CN106230588B - A kind of digital publishing rights key management method and system - Google Patents

A kind of digital publishing rights key management method and system Download PDF

Info

Publication number
CN106230588B
CN106230588B CN201610832392.7A CN201610832392A CN106230588B CN 106230588 B CN106230588 B CN 106230588B CN 201610832392 A CN201610832392 A CN 201610832392A CN 106230588 B CN106230588 B CN 106230588B
Authority
CN
China
Prior art keywords
key
user
service
business cipher
video
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610832392.7A
Other languages
Chinese (zh)
Other versions
CN106230588A (en
Inventor
杨成
沈萦华
吴晓雨
程颖烨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Communication University of China
Original Assignee
Communication University of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Communication University of China filed Critical Communication University of China
Priority to CN201610832392.7A priority Critical patent/CN106230588B/en
Publication of CN106230588A publication Critical patent/CN106230588A/en
Application granted granted Critical
Publication of CN106230588B publication Critical patent/CN106230588B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/60Network streaming of media packets
    • H04L65/61Network streaming of media packets for supporting one-way streaming services, e.g. Internet radio
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2541Rights Management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/85Assembly of content; Generation of multimedia applications
    • H04N21/854Content authoring

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

The present invention provides a kind of digital publishing rights key management method and systems, this method comprises: receiving the data request information including service number and service numbers that video-encryption module is sent;Judge that service number corresponds to demand (telecommunication) service or live broadcast service;Corresponding business cipher key is generated according to service number and is sent to video-encryption module.The streaming media video key management under cloud environment may be implemented in the present invention, meets demand (telecommunication) service and the management of real-time live broadcast business cipher key and the real-time cipher key management based on user role.

Description

A kind of digital publishing rights key management method and system
Technical field
The invention belongs to key management technology fields, specifically, more particularly under a kind of cloud environment Streaming Media number Copyright key management method and system.
Background technique
With the development of internet technology, the propagation and development of digital media content are more and more extensive.In the daily of people In life, Digital Media works are ubiquitous.Either one secondary simple caricature, an interesting novel or one good-looking Film, these works have agglomerated the painstaking effort of creator.In order to safeguard the copyright of creator, DRM (digital right Management, digital copyright management) it comes into being.
However, DRM technology needs constantly improve to resist piracy, due to the presence of piracy technologies to safeguard creator With the equity of operator.The basic thought of DRM technology is encrypted or is obscured in be protected using key by Encryption Algorithm Hold.Only when legitimate user's request content rights, key can be just transmitted to user terminal and be protected to decrypt by the center DRM The content of shield.In situation disclosed in most of effective Encryption Algorithm, key management as an important link in DRM, It is attributed to several core parameters i.e. protection of key the protection of mass data.Therefore, key management is in DRM system The most important thing.
In recent years, the development of cloud is so that the environment that faces of digital copyright protection is more complicated, especially to video copy Protection.In the environment faced, cloud platform can classify user according to user property.For video traffic provider, Wish in the case where amount of video and user volume all increase and user property is more polynary, additionally it is possible to provide multiple services service simultaneously And do not increase hardware design cost of manufacture.
It is not difficult to find out that the streaming media video business under cloud environment, which is badly in need of one kind, copes with large user's amount, more videos and not Key management system dependent on hardware such as smart cards;The case where user classifies to cloud platform, key management system can be right Different classes of user's separate management;For live video business, the requirement of real-time is higher.
Summary of the invention
In order to solve the above problem, the present invention provides a kind of digital publishing rights key management method and systems, for realizing cloud Streaming media video key management under environment.
According to an aspect of the invention, there is provided a kind of digital publishing rights key management method, comprising:
Receive the data request information including service number and service numbers that video-encryption module is sent;
Judge that service number corresponds to demand (telecommunication) service or live broadcast service;
The business cipher key of corresponding service numbers is generated according to service number and is sent to video-encryption module.
According to one embodiment of present invention, corresponding business cipher key is generated according to service number and is sent to video-encryption mould Block further comprises:
If service number corresponds to demand (telecommunication) service, then the business cipher key and key lifetime of corresponding service numbers are generated;
Service numbers and business cipher key and key lifetime store and business cipher key is sent to video-encryption mould Block.
According to one embodiment of present invention, corresponding business cipher key is generated according to service number and is sent to video-encryption mould Block further comprises:
If service number corresponds to live broadcast service, then the business cipher key for being stored with corresponding service numbers is searched whether,
If any business cipher key is then transmitted directly to video-encryption module, otherwise, the industry of corresponding service numbers is generated and stored Business cipher key is simultaneously sent to video-encryption module by business key.
According to one embodiment of present invention, it when service number corresponds to demand (telecommunication) service, is adopted when sending business cipher key to user Take mode of unicast.
According to one embodiment of present invention, the mode of unicast is taken to further comprise:
Receive the Certificate Authority information that Certificate Authority center is sent, the Certificate Authority information format are as follows: service number+business Number+User ID+session key, wherein session key is negotiated to determine by Certificate Authority center and user;
After judging that service number corresponds to demand (telecommunication) service, the corresponding business cipher key of service numbers of storage is searched;
Business cipher key is encrypted using session key, and is transferred to user management center after being packaged with User ID;
User management center User IP is searched to realize the forwarding of business cipher key according to User ID.
According to one embodiment of present invention, service number corresponds to live broadcast service, and multicast mode is taken in business cipher key distribution.
According to one embodiment of present invention, when service number corresponds to live broadcast service, further comprise:
Classified according to user right to user, corresponding every a kind of user constructs corresponding logical key respectively Tree, wherein the root key of each logical key subtree is in same layer, and root node needs secrecy transmission for encrypting in this group Content, the communication between every group of logical key subtree mutually maintain secrecy;
According to the addition of different rights user or request is exited, corresponding business cipher key is sent to user or change business is close Key.
According to one embodiment of present invention, it is requested to send corresponding business to user according to the addition of different rights user Key includes:
When there is user to request to be added, the classification of user's classification is judged;
The root key currently organized is updated, and encrypts new root key using two child node counterpart keys of the root key;
All keys where new root key and user on leaf node to root node path are all sent to newly The user of addition.
According to one embodiment of present invention, include: according to the request change business cipher key that exits of different rights user
When there is user's request to exit, user is deleted from the leaf node of corresponding logical key subtree;
All keys for exiting user and possessing are updated according to d (K-1) secondary mode of classical logic tree, and close using each logic It is sent on corresponding multicast address after the new business cipher key of the root key encryption of key subtree, wherein K indicates the bifurcated number of tree, d Indicate the depth of tree.
According to another aspect of the present invention, a kind of digital publishing rights key management system is additionally provided, comprising:
Key production module, the data request information including service number and service numbers sent according to video-encryption module are raw At the business cipher key of corresponding service number;
Key Storage Database module, for storing, deleting or updating the key of key production module generation;
Key distribution module transfers key storage number after the data request information for receiving the transmission of video-encryption module Corresponding business cipher key is sent according to the key stored in library module and to video-encryption module.
Beneficial effects of the present invention:
The streaming media video key management under cloud environment may be implemented in the present invention, meets demand (telecommunication) service and real-time live broadcast business Key management and real-time cipher key management based on user role.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention can be by specification, right Specifically noted structure is achieved and obtained in claim and attached drawing.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, required in being described below to embodiment Attached drawing does simple introduction:
A kind of Fig. 1 centralized logical key tree structural schematic diagram in the prior art;
Fig. 2 is the key management system block diagram of Streaming Media DRM under cloud environment according to an embodiment of the invention;
Fig. 3 is the key management method flow chart of Streaming Media DRM under cloud environment according to an embodiment of the invention;
Fig. 4 is the logical key tree structural schematic diagram according to an embodiment of the invention based on user right;
Fig. 5 a is ordinary user's logical key sub-tree structure schematic diagram according to an embodiment of the invention;
Fig. 5 b is superuser logical key sub-tree structure schematic diagram according to an embodiment of the invention;
Fig. 5 c is power user's logical key sub-tree structure schematic diagram according to an embodiment of the invention.
Specific embodiment
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings and examples, how to apply to the present invention whereby Technological means solves technical problem, and the realization process for reaching technical effect can fully understand and implement.It needs to illustrate As long as not constituting conflict, each feature in each embodiment and each embodiment in the present invention can be combined with each other, It is within the scope of the present invention to be formed by technical solution.
Existing key management standard is mainly digital television broadcasting conditional access system specification CA, internet television number Rights management technology specification and condition receiving system technical specification can be downloaded etc..The key management used in these three systems Strategy dependent on hardware security or introduces third party's issue licenses in client.Such as in CA system, use control word CW scrambling needs video to be protected, then uses business cipher key SK encrypted control word CW.Have in the set-top box of each user certainly Oneself smart cards for storage personal key, DRM system will use corresponding individual subscriber key before sending business cipher key to user SK is encrypted, user's set-top box will use smart card and first decrypt SK and decrypted again with SK when receiving encrypted SK and CW CW finally obtains clearly video data using CW descrambling video.In the terminal of user, digit broadcasting system uses intelligence (smart card) can be blocked, can be terminal security chip (terminal secure chipset) used in download system.Mutually Network television uses key infrastructure PKI issue licenses.
Classical logic key tree is one kind of multicast key management, it can also be counted as the logical key of centralization Tree.By taking y-bend logic tree as an example, structure is as shown in Figure 1.All users have been placed on leaf node, and root node and leaf All nodes among child node be all there is logically, do not store user.
Each node of logic tree has a corresponding key.Root node root is equivalent to digital television broadcasting condition and connects Business cipher key SK in receipts system, server are sent out using the communication information in root key encrypted set and in a manner of multicast It goes;Leaf node corresponds to the user terminal in group, and corresponds;All node physics between root node and leaf node It goes up and is not present, only logically as the component part of tree.The storage of each user terminal where oneself leaf node to All keys on this paths of root node.
By taking Fig. 1 as an example, if multicast is added in user U8 at this time, it is assumed that it is logical that DRM has built up the safety between user 8 Road.Server will create node on logic tree for it, and key group { root, K12, K24, K38 } is sent out by exit passageway Give U8 terminal.If U8 leaves multicast at this time, server end first deletes U8 from node, and then update U8 possesses all Key informs other group members using following multicast mode: K37 K24 ', K12 ', root ' }, K23 K12 ', root ' }, K11 { root ' } (Key { content } indicates to encrypt content using Key).Other members also in group can possess corresponding position Encryption key, therefore other members in group can decrypt the updated key in oneself position.This scheme is led to Believe that number is d (K-1) secondary multicast, wherein K is the bifurcated number of tree, and d is the depth of tree.
On this basis, the application environment for proposing a kind of combination P2P IPTV in the prior art, watches spy according to user Point and to the priori knowledge of Current Content encryption key CEK, is divided into new user for user in P2P IPTV system, rejoins use Family and online user's three classes.For different types of user, using the key updating strategy for being suitable for all types of user.Add to new Access customer, system take the CEK after the direct transmission key of mode of unicast;For rejoining user, system is added using broadcast Close algorithm generates open message to reduce the quantity of key server encryption;For online user, scheme provides a kind of progressive Key updating tree algorithm reduce key updating number.
Second scheme is to assume group membership with identical for existing logic tree key management method in the prior art Behavior pattern, propose a kind of non-equilibrium key tree group key management method based on membership probability.Scheme proposes that member is general Rate model, to describe the probability distribution for exiting group of member in different groups of applications.By the way that member is exited probability as close The weight of key leaf child node constructs nonequilibrium quasi- HUFFMAN key tree.It is non-equilibrium to merge quasi- HUFFMAN key tree proposition Key tree management method PBA (Probabilistic Batch rekeying Algorithm).
The strategy taken in existing standard more relies on hardware or third party's offer certificate in user terminal, this Sample needs to increase cost for operator.And for the improvement project of classical logic key tree, it is as above the mostly Two kinds of schemes are equally directed to the key updating prioritization scheme of user's dynamic change proposition.Although the first above scheme is by user Classification Management but mode classification is relatively simple and classification standard is different, while the P2P scene that he proposes cannot be adapted to me In current scene.So existing improvement project can not be applied to the cloud platform streaming media environment that we face.
Therefore, it the present invention provides a kind of digital publishing rights key management method of Streaming Media under cloud environment, is illustrated in figure 2 Digital publishing rights key management system structure chart according to an embodiment of the invention to carry out the present invention below with reference to Fig. 2 It is described in detail.
As shown in Fig. 2 inside dotted line, which includes three parts: Key Storage Database module, close Key distribution module and key production module.Wherein, key production module according to video-encryption module send include service number and The data request information of service numbers generates the business cipher key of corresponding with service number.All keys that key production module generates use this Ground database purchase is stored in local Key Storage Database module.Key Storage Database module is in addition to storage service Key, can also delete or more new key as the case may be.
Key distribution module is in the view for receiving video-encryption module (present invention is by taking Spark encrypting module as an example) and sending After frequency or business information, the key stored in Key Storage Database can be transferred, and send corresponding industry to video-encryption module Business key SK.After Certificate Authority center is by identity and purview certification to user, industry that user information and user are requested Business information is sent to key management system, and key management system inquires the close of corresponding business in Key Storage Database module After key, it is sent to user management center, finally by user management center by the key forwarding of corresponding business to user terminal.
In cloud environment, video flowing is encrypted using Spark framework, key management system adds according to video The interactive information of close module provides cipher key management services.According to the requirement of video-encryption module enciphering rate, use simple Interaction based on TCP.It is illustrated in figure 3 the key management method flow chart of the DRM of corresponding diagram 2, is come pair below with reference to Fig. 2 and Fig. 3 Key management method of the invention is described in detail.
It is step S110 first, receives the request of data letter including service number and service numbers that video-encryption module is sent Breath.Specifically, the key distribution module in key management system initializes Socket communication ends, and listening port, wait to be encrypted The message of module.After establishing connection with encrypting module, key distribution module receives the data request information that encrypting module is sent, and asks Information format is asked to may be configured as: service number+video PID (service numbers).
Followed by step S120, judge that service number corresponds to demand (telecommunication) service or live broadcast service.Specifically, demand (telecommunication) service and The corresponding service number of live broadcast service is different, after key distribution module receives solicited message, that is, judge service number it is corresponding be a little It broadcasts or is broadcast live.
It is finally step S130, the business cipher key of corresponding service numbers is generated according to service number and is sent to video-encryption mould Block.
Specifically, if judging, service number corresponds to demand (telecommunication) service, and the business that key production module generates corresponding service numbers is close Key and key lifetime, and the two information and corresponding video PID are stored in together in Key Storage Database module;It is close Business cipher key SK is sent video-encryption module by key distribution module.If live broadcast service first looks for Key Storage Database The business cipher key SK that corresponding service numbers whether are had existed in module is transmitted directly to video-encryption mould if had existed Block.It is then stored in database if it does not exist, then first generating business cipher key, is then forwarded to video-encryption module.
Since demand (telecommunication) service and live broadcast service are to the difference of real-time demand, the business cipher key of program request, which is distributed, takes unicast side The business cipher key of formula, live streaming takes Multicast Strategy.Specifically, demand (telecommunication) service carries out business cipher key unicast using following methods: close Key distribution module receives the Certificate Authority information that Certificate Authority center is sent, the Certificate Authority information format are as follows: service number+business Number+User ID+session key, wherein session key is consulted between Certificate Authority and user, is equivalent to and is established one Exit passageway.Then, after key distribution module judges service number for demand (telecommunication) service, video is searched in Key Storage Database The corresponding business cipher key SK of PID is transferred to user management center after being packaged using session key encryption and User ID.Finally, with Family administrative center searches the forwarding that User IP realizes business cipher key according to User ID.Live broadcast service is then taken to broadcast address multicast Key mode, specifically, encrypting all business that role's group has permission using the root key (root key) of user role tree Key is subsequently sent to broadcast address.Key is taken to decrypt the business cipher key for oneself having permission acquisition on user to broadcast address.
Classical logical key tree can only to there is the user of identical permission to be managed, if user has different rights, Classical logic key tree mode is unable to satisfy management and requires.In actual scene, the classification and permission of user is corresponding, especially Class of subscriber is even more that cannot be considered as one kind under cloud environment.Therefore, the invention proposes a kind of logic based on user role is close Key tree realizes real-time cipher key management when live streaming.
Specifically, being classified first according to user right to user, corresponding every one kind constructs corresponding one respectively and patrols Collect key subtree, wherein the root key of each stalk tree is in same layer.The root node of these logical key subtrees is for encrypting The content of secrecy transmission is needed in this group, the communication between every group mutually maintains secrecy, the key between Different Logic key tree It is all different.Entirely the key tree construction based on user right is as shown in Figure 4.It is asked according to the addition of different rights user or exit It asks, sends corresponding business cipher key or change business cipher key to user.
When corresponding angles colour cell is added in user, the root key currently organized first is updated, and use role cultivating root key Two child node counterpart keys encrypt new root key, and all users of current character group are broadcast to, new root Key and remaining necessary key are sent to the user being newly added.
When there is user's request to exit, user is deleted from the leaf node of corresponding logical key tree;It is patrolled according to classics D (K-1) the secondary mode for collecting tree, which updates, exits all keys that user possesses, and new using the root key encryption of each logical key tree Business cipher key and be sent on corresponding multicast address.
To carry out the secondary mode application process of the d (K-1) of logical key tree below by way of a specific embodiment detailed Explanation.User has been divided into 3 kinds of roles, respectively power user (A) by the scene cloud platform currently faced, superuser (B) with And ordinary user (C).The height having permission between this 3 kinds of roles, the permission highest of power user, superuser is secondly, common User right is minimum.According to such case, the logical key tree sub-tree structure of the based role of building as illustrated in figs. 5 a-5 c, In, 5a corresponds to ordinary user, and 5b corresponds to superuser, and 5c corresponds to power user, here by taking y-bend logic tree as an example.In actual field User can be divided into n class by Jing Zhong, cloud platform, and policy construction, which can also correspond to, is extended to n class.
Fig. 5 a-5c is respectively ordinary user, superuser, the corresponding logical key subtree of power user, and Different Logic is close Key between key subtree is all different.When there is user to request to be added, server first determines whether which user is classified as by cloud platform Then a kind of role is placed into user on the logic tree leaf node of corresponding role, finally will be from leaf node where user Know that all keys in root key that path are all sent to the user.
Assuming that b, c will request to be added there are three user a, corresponding user role is ordinary user respectively, superuser and super Grade user.Wherein, the service groups that ordinary user is entitled to are A, and the service groups that superuser is enjoyed are A+B, and power user enjoys Some service groups are A+B+C.Key Management server first determines whether the user role that cloud platform separates, and then root is added in user a Node key is the logical key tree of Ch1, and the tree that root node key is Ch2 is added in user b, and root node key, which is added, in user c is The tree of Ch3, and existing (n-1) position user (number of users for facilitating citing to assume) in group at this time.Last server will be right Whole d+1 keys of the root key of role cultivating where user on this paths of leaf node Kdn are answered to be sent to user.
In each user role group, using the business cipher key of the root key encryption service groups of role cultivating, guaranteed with this low The user group of permission can not decrypt the business cipher key of high permission.When the business cipher key SK of business A updates, domestic consumer's group meeting New business cipher key SK is encrypted using root key Ch1 and is sent on multicast address.At the same time, superuser and power user Group can also take key updating strategy, to inform that this organizes the new business A-key of all users.When any user exits, at this The multicast scheme that can take d (K-1) secondary in scheme is to guarantee forward security.
The streaming media video key management under cloud environment may be implemented in the present invention, meets demand (telecommunication) service and real-time live broadcast business Key management and real-time cipher key management based on user role.
While it is disclosed that embodiment content as above but described only to facilitate understanding the present invention and adopting Embodiment is not intended to limit the invention.Any those skilled in the art to which this invention pertains are not departing from this Under the premise of the disclosed spirit and scope of invention, any modification and change can be made in the implementing form and in details, But scope of patent protection of the invention, still should be subject to the scope of the claims as defined in the appended claims.

Claims (8)

1. a kind of digital publishing rights key management method, comprising:
Receive the data request information including service number and service numbers that video-encryption module is sent;
Judge that service number corresponds to demand (telecommunication) service or live broadcast service;
The business cipher key of corresponding service numbers is generated according to service number and is sent to video-encryption module;
It is described generate corresponding business cipher key according to service number and be sent to video-encryption module further comprise:
If service number corresponds to live broadcast service, then the business cipher key for being stored with corresponding service numbers is searched whether,
If any business cipher key is then transmitted directly to video-encryption module, otherwise, the business for generating and storing corresponding service numbers is close Business cipher key is simultaneously sent to video-encryption module by key;
Being classified according to user right to user, corresponding every a kind of user constructs corresponding logical key subtree respectively, In, the root key of each logical key subtree is in same layer, and root node is used to encrypt the content for needing secrecy transmission in this group, Communication between every group of logical key subtree mutually maintains secrecy;
According to the addition of different rights user or request is exited, sends corresponding business cipher key or change business cipher key to user.
2. the method according to claim 1, wherein generating corresponding business cipher key according to service number and being sent to Video-encryption module further comprises:
If service number corresponds to demand (telecommunication) service, then the business cipher key and key lifetime of corresponding service numbers are generated;
Service numbers and business cipher key and key lifetime store and business cipher key is sent to video-encryption module.
3. according to the method described in claim 2, it is characterized in that, sending industry to user when service number corresponds to demand (telecommunication) service It is engaged in taking mode of unicast when key.
4. according to the method described in claim 3, it is characterized in that, taking the mode of unicast to further comprise:
Receive the Certificate Authority information that Certificate Authority center is sent, the Certificate Authority information format are as follows: service number+service numbers+ User ID+session key, wherein session key is negotiated to determine by Certificate Authority center and user;
After judging that service number corresponds to demand (telecommunication) service, the corresponding business cipher key of service numbers of storage is searched;
Business cipher key is encrypted using session key, and is transferred to user management center after being packaged with User ID;
User management center User IP is searched to realize the forwarding of business cipher key according to User ID.
5. business cipher key distribution is taken the method according to claim 1, wherein service number corresponds to live broadcast service Multicast mode.
6. the method according to claim 1, wherein requesting to send to user according to the addition of different rights user Corresponding business cipher key includes:
When there is user to request to be added, the classification of user's classification is judged;
The root key currently organized is updated, and encrypts new root key using two child node counterpart keys of the root key;
All keys where new root key and user on leaf node to root node path are all sent to new addition User.
7. the method according to claim 1, wherein requesting change business close according to exiting for different rights user Key includes:
When there is user's request to exit, user is deleted from the leaf node of corresponding logical key subtree;
All keys for exiting user and possessing are updated according to d (K-1) secondary mode of classical logic tree, and use each logical key It is sent on corresponding multicast address after the new business cipher key of the root key encryption of tree, wherein K indicates that the bifurcated number of tree, d indicate The depth of tree.
8. a kind of digital publishing rights key management system, comprising:
Key production module, the data request information generation pair including service number and service numbers sent according to video-encryption module Answer the business cipher key of service number;
Key Storage Database module, for storing, deleting or updating the key of key production module generation;
Key distribution module transfers Key Storage Database after the data request information for receiving the transmission of video-encryption module The key that stores in module simultaneously sends corresponding business cipher key to video-encryption module;
Wherein, the key production module and key distribution module are arranged to, using described in any one of claim 1 to 7 Digital publishing rights key management method, the business cipher key of corresponding service numbers is generated according to service number and is sent to video-encryption mould Block.
CN201610832392.7A 2016-09-19 2016-09-19 A kind of digital publishing rights key management method and system Active CN106230588B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610832392.7A CN106230588B (en) 2016-09-19 2016-09-19 A kind of digital publishing rights key management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610832392.7A CN106230588B (en) 2016-09-19 2016-09-19 A kind of digital publishing rights key management method and system

Publications (2)

Publication Number Publication Date
CN106230588A CN106230588A (en) 2016-12-14
CN106230588B true CN106230588B (en) 2019-06-18

Family

ID=58076097

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610832392.7A Active CN106230588B (en) 2016-09-19 2016-09-19 A kind of digital publishing rights key management method and system

Country Status (1)

Country Link
CN (1) CN106230588B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108063756B (en) 2017-11-21 2020-07-03 阿里巴巴集团控股有限公司 Key management method, device and equipment
CN110784319A (en) * 2019-10-31 2020-02-11 广州华多网络科技有限公司 Key tree reconstruction method, group key updating method, computer equipment and communication system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101902611B (en) * 2009-06-01 2012-03-28 航天信息股份有限公司 Method for realizing IPTV digital rights management
CN101998384B (en) * 2009-08-18 2014-03-26 中国移动通信集团公司 Method for encrypting transmission medium stream, encryption server and mobile terminal
CN105847890A (en) * 2016-03-30 2016-08-10 深圳市宽宏科技有限公司 OTT digital copyright-based management system

Also Published As

Publication number Publication date
CN106230588A (en) 2016-12-14

Similar Documents

Publication Publication Date Title
Xu et al. Secure fine-grained access control and data sharing for dynamic groups in the cloud
Nilizadeh et al. Cachet: a decentralized architecture for privacy preserving social networking with caching
CN103763319B (en) Method for safely sharing mobile cloud storage light-level data
CN109768987A (en) A kind of storage of data file security privacy and sharing method based on block chain
Duan et al. Secure data-centric access control for smart grid services based on publish/subscribe systems
Zhang et al. Efficient and Privacy‐Aware Power Injection over AMI and Smart Grid Slice in Future 5G Networks
Christakidis et al. VITAL++, a new communication paradigm: embedding P2P technology in next generation networks
CN106230588B (en) A kind of digital publishing rights key management method and system
Gawande et al. Decentralized and secure multimedia sharing application over named data networking
CN113949541B (en) DDS (direct digital synthesizer) secure communication middleware design method based on attribute strategy
Angamuthu et al. Balanced key tree management for multi‐privileged groups using (N, T) policy
Zhou et al. Decentralized group key management for hierarchical access control using multilinear forms
Long et al. A key management architecture and protocols for secure smart grid communications
CN102255724A (en) Hypergraph-model-based multicast key management method
Zhao et al. A lightweight CP‐ABE scheme in the IEEEP1363 standard with key tracing and verification and its application on the Internet of Vehicles
Zhang et al. Implementing DRM over peer-to-peer networks with broadcast encryption
Wang et al. A CP-ABE access control scheme based on proxy re-encryption in cloud storage
Purushothama et al. Security analysis of tree and non-tree based group key management schemes under strong active outsider attack model
CN115051839B (en) DDS access control and encryption and decryption system and method based on KP-ABE
Thakare et al. Ternary tree based TGDH protocol for dynamic secure group data sharing in healthcare cloud
Liu et al. Access control model based on trust and risk evaluation in idmaas
Vinoth et al. Dynamic key management schemes: a survey
Tan et al. Blockchain-Based Cross-domain Access Control Mechanism
Yao et al. Decentralized authorization and data security in web content delivery
KR101136119B1 (en) A group key management method using admissible bilinear map

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant