DRM content protective system and method based on mobile intelligent terminal
Technical field
The present invention relates to digital copyright protection technology, relate in particular to a kind of digital copyright management (DRM, Digital Rights Management) content protective system and method based on mobile intelligent terminal.
Background technology
Mobile intelligent terminal is flourish in recent years, and it is more intelligent that mobile intelligent terminal also becomes.Meanwhile, people's dependence to mobile intelligent terminal in daily work, studying and living is more and more stronger.For example document is read, the use of audio frequency and video etc.When but user uses digital product on these intelligent terminals, there is the phenomenons such as regular illegal propagation, reading, copy, this is abused digital product, also make the safety of digital product become a major issue, digital copyright management for this reason (DRM, Digital Rights Management) receives increasing concern.DRM is a kind of method that protection content of multimedia is avoided unwarranted broadcasting and copied; it utilizes DRM technology by encrypting and additional service regeulations are protected digital content, protects other data such as privately owned video, music to exempt from illegal use a solution is provided for content provider.
Using in the market many digital copyright protection technologies is Microsoft DRM digital copyright technology; and Microsoft DRM is based on personal computer (PC) issue licenses; when user uses same digital product on another PC or intelligent mobile terminal, need to buy in addition new authentication, this has brought very large inconvenience to user's use.
In mobile intelligent terminal flourish today, the possibility that people has several or several intelligent terminals is very large, so allowing same user to use same digital content on different intelligent terminals is the requirement of era development, this strategy is also imperative.If certain enterprise utilizes the digital content platform of Microsoft DRM again, this just requires this enterprise that the data upload of oneself is upper to Microsoft DRM server (Server), but the worry that must have Microsoft company to spy on the digital content of oneself.And the realization of Microsoft DRM technology is extremely complicated, want to utilize the method for Microsoft DRM to develop a set of one's own digital content platform management system, need to expend the input of a large amount of funds, equipment and manpower, this is difficults for medium and small sized enterprises, does not have real operation.
Summary of the invention
In view of this; fundamental purpose of the present invention is to provide a kind of digital copyright management (DRM) content protective system and method based on mobile intelligent terminal; the deficiency existing for Microsoft DRM technology; the distributed proccessing of employing based on user and equipment; allow a user on different terminal devices, to use same digital product simultaneously; neither copyright violation protection philosophy meets again user's demand, convenient for users.
Another object of the present invention is also to provide the digital rights management content protection system that a set of implementation procedure is simple, be applicable to the digital content management plateform system of medium and small sized enterprises' structure oneself, allows user under off-line state, to use shielded digital product.
For achieving the above object, technical scheme of the present invention is achieved in that
Digital copyright management based on mobile intelligent terminal (DRM) content protective system, comprises user registration module, certificate parsing and generation module and control of authority module; It is characterized in that: be also included in linearize device management module, authority purchase and distribution module, certificate management module and digital content parsing module; Wherein,
At linearize device management module, for management terminal device, realize user according to self-demand registration and delete the terminal device of oneself;
Authority is bought and distribution module, for realizing user, according to self-demand, buys corresponding digital product, and for it distributes authority, described authority comprises access times, usage time interval, adds up service time;
Certificate management module, for download, inspection, renewal, the recovery of the document of title of administering digital product and upgrade rights of using;
Digital content parsing module, for file layout corresponding to resolution digital content, resolves the file header information of the described file that comprises encrypted digital content, and declassified document body, obtains the expressly digital content of form.
Wherein: described control of authority module, for guaranteeing that the service regeulations that digital content defines according to described document of title are used.
Described DRM content protective system further comprises digital content playing module, for playing the digital content existing with plaintext form of deciphering.
Described certificate is resolved and generation module, for document of title is resolved, the digital content rights of using that define in certificate with XML document form are extracted, when generating described certificate, according to the service regeulations of definition, generate the certificate of corresponding XML form.
A digital copyright management DRM content protecting method based on mobile intelligent terminal, comprises the steps:
A, user register and delete management online to equipment, the rights of using of certain digital content are distributed to chartered a plurality of equipment;
When B, user login client Agent, client Agent utilizes http agreement to send to digital content management server DRMServer user profile UserInfo and the only flag information DevUniqueInfo of equipment, described DRMServer checks whether this user registered this equipment, if register, does not carry out auto registration processing;
C, user buy corresponding digital content, and rights of using are distributed to different equipment, when rights of using to described digital content for the first time, divide timing, directly carry out right assignment;
D, when user need to re-start right assignment, described DRMServer sends certificate passback request RightsPostBackRequest to all client Agents that this digital content is had to rights of using;
E, described client Agent receive certificate passback request RightsPostBackRequest, the certificate number of the requirement passback in described passback request RightsPostBackRequest is extracted, search local certificate, and send certificate passback notice RightsPostBack, more corresponding certificate is returned to described DRMServer;
F, described DRMServer resolve the passback certificate of receiving, the rights of using of corresponding digital content are added up, and upgrade the residue rights of using ULRights of user to this digital content;
Then the residue rights of using ULRights that G, described DRMServer statistics obtains user is added together the authority of newly buying in the lump and obtains user to this digital content rights of using UserRights altogether;
H, user distribute to different equipment by the rights of using ULRights that belongs to self, and the certificate newly obtaining are issued to the client Agent of mandate;
After I, right assignment are complete, the equipment of obtaining the authorization has rights of using to this digital content, thereby user can use same digital content on a plurality of equipment simultaneously.
Wherein, after described step I, also comprise:
J, user delete certain equipment, described DRMServer sends certificate passback request RightsPostBackRequest to the client Agent of this equipment, require this equipment to return all certificates, client Agent returns all certificates, the certificate that server parses obtains, adds up and upgrades user remaining rights of using ULRights.The process of described sweep equipment specifically comprises:
J1, user login digital content management platform website, select sweep equipment, and digital content management Platform Server DRMServer sends certificate to this equipment can send request RightsPostBackRequest, requires it that all certificates can be issued to server;
First J2, client-side program Agent return to server end by all certificates, and it is invalid then local certificate to be all masked as;
The certificate RightsParse that J3, server parses obtain, the residue rights of using of each digital content in statistics certificate, by the residue rights of using information updating obtaining in the middle of database.
When user opens the digital content of download, by client Agent, digital content is resolved, obtain file header and file body, then search respective certificate and carry out scope check.
Described file header comprises encryption method, fill pattern, the former form of digital content file, digital content numbering and digital content certificate number; Described file body is the digital content file through encrypting.
DRM content protective system and method based on mobile intelligent terminal provided by the present invention, has the following advantages:
DRM content protective system of the present invention and method; the distributed proccessing of employing based on user and equipment; allow a user on different terminal devices, to use same digital product, neither copyright violation protection philosophy meets again user's demand, convenient for users simultaneously.This DRM content protective system; allow user under off-line state, to use shielded digital product; support that user downloads to mobile terminal by the file with digital publishing rights; and use according to rights of using (as access times, service time etc.), also allow a plurality of mobile terminal devices of same user to use the same problem with digital rights file.It is simple that this DRM content protective system has implementation procedure, is applicable to the digital content management plateform system that medium-sized and small enterprises build oneself, and adopted encrypted certificate to send the mode of key, further improved data security.
Accompanying drawing explanation
Fig. 1 is overall design system construction drawing of the present invention;
Fig. 2 is overall design approach implementing procedure figure of the present invention;
Fig. 3 is client-side program process flow diagram of the present invention;
Fig. 4 is digital content file structural representation of the present invention;
Fig. 5 is related to schematic diagram between modules of the present invention.
[in the present invention in algorithm used and variable/the English table of comparisons]
DRM: digital content management
DigitalProducts: digital product
UserRegister: user's registration
Dev: terminal device
DevManager: equipment control
Rights: document of title
RightsID: certificate number
AssetID: digital content numbering
RightsParse: certificate is resolved
RightsPostBackRiquest: certificate postbacks request
RightsPostBack: certificate postbacks notice
DRMServer: digital content management server
Agent: client-side program
DevUniqueInfo: the unique flag information of equipment
UserInfo: user profile
Dcf: self-defined digital product file layout
UserRights: authority of a user, the i.e. rights of using altogether to digital product
ULRights: user remains right to use or unappropriated right also.
DistributeRights: user gives each devices allocation rights of using (such as access times)
StateRecord: certificate status record.
Embodiment
Below in conjunction with accompanying drawing and embodiments of the invention, DRM content protective system of the present invention and method are described in further detail.
The present invention utilizes digital certificate technique to realize the DRM digital content protection on intelligent terminal, and its characteristic is to allow a plurality of terminal devices of same user to use the same content with digital rights file simultaneously.The present invention is mainly by digital content is encrypted, and after additional service regeulations, digital content protected.
Fig. 1 is overall design system construction drawing of the present invention.As shown in Figure 1; DRM content protective system based on mobile intelligent terminal of the present invention, mainly comprises following 8 functional modules: user registration module, at linearize device management module, authority purchase and distribution module, certificate management module, certificate parsing and generation module, digital content parsing module, control of authority module and digital content playing module.Relation between the function of each described module and each module is as follows:
User registration module 1: be mainly used in user's registration.
As, user's Website login is registered, and utilizes the terminal device (Dev) that adds registration oneself at linearize device management module 2.
At linearize device management module 2: for terminal unit management (Dev Manage).The Dev that makes user register and to delete oneself according to the needs of oneself.The effective Dev number of user is conditional, the registration Dev that user cannot be unlimited.So just limited to a certain extent the propagation of user to digital product (DigitalProducts).
The Dev that user uses must be that the Dev(that registered at digital copyright management server (DRMServer) is by rights of using defined), therefore, when user uses a new Dev, must on DRMServer, first register.
When user logins client-side program (Agent) for the first time, Agent sends to DRMServer by the only identification information of equipment (DevUniqueInfo) of this user's user profile (UserInfo) and device therefor.DRMServer checks client enrollment Dev according to customer information.If this Dev, from unregistered mistake, allows this Dev of registration.
When user deletes certain registration Dev, this DRMServer certificate of utility administration module 4 postbacks request to this Agent transmission document of title (Rights), and utilize module certificate to resolve with generation module 5 Rights obtaining and carry out certificate parsing (RightsParse), then upgrade user and remain rights of using ULRights(and refer to also unappropriated rights of using of user).It is invalid that Agent changes to the state of all certificate Rights in this locality.
Authority is bought and distribution module 3: user selects the commodity of oneself liking, and buys the authority of commodity in use.Authority mainly comprises access times, usage time interval, accumulative total service time etc.User buys the distribution DistributeRights that will carry out authority after authority, and user gives each devices allocation rights of using.Described DistributeRights, refers to that right assignment that user buys oneself is to different device registrations.For example, 10 rights of using that user can buy oneself are distributed to A equipment 5 times, B equipment 5 times.For another example add up service time, user can give different different service time of devices allocation.For carrying out right assignment as this authority of usage time interval, the equipment of all registrations can be used simultaneously, and user just can use same digital product on different equipment like this.
User is during to devices allocation authority, DRMServer certificate of utility administration module 4 sends certificate to each Agent and postbacks request (RightsPostBackRequest), require Agent by relevant certificate send it back this situation of DRMServer(be mainly for access times or accumulative total service time this authority, as for this authority of usage time interval, need not postback certificate).DRMServer certificate of utility is resolved with generation module 5 and is resolved certificate RightsParse, gathers rights of using, upgrades user's residue rights of using.User distributes to different equipment by the residue rights of using of oneself.After distributing authority, upgrade residue rights of using ULRights.The certificate status that now Agent holds is updated to expired, requires user's downloadable authentication again.
Certificate management module 4, for download, inspection, renewal, recovery and the renewal rights of using of certificate.
Here, described certificate is downloaded and is referred to and click while playing certain digital content as user, and discovery lacks certificate or certificate term of life is expired and Agent carries out certificate download automatically.Described credentials check refers to that Agent makes regular check on the effective storage life of certificate, and points out soon expired certificate to user.Described certificate update refers to when validity period of certificate is expired, and Agent upgrades this certificate automatically.Described certificate reclaims and refers to when Agent receives DRMServer certificate and postbacks request (RightsPostBackRequest), and corresponding certificate is sent back to DRMServer.DRMServer does some according to the authority in the middle of certificate and upgrades operation.
Upgrade rights of using and refer to that Agent regularly postbacks local certificate to DRMServer, request DRMServer upgrades the authority (just the data in the middle of Update Table storehouse, do not need to regenerate certificate) in respective certificate.
Certificate is resolved and generation module 5: this module is that certificate is resolved, and the digital content rights of using that are about to define in the certificate with extend markup language (XML) document form extract; The generation of certificate is according to the service regeulations of definition, to generate the certificate of corresponding XML form.
Digital content parsing module 6: adopt the dcf file layout that meets OMA DRM1.0 agreement in the embodiment of the present invention, and dcf file header is redefined, in file header, directly defined digital content numbering, certificate number, encryption method, fill pattern, file type, length of the plaintext.Its file body is the digital content through encrypting.Described dcf, for self-defined digital product file layout, as * .dcf, also can adopt other self-defining file layouts.Main being responsible for of described digital content parsing module 6 resolved dcf file header, and declassified document body, obtains the expressly digital content of form.
Digital content playing module 7: for playing digital content.The digital content of support of the present invention comprises the multiple digital content forms such as audio frequency, video, pdf document, picture.Information and clear text file that this module utilizes digital content parsing module 6 to obtain, under the control of control of authority module 8, use safely digital content.
Control of authority module 8: for guaranteeing that the service regeulations that digital content defines according to certificate are used, protection digital content is subject to illegal use.These authorities comprise access times, usage platform, service time etc.Control of authority module can be divided into authority and detect with two little modules of authority renewal.
Here, authority detects and refers to when user uses digital content, and Agent verifies according to user's operation, detects this user and whether has this rights of using; Authority is upgraded and is referred to that Agent changes corresponding rights of using after user is to digital content manipulation.
Described rights of using also comprise and copying, the operations such as propagation.Aspect this, we mainly utilize encryption technology and certificate technology to guarantee.Allow user to propagate these digital contents, but this digital content is through encrypting, and only having corresponding certificate can use, and certificate to be the platform using based on user and user issue, even so digital product has been propagated, also cannot be used.
The invention provides the specific embodiments of carrying out digital content management on mobile intelligent terminal, for the digital content security on intelligent terminal is provided by a kind of succinct method that provides.Pass between modules ties up to described more clearly above, and existing just Fig. 5 does following brief description:
As shown in Figure 5, user registers rear purchase authority and gives devices allocation rights of using, certificate of utility administration module sends certificate and postbacks request RightsPostBackRequest, calling certificate resolves and generation module parsing certificate RightsParse, then new database more, user carries out right assignment; When user deletes a device registration, at linearize device management module certificate of utility administration module, send RightsPostBackRequest, then call certificate and resolve and generation module, resolve certificate RightsParse, then new database more, deletes this equipment; When carrying out the digital content side of broadcasting, digital content playing module call number Context resolution module is obtained certificate number RightsID, and call certificate management module, then call certificate parsing module and carry out certificate parsing RightsParse, obtain rights of using, call control of authority module, playing digital content.
The Digital Rights Management Technology implementation method that the present invention proposes is applicable to intelligent terminal mobile platform.Can realize the advantages such as off-line is used, reliable, safety.According to previously described design proposal, successfully developed the Agent of intelligent mobile terminal.In order more clearly to describe the specific embodiment of the present invention, Fig. 2 has provided overall design approach implementing procedure:
Step 21: user's Website login registration; User selects the digital product of liking, and buys corresponding rights of using;
Step 22: download digital content is to intelligent terminal, and user logins customer's representative's program Agent of intelligent terminal, adopts http association justice to register this client's equipment to DRMServer; Agent sends to digital content management platform DRMServer by user profile UserInfo and equipment unique identification information DevUniqueInfo
Step 23: user's Website login distributes DistributeRights to rights of using, DRMServer Generates Certificate and is distributed to authorisation device.
Step 24: after user logins client success, Agent carries out initialization, first initialization certificate information.Agent scans all local certificates, read each certificate title, use the information such as numbering, effective service life, deposit gained information in local certificate status log file StateRecord, and to will automatically upgrading by expired certificate.
If now have network to connect, do not point out user certificate expired, ask interconnection network, more new authentication.More local certificate to be returned to DRMServer during new authentication, upgrade the authority service condition that DRMServer holds this user.The passback of certificate and download all realize based on http agreement.More after new authentication, to upgrade certificate status.
Step 25: the digital content that customer selecting will be play, Agent resolution digital content file header, extract the information such as title, original form, digital content numbering and certificate number RightsID, and the suffix name of file demonstration is all revised as to original suffix, file header structure as shown in Figure 4.
Then first in internal memory, check and whether read in this certificate, if read in, only need to revise the opening time of respective digital content.If do not read in this certificate in internal memory, read certificate; Read certificate and first will search certificate, according to the certificate number in dcf file header to searching the file name of respective certificate and certificate status etc. in certificate status record (StateRecord).If certificate status is effectively to resolve this certificate, obtain the rights of using of all digital contents of this certificate; Otherwise prompting certificate expired, requires user's downloadable authentication again.More after new authentication, to upgrade certificate status.
The rights of using of step 26:Agent check dight content, if can use, open digital content file, otherwise prompting user buys new authority, and user buys new authority and downloadable authentication; When user buys new authority, Agent adopts http agreement that local certificate is issued to DRMServer, and DRMServer revises the rights of using of this user to digital content, generates new certificate, and issues Agent, now upgrades certificate status and records StateRecord.
Step 27:Agent in application program sandbox, utilizes sandbox to protect the expressly digital content of form to prevent that it from suffering illegal use the decrypted digital content of encrypting, and application program is opened the digital content in sandbox.
Step 28: when user closes opened digital content, the rights of using of this digital content in respective certificate in Agent modification internal memory, and by the expressly digital content of form deletion in sandbox.
Step 29: when user exits client-side program, program regenerates this locality by the certificate in internal memory, the more authority of all digital contents in new authentication; Agent postbacks certificate to DRMServer, and the present residue rights of using of user are informed to DRMServer and upgraded authority.
The present invention draws the strong point of the multiple digital content management method of current trend, and in conjunction with the demand that now user uses, from user's experiences, strive completing by the simplest process safer, reliable digital content management method.The present invention utilizes distributed equipment control scheme, meet in the current flourish age of this intelligent terminal, user has the current demand of a plurality of intelligent terminals, be user-friendly to, and the digital content management platform that the simple ,Wei of the method implementation process medium and small sized enterprises make oneself provides practicable method.In addition, the method allows user's off-line to use, for user's use is further provided convenience.
The above, be only preferred embodiment of the present invention, is not intended to limit protection scope of the present invention.