CN103237011B - Digital content encryption transmission method and server end - Google Patents

Digital content encryption transmission method and server end Download PDF

Info

Publication number
CN103237011B
CN103237011B CN201310101413.4A CN201310101413A CN103237011B CN 103237011 B CN103237011 B CN 103237011B CN 201310101413 A CN201310101413 A CN 201310101413A CN 103237011 B CN103237011 B CN 103237011B
Authority
CN
China
Prior art keywords
client
information
content
hardware
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201310101413.4A
Other languages
Chinese (zh)
Other versions
CN103237011A (en
Inventor
陈滨
王浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING SINOBEL TECHNOLOGY Co Ltd
Original Assignee
BEIJING SINOBEL TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING SINOBEL TECHNOLOGY Co Ltd filed Critical BEIJING SINOBEL TECHNOLOGY Co Ltd
Priority to CN201310101413.4A priority Critical patent/CN103237011B/en
Priority to CN 201010518019 priority patent/CN101977190B/en
Publication of CN103237011A publication Critical patent/CN103237011A/en
Application granted granted Critical
Publication of CN103237011B publication Critical patent/CN103237011B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The present invention provides a kind of digital content encryption transmission method, wherein, digital content is provided to client by server end, and described server end carrys out encrypted digital content in the way of relevant with the hardware ID of described client, it is characterized in that, described digital content encryption transmission method includes successively: digital content partiting step, initial encryption step, follow-up encrypting step, escape controller generation step and decryption step, wherein, described hardware ID information includes: CPU id information, hard disk reel number information, BIOS information, MAC Address of Network Card, IP address or the combination of information above.It is an advantage of the current invention that in proof procedure and ciphering process all make use of the hardware ID information of client, on the one hand ensure that the safety in communication process, on the other hand improve encryption efficiency.

Description

Digital content encryption transmission method and server end
The application is filing date: October 25, Application No. in 2010: 201010518019.7, the divisional application of application for a patent for invention invention entitled " digital content encryption transmission method and server end ".
Technical field
Invention relates to a kind of digital content encryption transmission method and a kind of for cryptographically providing the server end of digital content.
Background technology
Along with developing rapidly and universal of the Internet, users carry out the transmission of several Ju, the issue of resource and the download etc. of resource by the Internet more and more.Download the various digital resources such as music, download movie and television play or download computer software from the Internet the most of common occurrence.The high speed development of the Internet no doubt facilitates user's demand to information quick obtaining, the most also the copyright protection of various digital resources is brought challenge.In daily life, it is provided that unwarranted music sources, movie and television play resource, software resource website varied, user can obtain free pirate resource easily from these websites.And the widely available and application of the P2P softwares such as electricity donkey (eMule) software, further facilitate the diffusion of pirate resource, bring bigger difficulty for copyright protection.Wantonly propagating of interconnection Internet piracy resource is no doubt the highest relevant with the legal consciousness of users, but lacks corresponding copyright management system with legal digital resource and have some relations.Although prior art there is also the copy-right protection method to digital resource; obtain taker as digital resource is encrypted, for digital content and do certification etc.; but these methods do not realize in a complete copyright management system; although making existing method achieve the protection to digital resource, but also it is not easy to the validated user acquisition through a legal device to digital resource simultaneously.Additionally, the owner of digital resource is to issue digital resource at internet safe, to expand its business impact, it is also required for a safe and reliable copyright management system equally.Digital copyright management (Digital Right Management, is called for short DRM) it is as the digital media programs such as digital audio/video program wide-scale distribution in the environment such as the Internet and a kind of relevant to the application demand new technique that grows up.DRM would generally use encryption technology: the digitized program processed for encoded compression, sets up digital program authorization center (License Issuer), utilizes and need content to be protected to be encrypted in double secret key program.When user plays back above-mentioned program, need the offer association key obtaining digital program authorization center that program is decrypted, can play.Owing to program is encrypted, even if being downloaded preservation by user and disseminating to other people, also cannot play back without the checking mandate obtaining digital program authorization center, thus protect the copyright of program.Under the conditions of DRM, the media processor only with decoding function is the most applicable, and needs to add deciphering function on the basis of decoding.In prior art, there is a kind of Media Processor with deciphering function, the deciphering module of this processor and decoder module are independently on two devices, such as, deciphering module and decoder module adhere to two independent chip blocks or software separately, and the media data flow after deciphering the most still may illegally be intercepted.In prior art; also has a kind of Media Processor; the deciphering of this processor and Decoding function blocks concentrate in a device; so; media data flow after deciphering can effectively undergo protection; but in this kind of device, from the key of extraneous (typically digital program authorization center) it is possible to be stolen, need special solution.
On the other hand, in the carrying out of the various related service of Streaming Media, streaming medium content is prone to replicate and distribution, and when lacking safety measure to protect streaming medium content, problem of piracy the most inevitably occurs.Thus introducing media stream encryption resist technology, by the encipherment protection of streaming media content, content supplier can protect the content of oneself and control the distribution of content.CA system (Conditional Access System, condition receiving system) is one of existing media stream encryption protection system, and it passes through the encryption of streaming media content and accesses the protection of control realization streaming media content.CA system mainly produces two class messages, first ECM (Entitlement Control Message, Entitlement Control Message) message, also known as Entitlement Control Message, it is the electronic key signal of a kind of specific form, it is sent to receiving terminal after transmitting terminal is encrypted together with streaming medium content, and at receiving terminal, ECM is used to control descrambler.Another kind is EMM (Entitlement Management Message, Entitlement Management Message) message, and also known as Entitlement Management Message, it is a kind of information authorizing certain or certain user to descramble certain or some business.It is as Entitlement Control Message, is sent to receiving terminal after transmitting terminal is encrypted together with streaming medium content.
Owing to the encipherment protection of streaming media content substantially increases the safety of streaming medium content, contain piracy to a certain extent, protected the interests of content supplier and operator, so this technology has been used widely.The encipherment protection scheme of the streaming medium content provided in explanation prior art below.Having been disclosed for such a technical scheme in the prior art, wherein, real time flow medium business arrives subscriber terminal equipment by transmission network after encrypting through encryption device immediately.The media content sent from streaming medium content source, through the process of CA system, encryption device and Other related equipment, generates streaming medium content ciphertext, and streaming medium content ciphertext is through transmission network incoming terminal equipment.Wherein media stream encryption equipment can be a part for CA system, concrete depending on the realization of each business men.
Such a solution is it is known that according to prior art; wherein; in non-real-time streaming media business, media content can be stored on the network storage equipment after encipherment protection; when user needs to watch this media content; terminal unit is applied for from the network storage equipment and obtains relevant media content ciphertext, and this network storage equipment is commonly referred to as streaming server end.Non-real-time streaming media content is the most directly transferred to terminal unit by network, but store on streaming server end in the form of a file, ECM and media content are simultaneously stored on streaming server end, and are stored in same file by certain sequential and media content.
Owing to existing digital copyright protection technology generally only considered digital content safety storage on the server and key in the safety of transmitting procedure; protection to copyright just stopped along with decruption key is securely sent to authorized user, there is no guarantee that media data and reads the safety after terminating during reading.This general framework is static, disposable to the encryption of digital content, and through once cracking, digital content is completely exposed, and safety coefficient ratio is relatively low.
Summary of the invention
For above-mentioned problems of the prior art, the present invention proposes a kind of digital content encryption transmission method and a kind of for cryptographically providing the server end of digital content, by utilize the method and this server end can be safer send digital content.
In order to reach this purpose of the present invention, a kind of digital content encryption transmission method is disclosed according to a preferred embodiment of the present invention, wherein, server end providing digital content to client, described server end carrys out encrypted digital content in the way of relevant with the hardware ID of described client.In this preferred implementation, digital content is pre-saved by server end or this server end can call from other servers and be acted upon." mode relevant with the hardware ID of client " means in this article: the hardware ID information of client is used directly or indirectly in encryption, wherein, can be by hardware ID information all directly as encryption key, using part therein as encryption key, or hardware ID information can also can also be acted upon (logical operations or arithmetical operation).The hardware ID information of client includes but not limited to: CPU Id information, hard disk reel number information, BIOS information, MAC Address of Network Card, IP address, other collectable hardware encodings or the combination of information above.
According to a preferred embodiment of the present invention, described digital content encryption transmission method includes successively: digital content partiting step, initial encryption step, follow-up encrypting step, escape controller generation step and decryption step;In described digital content partiting step, according to a predefined procedure or a scheduled timing, digital content is divided into multiple content blocks;In described initial encryption step, utilizing the information relevant with the hardware ID of client as initial encryption key, the first content block of encrypted digital content is to obtain the first ciphertext content blocks;Continue in the rear in encrypting step, it is that the second encryption key carrys out the second content blocks of encrypted digital content to obtain the second ciphertext content blocks with the first ciphertext content blocks, it is that the 3rd encryption key carrys out the 3rd content blocks of encrypted digital content to obtain the 3rd ciphertext content blocks, by that analogy till all digital contents are the most encrypted with the second ciphertext content blocks subsequently;In described escape controller generation step, the described first ciphertext content blocks read through encryption by described server end is specified the value of position and generates identification code, and described server end record corresponding to the order of described first ciphertext content blocks or sequential as timestamp, and described server end by described identification code and described timestamp record in escape controller, by that analogy, until all described identification code and the described timestamp for each ciphertext content blocks is all recorded in described escape controller by described server end, described escape controller is sent to described client by the most described server end;nullIn described decryption step,Described client utilizes the described information relevant with the hardware ID of client as initial solution decryption key,The position of each ciphertext content blocks and described order or sequential is found by the described identification code of described escape controller and described timestamp,It is decrypted to obtain described first content block to described first ciphertext content blocks followed by described initial solution decryption key,Find the position of described second ciphertext content blocks and described order or sequential by the described identification code of described second ciphertext content blocks and described timestamp subsequently and utilize described first content block to be decrypted to obtain described second content blocks to described second ciphertext content blocks,Then to described first content block and the second content blocks, according to the sequence or sequential is combined,Recycle described second content blocks to be decrypted to obtain described 3rd content blocks to described 3rd ciphertext content blocks,And according to the sequence or sequential and described first content block and described second content blocks combination,By that analogy,Until all ciphertext contents are the most decrypted and according to the sequence or sequential combination,Final described client obtains the plaintext of described digital content.
In this preferred implementation, digital content partiting step, initial encryption step, follow-up encrypting step, escape controller generation step and decryption step perform successively, but can also increase extra method step with before first step between each step.In digital content partiting step, if the digital content asked is such as text message, PDF file, the such static digital content of JPG picture, then this digital content can be divided according to predefined procedure;If the digital content asked is streaming digital content as such in online Streaming Media, then can divide this digital content according to scheduled timing.Certainly the invention is not restricted to both modes, but these digital contents can be divided to use various modes common to those skilled in the art.Such as can use the deblocking method being previously mentioned in Chinese patent application 200510021479, and at " computer science " 08 interim disclosed a kind of rapid in-situ conflation algorithm based on deblocking in 2004.Client receives the ciphertext content blocks after block encryption and is arranged, and belongs to technology well known by persons skilled in the art.Herein, such as can realize in the way of using increase index;Treaty rule can also be passed through, server end the feature of each ciphertext content blocks is provided to client;Accordingly, client can arrange each ciphertext content blocks according to described treaty rule after receiving each ciphertext content blocks corresponding.And according to " opposite sequence " of encryption, each ciphertext content blocks is decrypted.
According to a preferred embodiment of the present invention, registration step was also included before described digital content partiting step, wherein, its hardware ID information is sent to described service end by described client, hardware ID information described in described service end record, and described server end generates private cipher key and public keys, and described private cipher key is sent to described client, and described private cipher key and described public keys are stored in described server end by described server end.In this preferred implementation, have employed extra registration step, the authentication being conducive to the later stage registered in advance, it is ensured that the specific aim of request and effectiveness.Use private cipher key and public keys this asymmetric encryption mode, improve safety further.Certainly herein, the present invention can also use symmetric key.
According to a preferred embodiment of the present invention, after described registration step, before described digital content partiting step, described digital content encryption transmission method also includes service request steps, wherein, described client utilizes described private cipher key to carry out cryptographic service request message, described service request information includes hardware ID information and the described client request message to digital content of described client, and the described service request information after encryption is sent to described server end by the most described client;Described server end utilize described public keys to decipher the described service request information after encryption, to obtain hardware ID information and the described client request message to digital content of described client.In this preferred implementation, make use of hardware ID information in service request steps, in authentication process, this mode is reliable and quick.
According to a preferred embodiment of the present invention, after described service request steps, described digital content encryption transmission method also includes that hardware ID mates step, wherein, after described server end obtains hardware ID information and the described client request message to digital content of described client by deciphering described service request information, hardware ID information is compared by described server end with the described hardware ID information stored by it.In this preferred implementation, utilize hardware ID information to authenticate, and hardware ID information is encrypted to be sent to server end.How server end, when receiving service request information, judges this service request information belongs to prior art from which client, simple and clear for the sake of be not repeated.Server end, after utilizing Public Key deciphering, can obtain hardware ID information, can clearly judge whether this client is " personation " client in this course.
According to a preferred embodiment of the present invention, after described hardware ID coupling step, described digital content encryption transmission method also includes initial encryption key generation step, wherein, if by described received server-side to the hardware ID information that prestores of hardware ID information and described server end match each other, the most described server end generates authorization key, described authorization key is sent to described client, and described authorization module utilizes described authorization key to encrypt described hardware ID information to obtain described initial encryption key.A kind of preferred initial encryption key generating mode of concrete regulation herein, but the invention is not restricted to this mode, as long as but can be used for generating initial encryption key by hardware ID information indirect, just fall into protection scope of the present invention.
According to the present invention by server end to client provide digital content digital content encryption transmission method in, wherein, described client by with its hardware ID about in the way of decipher the digital content sent by described server end.This manner of decryption is according to cipher mode of the present invention " inverse operation ".Here, client also performs decryption oprerations according to " mode relevant with its hardware ID ".Herein, how server end processes the hardware ID information of client for encryption, then client the most correspondingly processes the hardware ID information of client for deciphering.
According to a preferred embodiment of the present invention, described method also includes licence generation step, and wherein, described service end utilizes described public keys to generate licence to encrypt described initial encryption key, and described licence is sent to described client;The described licence that described client utilizes described private cipher key to decipher the process encryption received obtains described initial encryption key, as the initial solution decryption key of described client.Use licence can further enhance safety.Licence can not also be used, but directly sent initial encryption key to client by server end.
According to a preferred embodiment of the present invention, after described licence generation step, described initial solution decryption key is decrypted by the authorization key received by the utilization of described client, thus obtaining hardware ID information, the hardware ID information of the hardware ID information obtained by deciphering with their own is compared to each other by described client;If the hardware ID information of described client matches each other with the hardware ID information obtained by deciphering described initial solution decryption key, then described client utilizes described initial solution decryption key to perform described decryption step.According to this preferred implementation, client can judge whether the digital content received is the wrong content being sent to it mistakenly before performing deciphering in advance.Thus avoid and decipher with taking time and effort, and the situation of the digital content that cannot use of getting back.
nullAccording to another aspect of the present invention,The invention also discloses a kind of server end for cryptographically providing digital content,Comprising: user management module、Authorization module content module and escape controller,Wherein,Described user management module is responsible for the client registered task at described server end,And it is responsible for storing the hardware ID information of described client,After client registers success,Described user management module generates private cipher key and public keys,And described private cipher key is sent to described client by described user management module,And described private cipher key and described public keys are stored in described user management module,The most described user management module is also responsible for utilizing hardware ID information to carry out Authentication Client,Only after certification is passed through,Described public keys is just issued to described authorization module by described user management module;Described authorization module is responsible for the request in response to client, utilize described public keys to decipher received service request information, to obtain described hardware ID information and described client institute request for digital content, and described authorization module submits described hardware ID information to described user management module, only when consistent with the hardware ID information matches that described user management module stores, described authorization module just generates authorization key and described authorization key is sent to described client, and described authorization module utilizes described authorization key to encrypt described hardware ID information to obtain initial encryption key;And described authorization module can utilize described public keys to generate licence to encrypt described initial encryption key, and described licence is sent to described client, and described client is also transmitted to described content module to the request of digital content by described authorization module;Described content module is responsible for the described request in response to described client and the digital content being forwarded the described client come to be asked by described authorization module is carried out piecemeal, and utilize described initial encryption key to encrypt successively to obtain multiple ciphertext content blocks according to predefined procedure or sequential to multiple content blocks, and it is responsible for sending to described client these ciphertext content blocks, the described first ciphertext content blocks that the most described content module also reads through encryption is specified the value of position and generates identification code, and record the order corresponding to described first ciphertext content blocks or sequential as timestamp, the like, until described server end by all described identification codes and described timestamp record in escape controller, described escape controller is sent to described client by the most described server end.
Digital content is divided into multiple pieces by the method disclosed in the present and equipment utilization data cutting techniques, utilizes " information relevant with the hardware ID of client " encrypt each content blocks successively and decipher.Final encrypted digital content block transmission, even if stolen by hacker also must first analyze encryption principle after again numeral content blocks is resequenced, crack one by one, break through difficulty and significantly improve with content blocks number.In addition this method also incorporates the checking procedure of user's hardware ID, prevents illegal copies and illegal propagation further.This method utilizes hardware information binding technology to solve conventional art and only protects copyright along with decruption key is securely sent to the drawback that authorized user i.e. stops; utilizing piecemeal escape multiplexing technique to solve conventional art is static, disposable to the encryption of digital content; through once cracking, the drawback that digital content is completely exposed; achieve digital content high security in propagating overall process, prevent from illegally copying and illegally propagating, distort.
Although the one or more combination mode only described herein in the above-mentioned embodiment of the present invention, but it is not meant to present invention is limited only to these compound modes, but in any significant mode, these preferred implementations can be combined.
Accompanying drawing explanation
Fig. 1 illustrates the inventive method according to the first preferred implementation;
Fig. 2 illustrates the inventive method according to the second preferred implementation;
Fig. 3 illustrates the encryption method according to the inventive method;
Fig. 4 illustrates the decryption method according to the inventive method;
Fig. 5 illustrates the schematic diagram of escape controller model;
The data packet format schematic diagram that Fig. 6 records in illustrating escape controller.
Detailed description of the invention
Below in conjunction with accompanying drawing, describe in detail according to the embodiment of the present invention.It is pointed out that these accompanying drawings are only schematically, do not constitute the restriction to protection scope of the present invention.
Fig. 1 illustrates the flow chart of first preferred implementation of the inventive method.As it is shown in figure 1, carried out digital content transmission by server end to client, it is wherein to utilize the mode relevant with the hardware ID of described client to encrypt and decrypt.The method includes successively: digital content partiting step S104, initial encryption step S105, follow-up encrypting step S106, escape controller generation step S110 and decryption step S109.Described digital content transmission can utilize wireless transmission method such as bluetooth, GPRS, GSM, WCDMA, WiFi, ZigBee, microwave communication and/or TD-SCDMA to realize, can also realize according to wire transmission mode, such as by the mode such as packet switch and fiber optic communication.Utilize the mode relevant with the hardware ID of described client to encrypt and decrypt and mean: " directly described code is encrypted and decrypted as key after hardware ID information is converted to binary code; or one part is used as key, it is also possible to be this code is carried out the most regular computing after operation result is encrypted and decrypted as key ".
In digital content partiting step S104, according to a predefined procedure or a scheduled timing, digital content being divided into multiple content blocks, the division of digital content can utilize data cutting techniques, such as, according to every 128bit mono-section, original data division be become multistage.Owing to the division methods of digital content is known technology, therefore eliminate the specific implementation of the method, refer to the introduction in " data dividing method and the device of use XOR " of Patent No. 200380106529.1;Described predefined procedure or scheduled timing refer to due to sound, the media datas such as video or stream medium data and text data are to carry out with the form of divided data bag in transmitting procedure, the route that each packet selects in transmitting procedure may be not quite similar, time needed for arriving client is also the most different, likely there will be the situation that the packet first sent out arrives the most afterwards, incorrect result is obtained after causing transmission, therefore can before packet transmits can first by fixing order or gomma in corresponding packet, client is when receiving packet, order or sequential according to institute's labelling to packet arranged in sequence thus obtain correct result.
In described initial encryption step S105, utilizing the information relevant with the hardware ID of client as initial encryption key, the first content block of encrypted digital content is to obtain the first ciphertext content blocks, and sends described first ciphertext content blocks to described client.The hardware ID information of client includes but not limited to: CPU id information, hard disk reel number information, BIOS information, MAC Address of Network Card, IP address, other collectable hardware encodings or the combination of information above.
Continue in encrypting step S106 in the rear, it is that the second encryption key carrys out the second content blocks of encrypted digital content to obtain the second ciphertext content blocks with the first ciphertext content blocks subsequently, and described second ciphertext content blocks is sent to described client, it is that the 3rd encryption key carrys out the 3rd content blocks of encrypted digital content to obtain the 3rd ciphertext content blocks with the second ciphertext content blocks subsequently, and described 3rd ciphertext content blocks is sent to described client, the most encrypted until all digital contents by that analogy and send to described client.
In described escape controller generation step S110, the described first ciphertext content blocks read through encryption by described server end is specified the value of position and generates identification code, and described server end record corresponding to the order of described first ciphertext content blocks or sequential as timestamp, and described server end by described identification code and described timestamp record in escape controller;By that analogy, until all described identification code and the described timestamp for each ciphertext content blocks is all recorded in described escape controller by described server end, described escape controller is sent to described client by the most described server end.Wherein, described server end can be to read the combination of the first value, end place value or any one position or multiple bit value or these modes of each ciphertext blocks described as identification code, it is also possible to the value read is carried out the result after computing as identification code according to pre-defined rule such as functional transformation rule.
nullIn described decryption step S109,Described client utilizes the described information relevant with the hardware ID of client as initial solution decryption key,Described identification code by described escape controller、Described timestamp finds the position of each ciphertext content blocks and described order or sequential,It is decrypted to obtain described first content block to described first ciphertext content blocks followed by described initial solution decryption key,Subsequently by the described identification code of described second ciphertext content blocks、Described timestamp finds the position of described second ciphertext content blocks and described order or sequential and utilizes described first content block to be decrypted to obtain described second content blocks to described second ciphertext content blocks,Then to described first content block and the second content blocks, according to the sequence or sequential is combined,Recycle described second content blocks to be decrypted to obtain described 3rd content blocks to described 3rd ciphertext content blocks,And according to the sequence or sequential and described first content block and described second content blocks combination,By that analogy,Until all ciphertext contents are the most decrypted and according to the sequence or sequential combination,Final described client obtains the plaintext of described digital content.Fig. 2 shows the flow chart of second preferred implementation of the inventive method.
As in figure 2 it is shown, the method according to the invention includes successively: registration step S200, service request steps S201, hardware ID coupling step S202, initial encryption key generation step S203, digital content partiting step S104, initial encryption step S105, follow-up encrypting step S106, escape controller generation step S110, licence generation step S207, client hardware ID coupling step S208 and decryption step S109.
In described registration step S200, the user management module of client is applied for the registration of, its hardware ID information is sent to described user management module by client, described hardware ID information can include such as hardware sequence number, the ID of CPU, the address of MAC etc. all there is the one or more combination in the hardware fingerprint information of uniqueness, described user management module record hardware ID information, after succeeding in registration, user management module generates the private cipher key as a pair unsymmetrical key and public keys, and private cipher key is sent to client by user management module, and private cipher key and public keys are stored in user management module.
In service request steps S201, described client generates service request information, described service request information includes hardware ID information and the described client request message to digital content of described client, and client utilizes private cipher key to carry out cryptographic service request message, and the service request information after encryption is sent the authorization module to server end, subsequently, described user management module provides described public keys to authorization module, described authorization module utilizes public keys to decipher the service request information after encryption, to obtain hardware ID information and the client request message to digital content of client.
In hardware ID coupling step S202, described authorization module is sent to described user management module to hardware ID information, and the hardware ID information received is compared by described user management module with the hardware ID information stored by it.
In initial encryption key generation step S203, if the hardware ID information that the described hardware ID information received by user management module prestores with it matches each other, the most described authorization module generates authorization key, authorization key is sent to client, and described authorization module utilizes described authorization key to encrypt described hardware ID information to obtain described initial encryption key, and the digital content asked is transmitted to the content module of described server end by described authorization module.
In digital content partiting step S104, described digital content is divided into multiple content blocks according to a predefined procedure or a scheduled timing by described content module.
In initial encryption step S105, described content module utilizes described initial encryption key, and the first content block of encrypted digital content is to obtain the first ciphertext content blocks.
In follow-up encrypting step in S106, described content module is that the second encryption key carrys out the second content blocks of encrypted digital content to obtain the second ciphertext content blocks with the first ciphertext content blocks, it is that the 3rd encryption key carrys out the 3rd content blocks of encrypted digital content to obtain the 3rd ciphertext content blocks, by that analogy till all digital contents are the most encrypted with the second ciphertext content blocks subsequently.
In described escape controller generation step S110, the described first ciphertext content blocks read through encryption by described server end is specified the value of position and generates identification code, and described server end record corresponding to the order of described first ciphertext content blocks or sequential as timestamp, and described server end by described identification code and described timestamp record in escape controller;By that analogy, until all described identification code and the described timestamp for each ciphertext content blocks is all recorded in described escape controller by described server end, described escape controller is sent to described client by the most described server end.
In described licence generation step S207, described authorization module utilizes described public keys to generate licence to encrypt described initial encryption key, and described licence is sent to described client by described authorization module;The described licence that described client utilizes described private cipher key to decipher the process encryption received obtains described initial encryption key, as the initial solution decryption key of described client.
In client hardware ID coupling step S208, described initial solution decryption key is decrypted by the authorization key received by the utilization of described client, thus obtaining hardware ID information, the hardware ID information of the hardware ID information obtained by deciphering with their own is compared to each other by described client.
If the hardware ID information of described client matches each other with the hardware ID information obtained by deciphering described initial solution decryption key, then described client utilizes described initial solution decryption key to perform decryption step S109.
nullIn decryption step S109,Described client utilizes the described information relevant with the hardware ID of client as initial solution decryption key,Described identification code by described escape controller、Described timestamp finds the position of each ciphertext content blocks and described order or sequential,It is decrypted to obtain described first content block to described first ciphertext content blocks followed by described initial solution decryption key,The described identification code of the described second ciphertext content blocks provided by described escape controller subsequently、Described timestamp finds the position of described second ciphertext content blocks and described order or sequential and utilizes described first content block to be decrypted to obtain described second content blocks to described second ciphertext content blocks,Then to described first content block and the second content blocks, according to the sequence or sequential is combined,Recycle described second content blocks to be decrypted to obtain described 3rd content blocks to described 3rd ciphertext content blocks,And according to the sequence or sequential and described first content block and described second content blocks combination,By that analogy,Until all ciphertext contents are the most decrypted and according to the sequence or sequential combination,Final described client obtains the plaintext of described digital content.
Although it is not shown in the figure, these steps above-mentioned not necessarily will be according to according to the flow performing shown in Fig. 2.Some of which step can also be omitted to constitute other preferred implementations, and some step can be mutually combined to form other preferred implementation.
Fig. 3 shows a kind of server end for cryptographically providing digital content, comprising: user management module, authorization module content module and escape controller, wherein, described user management module is responsible for the client registered task at described server end, and it is responsible for storing the hardware ID information of described client, after client registers success, described user management module generates private cipher key and public keys, and described private cipher key is sent to described client by described user management module, and described private cipher key and described public keys are stored in described user management module, the most described user management module is also responsible for utilizing hardware ID information to carry out Authentication Client, only after certification is passed through, described public keys is just issued to described authorization module by described user management module;Described authorization module is responsible for the request in response to client, utilize described public keys to decipher received service request information, to obtain described hardware ID information and described client institute request for digital content, and described authorization module submits described hardware ID information to described user management module, only when consistent with the hardware ID information matches that described user management module stores, described authorization module just generates authorization key and described authorization key is sent to described client, and described authorization module utilizes described authorization key to encrypt described hardware ID information to obtain initial encryption key;And described authorization module can utilize described public keys to generate licence to encrypt described initial encryption key, and described licence is sent to described client, and described client is also transmitted to described content module to the request of digital content by described authorization module;Described content module is responsible for the described request in response to described client and the digital content being forwarded the described client come to be asked by described authorization module is carried out piecemeal, and utilize described initial encryption key to encrypt to obtain multiple ciphertext content blocks to multiple content blocks successively according to predefined procedure or sequential, and it is responsible for sending to described client these ciphertext content blocks;The described first ciphertext content blocks that the most described content module also reads through encryption is specified the value of position and generates identification code, and record the order corresponding to described first ciphertext content blocks or sequential as timestamp, the like, until described server end by all described identification codes and described timestamp record in escape controller, described escape controller is sent to described client by the most described server end.
Fig. 4 shows the decryption method of client.This decryption method comprises the following steps: that client utilizes described private cipher key to decipher the described licence through encryption received and obtains described initial encryption key, as the initial solution decryption key of described client;Described initial solution decryption key is decrypted by the authorization key received by the utilization of described client, thus obtains hardware ID information, and the hardware ID information of the hardware ID information obtained by deciphering with their own is compared to each other by described client;nullIf the hardware ID information of described client matches each other with the hardware ID information obtained by deciphering described initial solution decryption key,The most described client utilizes described initial solution decryption key to perform described decryption step S109,I.e.,Described escape controller provides the described identification code of described first ciphertext content blocks、Described timestamp is so that described client finds the position of described first ciphertext content blocks and described order or sequential,The most described client utilizes described initial solution decryption key to be decrypted to obtain described first content block to described first ciphertext content blocks,The most described escape controller provides the described identification code of described second ciphertext content blocks、Described timestamp is so that described client finds the position of described second ciphertext content blocks and described order or sequential,Recycle described first content block to be decrypted to obtain described second content blocks to described second ciphertext content blocks,To described first content block and the second content blocks, according to the sequence or sequential is combined,By that analogy,Recycle described second content blocks to be decrypted to obtain described 3rd content blocks to described 3rd ciphertext content blocks,And according to the sequence or sequential and described first content block and described second content blocks combination,Until all ciphertext contents are the most decrypted and according to the sequence or sequential combination,Final described client obtains the plaintext of described digital content.
Fig. 5 is escape controller model schematic diagram, it it is wherein the last place value reading each ciphertext content blocks described with described escape controller, and illustrate directly generate identification code without computing in case of, wherein A, B ..., the last place value of N representative each ciphertext content blocks described, directly combine with serial number 1,2 ..., n and constitute the identification code of each ciphertext content blocks described as position mark.Herein it is contemplated that other embodiments, such as, gather the first value, the value of ad-hoc location or multiple values of diverse location or the combination of these modes of each ciphertext content blocks.
Fig. 6 is the data packet format schematic diagram after record identification code in escape controller, timestamp, ciphertext content blocks.Wherein, timestamp is by the illustration premised on described sequential piecemeal, Data by described digital content Field represents the part depositing ciphertext content blocks, and, the storage order of identification code, timestamp and ciphertext content blocks can arbitrarily be exchanged.The position mark of each encrypted content block is recorded in escape controller, described client is made can conveniently to find the sequential of each ciphertext blocks to be easy to each ciphertext content blocks received by " split ", meanwhile, the combination of " identification code+timestamp " has also ensured the uniqueness of each ciphertext content blocks identification.
Server end according to the present invention is adapted for carrying out the method for the present invention.
Digital content is divided into multiple pieces by the method disclosed in the present and equipment utilization data cutting techniques, utilizes " information relevant with the hardware ID of client " encrypt each content blocks successively and decipher.Final encrypted digital content block transmission, even if stolen by hacker also must first analyze encryption principle after again numeral content blocks is resequenced, crack one by one, break through difficulty and significantly improve with content blocks number.In addition this method also incorporates the checking procedure of user's hardware ID, prevents illegal copies and illegal propagation further.This method utilizes hardware information binding technology to solve conventional art and only protects copyright along with decruption key is securely sent to the drawback that authorized user i.e. stops; utilizing piecemeal escape multiplexing technique to solve conventional art is static, disposable to the encryption of digital content; through once cracking, the drawback that digital content is completely exposed; achieve digital content high security in propagating overall process, prevent from illegally copying and illegally propagating, distort.
Specific embodiment described herein is only the illustration making spirit of the present invention.Described specific embodiment can be made various amendment or supplements or use similar mode to be substituted by those skilled in the art, but do not deviates by the spirit of the present invention or surmount scope defined in appended claims.

Claims (5)

1. a digital content encryption transmission method, wherein, is provided in numeral to client by server end Hold, and described server end is encrypted in numeral in the way of relevant with the hardware ID of described client Hold, it is characterised in that described digital content encryption transmission method includes successively: digital content partiting step, Initial encryption step, follow-up encrypting step, escape controller generation step and decryption step, wherein, institute State hardware ID information to include: CPU id information, hard disk reel number information, BIOS information, network interface card MAC Address, IP address or the combination of information above;
In described digital content partiting step, according to a predefined procedure or a scheduled timing by digital content It is divided into multiple content blocks;In described initial encryption step, utilize relevant with the hardware ID of client Information as initial encryption key, the first content block of encrypted digital content is to obtain the first ciphertext content Block;Continue in the rear in encrypting step, be that the second encryption key is to encrypt numeral with the first ciphertext content blocks Second content blocks of content is to obtain the second ciphertext content blocks, subsequently with the second ciphertext content blocks for Acanthopanan trifoliatus (L.) Merr. Decryption key carrys out the 3rd content blocks of encrypted digital content to obtain the 3rd ciphertext content blocks, by that analogy until Till all digital content is the most encrypted;In described escape controller generation step, by described server The described first ciphertext content blocks that end reads through encryption is specified the value of position and generates identification code, and institute State server end record corresponding to the order of described first ciphertext content blocks or sequential as timestamp, and Described server end by described identification code and described timestamp record in escape controller;By that analogy, Until described server end is by for all described identification code of each ciphertext content blocks and described timestamp Till all recording in described escape controller, described escape controller is sent by the most described server end To described client;In described decryption step, described client utilizes the described hardware ID with client Relevant information as initial solution decryption key, by the described identification code of described escape controller, described time Between stamp find the position of each ciphertext content blocks and described order or sequential, followed by described initial deciphering First ciphertext content blocks described in double secret key is decrypted to obtain described first content block, subsequently by described The described identification code of the second ciphertext content blocks, described timestamp find the position of described second ciphertext content blocks With described order or sequential utilize described first content block that described second ciphertext content blocks is decrypted To obtain described second content blocks, then to described first content block and the second content blocks according to the sequence or Sequential is combined, and recycles described second content blocks and is decrypted described 3rd ciphertext content blocks to obtain To described 3rd content blocks, and according to the sequence or sequential and described first content block and described second content Block combines, by that analogy, until all ciphertext contents are the most decrypted and according to the sequence or sequential combination, Final described client obtains the plaintext of described digital content;
Also including registration step before described digital content partiting step, wherein, described client is by it Hardware ID information is sent to described server end, hardware ID information described in described server end record, And described server end generates private cipher key and public keys, and described server end is by described private cipher key It is sent to described client, and described private cipher key and described public keys are stored in described server End;
After described registration step, before described digital content partiting step, described digital content is encrypted Transfer approach also includes service request steps, and wherein, described client utilizes described private cipher key to encrypt Service request information, described service request information includes the hardware ID information of described client and described visitor The family end request message to digital content, the most described client is by the described service request information after encryption Send to described server end;Described server end utilizes described public keys described to decipher after encryption Service request information, to obtain the hardware ID information of described client and described client to digital content Request message;
After described service request steps, described digital content encryption transmission method also includes hardware ID Coupling step, wherein, obtains described client at described server end by deciphering described service request information After the hardware ID information of end and described client are to the request message of digital content, described server end pair Hardware ID information compares with the described hardware ID information stored by it.
2. digital content encryption transmission method as claimed in claim 1, it is characterised in that described firmly After part ID coupling step, described digital content encryption transmission method also includes that initial encryption key generates Step, wherein, if by described received server-side to hardware ID information pre-with described server end The hardware ID information first stored matches each other, and the most described server end generates authorization key, awards described Power key is sent to described client, and described server end to utilize described authorization key to encrypt described Hardware ID information is to obtain described initial encryption key.
3. digital content encryption transmission method as claimed in claim 1, wherein, by server end to visitor Family end provides digital content, it is characterised in that described client is come in the way of relevant with its hardware ID The digital content that deciphering is sent by described server end.
4. digital content encryption transmission method as claimed in claim 1, it is characterised in that described method Also including licence generation step, wherein, it is described that described server end utilizes described public keys to encrypt Initial encryption key thus generate licence, and described licence is sent to described client;
Described client utilizes described private cipher key to decipher the described licence through encryption received and obtains institute State initial encryption key, as the initial solution decryption key of described client.
5. digital content encryption transmission method as claimed in claim 1, it is characterised in that permitted described After can demonstrate,proving generation step, the authorization key received by the utilization of described client is close to described initial deciphering Key is decrypted, thus obtains hardware ID information, the hardware ID that described client will be obtained by deciphering Information is compared to each other with the hardware ID information of their own;If the hardware ID information of described client with The hardware ID information obtained by deciphering described initial solution decryption key matches each other, then described client Described initial solution decryption key is utilized to perform described decryption step.
CN201310101413.4A 2010-10-25 2010-10-25 Digital content encryption transmission method and server end Expired - Fee Related CN103237011B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201310101413.4A CN103237011B (en) 2010-10-25 2010-10-25 Digital content encryption transmission method and server end
CN 201010518019 CN101977190B (en) 2010-10-25 2010-10-25 Digital content encryption transmission method and server side

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310101413.4A CN103237011B (en) 2010-10-25 2010-10-25 Digital content encryption transmission method and server end

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN 201010518019 Division CN101977190B (en) 2010-10-25 2010-10-25 Digital content encryption transmission method and server side

Publications (2)

Publication Number Publication Date
CN103237011A CN103237011A (en) 2013-08-07
CN103237011B true CN103237011B (en) 2016-12-28

Family

ID=48885028

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310101413.4A Expired - Fee Related CN103237011B (en) 2010-10-25 2010-10-25 Digital content encryption transmission method and server end

Country Status (1)

Country Link
CN (1) CN103237011B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103716330B (en) * 2014-01-03 2017-07-04 网易(杭州)网络有限公司 A kind of digital content encryption and decryption method and equipment
CN103945283B (en) * 2014-04-02 2017-10-10 网易(杭州)网络有限公司 A kind of digital content protection method and equipment
CN106788983B (en) * 2017-03-01 2020-07-10 北京同有飞骥科技股份有限公司 Communication data encryption method and device based on client/server mode
CN108718313A (en) * 2018-05-31 2018-10-30 深圳市文鼎创数据科技有限公司 Application of software data uses method, terminal device and server safely
CN108683747B (en) * 2018-06-11 2020-11-27 华为技术有限公司 Resource obtaining, distributing and downloading method, device, equipment and storage medium
CN109151507B (en) * 2018-08-08 2021-06-11 武汉市风奥科技股份有限公司 Video playing system and method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN2847708Y (en) * 2006-04-30 2006-12-13 中国工商银行股份有限公司 Enciphering and deciphering safety system for key data using feature code
CN1909443A (en) * 2005-08-02 2007-02-07 三菱电机株式会社 Data distribution apparatus and data communications system
CN101325774A (en) * 2008-07-30 2008-12-17 青岛海信移动通信技术股份有限公司 Encryption/decryption method and mobile terminal thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1909443A (en) * 2005-08-02 2007-02-07 三菱电机株式会社 Data distribution apparatus and data communications system
CN2847708Y (en) * 2006-04-30 2006-12-13 中国工商银行股份有限公司 Enciphering and deciphering safety system for key data using feature code
CN101325774A (en) * 2008-07-30 2008-12-17 青岛海信移动通信技术股份有限公司 Encryption/decryption method and mobile terminal thereof

Also Published As

Publication number Publication date
CN103237011A (en) 2013-08-07

Similar Documents

Publication Publication Date Title
CN101977190B (en) Digital content encryption transmission method and server side
KR101366243B1 (en) Method for transmitting data through authenticating and apparatus therefor
JP4714402B2 (en) Secure transmission of digital data from an information source to a receiver
JP4366037B2 (en) System and method for controlling and exercising access rights to encrypted media
CN101271501B (en) Encryption and decryption method and device of digital media file
RU2504005C2 (en) Digital rights management apparatus and method
CN103237011B (en) Digital content encryption transmission method and server end
CN103237010B (en) The server end of digital content is cryptographically provided
WO2006080754A1 (en) Contents encryption method, system and method for providing contents through network using the encryption method
CN109218825B (en) Video encryption system
EP1120934B1 (en) Method and apparatus for key distribution using a key base
CN101719205A (en) Digital copyright management method and system
CN102281300A (en) digital rights management license distribution method and system, server and terminal
JP2005244534A (en) Device and method for cipher communication
US20020154772A1 (en) Copyright protection system and method thereof
CN102279908A (en) Method and system for protecting digital contents
CN101350918B (en) Method for protecting copyright of video content
JP4791425B2 (en) Method and system for performing DRM function and additional function using DRM (Digital Rights Management) device
CN105279447A (en) Method and device for data encryption, and method and device for data decryption
JP2000347566A (en) Contents administration device, contents user terminal, and computer-readable recording medium recording program thereon
KR20100114321A (en) Digital content transaction-breakdown the method thereof
CN100461199C (en) Method and device for encrypting and de-encrypting digital content
JP2002099514A (en) Digital data unauthorized use preventive method, digital data unauthorized use preventive system, registration device, distribution device, reproducing device and recording medium
US20170353745A1 (en) Secure media player
US20100241863A1 (en) Device for reproducing digital content, secure electronic entity, system comprising said elements and method for reproducing digital content

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20161228

Termination date: 20181025