CN106529751B - Method for realizing offline revocation of digital copyright protection system - Google Patents
Method for realizing offline revocation of digital copyright protection system Download PDFInfo
- Publication number
- CN106529751B CN106529751B CN201510580443.7A CN201510580443A CN106529751B CN 106529751 B CN106529751 B CN 106529751B CN 201510580443 A CN201510580443 A CN 201510580443A CN 106529751 B CN106529751 B CN 106529751B
- Authority
- CN
- China
- Prior art keywords
- digital content
- revocation
- digital
- authorization
- data block
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
An off-line revocation realization method of a digital copyright protection system relates to the field of information security. The implementation method comprises the following steps: 1) Revocable object identification generation and management; 2) Revocation information generation processing; 3) Generating and publishing a revocation list; 4) Packaging and distributing the revocation list; 5) Revocation processing of the revocation object. The invention realizes acquisition and transmission of the revocation information by binding and distributing the revocation information and the digital content, and realizes effective control of an offline revocation mechanism in the whole process of system authorization, encryption production, decryption playing.
Description
Technical Field
The invention relates to the field of information security, in particular to a method for realizing offline revocation of a digital copyright protection system.
Background
Digital rights protection technology (Digital Rights Management, DRM) is a series of software and hardware technologies that protect the rights of various types of digital content to ensure the legal use and spread of the digital content throughout the life cycle. The revocation mechanism in the digital copyright protection system is an important component of the digital copyright protection technology and is an active measure for ensuring the system safety of the digital copyright protection system, and the original legal digital content can not be used legally any more by performing authorization revocation processing on authorized legal digital content, an encryption making system, a decryption playing system and the like, and the encryption making system can not make the digital content legally any more and the decryption playing system can not decrypt and play the digital content legally any more.
The implementation of the digital rights protection system revocation mechanism generally takes two forms: an online revocation mechanism and an offline revocation mechanism.
The essence of the online revocation mechanism is that the real-time acquisition and transmission of revocation information are realized through a network, so that the purpose of real-time revocation effect is achieved, and network connectivity is a necessary basic condition for the realization of the online revocation mechanism. The revocation mechanism of a digital rights protection system constructed based on PKI technology is a typical online revocation mechanism.
The essence of the offline revocation mechanism is that acquisition, delivery and validation of revocation information is not implemented in real-time, network connectivity is not a requirement, so the offline revocation mechanism is a necessary choice to implement the revocation mechanism without a network connection. The revocation mechanism of digital rights protection systems built on fixed media (e.g., optical discs) is typically an offline revocation mechanism. Of course, the offline revocation mechanism can realize the revocation mechanism of the digital rights protection system under the condition of network connectivity, so that the offline revocation mechanism can solve the revocation problem of the digital rights protection system under the two conditions of network connectivity and network non-connectivity.
Implementation of the offline revocation mechanism needs to solve two problems:
(1) The acquisition and the transmission of the revocation information are problematic, so that the revocation information can be transmitted and updated in time, and the system safety is ensured;
(2) The controllability of the revocation process ensures that the generation, transmission and validation processes of revocation information are effectively realized in the service flow of the digital copyright protection system.
Therefore, the implementation of the offline revocation mechanism is not a single technical problem, but is a comprehensive solution closely related to the business process of the digital rights protection system. Such an overall solution is lacking in existing digital rights protection systems, so that the offline revocation mechanism cannot be implemented efficiently.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide an implementation method for offline revocation of a digital copyright protection system. The method realizes acquisition and transmission of the revocation information by binding and distributing the revocation information and the digital content, and realizes effective control of an offline revocation mechanism in the whole process of system authorization, encryption production, decryption playing.
In order to achieve the above object, the technical solution of the present invention is implemented as follows:
the method uses the digital copyright authorization management system used by the third party authorization management organization, the content making and canceling information distributing management system used by the digital copyright protection system operation server system, and the offline canceling management system composed of the content using and canceling processing terminal management system used by the digital copyright protection system terminal equipment system. The digital copyright authorization management system consists of an identification management and revocation information generation manager and a digital content authorization and revocation information release manager. The content creation and revocation information distribution management system is composed of a digital content authorization application manager and a digital content protection and revocation list distribution manager. The content use and revocation processing terminal management system is composed of a revocation list manager and a digital content use and revocation processing manager. The method mainly comprises the following implementation steps:
(1) the identifier management and revocation information generation manager in the digital rights management system generates unique identifiers of the revocable items and stores the unique identifiers in the authorization database. There are three types of revocable: a revocable digital content producer, a revocable terminal device, and revocable digital content. The unique identifier of the digital content producer is the digital content producer identifier RID, the unique identifier of the terminal device is (device manufacturer identifier pid+terminal device serial number SID), and the unique identifier of the digital content is the digital content identifier CID.
(2) An identification management and revocation information generation manager in the digital rights management system generates an identification credential data block for each revocable respectively. The identification credential data blocks of three types of revocable are respectively a terminal equipment identification credential data block, a digital content producer identification credential data block and a digital content identification credential data block. The identification credential data block of the revocable contains a unique identification of the revocable (digital content producer/terminal device/digital content), an authorization system public key, and a digital signature of the identification credential data block of the revocable signed using the authorization system private key. Each revocable is in one-to-one correspondence with an identification credential data block.
(3) The identification credential data block of the revocable is transferred either online or offline. The digital content producer identification credential data block is transferred and stored to the content producing and revocation information distribution management system, the terminal equipment identification credential data block is transferred and stored to the content using and revocation processing terminal management system, and the digital content identification credential data block is transferred and stored to the content producing and revocation information distribution management system.
(1) A system administrator in the digital copyright authorization management system inputs revocation information of a to-be-revoked object through the identification management and revocation information generation manager and stores the revocation information in an authorization database. The to-be-revoked object refers to a to-be-revoked digital content producer, to-be-revoked terminal equipment and to-be-revoked digital content. The digital content producer revocation information comprises a digital content producer identification RID, a revocation validation start time, and a revocation expiration time. The terminal device revocation information includes a device manufacturer identification PID and a terminal device serial number SID. The digital content revocation information comprises a digital content producer identification RID and a digital content identification CID.
(1) The digital content authorization application manager of the content creation and revocation information distribution management system reads the digital content identification CID from the digital content identification voucher data block, reads the digital content manufacturer identification RID from the digital content manufacturer identification voucher data block, and then generates a digital content authorization application data block containing the digital content identification CID, the digital content manufacturer identification RID, the creation system public key, and a digital signature of the digital content authorization application data block signed using the creation system private key.
(2) The digital content authorization application data block is transferred to the digital rights authorization management system in an online or offline manner.
(3) The digital content authorization and revocation information release manager in the digital copyright authorization management system uses a manufacturing system public key in the digital content authorization application data block to verify the digital signature of the digital content authorization application data block, and confirms the validity and the integrity of the digital content authorization application data block; if the digital signature verification is passed, firstly, a digital content making identifier CCID is generated, then the digital content making identifier CCID is packaged with related information in a digital content authorization application data block to generate a digital content making certificate, and the digital content making certificate comprises the digital content making identifier CCID, a digital content making identifier RID, a digital content identification CID and a digital signature of the digital content making certificate signed by using an authorization system private key. The digital content creation identification CCID and the corresponding digital content producer identification RID and digital content identification CID information are stored in an authorization database.
(4) A digital content authorization and revocation information release manager in a digital rights authorization management system reads revocation information of all to-be-revoked objects stored in an authorization database, and respectively generates revocation lists of each type of to-be-revoked objects (digital content producer/terminal equipment/digital content), wherein each type of revocation list contains revocation information of all the same type of to-be-revoked objects. Wherein the digital content producer revocation list RCL comprises a digital content producer revocation list version number RVN, a digital content producer identification RID, a revocation validation start time, a revocation expiration time, and a digital signature of the digital content producer revocation list signed using an authorization system private key; the terminal device revocation list DCL contains the terminal device revocation list version number DVN, the device manufacturer identification PID, the terminal device serial number SID and the digital signature of the terminal device revocation list signed using the authorization system private key. The digital content revocation list CCL contains a digital signature of the digital content revocation list version number CVN, the digital content creation identification CCID, the digital content producer identification RID, the digital content identification CID and the digital content revocation list signed using the authorization system private key.
(5) A digital content authorization and revocation information distribution manager in a digital rights management system generates a digital content authorization data block including a digital content creation certificate, a terminal device revocation list DCL, a digital content manufacturer revocation list RCL, a digital content revocation list CCL, and a digital signature of the digital content authorization data block signed using an authorization system private key.
(6) The digital content authorization data block is transmitted to the content making and revocation information distribution management system in an online or offline mode.
(1) The digital content protection and revocation list distribution manager of the content making and revocation information distribution management system uses an authorization system public key in the digital content producer identification credential data block to verify the digital signature of the digital content authorization data block, and confirms the legitimacy and the integrity of the digital content authorization data block; and if the digital signature verification is passed, carrying out encryption processing on the authorized digital content to obtain a digital content ciphertext, and packaging the digital content ciphertext and the digital content authorization data block to generate a digital content distribution data block.
(2) The digital content distribution data block is transferred to the content usage and revocation handling terminal management system by an online or offline manner.
(1) The revocation list manager of the content use and revocation processing terminal management system verifies the digital signature of the digital content authorization data block in the digital content distribution data block by using the public key of the authorization system in the terminal equipment identification credential data block, and confirms the validity and the integrity of the digital content authorization data block; if the digital signature verification is passed, the device manufacturer identifier PID and the terminal device serial number SID of the terminal device are obtained from the terminal device identifier credential data block, and are compared with the device manufacturer identifier PID 'and the terminal device serial number SID' of the terminal device to be revoked in the terminal device revocation list DCL in the digital content authorization data block, if the digital content revocation list DCL is the same, the terminal device is the device to be revoked, and the terminal device is directly terminated from using the authorized digital content.
(2) The revocation list manager of the content use and revocation processing terminal management system reads a digital content producer revocation list RCL 'and a digital content revocation list CCL' stored in the content use and revocation processing terminal management system, and if the RCL 'or the CCL' does not exist, the corresponding revocation list RCL or CCL in the digital content authorization data block is stored in the content use and revocation processing terminal management system; comparing the revocation list version number RVN or CVN in the RCL or CCL ' in the digital content authorization data block with the version number RVN ' or CVN ' in the corresponding revocation list RCL ' or CCL ' stored in the content use and revocation processing terminal management system if the version number RVN or CVN is less than or equal to the version number RVN ' or CVN ' of the RCL ' or CCL ', and not performing the update of the revocation list in the content use and revocation processing terminal management system; if the version number RVN or CVN is greater than the version number RVN 'or CVN' of the RCL 'or CCL', deleting the corresponding old version revocation list RCL 'or CCL' in the content usage and revocation processing terminal management system, and storing the new version revocation list RCL or CCL in the digital content authorization data block in the content usage and revocation processing terminal management system.
(3) The digital content using and canceling processing manager of the content using and canceling processing terminal management system reads a digital content producer canceling list RCL ' stored in the content using and canceling processing terminal management system, verifies the digital signature of the RCL ' by using an authorization system public key in a terminal equipment identification credential data block, and confirms the validity and integrity of the RCL '; if the digital signature verification is passed, the digital content making certificate in the digital content authorization data block in the digital content distribution data block is read, the digital content making identifier RID in the digital content making certificate is compared with the digital content making identifier RID 'of the digital content making to be revoked in the RCL', if the digital content making identifier RID is the same as the digital content making to be revoked, the digital content making is the digital content making to be revoked, and the terminal equipment directly terminates the use of the authorized digital content made by the digital content making.
(4) The digital content using and canceling processing manager of the content using and canceling processing terminal management system reads a digital content canceling list CCL ' stored in the content using and canceling processing terminal management system, verifies the digital signature of the CCL ' by using an authorization system public key in a terminal equipment identification credential data block, and confirms the validity and the integrity of the CCL '; if the digital signature verification is passed, the digital content making certificate in the digital content authorization data block in the digital content distribution data block is read, the digital content making identifier CCID in the digital content making certificate is compared with the digital content making identifier CCID 'of the digital content to be revoked in the CCL', if the digital content is the same, the digital content is the digital content to be revoked, and the terminal equipment directly terminates the use of the authorized digital content.
(5) The digital content using and canceling processing terminal management system obtains the decryption key of the digital content through an on-line or off-line mode, and decrypts the digital content ciphertext in the digital content distribution data block to obtain the digital content plaintext.
In the method for implementing offline revocation of the digital rights protection system, the digital rights protection system operation server system is a component of the digital content business operation server system, so that management and control of digital content rights protection at the operation server are implemented. The terminal equipment end system of the digital content copyright protection system is a component part of the terminal equipment end system of the digital content service, and management and control of digital content copyright protection on terminal equipment are realized.
In the method for implementing offline revocation of the digital rights protection system, the public key of the authorization system and the private key of the authorization system are managed by the digital rights authorization management system. The production system public key and the production system private key are managed by a content production and revocation information distribution management system.
In the method for implementing offline revocation of the digital rights protection system, the encryption processing and decryption processing of the digital content are a method for protecting the digital content by adopting a cryptographic algorithm in the digital rights protection system, and are different according to different service requirements.
The invention solves the problems of acquisition, transmission and effectiveness of revocation information in an offline revocation mechanism and the controllable and manageable problems of offline revocation processing by adopting the method through revocation identification generation, revocation identification credential distribution, revocation information and authorized digital content binding distribution and a method of locally processing revocation verification in an offline manner, and effectively realizes offline revocation management in a digital copyright protection system. The invention provides a complete solution of an offline revocation mechanism realization technology and a management method for a digital rights protection system, solves the revocation problem of the digital rights protection system by using the same method under the two conditions of network connection and network non-connection, and provides reliable technical assurance for the authorized management and play control of digital contents in the digital rights protection system.
The invention is further described below with reference to the drawings and the detailed description.
Drawings
FIG. 1 is a schematic block diagram of a management system of the present invention;
FIG. 2 is a schematic diagram of a process flow for generating and distributing revocable object identifiers in the method of the present invention;
FIG. 3 is a schematic diagram of a process flow for generating and distributing revocation information in the method of the present invention;
fig. 4 and 5 are flowcharts of revocation processing at a terminal device in the method of the present invention.
Description of the embodiments
Referring to fig. 1, a management system for implementing offline revocation of a digital rights protection system is composed of a digital rights authorization management system a, a content creation and revocation information distribution management system B, and a content use and revocation processing terminal management system C.
The digital copyright authorization management system A is a system used by a third party authorization management mechanism and consists of an identification management and revocation information generation manager 1 and a digital content authorization and revocation information release manager 2, and functions of revocable object identification generation, revocable object identification credential distribution, revocation information generation, digital content authorization, binding release of revocation information and digital content authorization and the like are completed. On one hand, the digital copyright authorization management system A realizes the identification management of revocable objects by generating and distributing the revocable object identification credentials such as a terminal device identification credential data block 7, a digital content producer identification credential data block 8, a digital content identification credential data block 9 and the like; on the other hand, by generating the digital content authorization data block 10, management of the binding release of the revocation information and the digital content authorization is realized.
The content making and revocation information distribution management system B is a system used by a digital copyright protection system operation server system, and consists of a digital content authorization application manager 3 and a digital content protection and revocation list distribution manager 4, and generates a digital content distribution data block 11 to complete functions of digital content authorization, revocation list acquisition, digital content protection, revocation list binding distribution with authorized digital content, and the like.
The terminal management system C for content use and revocation processing is a system used by a terminal equipment end system of a digital copyright protection system, and consists of a revocation list manager 5 and a digital content use and revocation processing manager 6, and the functions of updating and storing management of a revocation list on terminal equipment, local offline processing revocation verification, legal use of digital content and the like are completed.
Referring to fig. 2 to 5, the method of the present invention comprises the steps of:
(1) the identifier management and revocation information generation manager 1 in the digital rights management system a generates a unique identifier of a revocable, and stores the unique identifier in an authorization database. There are three types of revocable: a revocable digital content producer, a revocable terminal device, and revocable digital content. The unique identifier of the digital content producer is the digital content producer identifier RID, the unique identifier of the terminal device is (device manufacturer identifier pid+terminal device serial number SID), and the unique identifier of the digital content is the digital content identifier CID.
(2) The identification management and revocation information generation manager 1 in the digital rights management system a generates an identification credential data block for each revocable, respectively. The three types of revocable identification credential data blocks are respectively a terminal equipment identification credential data block 7, a digital content producer identification credential data block 8 and a digital content identification credential data block 9. The identification credential data block of the revocable contains a unique identification of the revocable (digital content producer/terminal device/digital content), an authorization system public key, and a digital signature of the identification credential data block of the revocable signed using the authorization system private key. Each revocable is in one-to-one correspondence with an identification credential data block.
(3) The identification credential data block of the revocable is transferred either online or offline. The digital content producer identification credential data block 8 is transferred and stored to the content producing and revocation information distribution management system B, the terminal device identification credential data block 7 is transferred and stored to the content using and revocation processing terminal management system C, and the digital content identification credential data block 9 is transferred and stored to the content producing and revocation information distribution management system B.
(1) The system administrator in the digital rights authorization management system a enters revocation information of the object to be revoked through the identification management and revocation information generation manager 1 and stores the revocation information in the authorization database. The to-be-revoked object refers to a to-be-revoked digital content producer, to-be-revoked terminal equipment and to-be-revoked digital content. The digital content producer revocation information comprises a digital content producer identification RID, a revocation validation start time, and a revocation expiration time. The terminal device revocation information includes a device manufacturer identification PID and a terminal device serial number SID. The digital content revocation information comprises a digital content producer identification RID and a digital content identification CID.
(1) The digital content authorization application manager 3 of the content creation and revocation information distribution management system B reads the digital content identification CID from the digital content identification voucher data block 9, reads the digital content producer identification RID from the digital content producer identification voucher data block 8, and then generates a digital content authorization application data block containing the digital content identification CID, the digital content producer identification RID, the creation system public key, and the digital signature of the digital content authorization application data block signed using the creation system private key.
(2) The digital content authorization application data block is transferred to the digital rights authorization management system a in an online or offline manner.
(3) The digital content authorization and revocation information release manager 2 in the digital copyright authorization management system A uses a manufacturing system public key in the digital content authorization application data block to verify the digital signature of the digital content authorization application data block, and confirms the validity and the integrity of the digital content authorization application data block; if the digital signature verification is passed, firstly, a digital content making identifier CCID is generated, then the digital content making identifier CCID is packaged with related information in a digital content authorization application data block to generate a digital content making certificate, and the digital content making certificate comprises the digital content making identifier CCID, a digital content making identifier RID, a digital content identification CID and a digital signature of the digital content making certificate signed by using an authorization system private key. The digital content creation identification CCID and the corresponding digital content producer identification RID and digital content identification CID information are stored in an authorization database.
(4) The digital content authorization and revocation information distribution manager 2 in the digital rights authorization management system a reads revocation information of all the to-be-revoked objects stored in the authorization database, and generates revocation lists of each type of to-be-revoked objects (digital content producer/terminal device/digital content), respectively, each type of revocation list including revocation information of all the same type of to-be-revoked objects. Wherein the digital content producer revocation list RCL comprises a digital content producer revocation list version number RVN, a digital content producer identification RID, a revocation validation start time, a revocation expiration time, and a digital signature of the digital content producer revocation list signed using an authorization system private key; the terminal device revocation list DCL contains the terminal device revocation list version number DVN, the device manufacturer identification PID, the terminal device serial number SID and the digital signature of the terminal device revocation list signed using the authorization system private key. The digital content revocation list CCL contains a digital signature of the digital content revocation list version number CVN, the digital content creation identification CCID, the digital content producer identification RID, the digital content identification CID and the digital content revocation list signed using the authorization system private key.
(5) The digital content authorization and revocation information distribution manager 2 in the digital rights management system a generates a digital content authorization data block 10, the digital content authorization data block 10 containing a digital content creation certificate, a terminal device revocation list DCL, a digital content manufacturer revocation list RCL, a digital content revocation list CCL, and a digital signature of the digital content authorization data block 10 signed using an authorization system private key.
(6) The digital content authorization data block 10 is transferred to the content creation and revocation information distribution management system B in an online or offline manner.
(1) The digital content protection and revocation list distribution manager 4 of the content creation and revocation information distribution management system B verifies the digital signature of the digital content authorization data block 10 using the authorization system public key in the digital content manufacturer identification credential data block 8, confirming the validity and integrity of the digital content authorization data block 10; the authorized digital content is encrypted, for example, by digital signature verification, to obtain a digital content ciphertext, and packaged with the digital content authorization data block 10 to generate a digital content distribution data block 11.
(2) The digital content distribution data block 11 is transferred to the content usage and revocation processing terminal management system C by an online or offline manner.
(1) The revocation list manager 5 of the content use and revocation processing terminal management system C verifies the digital signature of the digital content authorization data block 10 in the digital content distribution data block 11 by using the authorization system public key in the terminal device identification credential data block 7, and confirms the validity and integrity of the digital content authorization data block 10; if the digital signature verification is passed, the device manufacturer identifier PID and the terminal device serial number SID of the terminal device are obtained from the terminal device identifier credential data block 7, and compared with the device manufacturer identifier PID 'and the terminal device serial number SID' of the terminal device to be revoked in the terminal device revocation list DCL in the digital content authorization data block 10, if the digital content authorization data block is the same, the terminal device is the device to be revoked, and the terminal device is directly terminated from using the authorized digital content.
(2) The revocation list manager 5 of the content use and revocation processing terminal management system C reads a digital content producer revocation list RCL 'and a digital content revocation list CCL' stored in the content use and revocation processing terminal management system C, and if RCL 'or CCL' does not exist, stores a corresponding revocation list RCL or CCL in the digital content authorization data block 10 in the content use and revocation processing terminal management system C; if the RCL 'or CCL' exists, comparing the revocation list version number RVN or CVN in the RCL or CCL in the digital content authorization data block 10 with the version number RVN 'or CVN' in the RCL 'or CCL', and if the version number RVN or CVN is less than or equal to the version number RVN 'or CVN' of the RCL 'or CCL', not performing content use and revocation processing terminal management system C to update the revocation list; if the version number RVN or CVN is greater than the version number RVN 'or CVN' of the RCL 'or CCL', the corresponding old version revocation list RCL 'or CCL' in the content usage and revocation processing terminal management system C is deleted, and the new version revocation list RCL or CCL in the digital content authorization data block 10 is stored in the content usage and revocation processing terminal management system C.
(3) The digital content using and canceling processing manager 6 of the content using and canceling processing terminal management system C reads a digital content producer canceling list RCL ' stored in the content using and canceling processing terminal management system C, verifies the digital signature of the RCL ' using the authorization system public key in the terminal device identification credential data block 7, and confirms the validity and integrity of the RCL '; if the digital signature verification is passed, the digital content creation certificate in the digital content authorization data block 10 in the digital content distribution data block 11 is read, the digital content producer identifier RID in the digital content creation certificate is compared with the digital content producer identifier RID 'of the digital content producer to be revoked in the RCL', and if the digital content producer identifier RID is the same, the digital content producer is the digital content producer to be revoked, and the terminal device directly terminates the use of the authorized digital content produced by the digital content producer.
(4) The digital content using and canceling processing manager 6 of the content using and canceling processing terminal management system C reads a digital content canceling list CCL ' stored in the content using and canceling processing terminal management system C, verifies the digital signature of the CCL ' by using an authorization system public key in the terminal device identification credential data block 7, and confirms the validity and integrity of the CCL '; if the digital signature verification is passed, the digital content creation certificate in the digital content authorization data block 10 in the digital content distribution data block 11 is read, the digital content creation identifier CCID in the digital content creation certificate is compared with the digital content creation identifier CCID 'of the digital content to be revoked in the CCL', and if the digital content creation identifier CCID is the same, the digital content is the digital content to be revoked, and the terminal device directly terminates the use of the authorized digital content.
(5) The digital content use and revocation process manager 6 of the content use and revocation process terminal management system C obtains a decryption key of the digital content by an online or offline manner, and decrypts the digital content ciphertext in the digital content distribution data block 11 to obtain a digital content plaintext.
Claims (4)
1. An off-line revocation method of the digital copyright protection system, it uses the digital copyright authorization management system (A) used by the third party authorization administrative organ, the content that the digital copyright protection system operates the server end system uses makes and revokes the information distribution management system (B) and digital copyright protection system terminal equipment end system uses and revokes the off-line revocation management system that the terminal management system (C) makes up; the digital copyright authorization management system (A) consists of an identification management and revocation information generation manager (1) and a digital content authorization and revocation information release manager (2); the content making and revocation information distribution management system (B) is composed of a digital content authorization application manager (3) and a digital content protection and revocation list distribution manager (4); the content use and revocation processing terminal management system (C) is composed of a revocation list manager (5) and a digital content use and revocation processing manager (6); the method mainly comprises the following implementation steps:
1) Revocable object identification generation and management:
(1) the identification management and revocation information generation manager (1) in the digital copyright authorization management system (A) generates a unique identification of the revocable object and stores the unique identification in an authorization database; there are three types of revocable: a revocable digital content producer, a revocable terminal device, and revocable digital content; the unique identifier of the digital content producer is a digital content producer identifier RID, the unique identifier of the terminal equipment is an equipment manufacturer identifier PID+a terminal equipment serial number SID, and the unique identifier of the digital content is a digital content identifier CID;
(2) the identification management and revocation information generation manager (1) in the digital copyright authorization management system (A) respectively generates an identification credential data block of each revocable; the identification credential data blocks of three types of revocable are respectively a terminal equipment identification credential data block (7), a digital content producer identification credential data block (8) and a digital content identification credential data block (9); the identification credential data block of the revocable comprises a digital signature of the revocable, i.e. the unique identification of the digital content producer, the terminal device or the digital content, the public key of the authorization system and the identification credential data block of the revocable signed with the private key of the authorization system; each revocable corresponds to one identification credential data block one by one;
(3) the identification credential data block of the revocable is transferred in an online or offline manner; the digital content producer identification credential data block (8) is transferred and stored to the content producing and revocation information distribution management system (B), the terminal equipment identification credential data block (7) is transferred and stored to the content using and revocation processing terminal management system (C), and the digital content identification credential data block (9) is transferred and stored to the content producing and revocation information distribution management system (B);
2) Revocation information generation processing:
(1) a system administrator in the digital copyright authorization management system (A) inputs revocation information of a to-be-revoked object through an identification management and revocation information generation manager and stores the revocation information in an authorization database; the to-be-revoked object refers to a to-be-revoked digital content producer, to-be-revoked terminal equipment and to-be-revoked digital content; the digital content producer revocation information comprises a digital content producer identifier RID, a revocation validation start time and a revocation deadline; the terminal equipment revocation information comprises equipment manufacturer identification PID and terminal equipment serial number SID; the digital content revocation information comprises a digital content producer identifier RID and a digital content identifier CID;
3) Revocation list generation and release processing:
(1) a digital content authorization application manager (3) of the content creation and revocation information distribution management system (B) reads out a digital content identification CID from a digital content identification voucher data block (9), reads out a digital content manufacturer identification RID from a digital content manufacturer identification voucher data block (8), and then generates a digital content authorization application data block containing the digital content identification CID, the digital content manufacturer identification RID, a creation system public key, and a digital signature of the digital content authorization application data block signed using the creation system private key;
(2) the digital content authorization application data block is transmitted to the digital copyright authorization management system (A) in an online or offline mode;
(3) a digital content authorization and revocation information release manager (2) in the digital copyright authorization management system (A) uses a manufacturing system public key in a digital content authorization application data block to verify the digital signature of the digital content authorization application data block, and confirms the legitimacy and the integrity of the digital content authorization application data block; if the digital signature verification is passed, firstly, a digital content making identifier CCID is generated, and then the digital content making identifier CCID is packaged with related information in a digital content authorization application data block to generate a digital content making certificate, wherein the digital content making certificate comprises the digital content making identifier CCID, a digital content maker identifier RID, a digital content identifier CID and a digital signature of the digital content making certificate signed by using an authorization system private key; the digital content making identifier CCID and the corresponding digital content maker identifier RID and digital content identifier CID information are stored in an authorization database;
(4) a digital content authorization and revocation information release manager (2) in the digital copyright authorization management system (A) reads revocation information of all to-be-revoked objects stored in an authorization database, and respectively generates revocation lists of each type of to-be-revoked objects, namely a digital content producer, terminal equipment and digital content, wherein each type of revocation list comprises revocation information of all the same type of to-be-revoked objects; wherein the digital content producer revocation list RCL comprises a digital content producer revocation list version number RVN, a digital content producer identification RID, a revocation validation start time, a revocation expiration time, and a digital signature of the digital content producer revocation list signed using an authorization system private key; the terminal device revocation list DCL contains a terminal device revocation list version number DVN, a device manufacturer identification PID, a terminal device serial number SID and a digital signature of the terminal device revocation list signed using an authorization system private key; the digital content revocation list CCL comprises a digital signature of the digital content revocation list version number CVN, a digital content creation identifier CCID, a digital content manufacturer identifier RID, a digital content identifier CID, and a digital content revocation list signed using an authorization system private key;
(5) a digital content authorization and revocation information release manager (2) in a digital rights authorization management system (a) generates a digital content authorization data block (10), the digital content authorization data block (10) containing digital content creation certificates, a terminal device revocation list DCL, a digital content producer revocation list RCL, a digital content revocation list CCL, and digital signatures of the digital content authorization data block (10) signed using an authorization system private key;
(6) the digital content authorization data block (10) is transmitted to the content making and revocation information distribution management system (B) in an online or offline mode;
4) Revocation list package distribution processing:
(1) the digital content protection and revocation list distribution manager (4) of the content creation and revocation information distribution management system (B) verifies the digital signature of the digital content authorization data block (10) using the authorization system public key in the digital content manufacturer identification credential data block (8), confirming the validity and integrity of the digital content authorization data block (10); if the digital signature verification is passed, the authorized digital content is encrypted to obtain a digital content ciphertext, and the digital content ciphertext is packaged with the digital content authorization data block (10) to generate a digital content distribution data block (11);
(2) the digital content distribution data block (11) is transmitted to a content using and canceling terminal management system (C) in an online or offline mode;
5) Revocation processing of a revocation object:
(1) a revocation list manager (5) of the content use and revocation processing terminal management system (C) verifies the digital signature of the digital content authorization data block (10) in the digital content distribution data block (11) by using an authorization system public key in the terminal equipment identification credential data block (7) to confirm the validity and the integrity of the digital content authorization data block (10); if the digital signature verification is passed, the equipment manufacturer identifier PID and the terminal equipment serial number SID of the terminal equipment are obtained from the terminal equipment identifier credential data block (7), and are compared with the equipment manufacturer identifier PID 'and the terminal equipment serial number SID' of the terminal equipment to be revoked in the terminal equipment revocation list DCL in the digital content authorization data block (10), if the digital content authorization data block is the same, the terminal equipment is the equipment to be revoked, and the terminal equipment is directly terminated from using authorized digital content;
(2) a revocation list manager (5) of the content usage and revocation processing terminal management system (C) reads a digital content producer revocation list RCL 'and a digital content revocation list CCL' stored in the content usage and revocation processing terminal management system (C), and if RCL 'or CCL' does not exist, stores a corresponding revocation list RCL or CCL in the digital content authorization data block (10) in the content usage and revocation processing terminal management system (C); comparing the revocation list version number RVN or CVN in the RCL or CCL in the digital content authorization data block (10) with the version number RVN 'or CVN' in the corresponding revocation list RCL 'or CCL' stored in the content usage and revocation processing terminal management system (C) if the version number RVN or CVN is less than or equal to the version number RVN 'or CVN' of the RCL 'or CCL', and not performing the update of the revocation list in the content usage and revocation processing terminal management system (C); if the version number RVN or CVN is greater than the version number RVN 'or CVN' of the RCL 'or CCL', deleting the corresponding old version revocation list RCL 'or CCL' in the content usage and revocation processing terminal management system (C), and storing the new version revocation list RCL or CCL in the digital content authorization data block (10) in the content usage and revocation processing terminal management system (C);
(3) the digital content using and canceling processing manager (6) of the content using and canceling processing terminal management system (C) reads a digital content producer canceling list (RCL ') stored in the content using and canceling processing terminal management system (C), verifies the digital signature of the RCL ' by using an authorization system public key in the terminal equipment identification credential data block (7), and confirms the validity and the integrity of the RCL '; if the digital signature verification is passed, a digital content making certificate in a digital content authorization data block (10) in a digital content distribution data block (11) is read, a digital content maker identification RID in the digital content making certificate is compared with a digital content maker identification RID 'of a digital content maker to be revoked in the RCL', if the digital content maker is the same, the digital content maker is the digital content maker to be revoked, and the terminal equipment is directly terminated from using the authorized digital content made by the digital content maker;
(4) a digital content using and canceling processing manager (6) of the content using and canceling processing terminal management system (C) reads a digital content canceling list CCL ' stored in the content using and canceling processing terminal management system (C), verifies the digital signature of the CCL ' by using an authorization system public key in a terminal equipment identification credential data block (7), and confirms the validity and the integrity of the CCL '; if the digital signature verification is passed, a digital content making certificate in a digital content authorization data block (10) in a digital content distribution data block (11) is read, a digital content making identifier CCID in the digital content making certificate is compared with a digital content making identifier CCID 'of the digital content to be revoked in the CCL', if the digital content is the same, the digital content is the digital content to be revoked, and the terminal equipment directly terminates the use of the authorized digital content;
(5) the digital content using and canceling processing terminal management system (C) obtains the decryption key of the digital content through an online or offline mode, and decrypts the digital content ciphertext in the digital content distribution data block (11) to obtain the digital content plaintext.
2. The method for implementing offline revocation of a digital rights protection system according to claim 1, wherein the digital rights protection system operation server system is a component of a digital content service operation server system, so as to implement management and control of digital content rights protection at the operation server; the terminal equipment end system of the digital content copyright protection system is a component part of the terminal equipment end system of the digital content service, and management and control of digital content copyright protection on terminal equipment are realized.
3. The method for implementing offline revocation of a digital rights protection system according to claim 1 or 2, characterized in that the public key of the authorization system and the private key of the authorization system are managed by a digital rights authorization management system (a); the production system public key and the production system private key are managed by a content production and revocation information distribution management system (B).
4. The method for implementing offline revocation of a digital rights protection system according to claim 3, wherein the digital content encryption process and the decryption process are methods for protecting the digital content in the digital rights protection system by using a cryptographic algorithm, which are different according to different service requirements.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510580443.7A CN106529751B (en) | 2015-09-14 | 2015-09-14 | Method for realizing offline revocation of digital copyright protection system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510580443.7A CN106529751B (en) | 2015-09-14 | 2015-09-14 | Method for realizing offline revocation of digital copyright protection system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106529751A CN106529751A (en) | 2017-03-22 |
| CN106529751B true CN106529751B (en) | 2023-09-29 |
Family
ID=58348543
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510580443.7A Active CN106529751B (en) | 2015-09-14 | 2015-09-14 | Method for realizing offline revocation of digital copyright protection system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106529751B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107920124A (en) * | 2017-11-27 | 2018-04-17 | 广东南都全媒体网络科技有限公司 | A kind of datagram content delivering system, method and storage device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101771538A (en) * | 2008-12-26 | 2010-07-07 | 同方股份有限公司 | Information protection method and management system thereof for unconnected system |
| CN101770794A (en) * | 2008-12-26 | 2010-07-07 | 同方股份有限公司 | Digital copyright protection method and management device thereof for digital video disc system |
| CN103632072A (en) * | 2006-05-12 | 2014-03-12 | 三星电子株式会社 | Multi certificate revocation list support method and apparatus for digital rights management |
-
2015
- 2015-09-14 CN CN201510580443.7A patent/CN106529751B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103632072A (en) * | 2006-05-12 | 2014-03-12 | 三星电子株式会社 | Multi certificate revocation list support method and apparatus for digital rights management |
| CN101771538A (en) * | 2008-12-26 | 2010-07-07 | 同方股份有限公司 | Information protection method and management system thereof for unconnected system |
| CN101770794A (en) * | 2008-12-26 | 2010-07-07 | 同方股份有限公司 | Digital copyright protection method and management device thereof for digital video disc system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106529751A (en) | 2017-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105553662B (en) | Dynamic digital copyright protection method and system based on id password | |
| RU2300845C2 (en) | Method and system for safe distribution of data transferred through public data network | |
| TW201933255A (en) | Blockchain system and data processing method for blockchain system | |
| CN101145906B (en) | Method and system for authenticating legality of receiving terminal in unidirectional network | |
| CN111201762B (en) | Method for securely replacing a first manufacturer certificate that has been introduced into a device | |
| CN109804374A (en) | Digital Right Management based on block chain | |
| CN102129532B (en) | Method and system for digital copyright protection | |
| CN112435024A (en) | Alliance chain cross-chain privacy protection method based on group signature and CA multi-party authentication | |
| CN101872399A (en) | Dynamic digital copyright protection method based on dual identity authentication | |
| CN106027503A (en) | Cloud storage data encryption method based on TPM | |
| CN102859929A (en) | Online secure device provisioning with updated offline identity data generation and offline device binding | |
| CN101609495A (en) | A kind of electronic document digital rights management method | |
| CN101465732B (en) | Method and terminal for ensuring digital certificate safety | |
| CN102271130A (en) | Method for safely delivering and distributing software | |
| KR102089852B1 (en) | System and Method for Security Provisioning based on Blockchain | |
| CN114244527B (en) | Block chain-based electric power Internet of things equipment identity authentication method and system | |
| CN102546580A (en) | Method, system and device for updating user password | |
| CN105471901A (en) | Industrial information security authentication system | |
| CN103186723B (en) | The method and system of digital content security cooperation | |
| US11258601B1 (en) | Systems and methods for distributed digital rights management with decentralized key management | |
| CN112702312B (en) | Lightweight Internet of things digital certificate processing method and system based on cryptographic algorithm | |
| CN106529751B (en) | Method for realizing offline revocation of digital copyright protection system | |
| JP2021007053A (en) | Content transmission method | |
| CN102236753A (en) | Rights management method and system | |
| KR100989371B1 (en) | DRM security mechanism for the personal home domain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |