CN104836796A - Method and apparatus for acquiring network content information - Google Patents
Method and apparatus for acquiring network content information Download PDFInfo
- Publication number
- CN104836796A CN104836796A CN201510175982.2A CN201510175982A CN104836796A CN 104836796 A CN104836796 A CN 104836796A CN 201510175982 A CN201510175982 A CN 201510175982A CN 104836796 A CN104836796 A CN 104836796A
- Authority
- CN
- China
- Prior art keywords
- content
- secret key
- network
- chip
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The purpose of the invention is to provide a method and apparatus for acquiring network content information. The method comprises: user equipment (UE) transmits an equipment authentication request to first network equipment, wherein the equipment authentication request comprises a chip identifier of the UE; the first network equipment receives equipment authentication request from the UE; based on the equipment authentication request, the first network equipment queries a secret key database about a chip secret key corresponding to the chip identifier so as to perform equipment authentication; if equipment authentication succeeds, the first network equipment transmits authentication success information to the UE; the UE receives the authentication success information returned from the first network equipment; based on the authentication success information, the UE determines a content secret key for decrypting encrypted network content information; the UE receives encrypted network content information from second network equipment; the UE decrypts the encrypted network content information by means of the content secret key in order to acquire the network content information.
Description
Technical field
The present invention relates to the Security Data Transmission technical field of network, particularly relating to a kind of technology for obtaining network content information.
Background technology
Along with the development of Internet technology and the constantly universal of Network, the fail safe of the network data transmission between subscriber terminal equipment and server is more and more challenged, particularly some are had to the network content information of safe and secret demand, fail safe when carrying out transfer of data to it is even more important.Prior art is generally that server carries out authentication to user identity, if authentication success, then server sends Web content expressly to subscriber terminal equipment.But under this transmission means, network content information is likely intercepted by network Sniffer Technique, and the transmission security of network content information is lower.
Summary of the invention
The object of this invention is to provide a kind of for obtaining network content information method and apparatus.
The invention provides a kind of in a user device for obtaining the method for network content information, the method comprises:
Based on the device authentication request sent to first network equipment, the authentication that reception first network equipment returns is by message, and wherein, described device authentication request comprises chip identification;
Based on authentication by message, determine the secret key of content that the network content information after to encryption is decrypted;
Wherein, the method also comprises:
Receive from the network content information after the encryption of second network equipment, wherein, network content information is generated by the secret key encryption of content by the network content information after encryption;
Be decrypted process by the network content information after the encryption of content secret key pair, obtain network content information.
Present invention also offers a kind of method of assisting in first network equipment for obtaining network content information, the method comprises:
Receive the device authentication request from subscriber equipment, wherein, device authentication request comprises the chip identification of subscriber equipment;
Based on device authentication request, in secret key database, inquire about the chip secret key corresponding with chip identification carry out device authentication;
If authentication success, send authentication to subscriber equipment and pass through information.
Present invention also offers a kind of method of assisting in second network equipment for obtaining network content information, the method comprises:
Receive the content acquisition request from subscriber equipment; Wherein, content acquisition request comprises chip identification and content identification;
Send to first network equipment the content key generated based on chip identification and obtain request;
Receive the content key corresponding to chip identification that first network equipment returns;
By the network content information matched with content identification, be encrypted by content key, generate the network content information after encryption;
Network content information after encryption is sent to subscriber equipment.
Present invention also offers a kind of in a user device for obtaining the device of network content information, this device comprises:
For based on the device authentication request sent to first network equipment, receive authentication that first network equipment the returns device by message, wherein, described device authentication request comprises chip identification;
For passing through message based on authentication, determine the device of the secret key of content that the network content information after to encryption is decrypted;
Wherein, the device for obtaining network content information also comprises:
For receiving the device of the network content information after from the encryption of second network equipment, wherein, network content information is generated by the secret key encryption of content by the network content information after encryption;
For being decrypted process by the network content information after the encryption of content secret key pair, obtain the device of network content information.
Present invention also offers a kind of device of assisting in first network equipment for obtaining network content information, this device comprises:
For receiving the device of the device authentication request from subscriber equipment, wherein, device authentication request comprises the chip identification of subscriber equipment;
For based on device authentication request, in secret key database, inquire about the device that the chip secret key corresponding with chip identification carries out device authentication;
If for authentication success, send the device of authentication by information to subscriber equipment.
Present invention also offers a kind of device of assisting in second network equipment for obtaining network content information, this device comprises:
For receiving the device of the content acquisition request from subscriber equipment; Wherein, content acquisition request comprises chip identification and content identification;
For sending the device that the content key generated based on chip identification obtains request to first network equipment;
For receiving the device of the content key corresponding to chip identification that first network equipment returns;
For the network content information will matched with content identification, be encrypted by content key, generate the device of the network content information after encryption;
For the network content information after encryption being sent to the device of subscriber equipment.
In the present invention, the secret key of content due to each subscriber equipment has uniqueness, therefore second network equipment is also different to the network content information after the encryption of user device transmissions, make the data of identical network content information in each transmitting procedure all not identical, ensure that identical network content information, all different by the data that any one subscriber equipment gets, and only have the legal subscriber equipment of corresponding authentication to decipher, effectively prevent the broadcasting in privacy of network content information, improve the data security of network content information in transmitting procedure, effectively prevent network content information and smelt spy by during the network interfaces such as network interface card.
Accompanying drawing explanation
By reading the detailed description done non-limiting example done with reference to the following drawings, other features, objects and advantages of the present invention will become more obvious:
Fig. 1 illustrates the method flow diagram for obtaining network content information according to one aspect of the invention;
Fig. 2 illustrates the method flow diagram for obtaining network content information in accordance with a preferred embodiment of the present invention;
Fig. 3 illustrate according to a further aspect of the present invention a kind of in a user device for obtain network content information device and a kind of in first network equipment for obtaining the structural representation of the device of network content information;
Fig. 4 illustrate a kind of according to the preferred embodiment of the invention in a user device for obtain network content information device, a kind of in second network equipment for obtain network content information device and a kind of in first network equipment for obtaining the structural representation of the device of network content information.
In accompanying drawing, same or analogous Reference numeral represents same or analogous parts.
Embodiment
Below in conjunction with accompanying drawing, the present invention is described in further detail.
Before in further detail exemplary embodiment being discussed, it should be mentioned that some exemplary embodiments are described as the process or method described as flow chart.Although operations is described as the process of order by flow chart, many operations wherein can be implemented concurrently, concomitantly or simultaneously.In addition, the order of operations can be rearranged.Described process can be terminated when its operations are completed, but can also have the additional step do not comprised in the accompanying drawings.Described process can correspond to method, function, code, subroutine, subprogram etc.
Within a context alleged " computer equipment ", also referred to as " computer ", refer to the intelligent electronic device that can be performed the predetermined process such as numerical computations and/or logical calculated process by operation preset program or instruction, it can comprise processor and memory, the survival instruction that prestores in memory is performed to perform predetermined process process by processor, or perform predetermined process process by the hardware such as ASIC, FPGA, DSP, or combined by said two devices and realize.Computer equipment includes but not limited to server, PC, notebook computer, panel computer, smart mobile phone etc.
Described computer equipment comprises subscriber equipment and the network equipment.Wherein, described subscriber equipment includes but not limited to computer, smart mobile phone, PDA etc.; The described network equipment includes but not limited to the server group that single network server, multiple webserver form or the cloud be made up of a large amount of computer or the webserver based on cloud computing (Cloud Computing), wherein, cloud computing is the one of Distributed Calculation, the super virtual machine be made up of a group loosely-coupled computer collection.Wherein, described computer equipment isolated operation can realize the present invention, also accessible network by realizing the present invention with the interactive operation of other computer equipments in network.Wherein, the network residing for described computer equipment includes but not limited to the Internet, wide area network, metropolitan area network, local area network (LAN), VPN etc.
It should be noted that; described subscriber equipment, the network equipment and network etc. are only citing; other computer equipments that are existing or that may occur from now on or network, as being applicable to the present invention, within also should being included in scope, and are contained in this with way of reference.
Method (some of them are illustrated by flow chart) discussed below can be implemented by hardware, software, firmware, middleware, microcode, hardware description language or its combination in any.When implementing by software, firmware, middleware or microcode, program code or code segment in order to implement necessary task can be stored in machine or computer-readable medium (such as storage medium).(one or more) processor can implement necessary task.
Concrete structure disclosed herein and function detail are only representational, and are the objects for describing exemplary embodiment of the present invention.But the present invention can carry out specific implementation by many replacement forms, and should not be construed as only being limited to the embodiments set forth herein.
Should be understood that, although may have been used term " first ", " second " etc. here to describe unit, these unit should not limit by these terms.These terms are used to be only used to a unit and another unit to distinguish.For example, when not deviating from the scope of exemplary embodiment, first module can be called as second unit, and second unit can be called as first module similarly.Here used term "and/or" comprise one of them or more any and all combinations of listed associated item.
Should be understood that, when a unit is called as " connection " or " coupling " to another unit, it can directly connect or be coupled to another unit described, or can there is temporary location.On the other hand, " when being directly connected " or " directly coupled " to another unit, then there is not temporary location when a unit is called as.Should explain in a comparable manner the relation be used between description unit other words (such as " and be in ... between " compared to " and be directly in ... between ", " with ... contiguous " compared to " and with ... be directly close to " etc.).
Here used term is only used to describe specific embodiment and be not intended to limit exemplary embodiment.Unless context refers else clearly, otherwise singulative used here " ", " one " are also intended to comprise plural number.It is to be further understood that, the existence of the feature that term used here " comprises " and/or " comprising " specifies to state, integer, step, operation, unit and/or assembly, and do not get rid of and there is or add other features one or more, integer, step, operation, unit, assembly and/or its combination.
Also it should be mentioned that and to replace in implementation at some, the function/action mentioned can according to being different from occurring in sequence of indicating in accompanying drawing.For example, depend on involved function/action, in fact the two width figure in succession illustrated can perform simultaneously or sometimes can perform according to contrary order substantially.
Below in conjunction with accompanying drawing, the present invention is described in further detail.
Fig. 1 illustrates the method flow diagram for obtaining network content information according to one aspect of the invention.
Step S1110: subscriber equipment is to first network equipment transmitting apparatus authentication request, and wherein, device authentication request comprises the chip identification of subscriber equipment; Step S1210: first network equipment receives the device authentication request from subscriber equipment; Step S1220: first network equipment, based on device authentication request, is inquired about the chip secret key corresponding with chip identification and carried out device authentication in secret key database; Step S1230: if authentication success, first network equipment sends authentication to subscriber equipment and passes through information; The authentication that subscriber equipment reception first network equipment returns passes through message; Step S1120: subscriber equipment by message, determines the secret key of content that the network content information after to encryption is decrypted based on authentication; Step S1130: receive the network content information after from the encryption of second network equipment, wherein, network content information is generated by the secret key encryption of content by the network content information after encryption; Step S1140: be decrypted process by the network content information after the encryption of content secret key pair, obtain network content information.
In the embodiment of this programme, the secret key of content due to each subscriber equipment has uniqueness, therefore second network equipment is also different to the network content information after the encryption of user device transmissions, make the data of identical network content information in each transmitting procedure all not identical, ensure that identical network content information, all different by the data that any one subscriber equipment gets, and only have the legal subscriber equipment of corresponding authentication to decipher, effectively prevent network content information broadcasting in privacy, improve the data security of network content information in transmitting procedure, effectively prevent network content information and smelt spy by during the network interfaces such as network interface card.
Step S1110: subscriber equipment is to first network equipment transmitting apparatus authentication request, and wherein, device authentication request comprises the chip identification of subscriber equipment.
Particularly, SOC is comprised in subscriber equipment, subscriber equipment reads its inside and implants chip id in SOC in OTP region by the burned mode of hardware, generates device authentication request, subsequently this device authentication request is sent to first network equipment based on this chip id.
Wherein, chip identification is the unique machine mark of subscriber equipment.
In the present invention, the inside of subscriber equipment adopts SOC (System-on-a-Chip) chip, and implant chip identification and chip keys in OTP (One time program) region in SOC, and the chip identification of each chip and chip keys are not identical; Wherein, in SOC, OTP (One Time Programmable) region is the region of One Time Programmable, namely data burned after, can not rewrite.Wherein, the upper requirement of SOC design can only store data before deciphering, and after deciphering, data are only for display, and can not be used for storing; Meanwhile, after SOC design requires to implant chip keys, chip keys can only use at chip internal, can not be read by outside.
Step S1210: first network equipment receives the device authentication request from subscriber equipment.
Step S1220: first network equipment, based on device authentication request, is inquired about the chip secret key corresponding with chip identification and carried out device authentication in secret key database.
Particularly, chip id in fetch equipment authentication request, in secret key database, inquire about the chip secret key corresponding with chip id carry out device authentication, when determining that chip id is present in this secret key database and matches the secret key of the chip corresponding with this chip id, can determine that subscriber equipment belongs to legitimate device, device authentication success; Wherein, multiple chip id and the secret key of the chip corresponding to each chip id is prestored in secret key database.
Step S1230: if authentication success, first network equipment sends authentication to subscriber equipment and passes through information; The authentication that subscriber equipment reception first network equipment returns passes through message.
If authentication success, send authentication by information to subscriber equipment, specifically comprise two kinds of implementations:
1) if when determining after inquiry that secret key data-base recording has chip id and matches the secret key of the chip corresponding with this chip id, determine that subscriber equipment is legitimate device, device authentication success, the then random sequence of stochastic generation predetermined length, and using this random sequence as being used for the secret key of content that is decrypted of network content information after to encryption; Generate authentication by information based on the secret key of this content, and pass through information to subscriber equipment transmission authentication.
2) preferably, step S1230 comprises step S1231 (not shown), step S1232 (not shown) and step S1233 (not shown) further:
Step S1231: if when determining the secret key of the chip corresponding with chip identification after inquiry, be encrypted by the secret key of content of chip secret key pair stochastic generation, determine the secret key of content after encrypting; Step S1232: generate authentication according to the secret key of the content after encryption and pass through information; Step S1233: authentication is sent to subscriber equipment by information.
Particularly, if when determining after inquiry that secret key data-base recording has chip id and matches the secret key of the chip corresponding with this chip id, then determine that subscriber equipment is legitimate device, device authentication success; The random sequence of stochastic generation predetermined length, and using this random sequence as being used for the secret key of content that is decrypted of network content information after to encryption; Subsequently, be encrypted by the secret key of content of this chip secret key pair stochastic generation, generate the secret key of content after encryption; Then, according to the secret key of content after encryption and chip id, generate authentication by information, authentication comprises the secret key of content after this encryption corresponding to chip id by information; Then, this authentication is sent to subscriber equipment by information; The authentication that subscriber equipment reception first network equipment returns passes through message.
Preferably (with reference to Fig. 1), the method also comprises step S1250 (not shown); Step S1250: the content-based secret key of first network equipment upgrades secret key database, wherein, stores the corresponding relation of described chip identification, the secret key of chip and the secret key of content in secret key database.
Particularly, after match query to the secret key of the chip corresponding with chip id, after the secret key of stochastic generation content, and the secret key of content that record is corresponding with chip id and the secret key of chip in secret key database.
Step S1120: subscriber equipment by message, determines the secret key of content that the network content information after to encryption is decrypted based on authentication.
Based on authentication by message, determine the secret key of content that the network content information after to encryption is decrypted, specifically comprise two kinds of implementations:
1) subscriber equipment reads authentication by message, it secret key of content for being decrypted the network content information after encryption comprised of extracting directly;
Based on the device authentication request sent to first network equipment, receive authentication that first network equipment returns by message, read that this authentication comprised by message.
2) preferably, step S1120 comprises step S1121 (not shown), step S1122 (not shown) and step S1123 (not shown) further.
Step S1121: extract authentication by the secret key of content after encryption corresponding to chip identification in message, wherein, the secret key of the content after encryption is encrypted by the secret key of chip matched with chip identification by secret for content key to generate; Step S1122: determine the secret key of chip matched with chip identification; Step S1123: be decrypted process by the secret key of content after the encryption of chip secret key pair, determine the secret key of content.
Wherein, determine that the mode of the secret key of chip mated with chip identification comprises: extract the secret key of the chip mated with chip identification at predetermined chip internal storage area.
Particularly, predetermined chip internal storage area is OTP region in SOC, has the chip id and chip keys implanted in advance in OTP region.
Particularly, extract authentication by the secret key of content after encryption corresponding to chip id in message, wherein, the secret key of the content after encryption is encrypted by the secret key of chip matched with chip id by secret for content key to generate; The secret key of chip matched with chip id is determined in OTP region in SOC; Subsequently, be decrypted process by the secret key of content after the encryption of chip secret key pair, determine the secret key of content.
In this preferred embodiment, the secret key of content being sent to subscriber equipment due to first network equipment is after encryption, decrypting process performs in subscriber equipment inside, therefore, the fail safe of the secret key of content is effectively ensure that, for the fail safe of the network content information after subsequent transmission encryption provides strong guarantee in data transmission procedure.
Step S1130: receive the network content information after from the encryption of second network equipment, wherein, network content information is generated by the secret key encryption of content by the network content information after encryption.
Particularly, second network equipment sends the network content information after encryption directly to subscriber equipment,
Step S1140: be decrypted process by the network content information after the encryption of content secret key pair, obtain network content information.
Particularly, based on the secret key of the content determined in step S1120, process is decrypted to the network content information after encryption, obtains network content information.
In a preferred embodiment, as shown in Figure 2, step S2110: subscriber equipment is to first network equipment transmitting apparatus authentication request, and wherein, device authentication request comprises the chip identification of subscriber equipment; Step S2210: first network equipment receives the device authentication request from subscriber equipment; Step S2220: first network equipment, based on device authentication request, is inquired about the chip secret key corresponding with chip identification and carried out device authentication in secret key database; Step S2230: if authentication success, first network equipment sends authentication to subscriber equipment and passes through information; The authentication that subscriber equipment reception first network equipment returns passes through message; Step S2120: subscriber equipment by message, determines the secret key of content that the network content information after to encryption is decrypted based on authentication; Step S2150: subscriber equipment sends content acquisition request to second network equipment, and wherein, content acquisition request comprises the content identification of chip identification and content to be obtained; Step S2310: second network equipment receives the content acquisition request from subscriber equipment; Wherein, content acquisition request comprises chip identification and content identification; Step S2320: second network equipment sends to first network equipment the content key generated based on chip identification and obtains request; The content key that first network equipment receives from second network equipment obtains request, and wherein, the secret key of content obtains request and comprises chip identification; Step S2240: first network equipment is according to chip identification, and matching inquiry determines the content key corresponding with chip identification in secret key database; Step S2250: content key is sent to second network equipment; Second network equipment receives the content key corresponding to chip identification that first network equipment returns; Step S2330: by the network content information matched with content identification, be encrypted by content key, generates the network content information after encryption; Step S2340: the network content information after encryption is sent to subscriber equipment; Step S2130: receive the network content information after from the encryption of second network equipment, wherein, network content information is generated by the secret key encryption of content by the network content information after encryption; Step S2140: be decrypted process by the network content information after the encryption of content secret key pair, obtain network content information.
Wherein, step step S1110, step S1210 in step S2110, step S2210, step S2220, step S2230, step S2120 and Fig. 1, step S1220, step S1230, step S1120 executable operations are same or similar, do not repeat them here.
Step S2150: subscriber equipment sends content acquisition request to second network equipment, and wherein, content acquisition request comprises the content identification of chip identification and content to be obtained.
Step S2310: second network equipment receives the content acquisition request from subscriber equipment; Wherein, content acquisition request comprises chip identification and content identification.
Step S2320: second network equipment will obtain request based on chip identification generating content is secret, and send this content key acquisition request to first network equipment.
The content key that first network equipment receives from second network equipment obtains request, and wherein, the secret key of content obtains request and comprises chip identification.
Step S2240: first network equipment is according to chip identification, and matching inquiry determines the content key corresponding with chip identification in secret key database; Wherein, after content key generates, in secret key database, have recorded chip identification and the corresponding secret key of content of the secret key of chip.
Step S2250: content key is sent to second network equipment; Second network equipment receives the content key corresponding to chip identification that first network equipment returns.
Step S2330: second network equipment finds the network content information matched according to content identification, and by this network content information, be encrypted by content key, generate the network content information after encryption.
Step S2340: the network content information after encryption is sent to subscriber equipment by second network equipment.
Step S2130: subscriber equipment receives from the network content information after the encryption of second network equipment, wherein, network content information is generated by the secret key encryption of content by the network content information after encryption.
Step S2140: subscriber equipment is decrypted process by the network content information after the encryption of content secret key pair, obtains network content information.
Fig. 3 illustrate according to a further aspect of the present invention a kind of in a user device for obtain network content information device and a kind of in first network equipment for obtaining the structural representation of the device of network content information.
Subscriber equipment according to the present invention comprises: for based on the device authentication request sent to first network equipment, receives authentication that first network equipment the returns device (hereinafter referred to as " by information receiver 3110 ") by message; For passing through message based on authentication, determine the device (hereinafter referred to as " the secret key determining device 3120 of content ") of the secret key of content that the network content information after to encryption is decrypted; For receiving the device of the network content information after from the described encryption of second network equipment, wherein, network content information is generated (hereinafter referred to as " Web content receiving system 3130 ") by the secret key encryption of content by the network content information after encryption; For being decrypted process by the network content information after the encryption of content secret key pair, obtain the device (hereinafter referred to as " decryption device 3140 ") of network content information.First network equipment according to the present invention comprises: for receiving the device of the device authentication request from subscriber equipment, wherein, and device authentication request comprises the chip identification (hereinafter referred to as " authentication request receiving system 3210 ") of subscriber equipment; For based on device authentication request, in secret key database, inquire about the device (hereinafter referred to as " authentication device 3220 ") that the chip secret key corresponding with chip identification carries out device authentication; If for authentication success, send the device (hereinafter referred to as " by information transmitting apparatus 3230 ") of authentication by information to subscriber equipment.
In the embodiment of this programme, the secret key of content due to each subscriber equipment has uniqueness, therefore second network equipment is also different to the network content information after the encryption of user device transmissions, make the data of identical network content information in each transmitting procedure all not identical, ensure that identical network content information, all different by the data that any one subscriber equipment gets, and only have the legal subscriber equipment of corresponding authentication to decipher, effectively prevent network content information broadcasting in privacy, improve the data security of network content information in transmitting procedure, effectively prevent network content information and smelt spy by during the network interfaces such as network interface card.
First, subscriber equipment is to first network equipment transmitting apparatus authentication request, and wherein, device authentication request comprises the chip identification of subscriber equipment.
Particularly, SOC is comprised in subscriber equipment, subscriber equipment reads its inside and implants chip id in SOC in OTP region by the burned mode of hardware, generates device authentication request, subsequently this device authentication request is sent to first network equipment based on this chip id.
Wherein, chip identification is the unique machine mark of subscriber equipment.
In the present invention, the inside of subscriber equipment adopts SOC (System-on-a-Chip) chip, and implant chip identification and chip keys in OTP (One time program) region in SOC, and the chip identification of each chip and chip keys are not identical; Wherein, in SOC, OTP (One Time Programmable) region is the region of One Time Programmable, namely data burned after, can not rewrite.Wherein, the upper requirement of SOC design can only store data before deciphering, and after deciphering, data are only for display, and can not be used for storing; Meanwhile, after SOC design requires to implant chip keys, chip keys can only use at chip internal, can not be read by outside.
The authentication request receiving system 3210 of first network equipment receives the device authentication request from subscriber equipment.
The authentication device 3220 of first network equipment, based on device authentication request, is inquired about the chip secret key corresponding with chip identification and is carried out device authentication in secret key database.
Particularly, chip id in fetch equipment authentication request, in secret key database, inquire about the chip secret key corresponding with chip id carry out device authentication, when determining that chip id is present in this secret key database and matches the secret key of the chip corresponding with this chip id, can determine that subscriber equipment belongs to legitimate device, device authentication success; Wherein, multiple chip id and the secret key of the chip corresponding to each chip id is prestored in secret key database.
If authentication success, first network equipment by information transmitting apparatus 3230 to subscriber equipment send authentication pass through information; The authentication that subscriber equipment reception first network equipment returns passes through message.
If authentication success, send authentication by information to subscriber equipment, specifically comprise two kinds of implementations:
1) if when determining after inquiry that secret key data-base recording has chip id and matches the secret key of the chip corresponding with this chip id, determine that subscriber equipment is legitimate device, device authentication success, the then random sequence of stochastic generation predetermined length, and using this random sequence as being used for the secret key of content that is decrypted of network content information after to encryption; Generate authentication by information based on the secret key of this content, and pass through information to subscriber equipment transmission authentication.
2) preferably, if when information transmitting apparatus 3230 comprises further for determining the secret key of the chip corresponding with chip identification after inquiry, be encrypted by the secret key of content of chip secret key pair stochastic generation, the device of the secret key of content after encrypting is determined; For generating the device of authentication by information according to the secret key of the content after encryption; For authentication to be sent to the device of subscriber equipment by information.
Particularly, if when determining after inquiry that secret key data-base recording has chip id and matches the secret key of the chip corresponding with this chip id, then determine that subscriber equipment is legitimate device, device authentication success; The random sequence of stochastic generation predetermined length, and using this random sequence as being used for the secret key of content that is decrypted of network content information after to encryption; Subsequently, be encrypted by the secret key of content of this chip secret key pair stochastic generation, generate the secret key of content after encryption; Then, according to the secret key of content after encryption and chip id, generate authentication by information, authentication comprises the secret key of content after this encryption corresponding to chip id by information; Then, this authentication is sent to subscriber equipment by information.
Preferably, this device also comprises for content-based secret key to upgrade the device of secret key database, wherein, and the corresponding relation of storage chip mark, the secret key of chip and the secret key of content in secret key database.
Particularly, after match query to the secret key of the chip corresponding with chip id, after the secret key of stochastic generation content, and the secret key of content that record is corresponding with chip id and the secret key of chip in secret key database.
The receiving by information receiver 1110 authentication that first network equipment returns and pass through message of subscriber equipment.
The secret key determining device 1120 of content of subscriber equipment by message, determines the secret key of content that the network content information after to encryption is decrypted based on authentication.
Based on authentication by message, determine the secret key of content that the network content information after to encryption is decrypted, specifically comprise two kinds of implementations:
1) subscriber equipment reads authentication by message, it secret key of content for being decrypted the network content information after encryption comprised of extracting directly;
Based on the device authentication request sent to first network equipment, receive authentication that first network equipment returns by message, read that this authentication comprised by message.
2) preferably, content secret key determining device 1120 comprises for extracting the device of authentication by the secret key of the content after encryption corresponding to chip identification in message further, wherein, the secret key of the content after encryption is encrypted by the secret key of chip matched with chip identification by secret for content key to generate; For determining the device of the secret key of chip matched with chip identification; For being decrypted process by the secret key of content after the encryption of chip secret key pair, determine the device of the secret key of content.
Wherein, determine that the mode of the secret key of chip mated with chip identification comprises: extract the secret key of the chip mated with chip identification at predetermined chip internal storage area.
Particularly, predetermined chip internal storage area is OTP region in SOC, has the chip id and chip keys implanted in advance in OTP region.
Particularly, extract authentication by the secret key of content after encryption corresponding to chip id in message, wherein, the secret key of the content after encryption is encrypted by the secret key of chip matched with chip id by secret for content key to generate; The secret key of chip matched with chip id is determined in OTP region in SOC; Subsequently, be decrypted process by the secret key of content after the encryption of chip secret key pair, determine the secret key of content.
In this preferred embodiment, the secret key of content being sent to subscriber equipment due to first network equipment is after encryption, decrypting process performs in subscriber equipment inside, therefore, the fail safe of the secret key of content is effectively ensure that, for the fail safe of the network content information after subsequent transmission encryption provides strong guarantee in data transmission procedure.
Web content receiving system 3130 receives the network content information after from the encryption of second network equipment, and wherein, network content information is generated by the secret key encryption of content by the network content information after encryption.
Particularly, second network equipment sends the network content information after encryption directly to subscriber equipment.
Decryption device 3140 is decrypted process by the network content information after the encryption of content secret key pair, obtains network content information.
Particularly, based on the secret key of fixed content, process is decrypted to the network content information after encryption, obtains network content information.
In a preferred embodiment, as shown in Figure 4, subscriber equipment according to this programme also comprises: for sending content acquisition request to second network equipment, wherein, content acquisition request comprises the device (hereinafter referred to as " content acquisition request dispensing device 4150 ") of the content identification of chip identification and content to be obtained; First network equipment according to this programme also comprises: obtain request for the content key received from second network equipment, wherein, the secret key of content obtains the device (hereinafter referred to as " cipher key acquisition request receiving system 4240 ") that request comprises described chip identification; For according to chip identification, in secret key database, matching inquiry determines the device (hereinafter referred to as " content key determining device 4250 ") of the content key corresponding with chip identification; For will content key stated be sent to the device (hereinafter referred to as " content key dispensing device 4260 ") of second network equipment; Second network equipment according to the present invention comprises: for receiving the content acquisition request from subscriber equipment; Wherein, content acquisition request comprises the device (hereinafter referred to as " content acquisition request receiving system 4310 ") of chip identification and content identification; For sending the device (hereinafter referred to as " cipher key acquisition request dispensing device 4320 ") that the content key generated based on chip identification obtains request to first network equipment; For receiving the device (hereinafter referred to as " content key receiving system 4330 ") of the content key corresponding to chip identification that first network equipment returns; For the network content information will matched with content identification, be encrypted by content key, generate the device (hereinafter referred to as " encryption device 4340 ") of the network content information after encryption; For the network content information after encryption being sent to the device (hereinafter referred to as " Web content dispensing device 4350 ") of subscriber equipment.
The content acquisition request dispensing device 4150 of subscriber equipment sends content acquisition request to second network equipment, and wherein, content acquisition request comprises the content identification of chip identification and content to be obtained.
The content acquisition request receiving system 4310 of second network equipment receives the content acquisition request from subscriber equipment; Wherein, content acquisition request comprises chip identification and content identification.
The cipher key acquisition request dispensing device 4320 of second network equipment will obtain request based on chip identification generating content is secret, and sends this content key acquisition request to first network equipment.
The content key that the cipher key acquisition request receiving system 4240 of first network equipment receives from second network equipment obtains request, and wherein, the secret key of content obtains request and comprises chip identification.
The content key determining device 4250 of first network equipment is according to chip identification, and in secret key database, matching inquiry determines the content key corresponding with chip identification; Wherein, after content key generates, in secret key database, have recorded chip identification and the corresponding secret key of content of the secret key of chip.
Content key is sent to second network equipment by the content key dispensing device 4260 of first network equipment; The content key receiving system 4330 of second network equipment receives the content key corresponding to chip identification that first network equipment returns.
The encryption device 4340 of second network equipment finds the network content information matched according to content identification, and by this network content information, is encrypted by content key, generates the network content information after encryption.
Network content information after encryption is sent to subscriber equipment by the Web content dispensing device 4350 of second network equipment.
Subscriber equipment receives from the network content information after the encryption of second network equipment, and wherein, network content information is generated by the secret key encryption of content by the network content information after encryption; Subsequently, be decrypted process by the network content information after the encryption of content secret key pair, obtain network content information.
It should be noted that the present invention can be implemented in the assembly of software and/or software restraint, such as, each device of the present invention can adopt application-specific integrated circuit (ASIC) (ASIC) or any other similar hardware device to realize.In one embodiment, software program of the present invention can perform to realize step mentioned above or function by processor.Similarly, software program of the present invention (comprising relevant data structure) can be stored in computer readable recording medium storing program for performing, such as, and RAM memory, magnetic or CD-ROM driver or floppy disc and similar devices.In addition, steps more of the present invention or function can adopt hardware to realize, such as, as coordinating with processor thus performing the circuit of each step or function.
To those skilled in the art, obviously the invention is not restricted to the details of above-mentioned one exemplary embodiment, and when not deviating from spirit of the present invention or essential characteristic, the present invention can be realized in other specific forms.Therefore, no matter from which point, all should embodiment be regarded as exemplary, and be nonrestrictive, scope of the present invention is limited by claims instead of above-mentioned explanation, and all changes be therefore intended in the implication of the equivalency by dropping on claim and scope are included in the present invention.Any Reference numeral in claim should be considered as the claim involved by limiting.In addition, obviously " comprising " one word do not get rid of other unit or step, odd number does not get rid of plural number.Multiple unit of stating in system claims or device also can be realized by software or hardware by a unit or device.First, second word such as grade is used for representing title, and does not represent any specific order.
Although show and describe exemplary embodiment especially above, it will be appreciated by those skilled in the art that when not deviating from the spirit and scope of claims, can change to some extent in its form and details.
Claims (20)
1., in a user device for obtaining a method for network content information, wherein, the method comprises:
Based on the device authentication request sent to first network equipment, receive authentication that described first network equipment returns by message, wherein, described device authentication request comprises chip identification;
Based on described authentication by message, determine the secret key of content that the network content information after to encryption is decrypted;
Wherein, the method also comprises:
Receive from the network content information after the described encryption of second network equipment, wherein, network content information is generated by the secret key encryption of described content by the network content information after described encryption;
Be decrypted process by the network content information after encryption described in described content secret key pair, obtain network content information.
2. method according to claim 1, wherein, based on described authentication by message, determines the secret key of content that the network content information after to encryption is decrypted, specifically comprises:
Extract described authentication by the secret key of the content after encryption corresponding to described chip identification in message, wherein, the secret key of the content after described encryption is encrypted by the secret key of chip matched with described chip identification by secret for content key to generate;
Determine the secret key of chip matched with described chip identification;
Be decrypted process by the secret key of content after encryption described in described chip secret key pair, determine the secret key of described content.
3. method according to claim 2, wherein, determine the secret key of chip mated with described chip identification, comprising:
The secret key of chip mated with described chip identification is extracted at predetermined chip internal storage area.
4. the method according to any one of claim 1-3, wherein, before receiving the network content information after from the encryption of second network equipment, the method also comprises:
Send content acquisition request to described second network equipment, wherein, described content acquisition request comprises the content identification of described chip identification and content to be obtained.
5. the method according to any one of claim 1-4, wherein, described chip identification is the unique machine mark of described subscriber equipment.
6. in first network equipment, assist the method for obtaining network content information, wherein, the method comprises:
Receive the device authentication request from subscriber equipment, wherein, described device authentication request comprises the chip identification of subscriber equipment;
Based on described device authentication request, in secret key database, inquire about the chip secret key corresponding with described chip identification carry out device authentication;
If authentication success, send authentication to described subscriber equipment and pass through information.
7. method according to claim 6, wherein, if authentication success, sends authentication by information to described subscriber equipment, comprising:
If when determining the secret key of the chip corresponding with described chip identification after inquiry, be encrypted by the secret key of content of described chip secret key pair stochastic generation, determine the secret key of content after encrypting;
Generate authentication according to the secret key of the content after encryption and pass through information;
Described authentication is sent to described subscriber equipment by information.
8. method according to claim 7, wherein, the method also comprises:
Upgrade described secret key database based on the secret key of described content, wherein, in described secret key database, store the corresponding relation of described chip identification, the secret key of described chip and the secret key of described content.
9. method according to claim 8, wherein, the method also comprises:
The content key received from second network equipment obtains request, and wherein, the secret key of described content obtains request and comprises described chip identification;
According to described chip identification, in described secret key database, matching inquiry determines the described content key corresponding with described chip identification;
Described content key is sent to second network equipment.
10. in second network equipment, assist the method for obtaining network content information, wherein, the method comprises:
Receive the content acquisition request from subscriber equipment; Wherein, described content acquisition request comprises chip identification and content identification;
Send to first network equipment the content key generated based on described chip identification and obtain request;
Receive the content key corresponding to described chip identification that described first network equipment returns;
By the network content information matched with described content identification, be encrypted by described content key, generate the network content information after encryption;
Network content information after described encryption is sent to described subscriber equipment.
11. 1 kinds in a user device for obtaining the device of network content information, wherein, this device comprises:
For based on the device authentication request sent to first network equipment, receive authentication that described first network equipment the returns device by message, wherein, described device authentication request comprises chip identification;
For passing through message based on described authentication, determine the device of the secret key of content that the network content information after to encryption is decrypted;
Wherein, the described device for obtaining network content information also comprises:
For receiving the device of the network content information after from the described encryption of second network equipment, wherein, network content information is generated by the secret key encryption of described content by the network content information after described encryption;
For being decrypted process by the network content information after encryption described in described content secret key pair, obtain the device of network content information.
12. devices according to claim 11, wherein, for passing through message based on described authentication, determining the device of the secret key of content that the network content information after to encryption is decrypted, specifically comprising:
For extracting the device of described authentication by the secret key of the content after encryption corresponding to described chip identification in message, wherein, the secret key of the content after described encryption is encrypted by the secret key of chip matched with described chip identification by secret for content key to generate;
For determining the device of the secret key of chip matched with described chip identification;
For being decrypted process by the secret key of content after encryption described in described chip secret key pair, determine the device of the secret key of described content.
13. devices according to claim 12, wherein, for determining that the device of the secret key of chip mated with described chip identification is for extracting the secret key of chip mated with described chip identification at predetermined chip internal storage area.
14. devices according to any one of claim 11-13, wherein, this device also comprises:
For sending content acquisition request to described second network equipment, wherein, described content acquisition request comprises the device of the content identification of described chip identification and content to be obtained.
15. devices according to any one of claim 11-14, wherein, described chip identification is the unique machine mark of described subscriber equipment.
In first network equipment, assist the device for obtaining network content information for 16. 1 kinds, wherein, this device comprises:
For receiving the device of the device authentication request from subscriber equipment, wherein, described device authentication request comprises the chip identification of subscriber equipment;
For based on described device authentication request, in secret key database, inquire about the device that the chip secret key corresponding with described chip identification carries out device authentication;
If for authentication success, send the device of authentication by information to described subscriber equipment.
17. devices according to claim 16, wherein, if for authentication success, send authentication by the device of information to described subscriber equipment, comprising:
If during for determining the secret key of the chip corresponding with described chip identification after inquiry, be encrypted by the secret key of content of described chip secret key pair stochastic generation, determine the device of the secret key of content after encrypting;
For generating the device of authentication by information according to the secret key of the content after encryption;
For described authentication to be sent to the device of described subscriber equipment by information.
18. devices according to claim 17, wherein, this device also comprises:
For upgrading the device of described secret key database based on the secret key of described content, wherein, in described secret key database, store the corresponding relation of described chip identification, the secret key of described chip and the secret key of described content.
19. devices according to claim 18, wherein, this device also comprises:
Obtain the device of asking for the content key received from second network equipment, wherein, the secret key of described content obtains request and comprises described chip identification;
For according to described chip identification, in described secret key database, matching inquiry determines the device of the described content key corresponding with described chip identification;
For described content key being sent to the device of second network equipment.
In second network equipment, assist the device for obtaining network content information for 20. 1 kinds, wherein, this device comprises:
For receiving the device of the content acquisition request from subscriber equipment; Wherein, described content acquisition request comprises chip identification and content identification;
For sending the device that the content key generated based on described chip identification obtains request to first network equipment;
For receiving the device of the content key corresponding to described chip identification that described first network equipment returns;
For the network content information will matched with described content identification, be encrypted by described content key, generate the device of the network content information after encryption;
For the network content information after described encryption being sent to the device of described subscriber equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510175982.2A CN104836796A (en) | 2015-04-14 | 2015-04-14 | Method and apparatus for acquiring network content information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510175982.2A CN104836796A (en) | 2015-04-14 | 2015-04-14 | Method and apparatus for acquiring network content information |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104836796A true CN104836796A (en) | 2015-08-12 |
Family
ID=53814432
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510175982.2A Pending CN104836796A (en) | 2015-04-14 | 2015-04-14 | Method and apparatus for acquiring network content information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104836796A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107006061A (en) * | 2015-08-31 | 2017-08-01 | 华为技术有限公司 | A kind of method and its equipment of the identification code for obtaining terminal |
| CN109446234A (en) * | 2018-10-12 | 2019-03-08 | Oppo广东移动通信有限公司 | Data processing method, device and electronic equipment |
| CN110427759A (en) * | 2019-06-20 | 2019-11-08 | 中国科学院信息工程研究所 | A kind of Internet resources browsing control method and system for supporting service security label |
| CN113038196A (en) * | 2021-03-17 | 2021-06-25 | 大陆投资(中国)有限公司 | Sender device and receiver device for transmitting media data in a communication network |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101156448A (en) * | 2005-04-06 | 2008-04-02 | 美国博通公司 | Method and system for securing media content in a multimedia processor |
| CN102117395A (en) * | 2009-12-31 | 2011-07-06 | 英华达(上海)电子有限公司 | Electronic digital information copyright protection method and system as well as electronic terminal |
| CN101268680B (en) * | 2005-09-22 | 2012-07-11 | 上海怡得网络有限公司 | Information subscribing system for portable terminal device having direct network connecting function |
| CN104283686A (en) * | 2014-05-27 | 2015-01-14 | 深圳市天朗时代科技有限公司 | Digital right management method and system |
-
2015
- 2015-04-14 CN CN201510175982.2A patent/CN104836796A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101156448A (en) * | 2005-04-06 | 2008-04-02 | 美国博通公司 | Method and system for securing media content in a multimedia processor |
| CN101268680B (en) * | 2005-09-22 | 2012-07-11 | 上海怡得网络有限公司 | Information subscribing system for portable terminal device having direct network connecting function |
| CN102117395A (en) * | 2009-12-31 | 2011-07-06 | 英华达(上海)电子有限公司 | Electronic digital information copyright protection method and system as well as electronic terminal |
| CN104283686A (en) * | 2014-05-27 | 2015-01-14 | 深圳市天朗时代科技有限公司 | Digital right management method and system |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107006061A (en) * | 2015-08-31 | 2017-08-01 | 华为技术有限公司 | A kind of method and its equipment of the identification code for obtaining terminal |
| CN107006061B (en) * | 2015-08-31 | 2020-09-04 | 华为技术有限公司 | Method and device for acquiring identification code of terminal |
| CN109446234A (en) * | 2018-10-12 | 2019-03-08 | Oppo广东移动通信有限公司 | Data processing method, device and electronic equipment |
| CN110427759A (en) * | 2019-06-20 | 2019-11-08 | 中国科学院信息工程研究所 | A kind of Internet resources browsing control method and system for supporting service security label |
| CN110427759B (en) * | 2019-06-20 | 2021-04-20 | 中国科学院信息工程研究所 | Network resource browsing control method and system supporting service security mark |
| CN113038196A (en) * | 2021-03-17 | 2021-06-25 | 大陆投资(中国)有限公司 | Sender device and receiver device for transmitting media data in a communication network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11477006B2 (en) | Secure analytics using an encrypted analytics matrix | |
| US8712041B2 (en) | Content protection apparatus and content encryption and decryption apparatus using white-box encryption table | |
| CN107294729B (en) | Communication method and device between different nodes in block chain | |
| JP5412414B2 (en) | Searchable cryptographic processing system | |
| CN110049016B (en) | Data query method, device, system, equipment and storage medium of block chain | |
| CN105518679B (en) | Picture management method and picture synchronization method | |
| CN106790156B (en) | Intelligent device binding method and device | |
| CN106452770B (en) | Data encryption method, data decryption method, device and system | |
| CN102523087B (en) | Method and equipment for carrying out encrypting treatment on self-execution network information | |
| CN104836796A (en) | Method and apparatus for acquiring network content information | |
| CN103973651A (en) | Account password identification setting and inquiring method and device based on salt password bank | |
| JP2005157881A5 (en) | ||
| CN103366132A (en) | Device and method for encrypting data | |
| JP2007028015A (en) | Program, system and method for time stamp verification, and time stamp generation request method | |
| CN104462877A (en) | Digital resource acquisition method and system under copyright protection | |
| EP3274892B1 (en) | Drm addition authentication | |
| CN116361833A (en) | Verification method and device and terminal equipment | |
| CN110851794A (en) | Media file uplink method and device, storage medium and electronic device | |
| EP3274891B1 (en) | Header translation modification | |
| CN115862895A (en) | Online chronic disease inquiry management method and device based on Internet cloud platform | |
| CN115688059A (en) | Image data processing method and device, electronic equipment and storage medium | |
| CN107959691B (en) | Method for detecting user identity information, server, computer-readable storage medium and computer equipment | |
| CN111865891A (en) | Data transmission method, user side, electronic equipment and readable storage medium | |
| JP6493402B2 (en) | Addition device, deletion device, addition request device, data search system, data search method, and computer program | |
| WO2017206401A1 (en) | Video decryption method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150812 |
|
| RJ01 | Rejection of invention patent application after publication |