CN103366101B - Provide the content to the system for numeral copyright management of intelligence memory - Google Patents
Provide the content to the system for numeral copyright management of intelligence memory Download PDFInfo
- Publication number
- CN103366101B CN103366101B CN201310123297.6A CN201310123297A CN103366101B CN 103366101 B CN103366101 B CN 103366101B CN 201310123297 A CN201310123297 A CN 201310123297A CN 103366101 B CN103366101 B CN 103366101B
- Authority
- CN
- China
- Prior art keywords
- key
- content
- storage device
- storage
- binding
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000015654 memory Effects 0.000 title description 10
- 238000003860 storage Methods 0.000 claims abstract description 161
- 230000027455 binding Effects 0.000 claims abstract description 60
- 230000007547 defect Effects 0.000 claims description 16
- 238000000151 deposition Methods 0.000 claims description 4
- 238000004519 manufacturing process Methods 0.000 claims description 4
- 238000009826 distribution Methods 0.000 abstract description 6
- 238000000034 method Methods 0.000 description 24
- 238000004891 communication Methods 0.000 description 18
- 101000896740 Solanum tuberosum Cysteine protease inhibitor 9 Proteins 0.000 description 17
- 238000007726 management method Methods 0.000 description 13
- 230000008569 process Effects 0.000 description 13
- 230000006870 function Effects 0.000 description 9
- 238000000429 assembly Methods 0.000 description 5
- 230000000712 assembly Effects 0.000 description 5
- 230000008859 change Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000001276 controlling effect Effects 0.000 description 2
- 230000000875 corresponding effect Effects 0.000 description 2
- 230000001771 impaired effect Effects 0.000 description 2
- VBMOHECZZWVLFJ-GXTUVTBFSA-N (2s)-2-[[(2s)-6-amino-2-[[(2s)-6-amino-2-[[(2s,3r)-2-[[(2s,3r)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-2-[[(2s)-2,6-diaminohexanoyl]amino]-5-(diaminomethylideneamino)pentanoyl]amino]propanoyl]amino]hexanoyl]amino]propanoyl]amino]hexan Chemical compound NC(N)=NCCC[C@@H](C(O)=O)NC(=O)[C@H](CCCCN)NC(=O)[C@H](CCCCN)NC(=O)[C@H]([C@@H](C)O)NC(=O)[C@H]([C@H](O)C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCN=C(N)N)NC(=O)[C@@H](N)CCCCN VBMOHECZZWVLFJ-GXTUVTBFSA-N 0.000 description 1
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000005304 joining Methods 0.000 description 1
- 108010068904 lysyl-arginyl-alanyl-lysyl-alanyl-lysyl-threonyl-threonyl-lysyl-lysyl-arginine Proteins 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000009870 specific binding Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Abstract
The present invention relates to the digital copyright management (DRM) for the content that can provide to storage device.Memorizer can be storage device, such as disc driver or network interconnection system memorizer.Additionally, storage device is able to carry out cryptographic operation and provides root of trust.In one embodiment, DRM uses Binding key, content key and access key.Binding key bound content is to particular memory device and based on the key hidden on the storage means.But, Binding key discord content is collectively stored on storage device.Content key is by the key of such as trusted third parties distribution to content.Encrypted combination based on content key and Binding key determines access key.In one embodiment, provide content based on accessing key, and content stores in the storage device in an encrypted form.
Description
Cross-Reference to Related Applications
Patent application claims is submitted on April 10th, 2012, entitled " DIGITAL
RIGHTS MANAGEMENT SYSTEM,DEVICES,AND METHODS FOR
DIGITAL CONTENT ", the U.S. Provisional Patent Application of Application No. 61/622,312 excellent
First weigh, and and on April 30th, 2012 submit to, entitled " DIGITAL RIGHTS
MANAGEMENT SYSTEM,DEVICES AND METHODS FOR BINDING
CONTENT TO AN INTELLIGENT STORAGE DEVICE ", Application No.
The U.S. Patent application of 13/460,604, and submit on April 30th, 2012, entitled
“DIGITAL RIGHTS MANAGEMENT SYSTEM AND METHODS FOR
ACCESSING CONTENT FROM AN INTELLIGENT STORAGE ", Shen
Please number be 13/460,616 U.S. Patent application be correlated with, their full content is incorporated by reference into
Herein.
Technical field
Present patent application relates to digital copyright management, more particularly relates to download to storage
The system for numeral copyright management of the content of device and method.
Background technology
Many different digital copyright managements (" DRM ") have been suggested and at various platforms
Upper enforcement.Generally, DRM refers to the technology of the use for controlling digital content and device.Such as,
DRM is usually used in preventing the unauthorized copying of digital content.
Nowadays, exist and diversified user can be made to replicate and distribute digital content, the most
Through downloading or be stored in the calculating device of the storage device such as content on hard disk.And, up to now
All there are security breaches and be avoided in most of DRM system.Unfortunately, due to it is current
These leaks of DRM system, content companies limits their offering or employ and is difficult to
The DRM system used.
Summary of the invention
The present invention provides a kind of system for numeral copyright management, and described system includes: storage device, its
Including being configured for storing the storage medium of content and including the storage dress of hardware encryption processor
Putting controller, wherein said hardware encryption processor is configured generation and stores unique number, from institute
State storage medium and read defect information, and in described defect information, perform cryptographic operation to obtain
The described distinctive number of defects of storage device, stores the number of defects obtained on said storage,
On described unique number and described distinctive number of defects, execution cryptographic operation is to generate Binding key,
And provide described Binding key to content downloading server;Content key server, it is configured
Inwardly hold load servers supplying content key;Content downloading server, it is configured at least
From the Binding key storing device reception and hold from the content key that content key server receives
Row cryptographic operation, accesses key to generate, with in the encryption at least partly of the most described access key
Hold, provide the content of encryption to described storage device, it is provided that connect from described content key server
The described content key received;And media player, it is configured and receives from described storage device
Binding key and content key, on described Binding key and content key perform cryptographic operation with
Generate described access key, and based on described access secret key decryption from the institute of described storage device
State content.
Accompanying drawing explanation
Referring now to the following drawings, the system and method embodying the various feature of the present invention is retouched
State, wherein:
Fig. 1 illustrates the demonstration system according to an embodiment;
Fig. 2 illustrates demonstration auditing system according to an embodiment;
Fig. 3 illustrates exemplary download system according to an embodiment;
Fig. 4 illustrates Example client end system according to an embodiment;
Fig. 5 illustrates exemplary storage device according to an embodiment;
Fig. 6 illustrates the Binding key of generation bound content extremely storage device according to an embodiment
Demonstration program flow process;
Fig. 7 illustrates according to an embodiment provides the demonstration program flow process of content to storage device;
Fig. 8 illustrates the demonstration program flow process playing content according to an embodiment.
Detailed description of the invention
In one embodiment, digital content can be provided that and be tied to specific device, such as stores
Device.Digital copyright management (" DRM ") method and system is provided to be used for the controlled of digital content
Distribution and playback.Digital content can include content itself and metadata.Content can be any known lattice
The text of formula, file, audio frequency, video, multimedia, video-game etc..Content metadata can be
For processing any data relevant to this content or the information of content.Can use content metadata with
The digital content providing safety processes, and provides DRM protection.Content metadata may also comprise one
Individual or more multi-digital certificate.
Such as, it is provided that the server of content can each copy of encrypted content, this encryption is based on right
The access key of this copy uniqueness of content.Therefore, if accessing Key Exposure, the most only content
The protection of one copy is impaired.In another embodiment, asymmetric adding can be used for protection content
Close.In one embodiment, the content of encryption can be only text, file, audio frequency, video,
A part for multimedia etc. or some.
It addition, configuration based on access key, content can be tied to concrete device uniquely, such as intelligence
Device can be stored.Such as, the access key of content is generated from least two assembly.First assembly is
Binding key, it is unique to storing the storage device of content above.In one embodiment,
Utilizing random number or input this and count at random in key generator, storage device can generate Binding key.
Second assembly is the content key that content is distinctive or unique to content.In one embodiment, use
Can be embodied as can permitting or renewable function in generating the algorithm accessing key.
In one embodiment, digital content can be based on encryption key, such as content key, by safety
Access.Additionally, in one embodiment, only provide to generate based on two assemblies to some entity and visit
Ask the algorithm of key.Such as, the storage device of storage content does not retain any multiple of its Binding key
Part, does not the most have and generates the algorithm accessing key.Generate Binding key algorithm can be can permit or
Renewable.
In one embodiment, employ two-way authentication, such as, utilize PKIX (" PKI ")
Guarantee that the entity in system is trust with certification based on public key certificate.Various groups of system
Part, such as storage device, can be intelligence, and it is thus possible to two-way authentication each other, this is in existing skill
Art is impossible.Such as, storage device and player or download server can be recognized each other
Card.The certification of this form guarantees that storing device confirms and the trusting relationship of player, and vice versa.
Conventional DVD and Blu-ray Disc do not comprise certification or set up trust with player or download server
This parts of relation.Therefore PKI provides an environment, and wherein the entity of DRM system is registrable
Its identity also sets up trust each other.
In one embodiment, digital content can be provided that and be tied to specific device, such as storage dress
Put.In one embodiment, the entity of DRM system uses public key certificate, it is, prove it
The digital certificate of identity, and determine the mandate of the various uses of its content.In another embodiment,
Trusted parties management certification authority (" CA ") is to supervise PKI and digital certificate.Additionally,
Can be supplied to multiple ranks of CA in any embodiment.
Can be from one or more of CA to all device certificate of DRM system.If needed
, an embodiment could dictate that the whole of certificate of entity cancel.As it has been described above, can be in inter-entity
Use two-way mutual authentication, to set up the secure communication channel for exchange and allocation contents.Also may be used
Digital certificate is issued to each content.This allows content to play when determining device whether trusted to make
With.
Certain embodiments of the present invention will be described now.These embodiments are only with example
Form illustrates, and is not intended to limit the scope of the present invention.Really, new method described herein and
System can embody with other forms various.Additionally, can be to the shape of method and system described herein
Formula makes various omissions, substitutions and changes, without departing from the spirit of the present invention.For illustrating
Embodiment, referring now to accompanying drawing.
Fig. 1 illustrates the demonstration system 100 of an embodiment.As directed, system 100 can include,
Inter alia, auditing system 102, download system 104, FTP client FTP 106 and network
108.These assemblies and its some aspect operated will be made and being further described now.
Auditing system 102 is as the trusted parties of system 100.Additionally, auditing system 102 can
There is provided and the distribution of content within system 100 and relevant various management functions of resetting.At one
In embodiment, auditing system 102 is verified and proves that encryption key is the PKI used in system 100
A part.With reference to Fig. 2, auditing system 102 is made further description.
Download system 104 includes the hardware and software component for allocation contents within system 100.
In one embodiment, download system 104 includes website, and it includes the link to content.Under
Loading system 104 also can provide and link to allow the affairs with auditing system 102, as taken to key
Business device and the link of certification authority.With reference to Fig. 3, download system 104 is retouched further
State.
FTP client FTP 106 can by for access system 100 any device of offer content.Example
As, FTP client FTP 106 can include computer, television set, portable or mobile device, video
The memorizer of game console, portable video game console and association.Any can download,
The device of storage or broadcasting content can implement the part as FTP client FTP 106.Such as, client
End system 106 can include desk computer, laptop computer, tablet PC, smart phone,
Television set, digital video recorder, Set Top Box, video game console or Portable video-game
Control station, or the electronic installation of other form.FTP client FTP 106 may also comprise wired and/or nothing
Gauze network and memorizer, as network interconnection system stores (" NAS ") or peripheral driver.Implement
Example can be effective to any type of storage device, such as solid-state and flash memories.With reference to Fig. 4 to visitor
Family end system 106 further describes.
Network 108 provides the communications infrastructure, and the various assemblies of system 100 are communicated by it.
Network 108 can include any set of network and network element.Such as, can implement on the Internet
Network 108.But, network 108 can include any LAN, Metropolitan Area Network (MAN) or wide area network, and can make
Implement for dedicated network, public network etc..Therefore, network 108 can include wired or wireless communication
Link.
System 100 can support to download and play several situations of content.Such as, content can pass through net
Network 108 downloads to portable memory from FTP client FTP 106.Then, by from storage
Device stream content, content can be play on replay device, such as Blu-ray player, game control
Platform processed, television set.As another example, replay device can include integrated storage device, its
Download and playback for content.As another service condition, content can download in client
NAS system in system 106.
But another enforcement can include FTP client FTP 106, it has the storage dress of bound content
Put or media player.Then, the user of FTP client FTP 106 can Remote Access Content and move
Play on dynamic device, such as iPad, iPod, iPhone, portable video game console, as portable
Formula PlayStationOr Nintendo DS etc., it is by WiFi, 3G, 4G or other communication
Secure connection on channel, such as wireless connections, is connected to store device or media player.It is being
In another enforcement of system 100, FTP client FTP 106 includes as by bluetooth or WiFi or similar
Communication system can the portable memory of accessing wirelessly or media player.FTP client FTP 106
In portable memory or media player therefore can as in FTP client FTP 106 for
Portable and enable network check the source of content reset on device.
Fig. 2 illustrates the demonstration auditing system of embodiment.As directed, auditing system 102 can wrap
Include key server 200, key database 202 and certification authority 204.
Key server 200 is to receive and provide the various encryption keys utilized in an embodiment
Server.Key server 200 may utilize known hardware and software is implemented.In one embodiment,
Key server 200 distributes key as part number certificate.Digital certificate can comprise key and have
Close the proprietary information of key.Key server 200 can provide the certificate of known format, as
X.509, PKCS, OpenPGP etc..
Key database 202 stores key and other relevant information of key server 200 use.
Key database 202 may utilize given data base management system such as Oracle, DB2, Microsoft
SQL, PostgreSQL and MySQL implement.
Certification authority (or CA) 204 issues digital certificate for system 100.It can be system
Each trusted parties customization certificate format and content in 100.Additionally, in one embodiment,
Each content can have trusted parties certificate as its part metadata.Certificate allows and content is closed
It is credible whether the player in the independently determined FTP client FTP of software 106 of connection is try to access
The content appointed.Such as, if the player in FTP client FTP 106 is not trusted, in association
The software held can limit player and access in high-resolution perhaps other parts content.In system 100
In, any trusted parties the most revocable all certificates, cancel some certificate or certificate
Some part.
In one embodiment, PKIX (PKI) is used for certificate signature.Such as, it is being
In system 100, PKI is used in FTP client FTP 106 during device authentication, and for depositing
Secure communication channel is set up between storage device, download system 104 or replay device.An embodiment
In, in system 100, various inter-entity use two-way authentication.Such as, storage device can be intelligence dress
Putting, it is configured and carries out effective certification, and based on full bi-directional certification foundation and replay device or under
Carry the trusting relationship of server 104.
The inter-entity of system 100, the available unique security parameter of each secured session.Such as,
Session key, session id, initialization vector (" IV "), message authentication code based on hash
(" HMAC ") key can be distinctive to each session.In one embodiment, it is
System 100 utilization is based on the shielded secure communication channel of symmetric cryptography.In another embodiment,
System 100 may utilize PKI and sets up safe lane.
Fig. 3 illustrates the exemplary download system of embodiment.As directed, download system 104 can wrap
Include download server 300 and content data base 302.
Download server 300 pays content for system 100, such as, to FTP client FTP 106.
In one embodiment, download server 30 access that may originate from Binding key and content key
Key encrypted content.Below Binding key and content key are made and further describing.
As directed, download server 300 can include the webserver, and it provides various webpages
306 to FTP client FTP 106, so that the content in content data base 302 may have access to.?
In one embodiment, in order to provide content, download server 200 provides has a lot of webpage 306
One or more website.
In one embodiment, every part of copy of content is all unique encryption.Can unique encrypt
Content is overall, or can some part of unique encrypted content.Therefore, if in one perhaps its
Access encryption the most impaired, then infringement is only limited to this content.As described further below,
Only download server 300 and player has the algorithm generating access key.Additionally, as above
Described, generate access key algorithm can be can be allowed can or renewable function.
Content data base 302 stores the relevant letter that content, content metadata and download server provide
Breath.There is provided storage and access infrastructure to provide content item.This data base management system is to this
Skilled person is known.
Content supplier 304 is conceptive represents content source.Such as, content supplier 304 can represent
Other data base or content store, content delivery network etc..Arbitrary content source may be included in arbitrarily
In embodiment.
Fig. 4 illustrates the Example client end system 106 of embodiment.The misgivings of many content suppliers
For, in FTP client FTP, player based on software is considered to have high security risk, because its
It is prone to amendment and hacker attack.One benefit of embodiment is that FTP client FTP 106 includes
There is the device of hardware root of trust.Hardware root of trust in device includes safe encryption hardware,
It enables content to reset, and resets and is based not only on software, but utilizes in hardware root of trust and carry
The encryption hardware of confession.
Such as, in one embodiment, media player can include specialized hardware cryptographic processing circuit
Cryptographic boundary with the safety storage performing safety calculating and crucial encryption parameter.As another example
Son, network interconnection system storage (" NAS ") controller can include can as root of trust special firmly
Part.Therefore, an embodiment can provide the safety being capable of content to download, and the safety of content is deposited
The secure DRM systems of the secure playback of storage and content.
As will be described further, FTP client FTP 106 includes smart storage device, and it has bag
Include the hardware root of trust controller 408 as the part of encryption processing module 409.In an embodiment,
Encryption processing module 409 separates with other controller function.Asymmetric and symmetric key in plain text
Access is limited to encrypting module 409.In this embodiment, asymmetric and symmetric key can be at encryption mould
Block 409 generates.The DRM of system 100 uses public private key pair.Any it is stored in encryption mould
Key outside block is password-protected.Because asymmetric and symmetric key is at encrypting module 409
In, so assailant is difficult to obtain private key.This allows the PKI of safety to be embodied as system 100
The part of DRM.In another embodiment, various keys or encryption data can be injected or safety
Be stored in storage device 402 on.Such as, in the manufacturing environment of safety, one or more
Key is injected into storing on device 402.
In one embodiment, encrypting module 409 is for generating extra in its border safely
Key.Such as, encrypting module 409 can be configured generation for bound content to storage device 402
Binding key.Encrypting module 409 may also comprise safety information digital signature and stored
In non-secure with to safety information digital signature and encrypt and store it in non-security
Ability in memorizer.
In an embodiment, the replay device in FTP client FTP 106, such as host apparatus 400, also
Can be by certification authority 204 to its certificate.Host apparatus 400 can be, such as, and meter
Calculate mechanical, electrical regarding machine, portable or mobile device, video game console, portable video trip
Play control station.This certificate is storable in what the processor of player cannot access in one embodiment
Safety zone.In another embodiment, such as, the player run on host apparatus can be
Anywhere Store Credentials, e.g., in the user area or other insecure area of storage device 402.
Replay device can in an encrypted form or protected form Store Credentials, as with digital signature.When
When player and storage device 402 perform certification, the encrypting module in two devices would is that can
Access secure data with perform certification and set up secure communication channel sole entity.
But, in one embodiment, content and content metadata do not provide for accessing content
Access key.On the contrary, once set up safe communication channel, replay device is (as main frame fills
Put 400) binding and content key will be asked to storage device 402.Respond this request, then deposit
Storage device 402 can send binding and content key to player so that it can generate access key.
Access key to be used for deciphering and showing content.It will be appreciated by persons skilled in the art that by utilizing this
A little Security Encryption module are used for safety-related communication and security parameter, content metadata (such as binding
And content key) and the process of key, the DRM of system 100 is more difficult to attack than existing system
Hit and damage.
As directed, host apparatus 400 can include, among other things, and processor 404, main frame
Encrypting module 405 and output device 406.These assemblies of host apparatus 404 will be made now
Further describe.
Processor 404 includes hardware, for performing to instruct the instruction of the operation of host apparatus 400.
This processor is known to the skilled person.
Main frame encrypting module 405 includes the hardware for performing cryptographic operation for host apparatus.Additionally,
Main frame encrypting module 405 may utilize various safety measure packed or embed with opposing distort.
Output device 406 represents any device intending to export content.Such as, output device 406
Display, audio tweeter etc. can be included.This output device is many institutes to those skilled in the art
Known.
Storage device 402 can include, among other things, and controller 408, encrypting module 409 and
Storage medium 410.Further describe these assemblies storing device 402 are made now.
Controller 408 includes controlling the operation of storage device 402 and being capable of and host apparatus 400
The hardware of communication and firmware.The available known hardware of controller 408 and assembly are implemented.
Encrypting module 409 can be that storage device 402 provides foundation of trust, such as hardware root of trust.?
In one embodiment, encrypting module 409 is secure crypto processor, and it is configured, and execution is various to be added
Close operation.In one embodiment, encrypting module 409 can be embodied as outside SOC(system on a chip), its profit
With various safety measures packed in case or detection distort.In another embodiment, encrypting module
409 can be embodied as the part in another SOC(system on a chip) or be embedded, or are embodied as utilizing various peace
Other hardware that full measure encapsulation is distorted with detection or opposing.Encrypting module can with other sheet on be
System (" SoC ") function is isolated or does not isolates.
Storage medium 410 refers to store device 402 for storing the physical medium of information.At one
In embodiment, storage medium 410 can include magnetic medium, optical medium, semiconductor medium, as
Flash memory etc..Storage medium 410 can include the combination in any of these media in one embodiment.
Fig. 5 illustrates the exemplary storage device 402 of embodiment further.As it can be seen, encrypting module
409 can include protected storage 502.Additionally, storage medium 410 can include user area 504
With non-user region 506.
Protected storage 502 provides the DRM that safety zone provides about system 100 with storage
Sensitive information, such as content metadata.In one embodiment, protected storage 502 is embodied as
Disposable programmable non-volatile memory (" OTP NVM ").As OTP NVM, it is subject to
Protection memorizer 502 is programmed once only and is difficult to change.Additionally, protected storage 502
May also comprise one or more memorizer, as ROM (read only memory), static RAM (with
Machine access memorizer) and dynamic ram.
As for user area 504, this region of storage medium 410 is provided as host apparatus
400 addressable memory spaces.Such as, user area 504 can according to by host apparatus 400
The LBA (LBA) used is addressable.
Storage device 402 can be configured the subregion included in shielded user's space 504.The most just
It is that the independent key that available encrypting module 409 generates encrypts the data in this subregion.Only permitted
Can the download client of certification or player (player as run in host computer system 400) visit
Ask this subregion.In one embodiment, from this subregion all in user's space 504 or certain
A little data can only be sent by the authenticated channel of safety.
This subregion of user's space 504 can be used for, such as, and additional content metadata file and having
The information of the DRM of pass system 100.Actual content itself can be the most in an encrypted form from downloading clothes
Business device 300 sends or sends the player to FTP client FTP 106, and therefore content is storable in
In user's space 504.
As it can be seen, storage device 402 may also comprise non-user region 506.Non-user region 506
Reserved area for the storage medium 410 that main frame 400 cannot directly access.Such as, non-user region
506 can refer to the region that host computer system 400 cannot address.In one embodiment, non-user region
506 and be preserved for being used by controller 408 and encrypting module 409, such as, with storage have relation
The various sensitive informations of the DRM of system 100, such as content metadata information.
In one embodiment, encrypting module 409 can produce new safe key, and allows storage dress
Putting 402 is the safe unique disk encryption key of special partitioned area generation of medium, and this divides especially
Region is in user LBA space, as invisible in non-user region 506.Utilize this key, add
Therefore close module 409 can encrypt and write all data to this non-user region 506.
Non-user region 506 can be used for storing the security metadata of the DRM about system 100.
This metadata can include, such as, and certificate, key file, license file etc..Such as, storage dress
Put 402 and will there is the certificate being presented to it from certification authority 204.This certificate is storable in this
In individual non-user region 506, and key will be utilized to encrypt for this region.This by binding certificate to depositing
Storage device 402.Therefore, if clone's copy of driver is manufactured in some way, then clone
Body will not include the encryption key for non-user region 506, and therefore, be stored in this region
In data cannot be properly decrypt.Alternatively, safety-critical parameter, as key, certificate or
Other object, can be separately secured protection and store storage medium.
Therefore, in one embodiment, in order to access content, controller 408 and record medium 410
Cannot be separated from each other and work.It is, the complete copy of controller 408 or medium 410 is independent
To be not enough to access content.
Fig. 6 illustrates the demonstration program flow process generating the bound content extremely Binding key of storage device.?
In one embodiment, utilize random number and input this and count at random in key generator, storing device
402 can generate Binding key.Key generator can be at storage device 402 or storage device 402
Nextport hardware component NextPort in run software.In one embodiment, Binding key is made up of two parts.
In one embodiment, Part I defect list based on storage device.Part II is based on depositing
The key that on storage device, encrypting module is hidden.For protecting Binding key, in Binding key discord perhaps
Content metadata is collectively stored in storage device 402.On the contrary, the part of Binding key is point
Do not store.Additionally, in one embodiment, Binding key generates as temporary key, and
Therefore, the most just calculated by storage device 402.This method also includes renewable function
Ability.As it has been described above, Binding key can be that each storage device is peculiar or a class device is peculiar
, such as same type of device etc..
As it can be seen, first, storage device 402 be prompted to determine or identify about himself
Specific characteristic.Such as, storage device 402 can determine that or identify defect list 600.A reality
Execute in example, the P-row of the defect being present on storage medium 410 during the corresponding manufacture of defect list 600
Table or list (time-zero list) when zero.Certainly, in other embodiments, specific characteristic can source
From or derive from storage device 402 other parts.
Second, encrypting module 409 encryption defect list 600 also generates unique identifier
602.Such as, encrypting module 409 can calculate the hash of the information from defect list 600.This
Outward, encrypting module 409 can be to unique identifiers 602 digital signature.Alternatively, can be by utilizing
Random number generator generates the storage distinctive random number of device, generates unique identifiers.Such as, add
Close module 409 can include random number generator, and it is the physical unit in encrypting module 409 or group
Part or the software run in encrypting module 409.Alternatively, random number generator can be independent
Software or on the storage means 402 run hardware unit.
3rd, encrypting module 409 can store unique identifiers 602 in safety zone.Such as,
As it can be seen, encrypting module 409 also can store the uniqueness of encipherment protection in non-user region 506
Identifier 602.
4th, encrypting module 409 can generate hiding key 604.In one embodiment, close
Key 604 is hiding, because it does not stores together with other guide metadata, and is stored in being subject to
In the memorizer 502 of protection.Encrypting module 409 can generate one or one group of multiple secrete key
604.Therefore, if a leakage in these keys, encrypting module 409 can switch in group
Next key.If employing all keys, or it is undesirable that produce or storage key group,
So encrypting module 409 can generate new secrete key 604 according to request.It is noted that control
Device 408 can be configured which content of tracking is bound to which key.
Based on unique identifiers 602 and secrete key 604, it is close that storage device 402 can generate binding
Key 606, it is derived from the information provided by controller 408 and the specific characteristic of storage medium 410.
In one embodiment, encrypting module 409 generates Binding key 606 temporarily.
Content-encrypt is tied to store device 402 by Binding key 606.Such as, Binding key 606
Can be sent in download system 104 by secure communication channel as the part of the metadata of content
Download server 300.Then, download server 300 may utilize Binding key as being used for adding
The assembly accessing key of close content.
Also the player of certification can be made can to obtain Binding key by safe lane in the suitable time
606, to use during the playback of content.Such as, storing unit 402 may be configured with special life
Order, is just received when it is only certified when dispensing device and is communicated by safe lane.
Based on Binding key 606, because the secrete key in storage device is unique and safely
It is stored in the protected storage 502 of encrypting module 409 and cannot replicate or be cloned into another
Driver, even if so completing the accurate bitwise copy of integral medium 410, the medium of clone is also
Will be unable to for showing content.
Fig. 7 illustrates the exemplary process flow process to storage device provisioning content.In this embodiment,
Defeasibility and recyclability are the attributes of DRM system.As extra security system assembly,
The process flow illustrated can include various recyclability feature.Such as, key can be eliminated or in advance
The random key generated can be used together with safety distribution algorithm, and this safety distribution algorithm is in time
Change and change or utilize multiple in a random basis for each content provided to storage device 402
Key.Such as, embodiment may utilize be applicable to all players update file tokenized.
In one embodiment, process relates to the offer of content and content metadata, such as Binding key
And content key.Other metadata, as digital certificate etc. is also provided as the part of embodiment.
As it can be seen, first, storage device 402 and download server 300 set up safety to each other
Communication channel.Such as, download server 300 and storage device 402 can use PKI to set up peace
Full communication channel.Specifically, main frame 400 can ask certificate to storage device 402.Storage device
Its certificate of 402 retrievals, such as, from its non-user region 506 medium 510.Then,
Storage device 402 can dispensing device session id and its certificate.Certificate includes its PKI;
PublicDevice。
In one embodiment, certificate examined by main frame 400 (not shown in Fig. 7).Such as, main
Machine 400 can check the signature on certificate.Main frame 400 also can check its revocation list with guarantee from
The certificate of storage device 402 is not revoked.Alternatively, main frame 400 can by network 108 with
Auditing system 102 and certification authority 204 communicate, to examine certificate and to check certificate
Cancel state.
Then, main frame 400 does to storage device 402 by sending host session ID and its certificate
Going out to respond, its certificate includes its PKI PublicHost.Storage device 402 is examined host credentials and examines
Look into signature.Storage device 402 also can check himself revocation list with guarantee main frame 400 not by
Cancel.
Then, main frame 400 can be to storage device 402 queued session key.As response, in reality
Executing in example, storage device 402 uses PublicHostEncryption random session key, chance device initialize
Vector (" IV ") and chance device message authentication code (" HMAC ") key based on hash,
And send it to main frame 400.
Private used by main frame 400HostDecryption information, with recovery device session key, device IV and
Device HMAC key.Public used by main frame 400DeviceEncryption random host session key, with
Machine host IV and random host HMAC, and send this information to storage device 402.Then,
Storage device 402 uses PrivateDeviceDecipher this information, with recover main frame 400 session key,
Main frame IV and main frame HMAC key.
Main frame 400 also available apparatus session key is cross-examined at random, and sends it to storing device
402.Storage device 402 device session key deciphering main frame is cross-examined at random, and then uses main frame
Session key main frame is cross-examined at random, and this information is sent back main frame 400.Main frame 400
Cross-examine at random with host session secret key decryption main frame, and confirm it and be originally sent to store device
The content of 402 matches.This proves that storage device 402 is known corresponding to sending with its device certificate
The private key of PKI.
For further confirming that, main frame 400 can ask to cross-examine at random to storage device 402.Storage dress
Put 402 to cross-examine at random by host session cipher key encryption means, and send this information to main frame 400.
Then, main frame 400 host session cipher key decryp-tion means is cross-examined at random, and uses device session key
Encryption device is cross-examined at random, and this information sends back storage device 402.Storage device dress
Put session key deciphering device to cross-examine at random, and confirm itself and the content being originally sent to main frame 400
Match.This proves main frame 400 and so knows that correspond to the PKI sent with the certificate of main frame 400
Private key.
In one embodiment, storage device 402 can use AES encryption and host session key and
Main frame IV, for the security message to main frame 400.Main frame 400 be used as AES encryption with
Device session key and device IV, for the security message to storage device 402.
Once having built up secured session, session communication may utilize asymmetric or symmetric algorithm to be implemented.
In one embodiment, each safety information can include the head with serial number and message-length,
The body message AES encrypted with suitable session key and IV, and there is source body
The foot of SHA-256HMAC.In another embodiment, session communication adds based on asymmetric
Close foundation, and be then based on symmetric cryptography and be protected.Such as, once have built up secured session,
Session communication can be implemented based on symmetric cryptography, as having session key and setting up the AES encryption of IV
Decipher with AES.Each security message can include the head with serial number and message-length, with conjunction
Suitable session key and the body message AES of IV encryption, and there is the SHA-256 of source body
The foot of HMAC.In another embodiment, it is possible to use asymmetric encryption is with during session
The protection traffic.
Second, owing to establishing safe lane, download server 300 please to storage device 402
Seek Binding key.Specifically, download server 300 can send a message to deposit by safe lane
Storage device 402.As it has been described above, in one embodiment, Binding key 606 is initially not exist
In the metadata of content, and generate when needed.
3rd, storage device 402 generates Binding key 606.Specifically, encrypting module 409
Binding key 606 is generated based on unique secret key 602 and secrete key 604.
In one embodiment, encrypting module 409 uses one-way Hash algorithm or superencipherment mark
Accurate (AES) algorithm generates Binding key, Kb, wherein:
Kb=F (Kroot, IDm)
Wherein, F is one-way function,
Kroot is the key that encrypting module 409 generates, it is, secrete key 604,
IDm is unique media identification symbolic code of distribution in the manufacture process of storage device 402,
Such as unique identifiers 602.
Alternatively, encrypting module 409 may utilize random number, as from random number generator with
Machine number, and input this count at random in key generator generate Binding key.Key generator can
For the software in encrypting module 409 or nextport hardware component NextPort.
4th, download server 300 is in key server 200 request is used for protecting content
Hold key.Can be by various method allocation contents keys to content.Such as, key server 200
The distinctive content key of each content 700 can be distributed.In one embodiment, content key 700
Part metadata as content provides, and is stored on storage device 402.When sending to main
During machine 400, content key 700 can encrypted be protected.
5th, key server 200 provides content key 700 to download server 300.Tool
Body, key server 200 can set up safe lane with download server 300, such as, and base
In PKI.
6th, download server 300 generates based on Binding key 606 and content key 700 and visits
Ask key 706.Specifically, download server 300 can use unique algorithm to tie up to encrypt combination
Determine key 606 and content key 700, and generate access key 706, such as, dissipate based on unidirectional
Row algorithm.Unique algorithm can some entity to system 100 be only known, such as download service
The replay device of trust in device 300 and FTP client FTP 106.Algorithm can be can be allowed can or
Renewable function.Additionally, one or more algorithm can be by the security metadata of content
Field or part are transferred to the trusted components FTP client FTP 106 from download server 300.
Such as, one group of polyalgorithm can initially be configured or set up the trust group of FTP client FTP 106
In part.Then, download server 300 can provide pointer in the security metadata of content or refer to
Show device, indicate the algorithm groups used when generating and accessing key.
In one embodiment, access key 706, not included in content metadata, is not deposited
Storage is in download server 300.Such as, instead, download server 300 can be through joining
Put interim generation and access key 706.Alternatively, the information being used for generating access key 706 can
It is archived to safety long-distance memorizer by download server 300.Such as, auditing system 102 can be made
For for safety storage Binding key 606 and/or the safe thesaurus of content key 700.
7th, download server 300 provides content key 700 to storage device 402.Then,
Storage device 402 stores content key 700 safely.Such as, storage device 402 can store
Content key 700 is in non-user region 506.
8th, download server 300 by content 702 be completely or partially encrypted to encrypt in
Hold 704.Such as, download server 300 can use AES encryption, with based on accessing key 706
Encrypted content 702.
9th, download server 300 provides encrypted content 704 to storage device 402.Storage
Then device 402 can store encrypted content 704, such as, in its user area 504.
Fig. 8 illustrates the demonstration program flow process for playing content.As it can be seen, first, main frame system
System 400 and storage device 402 can set up secure communication channel to each other.For brevity, above
The example setting up safe lane based on PKI is provided with reference to Fig. 7.In one embodiment, deposit
Storage device 402 will assess digital certificate and the player certificate of content, to determine that player is suitable for connecing
Receive content and/or content metadata.
Second, host computer system 400 asks Binding key 606 to storage device 402, because its
Not in content metadata.It should be noted that in one embodiment, store device 402
Do not retain Binding key 606.In another embodiment, host computer system 400 is asked for wanting
The specific Binding key of content 606 play.If it is required, this feature allows, such as,
Storage device 402 uses the different algorithms for generating Binding key 606.The algorithm used
Can be depending on various standard, such as the concrete item of content, content type, content source, the answering of content
Number of packages mesh, is used for recovering, stealing detection etc..
Correspondingly, the 3rd, storage device 112 generates Binding key 606 temporarily.Specifically,
As it has been described above, encrypting module 409 is based on secrete key 604 and the encryption of unique identifiers 602
In conjunction with generating Binding key 606.Once generating, storage device 112 can transmit Binding key 606
To host computer system 400.
4th, host computer system 400 is to storage device 112 request content key 700.A reality
Executing in example, content key 700 can be from being stored in storage device 402 in non-user region 506
Content metadata is fetched.Host computer system 400 can be asked such as content designator etc. based on various parameters
Content key 700.
5th, storage device 402 provides content key 700 to host computer system 400.Such as,
Storage device 402 may have access to non-user region 506 transferring content key 700 to host computer system
400.When fetching content key 700, encrypting module 409 can need to perform various cryptographic function,
Such as deciphering, digital signature checked etc..
6th, for deciphering content, host computer system 400 generates and accesses key 706.Specifically,
Encrypting module 405 encryption based on Binding key 606 and content key 700 of main frame combines raw
Become to access key 706.With being only known unique algorithm programming encryption mould in encrypting module 405
Block 405.Such as, encrypting module 405 can include comprising OTP NVM, and it is close with producing access
The arithmetic programming of key 706.This feature allows, and among other things, accesses key 706 essence
On not in content metadata.
7th, storage device 402 provides encrypted content 704 to host computer system 400.At one
In embodiment, storage device 402 makes encrypted content 704 be streamed to host computer system 400.
8th, host computer system 400 cryptographically processes encrypted content 704, thus with non-encrypted
Mode recovers content 702.As it has been described above, in one embodiment, content utilizes and accesses key
706 are encrypted based on symmetric cryptography such as AES128.Once it is in decoding or unencrypted shape
Formula, then the exportable content of host computer system 400 702 is to output 406.It should be noted that
Host computer system 400 can re-encrypted for delivery to output 406 content.Such as, if defeated
Go out 406 for HDMI (" HDMI ") device, then main frame 400 can
Utilize HDCP (" the HDCP ") encryption specified at present for HDMI device
Re-encrypted content, and with the form transferring content of this safety.In one embodiment, main
Machine 400 can decipher content, and followed by the transmission cryptographic protocol of safety, in high bandwidth numeral
Hold protection agreement (HDCP), re-encrypted content, and export the content of re-encrypted to display
Device, such as television set, monitor etc..In another embodiment, content deciphered by main frame 400,
Then utilize, such as DTCP (DTCP) re-encrypted content, and send weight
The content of new encryption is to replay device, such as television set, monitor etc..Correspondingly, an enforcement
In example, when transmitting in the inter-entity of system 100, content is always at protected form.
The feature of particular embodiments disclosed above and attribute can combine by different way, another to be formed
Outer embodiment, it is all within scope disclosed by the invention.Such as, deposit at network interconnection system
In the case of storage (NSA), NSA storage can comprise one or more storage device, and implements
Various technology (such as RAID), it causes content can spread all over multiple storage device.Include single
In the case of the NAS of driver, NAS controller can be configured, with similar side described above
Formula bound content is to the storage device of single driver.Situation at the NAS including multiple driver
Under, content can be tied to NAS subsystem rather than concrete storage device or storage medium or remove
Outside concrete storage device or storage medium.Correspondingly, NAS subsystem can comprise safe encryption
Module.In this variant of embodiment, storing for NAS, unique secret key group can be by NAS
Controller generates, and is securely stored in the safety storage of NAS.Then, it is tied to NAS
Content can be similar to manner described above perform.Therefore, even if completing the clone of driver
Copy, this driver also will be unable to use, unless it is arranged in duplicate NAS system.
This method can be used for replacing the driver damaged in NAS RAID system, guarantees driving of clone simultaneously
Dynamic device is otiose.
Although present disclose provides some embodiment and application, but to persons skilled in the art
Other embodiments obvious, including the enforcement not providing the whole feature and advantage illustrated here
Example, also in the scope of the present disclosure.Correspondingly, the scope of the present disclosure is intended only with reference to appended right
Require to limit.
Claims (8)
1. a system for numeral copyright management, described system includes:
Storage device, it includes the storage medium being configured for storing content and includes at hardware encryption
The storage controller of reason device, wherein said hardware encryption processor is configured generation and stores solely
Special number, reads defect information from described storage medium, and performs encryption behaviour in described defect information
Making to obtain the described distinctive number of defects of storage device, storage is obtained on said storage
Number of defects, performs cryptographic operation to generate binding on described unique number and described distinctive number of defects
Key, and provide described Binding key to content downloading server;
Content key server, it is configured and inwardly holds load servers supplying content key;
Content downloading server, it is configured at least from the Binding key of storage device reception with from interior
Hold and on the content key that key server receives, perform cryptographic operation, access key to generate, with extremely
Few described access key encrypts at least part of content, provides the content of encryption to described storage device,
The described content key received from described content key server is provided;And
Media player, it is configured and receives Binding key and content key from described storage device,
On described Binding key and content key, execution cryptographic operation is to generate described access key, and based on
Described access secret key decryption is from the described content of described storage device.
System the most according to claim 1, wherein said media player and described storage dress
Put and be configured to perform each other certification.
System the most according to claim 1, wherein said media player be configured and based on
Generate for the decruption key accessing described content in conjunction with described content key and described Binding key.
System the most according to claim 1, wherein said hardware encryption processor is configured generation
One group binding key.
System the most according to claim 1, wherein said hardware encryption processor is configured storage
Digital certificate for media player described in certification.
System the most according to claim 5, wherein said media player is configured to based on depositing
The digital certificate of storage is authenticated with described hardware encryption processor.
System the most according to claim 1, wherein said storage device is configured as network even
Connect formula memorizer.
System the most according to claim 1, wherein said hardware encryption processor is configured to
Secure manufacturing environment receives private key and PKI.
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US201261622312P | 2012-04-10 | 2012-04-10 | |
| US61/622,312 | 2012-04-10 | ||
| US13/460,766 US8831218B2 (en) | 2012-04-10 | 2012-04-30 | Digital rights management system and methods for provisioning content to an intelligent storage |
| US13/460,766 | 2012-04-30 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103366101A CN103366101A (en) | 2013-10-23 |
| CN103366101B true CN103366101B (en) | 2016-11-30 |
Family
ID=
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1469262A (en) * | 2002-06-24 | 2004-01-21 | 株式会社日立制作所 | Information recording regenerating system |
| CN101779209A (en) * | 2007-08-24 | 2010-07-14 | 国际商业机器公司 | Be used for protecting the system and method for the content that is stored in memory device |
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1469262A (en) * | 2002-06-24 | 2004-01-21 | 株式会社日立制作所 | Information recording regenerating system |
| CN101779209A (en) * | 2007-08-24 | 2010-07-14 | 国际商业机器公司 | Be used for protecting the system and method for the content that is stored in memory device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103440436B (en) | Access system for numeral copyright management and the method for the content from intelligence memory | |
| CN103366102B (en) | For content transmission and the system for numeral copyright management of distribution | |
| US9183357B2 (en) | Recording/reproducing system, recording medium device, and recording/reproducing device | |
| JP6119741B2 (en) | Information processing device, information storage device, server, information processing system, information processing method, and program | |
| US7296147B2 (en) | Authentication system and key registration apparatus | |
| US9721071B2 (en) | Binding of cryptographic content using unique device characteristics with server heuristics | |
| US8245031B2 (en) | Content control method using certificate revocation lists | |
| US9081726B2 (en) | Controller to be incorporated in storage medium device, storage medium device, system for manufacturing storage medium device, and method for manufacturing storage medium device | |
| US7877604B2 (en) | Proof of execution using random function | |
| US20110222691A1 (en) | Recording system, playback system, key distribution server, recording device, recording medium device, playback device, recording method, and playback method | |
| JP6026630B2 (en) | Memory system | |
| WO2011152065A1 (en) | Controller, control method, computer program, program recording medium, recording apparatus, and method of manufacturing recording apparatus | |
| KR20130056342A (en) | Secure and efficient content screening in a networked environment | |
| JP2009530917A (en) | A federated digital rights management mechanism including a trusted system | |
| JP2004072721A (en) | Authentication system, key registering device and method | |
| CN103366101B (en) | Provide the content to the system for numeral copyright management of intelligence memory | |
| US20230376574A1 (en) | Information processing device and method, and information processing system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240920 Address after: Delaware, USA Patentee after: SANDISK TECHNOLOGIES Inc. Country or region after: U.S.A. Address before: California, USA Patentee before: Western Digital Technologies, Inc. Country or region before: U.S.A. |