique for media playback devices
JP2008529044A (en) Secure encryption system, apparatus and method
US6990582B2 (en) Authentication method in an agent system
CN104322003A (en) Cryptographic authentication and identification method using real-time encryption
CN107332666A (en) Terminal document encryption method
CN102577454A (en) A method for communicating data between a secure element and a network access point and a corresponding secure element
WO2007077601A1 (en) Tag authentication system
CN108965279A (en) Data processing method, device, terminal device and computer readable storage medium
CN113111386A (en) Privacy protection method for block chain transaction data
US10764260B2 (en) Distributed processing of a product on the basis of centrally encrypted stored data

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20121226