CN102842008A - Electronic issuing system and publication issuing method - Google Patents
Electronic issuing system and publication issuing method Download PDFInfo
- Publication number
- CN102842008A CN102842008A CN 201110167247 CN201110167247A CN102842008A CN 102842008 A CN102842008 A CN 102842008A CN 201110167247 CN201110167247 CN 201110167247 CN 201110167247 A CN201110167247 A CN 201110167247A CN 102842008 A CN102842008 A CN 102842008A
- Authority
- CN
- China
- Prior art keywords
- digital certificate
- key
- terminal
- certificate
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides an electronic issuing system. The electronic issuing system comprises a content processing node and terminal equipment, and is characterized in that the electronic issuing system further comprises a copyright authorizing center and an equipment certificate issuing node, wherein the copyright authorizing center is used for generating a copyright object file, issuing a digital certificate for a user, providing a corresponding private key and providing database service; the content processing node is used for encrypting a publication by using a secret key (Key) so as to generate a content object file; the equipment certificate issuing node is used for receiving the digital certificate and the corresponding private key issued by the copyright authorizing center and burning the digital certificate and the corresponding private key into the terminal equipment; and the terminal equipment is used for acquiring the content object file and the copyright object file, and thus acquiring the secret key (Key) through the private key in the terminal, and decrypting the publication in the content object file into a plaintext. The invention further provides a corresponding electronic issuing method for the publication. Through the electronic issuing system and the electronic issuing method, issued information can be encrypted in a certification process; encrypting levels can be graded; and software encryption and hardware encryption are combined to improve the encrypting security and the encrypting flexibility.
Description
Technical field
The present invention relates to the technical field of electronic distribution system, specifically, the present invention relates to a kind of electronic distribution system and distribution of publications method.
Background technology
The electronic distribution system is news information electron-propagation and the internet digital publishing system that is shown as main body with electron-propagation, personal terminal.Different with traditional paper media, bring challenges based on the network issuing way of digitizing media copyright control, because sharing, the virtual property of network if do not take certain technological means, will inevitably be brought the pirate wildness of electronic publication to publication.At present; Traditional electronic distribution system mainly comprises: DBM, information issuing module and user terminal; This system does not use the AES and the encryption technology based on PKIX (Public Key Infrastructure is abbreviated as PKI) of any built-in globality that the copyright of publication is protected.In this system, for the protection of copyright, modal means be the publisher voluntarily when uploading with File Compress and file decompress(ion) password is set, the security of this copyright protection mode is lower, is difficult to effectively ensure publisher and terminal user's rights and interests.And its protected mode is single, is difficult to further realize the graded encryption of different level of securitys, is difficult to provide for the user personalized service of different security level.
Therefore, current press for a kind of safe and the electronic distribution system and the distribution of publications method of the personalized service of different security level can be provided for the user.
Summary of the invention
Therefore, the purpose of this invention is to provide a kind of safe and the electronic distribution system and the distribution of publications method of the personalized service of different security level can be provided for the user.
Be to realize the foregoing invention purpose, the invention provides a kind of electronic distribution system, comprising: contents processing node and terminal device is characterized in that said electronic distribution system also comprises copyright authorization center and device certificate granting node;
The copyright authorization center is used to generate the right objects file, signs and issues digital certificate and corresponding private key is provided and database service is provided for the user; Wherein the right objects file carries public key encryption that uses in the digital certificate and the key K ey that appears with the ciphertext form;
The contents processing node is used to use key K ey to encrypt publication to generate content object file;
Device certificate is provided node and is used for receiving the digital certificate signed and issued at the copyright authorization center and respective private keys and they are provided to terminal device.
Wherein, said terminal device is used to obtain content object file and right objects file, and then utilizes the private key in the terminal to obtain the key K ey in the right objects file, uses key K ey that the deciphering of the publication in the content object file is plaintext again.
Wherein, the digital certificate signed and issued for the user of said copyright authorization center comprises the terminal digital certificate and can plug the memory device digital certificate; Said contents processing node also is used to set the encryption level parameter of publication, and different encryption level parameters correspond respectively to said terminal digital certificate, the said memory device digital certificate that plugs.
Wherein, said copyright authorization center also is used for according to the PKI that the difference of encryption level parameter uses the terminal digital certificate maybe can plug the memory device digital certificate respectively said key K ey being encrypted, and generates said right objects file.
Wherein, The said device certificate granting digital certificate that node received comprises the terminal digital certificate and can plug the memory device digital certificate; When receiving the terminal digital certificate; Said device certificate is provided node said terminal digital certificate and respective private keys thereof is provided to terminal device, and when receiving can plug the memory device digital certificate time, said device certificate is provided node and plugged the memory device digital certificate and respective private keys provides to plugging in the hardware of memory device equipment with said.
Wherein, said terminal device is used for according to encryption level parameter acquiring relevant terminal digital certificate or can plugs the memory device digital certificate, thereby further obtains key K ey and the deciphering of the publication in the content object file is plaintext according to its respective private keys.
Wherein, the said memory device that plugs is SDKey or Ukey, and the said memory device digital certificate that plugs is SDKey or Ukey digital certificate.
Wherein, said copyright authorization center comprises:
Database Systems are used to provide database service;
The authority center is used to generate the right objects file; And
Digital certificate system is used to the user and signs and issues digital certificate.
Wherein, said copyright authorization center comprises external network, middle layer network and internal network, cuts apart through fire wall in the middle of external network and the middle layer network, also cuts apart through fire wall in the middle of middle layer network and the internal network; Said Database Systems are arranged in internal network, can not directly be visited by external network; Authority center, digital certificate system are arranged in layer network, and they can be by visiting from outside.
Wherein, Layer network also inserts the database access server in said; This database access server is connected with external network through vpn gateway; When said contents processing node, said device certificate are provided the data in node or the said terminal device acquisition request Database Systems; At first visit said database access server, be positioned at the Database Systems of internal network, and then provide node or terminal device to contents processing node, device certificate that corresponding data returns to request msg by said database access server access.
The present invention also provides a kind of distribution of publications method based on above-mentioned electronic distribution system, comprises the following steps:
1) the contents processing node uses key K ey to encrypt publication to generate content object file;
2) the copyright authorization center generates the right objects file, and the right objects file carries public key encryption that uses in the digital certificate and the key K ey that appears with the ciphertext form;
3) content object file and right objects file are sent to terminal device.
Wherein, in the said step 1), said contents processing node also is provided with the encryption level parameter of each publication;
Said step 2) in, the PKI that said copyright authorization center uses the terminal digital certificate maybe can plug in the memory device digital certificate respectively according to the difference of encryption level parameter is encrypted said key K ey, and generates said right objects file.
Wherein, said distribution of publications method also comprises step 4),
4) terminal device obtains content object file and right objects file, and then utilizes the corresponding private key deciphering of said digital certificate to obtain weighing the key K ey in the obj ect file, uses key K ey that the deciphering of the publication in the content object file is plaintext again.
Wherein, In the said step 4); Said terminal device is according to encryption level parameter acquiring relevant terminal digital certificate or can plug the memory device digital certificate, thereby further obtains key K ey and the deciphering of the publication in the content object file is plaintext according to its corresponding private key.
Compared with prior art, the present invention has following technique effect:
1, the encryption that information releasing is had verification process.Different with traditional password encryption, the deciphering of native system has comprised the bi-directional verification process based on PKI.
2, can the encryption level classification be combined soft, hardware encipher, improve the security and the dirigibility of encrypting.
Description of drawings
Fig. 1 shows the structural representation of the electronic distribution system of one embodiment of the invention.
Embodiment
Below, in conjunction with accompanying drawing and specific embodiment the present invention is done further description.
With reference to shown in Figure 1, according to one embodiment of present invention, a kind of electronic distribution system is provided, this electronic distribution system comprises four category nodes: copyright authorization center, contents processing node, device certificate are provided node and terminal device (like reader).
Wherein, the copyright authorization center generally is positioned at central machine room, is used to provide right objects (RO) file, signs and issues digital certificate and database service is provided for the user.Right objects (RO) file be the various information according to user in the order generate (when the user clicks when subscribing to through client; User name, terminal models, subscribed various information package such as electronic medium label are formed order; Be sent to the copyright authorization center to generate the RO file); There is the key K ey of ciphertext in decryption content object (CO) file RO file the inside, also has user's associated rights information.Key K ey and user's associated rights information is all used the public key encryption in the pairing digital certificate of this user.
The contents processing node is usually located at ground such as publishing house, library, and its effect is the PKI that utilizes in the digital certificate, with uploaded and encrypt through the information of audit, generate the CO file.
Device certificate is provided node and is used for providing digital certificate to terminal device.This digital certificate is burnt in the terminal device hardware when terminal device (like reader) hardware is produced.In general, the production line of reader production firm cannot be connected on the public network.For handling this situation; The copyright authorization center provides the function of signing and issuing numeral in batch; Can once sign and issue a collection of digital certificate (such as 10,000); Packaging ciphering sends the device certificate that is positioned at the manufacturer address later on to and provides node, so that the manufacturer is burnt to digital certificate in the terminal device hardware.
Terminal device is used for obtaining the CO file from network, and the address of extracting the copyright authorization center in the CO file also obtains corresponding RO file, and then obtains the key K ey in the RO file, use again key K ey with the deciphering of the publication in the CO file for expressly and show.
Further, in another embodiment of the present invention, an electronic distribution system that can realize graded encryption is provided also.With reference to figure 1, this electronic distribution system comprises equally: copyright authorization center, contents processing node, device certificate through the network interconnection are provided node and terminal device (like reader).Introduce each ingredient of this electronic distribution system below respectively.
One, copyright authorization center
In a preferred embodiment, the copyright authorization center comprises Database Systems, authority center and digital certificate system.The authority center can generate the RO file according to order, and there is the key K ey of ciphertext in the deciphering CO file RO file the inside, also has user's associated rights information.They all are through public key encryption, and the PKI of encrypting them is the PKI in the user's that signed and issued by digital certificate system the digital certificate.In the preferred embodiment; Digital certificate is divided into two kinds; First kind be the digital certificate provided to the terminal and corresponding private key (specifically; Be with digital certificate in the corresponding private key of PKI), this certificate and corresponding private key are burnt in the terminal hardware when reader hardware is produced.Second kind is the digital certificate to the SDKey granting at terminal.The digital certificate system of central machine room is that terminal and/or SDKey hardware are signed and issued digital certificate, and the SDKey that the user buys issued certificate is inserted on the terminal device then and uses.A pair of PKI (in digital certificate) and the private key that adds, deciphers that be respectively applied for also arranged among the SDKey.There is special memory block to store digital certificate and private key respectively among the SDKey.Digital certificate system can call cipher machine generation key when generating new authentication right, puts into PKI and user related information certificate and deposit certificate database in, afterwards certificate, private key delivered to the certificate issued node and wait for granting.Wherein, PKI and private key are two keys paired and inequality.They can the encrypting and decrypting data, can decipher with private key behind the public key encryption, can decipher with PKI behind the encrypted private key, and different is, PKI is externally open, and private key has only the owner one people to have.When encrypting data message with " addressee's PKI " with " sender ", have only " addressee " just to have " addressee's private key ", just can open " parcel " and obtain information, i.e. confidentiality in the information security, this process is data encryption.And " sender " is when encrypting data with " sender's private key "; Any " addressee " can use " sender's PKI " to open " parcel " and obtain information, owing to have only " sender " that " sender's private key " just arranged, so " parcel " that its PKI of every usefulness can be opened; Must " sender " rather than other go-betweens or hacker send out; " sender " can't deny, i.e. non-repudiation in the information security, and this process is a digital signature.Need to prove, the SDKey in the present embodiment also can be with UKey etc. other can plug memory device and replace, at this moment, the SDKey digital certificate replaces with digital certificate that other can plug memory device.This is that those skilled in the art are understandable.
Further, in a further advantageous embodiment, said copyright authorization Centroid is made up of the LAN that has three network segments at least.With reference to figure 1; Each network segment of copyright authorization Centroid is divided into three levels; These three levels are respectively external network, middle layer network (like the demilitarized zone), internal network, cut apart through fire wall in the middle of external network and the demilitarized zone, also cut apart through fire wall in the middle of demilitarized zone and the internal network.Database Systems are arranged in the internal network of innermost layer as vital system, and for other system provides the database support, Database Systems can not directly be visited by external network; And authority center, digital certificate system are positioned at the demilitarized zone, and they need be by visiting from outside.In a preferred embodiment, the authority center comprises authority central server crowd, cipher machine and load-balancing device.Digital certificate system comprises diploma system server zone and cipher machine.Also insert the database access server in the demilitarized zone, this database access server is connected with external network through vpn gateway.When contents processing node, device certificate are provided the data in node or the terminal device acquisition request Database Systems; At first visit said database access server; Be positioned at the Database Systems of internal network by the database access server access, and then provide node or terminal device to contents processing node, device certificate that corresponding data returns to request msg.In addition; Aspect software; The copyright authorization Centroid is equipped with platform management system; Platform management system provides management of information functions such as corresponding books, user, certificate for the website to the enterprise internal management personnel for it, be the external form of expression of the office terminal of copyright authorization Centroid.The supvr can utilize platform management system that the copyright authorization Centroid is operated through being positioned at the office terminal of internal network.
Two, contents processing node
In a preferred embodiment, the contents processing node is positioned at ground such as publishing house, library, and its effect is with that uploaded and information (like publication) encryption through examining, formation object (CO) file afterwards.The contents processing node uses key key to information encryption.For protecting the copyright of publication better, the contents processing node also carries out classification to publication, sets the encryption level parameter, and the copyright authorization Centroid will be encrypted key key with different PKIs according to this encryption level parameter.Such as, if High Security Level information (publication), will be with the public key encryption key key in the higher SDKey digital certificate of level of security, otherwise will use the public key encryption key key in the digital certificate of terminal.The contents processing node can have a lot, and along with carrying out of business can be on the increase.With reference to figure 1, the contents processing node comprises content encryption system and cipher machine, is used for information is encrypted generation content object (CO) file.The office terminal also is set in the contents processing node, and the office terminal can be connected to the database access server of central machine room through vpn gateway, through the Database Systems in its service broker visit central machine room Intranet.This access mode through the middleware agency has guaranteed the safety of Database Systems.Aspect software, the contents processing node also is equipped with content delivering system, and this system is the WEB server to the user, and with the B/S structure, the form of webpage function such as uploads for the user provides, and is the external form of expression of the office terminal of contents processing node.The personnel that put on the shelf operate the content processing node through content delivering system.
Three, device certificate is provided node
In a preferred embodiment, device certificate is provided node and is provided digital certificate to the terminal, and this certificate is burnt in the terminal hardware when reader hardware is produced.And the production line of reader production firm cannot be connected on the public network.For handling this situation, digital certificate management system provides the function of signing and issuing numeral in batch, can once sign and issue a collection of digital certificate (such as 10,000), and packaging ciphering sends manufacturer's production line interface message processor (IMP) later on to.Present embodiment provides the api interface that extracts certificate for producing the line interface machine; Through the production line off line is called; Production line can obtain this lot number word certificate, and in each reader hardware digital certificate of burning, there is the PKI that is used for encrypting general information the inside.The corresponding private key that is used for deciphering also will be by burning in the terminal.
On the other hand, the digital certificate system server at copyright authorization center is is also signed and issued digital certificate for SDKey hardware, is burnt to (with the burning mode of reader) in the SDKey hardware by the SDKey manufacturer.The SDKey that the user can buy issued certificate is inserted on the terminal device then and uses.A pair of PKI (in certificate) and the private key that is respectively applied for encryption and decryption also arranged among the SDKey.
Four, terminal device
In a preferred embodiment, terminal device mainly is made up of terminal software, DRM agency and SDKey.It is connected to electronic media issue site through network (like the 3G network of commmunication company) and downloads electronic medium; Promptly obtain content object (CO) file and check its integrality and encryption level, then content object (CO) file transfers is acted on behalf of to DRM through its terminal software.The DRM agency is a software package of client terminal; User terminal extracts the address at the copyright authorization center in content object (CO) file and obtains corresponding right objects (RO) file through it; And completion is to their parsing work; It will be once more when untiing CO and RO file checks that to the validity of their content the plaintext after will deciphering according to encryption level afterwards offers terminal software and carries out display operation.
In the above-mentioned preferred embodiment, adopted the mode of built-in, external certificate digital certificate that the content of sending is encrypted, thereby the cryptographic services of many levels of confidentiality can be provided.For example: 3 grades of encryptions can be realized in the terminal, and being respectively does not have encryption, rudimentary encryption and superencipherment.Wherein the High Security Level cryptographic services is meant the public key encryption with external hardware certificate.External hardware certificate is exactly the hardware digital certificate to the SDKey at terminal.The digital certificate system server of content distribution platform central machine room can be signed and issued digital certificate for SDKey hardware, and the user can be inserted into the SDKey of issued certificate on the terminal device and use, and activates the more service of High Security Level.The user is when using terminal device (like E-book reader etc.); 3G network through operators such as commmunication companies is connected to electronic media issue site download electronic medium; And through its DRM agency acquisition rights certificate file (RO) corresponding with user terminal SDKey; Carry out the operation such as authentication, authority processing, deciphering of DRM then, finally decrypt clear content and offer legal users.
Below introduce the distribution of publications method based on above-mentioned electronic distribution system, the distribution of publications method comprises: publication encryption method and decryption method.
The publication encryption method comprises the following steps:
1. the encryption level sign when being put on the shelf according to electronic medium by the office terminal of contents processing node is confirmed its encryption level; (electronic medium generates the level of confidentiality parameter according to the digital content categorizing system automatically when putting on the shelf to obtain the encryption level parameter; Together be kept in the database table as one of the attribute of digital content and data such as title, size.So directly read when the copyright authorization Centroid needs from lane database) (for example 0 representative do not have to be encrypted, the common encryption of 1 representative, and 2 represent the SDKey superencipherment) and be recorded in the Database Systems at copyright authorization center.
2. generate symmetric cryptographic key Key and key identification KeyID by the content encryption system of contents processing node at random according to media identification and with they storages.Pass through key K ey then to information encryption, generate ciphertext, put into the cryptograph files head to key identification KeyID with the server address of providing the RO file afterwards, thereby generate content object (CO) file.(when generating the CO file, the encryption level parameter also is placed in the CO file, thus the level of confidentiality parameter is passed to terminal device.)
3. from certificate repository (being certificate database), obtain in the digital certificate of user terminal or SDKey by the authority center at copyright authorization center and obtain PKI.Wherein, the encryption level parameter is 1 o'clock, from certificate repository, obtains the PKI of terminal digital certificate, during encryption level parameter 2, from certificate repository, obtains the PKI of SDKey digital certificate.
4. key K ey is encrypted with the PKI in terminal or the SDKey by the authority center at copyright authorization center; Put into right objects (RO) file and with the private key at authority center (PKI, private key that the authority central server has oneself to and certificate, all keys, certificate are all become with the certificate server all living creatures by KMC respectively) the RO file is carried out digital signature.Wherein, the encryption level parameter is 1 o'clock, with the public key encryption of terminal digital certificate, during encryption level parameter 2, with the public key encryption of SDKey digital certificate.
After encrypting completion, content object (CO) file and right objects (RO) file transfers are given user terminal.The publication decryption method comprises the following steps:
1. by terminal device received content object (CO) file and right objects (RO) file and confirm the integrality (for example using the MD5 algorithm to confirm the integrality of file) of file and (this PKI is placed in the certificate, and the same with certificate is disclosed with the PKI at authority center.) certifying digital signature.
By DRM proxy resolution content object (CO) file in the terminal device obtaining security information, key K eyID, to provide the server address and the cryptograph files of right objects (RO) file, and check the above-mentioned information integrity (can use SHA-1 algorithm checks integrality in this step) that is parsed by the DRM agency.
By DRM proxy resolution right objects (RO) file to obtain the integrality of authority informations such as ciphertext key K EY and term of life and checking information.In this step, available SHA-1 proof of algorithm integrality.If right objects (RO) file does not exist or invalid in this step, then DRM agency can visit the server address and the KeyID of granting right objects (RO) file of obtaining in the 2nd step, applies for new right objects (RO) file.
4. in terminal or SDKey, obtain private key according to the encryption level parameter by DRM agency, the key K ey deciphering of ciphertext form is form expressly.
5. act on behalf of with key K ey decrypting ciphertext by DRM, obtain expressly.
After obtaining expressly, the corresponding software that general's plaintext and user right parameter (information such as access times, time) pass to terminal device supplies the user to browse.
The beneficial effect that technical scheme of the present invention is brought comprises:
1, encryption level is distinguished and terminal non-integral structure, and promptly terminal and SDKey are separable.Control through plug SDKey, realizes that the content reading of Low Security Level and High Security Level is switched flexibly.When having only the SDKey of insertion and launching private key, could decipher and check High Security Level information, otherwise can only browse Low Security Level information.
2, with low cost.Hardware SDKey is solidificated in the external SD card special track, when external storage space is provided, the level of confidentiality encryption function is provided, and need not increase extra cost.In addition; Like user's SDKey damage or lose, only need to change external SD card, report lost property to the authorities and through after the identity audit; Can or bind the information of specializing in again according to the user class recovery; Reactivate the informational function of specializing at original terminal, do not need to change separately new terminal, the user cost burden is reduced greatly.
3, safety.SDKey can adopt the double factor authentication technology, and SDKey can generate a random code according to counterpart terminal when dispatching from the factory, and could use the private key of SDKey when only putting into corresponding terminal.Therefore, even user SDKey loses, the High Security Level information of validated user also can't be accessed to; If user's terminal loss, and SDKey be also (can take off respectively and deposit) is picked up the High Security Level information that the terminal person also can't calling party.This makes the safety of the important information of validated user obtain powerful guarantee.
What should explain at last is; Above embodiment is only in order to technical scheme of the present invention to be described but not to its restriction; And on using, can extend to other modification, variation, application and embodiment, think that simultaneously all such modifications, variation, application, embodiment are within the spirit and scope of the present invention.
Claims (14)
1. electronic distribution system comprises: contents processing node and terminal device is characterized in that said electronic distribution system comprises that also copyright authorization center and device certificate provide node;
The copyright authorization center is used to generate the right objects file, signs and issues digital certificate and corresponding private key is provided and database service is provided for the user; Wherein the right objects file carries public key encryption that uses in the digital certificate and the key K ey that appears with the ciphertext form;
The contents processing node is used to use key K ey to encrypt publication to generate content object file;
Device certificate is provided node and is used for receiving the digital certificate signed and issued at the copyright authorization center and respective private keys and they are provided to terminal device.
2. electronic distribution according to claim 1 system; It is characterized in that; Said terminal device is used to obtain content object file and right objects file; And then utilize the private key in the terminal to obtain the key K ey in the right objects file, use key K ey that the deciphering of the publication in the content object file is plaintext again.
3. electronic distribution according to claim 1 system is characterized in that, the digital certificate that sign and issue for the user at said copyright authorization center comprises the terminal digital certificate and can plug the memory device digital certificate; Said contents processing node also is used to set the encryption level parameter of publication, and different encryption level parameters correspond respectively to said terminal digital certificate, the said memory device digital certificate that plugs.
4. electronic distribution according to claim 3 system; It is characterized in that; Said copyright authorization center also is used for according to the PKI that the difference of encryption level parameter uses the terminal digital certificate maybe can plug the memory device digital certificate respectively said key K ey being encrypted, and generates said right objects file.
5. electronic distribution according to claim 4 system; It is characterized in that; The said device certificate granting digital certificate that node received comprises the terminal digital certificate and can plug the memory device digital certificate; When receiving the terminal digital certificate; Said device certificate is provided node said terminal digital certificate and respective private keys thereof is provided to terminal device, and when receiving can plug the memory device digital certificate time, said device certificate is provided node and plugged the memory device digital certificate and respective private keys provides to plugging in the hardware of memory device equipment with said.
6. electronic distribution according to claim 5 system; It is characterized in that; Said terminal device is used for according to encryption level parameter acquiring relevant terminal digital certificate or can plugs the memory device digital certificate, thereby further obtains key K ey and the deciphering of the publication in the content object file is plaintext according to its respective private keys.
7. according to each described electronic distribution system in the claim 3~6, it is characterized in that the said memory device that plugs is SDKey or Ukey, the said memory device digital certificate that plugs is SDKey or Ukey digital certificate.
8. electronic distribution according to claim 1 system is characterized in that said copyright authorization center comprises:
Database Systems are used to provide database service;
The authority center is used to generate the right objects file; And
Digital certificate system is used to the user and signs and issues digital certificate.
9. electronic distribution according to claim 8 system; It is characterized in that; Said copyright authorization center comprises external network, middle layer network and internal network, cuts apart through fire wall in the middle of external network and the middle layer network, also cuts apart through fire wall in the middle of middle layer network and the internal network; Said Database Systems are arranged in internal network, can not directly be visited by external network; Authority center, digital certificate system are arranged in layer network, and they can be by visiting from outside.
10. electronic distribution according to claim 9 system; It is characterized in that; Layer network also inserts the database access server in said; This database access server is connected with external network through vpn gateway, during the interior data of said contents processing node, said device certificate granting node or said terminal device acquisition request Database Systems, at first visits said database access server; Be positioned at the Database Systems of internal network by said database access server access, and then provide node or terminal device to contents processing node, device certificate that corresponding data returns to request msg.
11. a distribution of publications method of utilizing the described electronic distribution of claim 1 system comprises the following steps:
1) the contents processing node uses key K ey to encrypt publication to generate content object file;
2) the copyright authorization center generates the right objects file, and the right objects file carries public key encryption that uses in the digital certificate and the key K ey that appears with the ciphertext form;
3) content object file and right objects file are sent to terminal device.
12. distribution of publications method according to claim 11 is characterized in that, in the said step 1), said contents processing node also is provided with the encryption level parameter of each publication;
Said step 2) in, the PKI that said copyright authorization center uses the terminal digital certificate maybe can plug in the memory device digital certificate respectively according to the difference of encryption level parameter is encrypted said key K ey, and generates said right objects file.
13. distribution of publications method according to claim 11 is characterized in that, also comprises step 4),
4) terminal device obtains content object file and right objects file, and then utilizes the corresponding private key deciphering of said digital certificate to obtain weighing the key K ey in the obj ect file, uses key K ey that the deciphering of the publication in the content object file is plaintext again.
14. distribution of publications method according to claim 13; It is characterized in that; In the said step 4); Said terminal device is according to encryption level parameter acquiring relevant terminal digital certificate or can plug the memory device digital certificate, thereby further obtains key K ey and the deciphering of the publication in the content object file is plaintext according to its corresponding private key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 201110167247 CN102842008A (en) | 2011-06-21 | 2011-06-21 | Electronic issuing system and publication issuing method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 201110167247 CN102842008A (en) | 2011-06-21 | 2011-06-21 | Electronic issuing system and publication issuing method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102842008A true CN102842008A (en) | 2012-12-26 |
Family
ID=47369358
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 201110167247 Pending CN102842008A (en) | 2011-06-21 | 2011-06-21 | Electronic issuing system and publication issuing method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102842008A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104008460A (en) * | 2014-06-11 | 2014-08-27 | 公安部交通管理科学研究所 | Method for issuing legal document of motor vehicle registration certificates in digitization mode |
CN104243439A (en) * | 2013-11-12 | 2014-12-24 | 新华瑞德(北京)网络科技有限公司 | File transfer processing method and system and terminals |
CN106375093A (en) * | 2016-08-31 | 2017-02-01 | 芜湖市振华戎科智能科技有限公司 | Encrypted compact disc system based on watermark and authentication server |
CN107086920A (en) * | 2017-06-20 | 2017-08-22 | 无锡井通网络科技有限公司 | Copyright based on block chain really weighs method |
CN107204917A (en) * | 2016-03-16 | 2017-09-26 | 无锡十月中宸科技有限公司 | A kind of Yunan County's full gateway and cloud security system |
CN107204918A (en) * | 2016-03-16 | 2017-09-26 | 无锡十月中宸科技有限公司 | A kind of Yunan County's full gateway and cloud security system |
CN110688627A (en) * | 2019-08-30 | 2020-01-14 | 华为技术有限公司 | 3D material protection method and device |
CN111641507A (en) * | 2020-05-18 | 2020-09-08 | 湖南智领通信科技有限公司 | Software communication system structure component registration management method and device |
-
2011
- 2011-06-21 CN CN 201110167247 patent/CN102842008A/en active Pending
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104243439A (en) * | 2013-11-12 | 2014-12-24 | 新华瑞德(北京)网络科技有限公司 | File transfer processing method and system and terminals |
CN104243439B (en) * | 2013-11-12 | 2018-03-02 | 大唐网络有限公司 | Document transmission processing method, system and terminal |
CN104008460A (en) * | 2014-06-11 | 2014-08-27 | 公安部交通管理科学研究所 | Method for issuing legal document of motor vehicle registration certificates in digitization mode |
CN104008460B (en) * | 2014-06-11 | 2017-10-13 | 公安部交通管理科学研究所 | Method for the legal certificate digitlization distribution of the motor vehicle certificate of registration |
CN107204917A (en) * | 2016-03-16 | 2017-09-26 | 无锡十月中宸科技有限公司 | A kind of Yunan County's full gateway and cloud security system |
CN107204918A (en) * | 2016-03-16 | 2017-09-26 | 无锡十月中宸科技有限公司 | A kind of Yunan County's full gateway and cloud security system |
CN106375093A (en) * | 2016-08-31 | 2017-02-01 | 芜湖市振华戎科智能科技有限公司 | Encrypted compact disc system based on watermark and authentication server |
CN107086920A (en) * | 2017-06-20 | 2017-08-22 | 无锡井通网络科技有限公司 | Copyright based on block chain really weighs method |
CN110688627A (en) * | 2019-08-30 | 2020-01-14 | 华为技术有限公司 | 3D material protection method and device |
CN110688627B (en) * | 2019-08-30 | 2023-11-10 | 华为技术有限公司 | 3D material protection method and device |
CN111641507A (en) * | 2020-05-18 | 2020-09-08 | 湖南智领通信科技有限公司 | Software communication system structure component registration management method and device |
CN111641507B (en) * | 2020-05-18 | 2023-09-19 | 湖南智领通信科技有限公司 | Software communication architecture component registration management method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11470054B2 (en) | Key rotation techniques | |
CN110417750B (en) | Block chain technology-based file reading and storing method, terminal device and storage medium | |
CN1689297B (en) | Method of preventing unauthorized distribution and use of electronic keys using a key seed | |
CN100533456C (en) | Security code production method and methods of using the same, and programmable device therefor | |
GB2538052B (en) | Encoder, decoder, encryption system, encryption key wallet and method | |
CN102842008A (en) | Electronic issuing system and publication issuing method | |
Zou et al. | Phosphor: A cloud based DRM scheme with sim card | |
US20060072745A1 (en) | Encryption system using device authentication keys | |
CN101919202B (en) | Information distribution system and program for the same | |
US20060280297A1 (en) | Cipher communication system using device authentication keys | |
CN101720071B (en) | Short message two-stage encryption transmission and secure storage method based on safety SIM card | |
CN104662870A (en) | Data security management system | |
CN102687132A (en) | Trustworthy extensible markup language for trustworthy computing and data services | |
CN101305375A (en) | System and method for controlling distribution of electronic information | |
CN105450395A (en) | Information encryption and decryption processing method and system | |
WO2008085917A2 (en) | Token passing technique for media playback devices | |
JP2008529044A (en) | Secure encryption system, apparatus and method | |
US6990582B2 (en) | Authentication method in an agent system | |
CN104322003A (en) | Cryptographic authentication and identification method using real-time encryption | |
CN107332666A (en) | Terminal document encryption method | |
CN102577454A (en) | A method for communicating data between a secure element and a network access point and a corresponding secure element | |
WO2007077601A1 (en) | Tag authentication system | |
CN108965279A (en) | Data processing method, device, terminal device and computer readable storage medium | |
CN113111386A (en) | Privacy protection method for block chain transaction data | |
US10764260B2 (en) | Distributed processing of a product on the basis of centrally encrypted stored data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20121226 |