CN105847890A - OTT digital copyright-based management system - Google Patents

Abstract

The invention provides an OTT digital copyright-based management system, which comprises a user management system, a media authorization system, a media encrypting, processing and distributing system, and a user terminal. The system has the advantages of simple structure, low cost, ingenious design and simple operation. Meanwhile, the DRM system of the IP network is high in security, and the MPEG 4 data packets are precise in encryption mode. Moreover, the video transmission mode is ensured to be very safe.

Description

A kind of based on OTT The management system of digital publishing rights

[technical field]

The present invention relates to a kind of internet video areas of information technology, particularly relate to a kind of management system based on OTT digital publishing rights.

[background technology]

The DRM system safety of IP network is poor at present, MPEG-4 Data Packet Encryption mode common, and transmission of video pattern is the safest.

[summary of the invention]

The object of the invention is in order to the DRM system safety solving current IP network is poor, MPEG-4 Data Packet Encryption mode common, and transmission of video pattern is the safest, it is provided that a kind of management system based on OTT digital publishing rights.

The present invention is achieved through the following technical solutions: a kind of management system based on OTT digital publishing rights, including Subscriber Management System, media authorization system, media encryption processes and dissemination system, user side, described user side passes through network to Subscriber Management System application ID, described Subscriber Management System is that user produces a pair unsymmetrical key, i.e. user key UK, the storage of its private key is distributed to user within a smart card, PKI is by Subscriber Management System keeping, when user side is to server request media play, first have to play license to media authorization system request, user side information is submitted to Subscriber Management System by described media authorization system；

The legitimacy of described Subscriber Management System checking user, if it is legal to be verified as, the PKI of the UK of this user is fed back to media authorization system, the process of described media encryption and dissemination system are cores of DRM system, and it includes that produces a Stream Cipher CW(Control Word) control word generator (random sequence generator), in this subsystem, with CW encrypted media source, encrypts the ECM(Entitlement after CW encryption with SK Control Message), then ECM is carried out multiplexing with the media after CW encryption, form the streaming media data stream for downloading, the license information received is stored in smart card by user side, obtains CW with smart card deciphering；The source Media Stream that can play finally is obtained with CW deciphering media data；

Control word generator is a vital information in this system, it is used as the direct key of media encryption deciphering in DRM system, random sequence generator cook's word sequencer output random words standby come heap bit stream data carry out encryption and decryption operation, the random sequence generator encrypting end and decrypting end in the valid interval of each control word synchronizes to produce the key of every encrypted bit stream in a flash with this control word for initial seed word, owing to the data volume of media code stream is the biggest, if a control word is used for code stream is carried out operation to provide substantial amounts of analysis sample to assailant for a long time, this influences whether the safety of system unavoidably, therefore the control word of this system all can change once for several seconds or tens seconds.Obviously, the highest assailant of randomness of control word sequence is just more difficult to attack, the control word generator of off-line is no more than true random sequence generator, no matter this generator runs how long assailant is impossible to speculate control word next time by all of control word, in fact, the mathematical operation carried out by computer or microprocessor at present cannot produce random number truly, no matter sequence produced by them has how many kinds of state, but still be limited and be circulation, therefore, this DRM system not necessarily obtains a real random sequence, as long as its cycle period long enough just can meet system needs；

Business cipher key SK is used to CW is encrypted generation Entitlement Control Message ECM's, the renewal speed of business cipher key SK need not be quickly, SK in this system can make update once for one month, transmitting terminal can adjust SK according to the change of different source of media authorization conditions, each source of media can use different SK, and this makes flexile authorization be possibly realized；

User key UK is a pair unsymmetrical key, PKI is stored in the customer information control system of service end, and private key is stored in the customer information control system of service end, and private key is stored in the smart card that user is had, because the tamper-resistance properties of smart card itself, avoid the direct interaction of user and key, it is ensured that the safety of private key for user.

Further, described Subscriber Management System is Database Systems, deposit user profile, media information, the user being new registration by Subscriber Management System provides a key file, wherein comprises the personal information (ID, the ID of had smart card, intended media are numbered) of user, through the user key UK(RSA double secret key encrypted) and expiry date.

Further, described media authorization system is a rsa encryption program, with the public key encryption business cipher key SK of user key UK.

nullFurther，The core system that described media encryption processes and dissemination system is service end，The core system of described service end includes control word generator module、Encryption、Multiplexing module、Source file module、IP network、Sending module、Send buffer module，The fluidisation of the MPEG-4 data of source file module to be carried out in the core system of described service end、Encryption and sending module，Encryption to source file module should be carried out in units of packet，One packet is read transmission buffer module district from filebuf by the transmission thread in described sending module every time，The ciphering process of source file module and Multiplexing module process and the process of transmission are shared and are sent buffer module district，After service end and user side start data transmission，Begin to the encryption to packet、Multiplexing module and sending module，Until finishing.

Further, described user side application program is mainly by receiver module, demultiplexing module, deciphering module, playing module, described receiver module reads reception relief area the packet received from IP network, described demultiplexing module will do all one can out in ECM information packet from this relief area, with the deciphering of smart card, the packet removing ECM information is read in buffer queue, is deciphered with CW, and last playing module obtains data from buffer queue and play.

Further, the concrete methods of realizing of described media authorization system comprises the steps:

(1) user side authorizes to media authorization system intended media, request；

(2) user profile is submitted to Subscriber Management System by media authorization system；The legitimacy of Subscriber Management System checking user, if being verified as legal, feeds back to media authorization system by the PKI of the UK of this user；

(3) business key SK of media information predetermined for user and this business is issued media encryption process and dissemination system by media authorization system, and the UK public key encryption of SK is fabricated to play License Info and is sent to user by media authorization system simultaneously.

Further, described media encryption processes and the concrete methods of realizing of dissemination system comprises the steps:

(1) packet of file reading in transmission buffer module district, the CW simultaneously using control word generator module to produce is sending buffer module zone encryption clear text file therein；

(2) cryptograph files will be obtained and write this relief area equally, and the most again the ECM that encryption CW obtains will be read in this relief area and carries out Multiplexing module with the cryptograph files in this relief area；

(3) finally by sending module, it is reached IP network again.

The beneficial effects of the present invention is: simple in construction, with low cost, design ingenious, simple to operate, the DRM system safety of IP network is high, MPEG-4 Data Packet Encryption mode is accurate, and transmission of video pattern is the safest.

[accompanying drawing explanation]

Fig. 1 is present invention management based on OTT digital publishing rights system structure schematic diagram；

Fig. 2 is that media encryption of the present invention processes and dissemination system structural representation；

Fig. 3 is user side structural representation of the present invention；

Reference: 1, Subscriber Management System；2, media authorization system；3, media encryption processes and dissemination system；31, control word generator module；32, encryption；33, Multiplexing module；34, source file module；35, IP network；36, sending module；37, buffer module is sent；4, user side；41, receiver module；42, demultiplexing module；43, deciphering module；44, playing module.

[detailed description of the invention]

Below in conjunction with the accompanying drawings and the present invention is described further by detailed description of the invention:

Such as Fig. 1, Fig. 2, shown in Fig. 3, a kind of management system based on OTT digital publishing rights, including Subscriber Management System 1, media authorization system 2, media encryption processes and dissemination system 3, user side 4, described user side 4 applies for ID by network to Subscriber Management System 1, described Subscriber Management System 1 produces a pair unsymmetrical key for user, i.e. user key UK, the storage of its private key is distributed to user within a smart card, PKI is taken care of by Subscriber Management System 1, when user side is to server request media play, first have to play license to media authorization system 2 request, user side 4 information is submitted to Subscriber Management System 1 by described media authorization system 2；

Described Subscriber Management System 1 verifies the legitimacy of user, if it is legal to be verified as, the PKI of the UK of this user is fed back to media authorization system 2, the business cipher key SK of media information predetermined for user side 4 and this business is issued media encryption and processes and dissemination system 3 by media authorization system 2, and the UK public key encryption of SK is fabricated to play License Info and is sent to user side 4 by media authorization system 2 simultaneously；

The process of described media encryption and dissemination system 3 are cores of DRM system, and it includes that produces a Stream Cipher CW(Control Word) control word generator (random sequence generator), in this subsystem, with CW encrypted media source, encrypts the ECM(Entitlement after CW encryption with SK Control Message), then ECM is carried out multiplexing with the media after CW encryption, form the streaming media data stream for downloading, the license information received is stored in smart card by user side, obtains CW with smart card deciphering；The source Media Stream that can play finally is obtained with CW deciphering media data；

Control word generator is a vital information in this system, it is used as the direct key of media encryption deciphering in DRM system, random sequence generator cook's word sequencer output random words standby come heap bit stream data carry out encryption and decryption operation, the random sequence generator encrypting end and decrypting end in the valid interval of each control word synchronizes to produce the key of every encrypted bit stream in a flash with this control word for initial seed word, owing to the data volume of media code stream is the biggest, if a control word is used for code stream is carried out operation to provide substantial amounts of analysis sample to assailant for a long time, this influences whether the safety of system unavoidably, therefore the control word of this system all can change once for several seconds or tens seconds.Obviously, the highest assailant of randomness of control word sequence is just more difficult to attack, the control word generator of off-line is no more than true random sequence generator, no matter this generator runs how long assailant is impossible to speculate control word next time by all of control word, in fact, the mathematical operation carried out by computer or microprocessor at present cannot produce random number truly, no matter sequence produced by them has how many kinds of state, but still be limited and be circulation, therefore, this DRM system not necessarily obtains a real random sequence, as long as its cycle period long enough just can meet system needs；

Business cipher key SK is used to CW is encrypted generation Entitlement Control Message ECM's, the renewal speed of business cipher key SK need not be quickly, SK in this system can make update once for one month, transmitting terminal can adjust SK according to the change of different source of media authorization conditions, each source of media can use different SK, and this makes flexile authorization be possibly realized；

User key UK is a pair unsymmetrical key, PKI is stored in the customer information control system of service end, and private key is stored in the customer information control system of service end, and private key is stored in the smart card that user is had, because the tamper-resistance properties of smart card itself, avoid the direct interaction of user and key, it is ensured that the safety of private key for user.

Preferably, described Subscriber Management System 1 is Database Systems, deposit user profile, media information, the user being new registration by Subscriber Management System provides a key file, wherein comprises the personal information (ID, the ID of had smart card, intended media are numbered) of user, through the user key UK(RSA double secret key encrypted) and expiry date.

Preferably, described media authorization system 2 is a rsa encryption program, with the public key encryption business cipher key SK of user key UK.

nullPreferably，The core system that described media encryption processes and dissemination system 3 is service end，The core system of described service end includes control word generator module 31、Encryption 32、Multiplexing module 33、Source file module 34、IP network 35、Sending module 36、Send buffer module 37，The fluidisation of the MPEG-4 data of source file module 34 to be carried out in the core system of described service end、Encryption 32 and sending module 36，Encryption 32 to source file module 34 should be carried out in units of packet，One packet is read transmission buffer module district from filebuf by the transmission thread in described sending module 36 every time，Encryption 32 process of source file module 34 and Multiplexing module 33 process and the process of transmission are shared and are sent buffer module 37 district，After service end and user side 4 start data transmission，Begin to the encryption 32 to packet、Multiplexing module 33 and sending module 36，Until finishing.

Preferably, described user side 4 application program is mainly by receiver module 41, demultiplexing module 42, deciphering module 43, playing module 44,41 packets received from IP network 35 of described receiver module read reception relief area, described demultiplexing 42 module will do all one can out in ECM information packet from this relief area, with the deciphering of smart card, the packet removing ECM information is read in buffer queue, is deciphered with CW, and last playing module obtains data from buffer queue and play.

Preferably, the concrete methods of realizing of described media authorization system comprises the steps:

(1) user side authorizes to media authorization system intended media, request；

(2) user profile is submitted to Subscriber Management System 1 by media authorization system 2；Subscriber Management System 1 verifies the legitimacy of user, if being verified as legal, the PKI of the UK of this user is fed back to media authorization system 2；

(3) business key SK of media information predetermined for user and this business is issued media encryption process and dissemination system by media authorization system 2, and the UK public key encryption of SK is fabricated to play License Info and is sent to user side 4 by media authorization system 2 simultaneously.

Preferably, described media encryption processes and the concrete methods of realizing of dissemination system comprises the steps:

(1) packet of file reading in transmission buffer module 37 district, the CW simultaneously using control word generator module 31 to produce is sending buffer module 37 zone encryption clear text file therein；

(2) cryptograph files will be obtained and write this relief area equally, and the most again the ECM that encryption CW obtains will be read in this relief area and carries out Multiplexing module 33 with the cryptograph files in this relief area；

(3) last by sending module 36, it is reached IP network 35 the most again.

The announcement of book and teaching according to the above description, those skilled in the art in the invention can also carry out suitable change and amendment to above-mentioned embodiment.Therefore, the invention is not limited in detailed description of the invention disclosed and described above, should also be as some modifications and changes of the present invention falling in the scope of the claims of the present invention.Although additionally, employ some specific terms in this specification, but these terms are merely for convenience of description, the present invention is not constituted any restriction.

Claims (7)

1. a management system based on OTT digital publishing rights, it is characterized in that: include Subscriber Management System, media authorization system, media encryption processes and dissemination system, user side, described user side passes through network to Subscriber Management System application ID, described Subscriber Management System is that user produces a pair unsymmetrical key, i.e. user key UK, the storage of its private key is distributed to user within a smart card, PKI is by Subscriber Management System keeping, when user side is to server request media play, first have to play license to media authorization system request, user side information is submitted to Subscriber Management System by described media authorization system；

The legitimacy of described Subscriber Management System checking user, if it is legal to be verified as, the PKI of the UK of this user is fed back to media authorization system, the process of described media encryption and dissemination system are cores of DRM system, it include one produce Stream Cipher CW(Control word) control word generator (random sequence generator), in this subsystem, with CW encrypted media source, encrypt the ECM(Entitlement after CW encryption with SK Control Message), then ECM is carried out multiplexing with the media after CW encryption, form the streaming media data stream for downloading, the license information received is stored in smart card by user side, obtains CW with smart card deciphering；The source Media Stream that can play finally is obtained with CW deciphering media data.

Management system based on OTT digital publishing rights the most according to claim 1, it is characterized in that: described Subscriber Management System is Database Systems, deposit user profile, media information, the user being new registration by Subscriber Management System provides a key file, wherein comprises the personal information (ID, the ID of had smart card, intended media are numbered) of user, through the user key UK(RSA double secret key encrypted) and expiry date.

Management system based on OTT digital publishing rights the most according to claim 1, it is characterised in that: described media authorization system is a rsa encryption program, with the public key encryption business cipher key SK of user key UK.

nullManagement system based on OTT digital publishing rights the most according to claim 1，It is characterized in that: the core system that described media encryption processes and dissemination system is service end，The core system of described service end includes control word generator module、Encryption、Multiplexing module、Source file module、IP network、Sending module、Send buffer module，The fluidisation of the MPEG-4 data of source file module to be carried out in the core system of described service end、Encryption and sending module，Encryption to source file module should be carried out in units of packet，One packet is read transmission buffer module district from filebuf by the transmission thread in described sending module every time，The ciphering process of source file module and Multiplexing module process and the process of transmission are shared and are sent buffer module district，After service end and user side start data transmission，Begin to the encryption to packet、Multiplexing module and sending module，Until finishing.

Management system based on OTT digital publishing rights the most according to claim 1, it is characterized in that: described user side application program is mainly by receiver module, demultiplexing module, deciphering module, playing module, described receiver module reads reception relief area the packet received from IP network, described demultiplexing module will do all one can out in ECM information packet from this relief area, with the deciphering of smart card, the packet removing ECM information is read in buffer queue, being deciphered with CW, last playing module obtains data from buffer queue and is play.

Management system based on OTT digital publishing rights the most according to claim 1, it is characterised in that: the concrete methods of realizing of described media authorization system comprises the steps:

(1) user side authorizes to media authorization system intended media, request；

(2) user profile is submitted to Subscriber Management System by media authorization system；The legitimacy of Subscriber Management System checking user, if being verified as legal, feeds back to media authorization system by the PKI of the UK of this user；

(3) business key SK of media information predetermined for user and this business is issued media encryption process and dissemination system by media authorization system, and the UK public key encryption of SK is fabricated to play License Info and is sent to user by media authorization system simultaneously.

Management system based on OTT digital publishing rights the most according to claim 1, it is characterised in that: described media encryption processes and the concrete methods of realizing of dissemination system comprises the steps:

(1) packet of file reading in transmission buffer module district, the CW simultaneously using control word generator module to produce is sending buffer module zone encryption clear text file therein；

(2) cryptograph files will be obtained and write this relief area equally, and the most again the ECM that encryption CW obtains will be read in this relief area and carries out Multiplexing module with the cryptograph files in this relief area；

(3) finally by sending module, it is reached IP network again.