CN104009838A - Multimedia content piecewise encryption method - Google Patents
Multimedia content piecewise encryption method Download PDFInfo
- Publication number
- CN104009838A CN104009838A CN201410190422.XA CN201410190422A CN104009838A CN 104009838 A CN104009838 A CN 104009838A CN 201410190422 A CN201410190422 A CN 201410190422A CN 104009838 A CN104009838 A CN 104009838A
- Authority
- CN
- China
- Prior art keywords
- content
- encrypted
- key
- cipher key
- index
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a multimedia content piecewise encryption method. The method includes the following steps that first, content to be encrypted is divided into a plurality of encryption segments; second, a plurality of key-index pairs are established, and each key-index pair comprises a key index and a content key; third, one key index is allocated to each encryption segment according to the sequence of the encryption segments; fourth, the allocated key-index pairs are randomly ranked to form a key list. After the technical scheme is adopted, the same multimedia content can be encrypted piecewise in a DRM system, and different distribution methods are provided for the piecewise encrypted multimedia content in the on-demand playing process or in the real-time playing process.
Description
Technical field
The present invention relates to a kind of encryption method, more particularly, relate to a kind of content of multimedia sectional encryption method.
Background technology
Digital literary property protection method mainly contains two classes, and a class is DRM (the Digital Rights Management) technology taking data encryption and anti-copy as core, and another kind of is to adopt digital watermark technology.Data encryption and anti-copy are that the DRM technology of core is that digital content is encrypted, and only have authorized user just can obtain the key of deciphering, and key can be with user's hardware information binding.Encryption technology adds hardware binding technology; prevented illegal copies, this technology can reach the object of copyright protection effectively, and the DRM technology of the outer most of Computer Company of Present Domestic and research institution is adopted in this way; for each application, there is different DRM systems:
(1) DRM of Streaming Media mainly contains Microsoft Windows Media DRM, Real DRM etc.
(2) the DRM technology of eBook is relatively ripe, and application both domestic and external is also more.External eBook DRM system, has Microsoft DAS, Adobe Content Server (former Glassbook Content Server) etc., and domestic eBook DRM system has upright Apabi digital copyright protection system.
(3) DRM of electronic document has SealedMedia Enterprise License Server, Authentica Active Rights Management and upright Apabi Office DRM, upright Apabi CEB DRM etc.
(4) other make the DigiBox that has Intertrust and the Rights|System of DRM research, Cryptolope of IBM etc., and these systems are focused on the research of DRM general principle, not for concrete a certain class digital content.
In DRM, model digital program authorization center, it is similar to the ca authentication mechanism that we know conventionally.Digital program content after compression coding utilizes key to be encrypted, and the digital program head after encryption is deposited the URL of KeyID and program authorization center.When user carries out a sowing time, send request, then the key of sending here by authorization center is decrypted.DRM adopts asymmetrical encryption algorithm to content-encrypt in actual applications conventionally, and adopts safe database storage.Cryptographic algorithm is used for content-encrypt and certificate issued: before certificate transmits, adopt public key algorithm to encrypt certificate.Cryptographic algorithm, for content-encrypt, can not increase source contents length after encryption.
But above-mentioned each DRM all adopts the complete secret key encryption to same file, and does not relate to the partition secret key encryption to same file.
Summary of the invention
Object of the present invention aims to provide a kind of content of multimedia sectional encryption method, solves the do not break problem of encryption function of content of multimedia in the DRM system of prior art.
According to the present invention, a kind of content of multimedia sectional encryption method is provided, comprise the following steps: step 1 is multiple encrypted segments by division of teaching contents to be encrypted; Step 2, sets up multiple key-indexes pair, and each key-index is to comprising a cipher key index and a content key; Step 3, distributes a cipher key index according to the order of encrypted segments by each encrypted segments; Step 4, by the key-index that completes distribution to randomly ordered formation cipher key list.
According to one embodiment of the invention, content key is encrypted and is formed by encrypted segments, the corresponding cipher key index of each content key.
According to one embodiment of the invention, cipher key list is stored in cipher key store, in the time of content play to be encrypted, cipher key list is issued.
According to one embodiment of the invention, right key, the authorization of different key-indexes is identical or different.
According to one embodiment of the invention, the delivery method of cipher key list comprises the following steps: step 5, the request of obtaining of sending encrypted content; Step 6, upload contents obtains request, thereby obtains cipher key list; Step 7, report result.
According to one embodiment of the invention, step 6 comprises: the encrypted content that the upload contents request of obtaining is corresponding, obtains encrypted segments corresponding to encrypted content, and download corresponding cipher key list according to encrypted segments.
According to one embodiment of the invention, step 6 comprises: the encrypted content that the upload contents request of obtaining is corresponding, obtains encrypted segments corresponding to encrypted content; According to encrypted segments, generate in real time cipher key list and download in program source.
Adopt technical scheme of the present invention, can in DRM system, carry out sectional encryption to same content of multimedia, and had different distribution methods in program request or while playing in real time for the content of multimedia of sectional encryption.
Brief description of the drawings
In the present invention, identical Reference numeral represents identical feature all the time, wherein:
Fig. 1 is the flow chart of content of multimedia sectional encryption method of the present invention;
Fig. 2 is the corresponding relation schematic diagram of content to be encrypted and cipher key list;
Fig. 3 is the cipher key list transmission figure of program request;
Fig. 4 is the transmission figure of cipher key list while playing in real time.
Embodiment
Further illustrate technical scheme of the present invention below in conjunction with drawings and Examples.
In order to solve the subscriber authorisation control and management problem in open network system, the present invention is adopting layered encryption architecture aspect key distribution authorization control:
Ground floor: the content to each program is encrypted, this key is called content key.
The second layer: in order to ensure the safe transmission of content key, organize key to be encrypted protection to content key with terminal use's personal key or group, carry necessary rights of using simultaneously and describe, form Entitlement Control Message.
The 3rd layer, utilize based on the security authentication mechanism of certificate X.509, for each terminal equipment distributes privately owned personal key.
PKIX PKI (Public Key Infrastructure) system is the safety guarantee facility of generally applying in current the Internet, its core concept is by third party's certificate center (Certification Authority trusty, CA) digital certificate of management of end-user, for communication security provides basis.
The present invention adopt personal digital certificate based on X509 specification as user the credible mark in system, and set it as secure communication basis, utilize public key mechanisms and Standard Encryption algorithm, realize user identity identification and certification, thereby guarantee correctly to issue for the safety of personal user's play authorization licence.
The present invention adopts layered encryption architecture, realizes content-based encryption and authorization control, envoy's object true value be authorize and not in media program content itself.Meanwhile, make credible basis based on digital certificate mechanism X.509, and combine the technology such as employing symmetry/asymmetric encryption, digital signature, further strengthened the security reliability of key distribution and authorization control.
With reference to Fig. 1, a kind of open content of multimedia sectional encryption method based on DRM (Digital Rights Management) system of the present invention, it mainly comprises the following steps:
Step S1: be multiple encrypted segments by division of teaching contents to be encrypted.
Step S2: set up multiple key-indexes pair, each key-index is to comprising a cipher key index and a content key.
Step S3: each encrypted segments is distributed to a cipher key index according to the order of encrypted segments.
Step S4: by the key-index that completes distribution to randomly ordered formation cipher key list.
Step S5: the request of obtaining of sending encrypted content.
Step S6: upload contents obtains request, thus cipher key list obtained.
Step S7: report result.
Specifically, as two kinds of different execution modes of the present invention, step 6 can be divided into again for the distribution of program request with for the distribution of real-time broadcasting, describes above-mentioned each step below in detail.
First, step 1 is extracted the program that needs encryption, meanwhile, produces at random a group key, and is each encryption key distribution index, sets up a cipher key list.Afterwards, the fragment that need to encrypt this program was encrypted taking frame or time period as unit, formed content key, and content key is encrypted and formed by encrypted segments, the corresponding cipher key index of each content key.
With reference to Fig. 2, be the corresponding relation of tagged keys and encrypted segments, in the enciphered message of each encrypted segments of program, need to comprise corresponding encryption key indices.Right key, the authorization of different key-indexes can be identical, also can be different, can be determined at random by encryption server.After encryption completes, cipher key list corresponding program is kept in system key storehouse.In the time that needs are play, be carried in authorization message and realize and issuing.
Realizing hardware system of the present invention is mainly CMS system (Content Management System, Content Management System) and DRM/DRMS system.Therefore, adopt the mode of sectional encryption, the different physical segments that can realize a media file use different encryption keys, under the prerequisite that does not increase operand, can suitably improve cryptographic security; Also for realization, a media file is carried out to segmentation mandate simultaneously and provide the foundation, different inclusive segments can be set up different mandates, such as certain section of encrypted content allows random preview, do not limit time broadcasting etc.Can also realize according to terminal deciphering ability under different operating environments and carry out flexible adjustment System Cipher Strength, make the applicable wider of DRM system.
Further, as shown in Figure 3, for step 6, if request program, the major function of content-encrypt processing is to obtain programme content from assigned address, is encrypted, and is submitted to afterwards assigned address, can be divided into film generally obtain, content-encrypt process and film submit three parts to, have following distribution procedure:
Step S6.1: the encrypted content that the upload contents request of obtaining is corresponding, comprises the information such as program number, path, file place.Issue the part in early-stage preparations flow process as upper alignment film, be responsible for the pre-encryption to program file in VOD film vault by DRMS.
Step S6.2: content acquisition request is uploaded to content server CS, obtains encrypted segments corresponding to encrypted content.
Step S6.3: download corresponding cipher key list according to encrypted segments from content server CS.Program after encryption, by according to the request of CMS, leaves assigned address in.CMS, after receiving that processing is successfully reported, can start operations such as this encryption deutomerite object deployment.
On the other hand, as shown in Figure 4, for step 6, if the program of playing in real time, for example live TV program, now DRMS is according to the request of CMS, according to programme information, the real-time encrypted push server of notice TV is processed corresponding TV programme televised live content, completes encryption.Its output can directly send to the receiver of user terminal through multicast network equipment, also can be used as the source of time-moving television TVOD server, has following distribution procedure:
Step S6.4: to encrypted content corresponding to the DRMS upload contents request of obtaining, comprise the information such as program number, multicast address.
Step S6.5: upload and obtain encrypted segments corresponding to encrypted content to gateway.
Step S6.6: according to encrypted segments, generate in real time cipher key list and download in program source.
Be applicable to DRMS system of the present invention and implement the thinking of " centralized management distributes and disposes ", adopt modularized design, module relatively complete function is carried out to independent design and realization, and support to distribute and dispose.These standalone feature modules are divided into content-encrypt and two classes are provided in copyright license, mainly comprise the pre-encryption server of program request file and copyright license server, and realize the centralized management to each separate functional unit equipment by DRM administrative center.Specific as follows:
Be responsible for configuring and managing each encryption server in whole system by DRM administrative center.Directly increase as required corresponding encryption server system equipment, and control by the unified of DRM administrative center, just can realize respectively the linear expansion to real-time encrypted propelling movement ability, pre-encryption ability, to meet large-scale operation business demand.
DRM administrative center is also responsible for configuring and manage the copyright license server that is positioned at each sub-headend simultaneously, to support the multiple spot distributed deployment of sub-headend authoring system.In the time need to expanding the mandate ability of an appointment sub-headend, be directly that this sub-headend increases deployment n platform (n>=1) copyright license server, and include the unified of DRM administrative center in and control; When the performance index of single sub-headend exceed the ability of separate unit DRM copyright license management system, can increase DRM copyright license server apparatus, and utilize load-balancing technique to realize expansion.The linear expansion that can complete DRMS authorization node by this sub-headend multiple spot replication mode is disposed, and in addition, utilizes load-balancing device also can support license service ability scheduling of overall importance and balanced, thereby realizes the networking support to large-scale consumer.
The implementation of license service system of the present invention, employing ca authentication mechanism, digital signature, asymmetric encryption, symmetric cryptosystem have ensured the authentication of drm agent, and confidentiality, the integrality of licence transmission.
For promoting license server performance and throughput, need to adopt fast encryption scheme, EPOLL technology; In addition, go back working load equilibrating mechanism and realize the cluster of license server, so that can be by increasing the quantity of license server in cluster, user's total size of adaptive system.
Those of ordinary skill in the art will be appreciated that, above specification is only one or more execution modes in the numerous embodiment of the present invention, and not uses limitation of the invention.Any equalization variation, modification for the above embodiment and be equal to the technical schemes such as alternative, as long as connotation scope according to the invention, all will drop in the scope that claims of the present invention protect.
Claims (7)
1. a content of multimedia sectional encryption method, is characterized in that, comprises the following steps:
Step 1 is multiple encrypted segments by division of teaching contents to be encrypted;
Step 2, sets up multiple key-indexes pair, and described in each, key-index is to comprising a cipher key index and a content key;
Step 3, distributes a cipher key index according to the order of encrypted segments by encrypted segments described in each;
Step 4, by the key-index that completes distribution to randomly ordered formation cipher key list.
2. content of multimedia sectional encryption method as claimed in claim 1, is characterized in that, described content key is encrypted and formed by described encrypted segments, the corresponding described cipher key index of content key described in each.
3. content of multimedia sectional encryption method as claimed in claim 2, is characterized in that, described cipher key list is stored in cipher key store, in the time of described content play to be encrypted, described cipher key list is issued.
4. content of multimedia sectional encryption method as claimed in claim 1, is characterized in that, right key, the authorization of different key-indexes is identical or different.
5. content of multimedia sectional encryption method as claimed in claim 3, is characterized in that, the delivery method of described cipher key list comprises the following steps:
Step 5, the request of obtaining of sending encrypted content;
Step 6, uploads described content acquisition request, thereby obtains cipher key list;
Step 7, report result.
6. content of multimedia sectional encryption method as claimed in claim 5, is characterized in that, described step 6 comprises:
Upload encrypted content corresponding to described content acquisition request, obtain the encrypted segments that described encrypted content is corresponding, and download corresponding cipher key list according to described encrypted segments.
7. content of multimedia sectional encryption method as claimed in claim 5, is characterized in that, described step 6 comprises:
Upload encrypted content corresponding to described content acquisition request, obtain the encrypted segments that described encrypted content is corresponding;
According to described encrypted segments, generate in real time cipher key list and download in program source.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410190422.XA CN104009838A (en) | 2014-05-07 | 2014-05-07 | Multimedia content piecewise encryption method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410190422.XA CN104009838A (en) | 2014-05-07 | 2014-05-07 | Multimedia content piecewise encryption method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104009838A true CN104009838A (en) | 2014-08-27 |
Family
ID=51370334
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410190422.XA Pending CN104009838A (en) | 2014-05-07 | 2014-05-07 | Multimedia content piecewise encryption method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104009838A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105528557A (en) * | 2015-12-08 | 2016-04-27 | 广东欧珀移动通信有限公司 | Method and device for encrypting audio file |
| WO2016126385A1 (en) * | 2015-02-06 | 2016-08-11 | Qualcomm Incorporated | Apparatus and method having broadcast key rotation |
| CN106934296A (en) * | 2017-02-06 | 2017-07-07 | 北京音未文化传媒有限责任公司 | A kind of encrypting and decrypting method of audio file |
| CN108337536A (en) * | 2017-01-20 | 2018-07-27 | 创盛视联数码科技(北京)有限公司 | The method of video-encryption |
| CN109391936A (en) * | 2018-09-19 | 2019-02-26 | 四川长虹电器股份有限公司 | A kind of method of OTA upgrade package encryption downloading |
| CN109429112A (en) * | 2017-08-24 | 2019-03-05 | 中兴通讯股份有限公司 | Media slicing sending method, key switching method and related device and medium |
| CN113194015A (en) * | 2021-04-29 | 2021-07-30 | 洪璐 | Internet of things intelligent household equipment safety control method and system |
| CN113486374A (en) * | 2021-07-14 | 2021-10-08 | 郑州轻工业大学 | Computer data storage and reading method and system based on cloud computing |
| CN117150537A (en) * | 2023-11-01 | 2023-12-01 | 北京睿航至臻科技有限公司 | Database data encryption and decryption method and system |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1307420A (en) * | 2000-01-27 | 2001-08-08 | 中国长城计算机深圳股份有限公司 | Sectional enciphering technology of great-capacity decument |
| US20060064383A1 (en) * | 2004-09-20 | 2006-03-23 | Aaron Marking | Media on demand via peering |
| CN101247506A (en) * | 2007-02-14 | 2008-08-20 | 中国科学院声学研究所 | File enciphering method and enciphered file structure in digital media broadcasting system |
| CN101271501A (en) * | 2008-04-30 | 2008-09-24 | 北京握奇数据系统有限公司 | Encryption and decryption method and device of digital media file |
| CN102307075A (en) * | 2011-08-09 | 2012-01-04 | 深圳科立讯电子有限公司 | Voice transmission encryption method of DMR (digital mobile radio) communication terminal |
| CN102780556A (en) * | 2011-05-09 | 2012-11-14 | 北大方正集团有限公司 | Method and device for encrypting and decrypting digital content section by section |
| CN104038339A (en) * | 2013-03-04 | 2014-09-10 | 唐键 | Method for encrypting file or communication message by use of multiple password algorithms and multiple keys |
-
2014
- 2014-05-07 CN CN201410190422.XA patent/CN104009838A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1307420A (en) * | 2000-01-27 | 2001-08-08 | 中国长城计算机深圳股份有限公司 | Sectional enciphering technology of great-capacity decument |
| US20060064383A1 (en) * | 2004-09-20 | 2006-03-23 | Aaron Marking | Media on demand via peering |
| CN101247506A (en) * | 2007-02-14 | 2008-08-20 | 中国科学院声学研究所 | File enciphering method and enciphered file structure in digital media broadcasting system |
| CN101271501A (en) * | 2008-04-30 | 2008-09-24 | 北京握奇数据系统有限公司 | Encryption and decryption method and device of digital media file |
| CN102780556A (en) * | 2011-05-09 | 2012-11-14 | 北大方正集团有限公司 | Method and device for encrypting and decrypting digital content section by section |
| CN102307075A (en) * | 2011-08-09 | 2012-01-04 | 深圳科立讯电子有限公司 | Voice transmission encryption method of DMR (digital mobile radio) communication terminal |
| CN104038339A (en) * | 2013-03-04 | 2014-09-10 | 唐键 | Method for encrypting file or communication message by use of multiple password algorithms and multiple keys |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016126385A1 (en) * | 2015-02-06 | 2016-08-11 | Qualcomm Incorporated | Apparatus and method having broadcast key rotation |
| US10009761B2 (en) | 2015-02-06 | 2018-06-26 | Qualcomm Incorporated | Apparatus and method having broadcast key rotation |
| CN105528557A (en) * | 2015-12-08 | 2016-04-27 | 广东欧珀移动通信有限公司 | Method and device for encrypting audio file |
| CN108337536A (en) * | 2017-01-20 | 2018-07-27 | 创盛视联数码科技(北京)有限公司 | The method of video-encryption |
| CN106934296A (en) * | 2017-02-06 | 2017-07-07 | 北京音未文化传媒有限责任公司 | A kind of encrypting and decrypting method of audio file |
| CN109429112A (en) * | 2017-08-24 | 2019-03-05 | 中兴通讯股份有限公司 | Media slicing sending method, key switching method and related device and medium |
| CN109391936A (en) * | 2018-09-19 | 2019-02-26 | 四川长虹电器股份有限公司 | A kind of method of OTA upgrade package encryption downloading |
| CN109391936B (en) * | 2018-09-19 | 2021-04-06 | 四川长虹电器股份有限公司 | OTA upgrade package encryption downloading method |
| CN113194015A (en) * | 2021-04-29 | 2021-07-30 | 洪璐 | Internet of things intelligent household equipment safety control method and system |
| CN113486374A (en) * | 2021-07-14 | 2021-10-08 | 郑州轻工业大学 | Computer data storage and reading method and system based on cloud computing |
| CN117150537A (en) * | 2023-11-01 | 2023-12-01 | 北京睿航至臻科技有限公司 | Database data encryption and decryption method and system |
| CN117150537B (en) * | 2023-11-01 | 2024-01-09 | 北京睿航至臻科技有限公司 | Database data encryption and decryption method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104009838A (en) | Multimedia content piecewise encryption method | |
| CN105190660B (en) | The safety and key management of digital content | |
| CN100459697C (en) | IPTV system, enciphered digital programme issuing and watching method | |
| US20130283051A1 (en) | Persistent License for Stored Content | |
| US11451866B2 (en) | Systems and methods for data processing, storage, and retrieval from a server | |
| WO2008150553A2 (en) | Content encryption schema for integrating digital rights management with encrypted multicast | |
| CN103795692A (en) | Open authorization method, open authorization system and authentication and authorization server | |
| CN1756146A (en) | Process and streaming server for encrypting a data stream to a virtual smart card client system | |
| WO2013139079A1 (en) | Storage method, system and device | |
| CN1937495A (en) | Digital copyright protection method and system for media network application | |
| CN102075790A (en) | Method for distributing and encrypting streaming media | |
| CN101247409A (en) | Live broadcast stream media authentication method based on P2P network | |
| US11863540B2 (en) | Segmented encryption for content delivery | |
| WO2011011444A1 (en) | Off-line content delivery system with layered encryption | |
| CN101207794B (en) | Method for enciphering and deciphering number copyright management of IPTV system | |
| US20230132485A1 (en) | System for Thin Client Devices in Hybrid Edge Cloud Systems | |
| CN101150395A (en) | A L4 encryption method of double group of encrypted authorization management system | |
| CN101160965B (en) | Method of implementing preview of network TV program, encryption device, copyright center system and subscriber terminal equipment | |
| CN101202883B (en) | System for numeral copyright management of IPTV system | |
| CN110581766A (en) | System and method for synchronized key derivation across multiple conditional access servers | |
| CN102917252B (en) | IPTV (internet protocol television) program stream content protection system and method | |
| WO2022060513A1 (en) | Translating protected content in a video processing server | |
| JP5139045B2 (en) | Content distribution system, content distribution method and program | |
| CN104244030A (en) | Recorded program sharing method and system | |
| US20180068092A1 (en) | Media content encryption and distribution system and method based on unique identification of user |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140827 |
|
| RJ01 | Rejection of invention patent application after publication |