CN107241620B - Digital rights management method of media content, DRM client and server - Google Patents
Digital rights management method of media content, DRM client and server Download PDFInfo
- Publication number
- CN107241620B CN107241620B CN201610185037.5A CN201610185037A CN107241620B CN 107241620 B CN107241620 B CN 107241620B CN 201610185037 A CN201610185037 A CN 201610185037A CN 107241620 B CN107241620 B CN 107241620B
- Authority
- CN
- China
- Prior art keywords
- drm
- execution unit
- media content
- content
- drm client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title description 85
- 238000013475 authorization Methods 0.000 claims abstract description 191
- 238000000034 method Methods 0.000 claims abstract description 49
- 238000004891 communication Methods 0.000 claims description 58
- 238000012795 verification Methods 0.000 claims description 18
- 230000008569 process Effects 0.000 claims description 17
- 230000006978 adaptation Effects 0.000 claims description 12
- 238000012545 processing Methods 0.000 description 18
- 238000010586 diagram Methods 0.000 description 16
- 230000006870 function Effects 0.000 description 15
- 238000004590 computer program Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 238000004519 manufacturing process Methods 0.000 description 3
- 239000000835 fiber Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000001902 propagating effect Effects 0.000 description 2
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 229910052802 copper Inorganic materials 0.000 description 1
- 239000010949 copper Substances 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/16—Program or content traceability, e.g. by watermarking
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
- H04N21/2541—Rights Management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4627—Rights management associated to the content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
- H04N21/835—Generation of protective data, e.g. certificates
- H04N21/8358—Generation of protective data, e.g. certificates involving watermark
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Technology Law (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Facsimile Image Signal Circuits (AREA)
Abstract
The invention discloses a Digital Rights Management (DRM) method of media content, a DRM client, a DRM server, a terminal device and a DRM server, wherein the DRM method comprises the following steps: the DRM client receives a calling request of the media application, and acquires a unique identifier of the media content to be played from the calling request; sending a DRM authorization request to a DRM server to acquire a content authorization execution unit, wherein the DRM authorization request comprises the identification of the media content and the basic information of the DRM client; and running the content authorization execution unit in the DRM client running environment to realize the DRM authorization function. By using the technical scheme of the invention, flexible protection can be provided for the media content, thereby improving the safety degree of the media content.
Description
Technical Field
The present invention relates to a Digital Rights Management (DRM) technology, and more particularly, to a Digital Rights Management (DRM) method of media contents, a DRM client, a DRM server, a terminal device, and a DRM server.
Background
Currently, smart devices such as smart televisions have moved into thousands of households, and increasingly become an important way for users to acquire media contents such as audio and video data and file data in daily life. International content providers such as hollywood are actively deploying operation of 4K ultra-high-definition media content, japan NHK television stations have even realized industrialization of 8K content encoding and display devices, domestic mainstream content providers watch, Jiangsu television stations and the like are actively deploying production, broadcasting and operation of ultra-high-definition media content, Jiangsu stations have adopted ultra-high-definition mode for live broadcasting in the late year-crossing period, and the era of ultra-high-definition media content operation has come. The ultra-high-definition media content has high manufacturing cost and high value, and is regarded as the next growing point of the media industry, domestic mainstream content providers and Hollywood and the like pay particular attention to the protection of the ultra-high-definition media content, the requirement of ultra-high-definition media content operation on copyright protection is higher, a content protection algorithm needs to be frequently replaced to improve the safety, the existing content protection technology needs to be urgently upgraded and iterated, and technical support and guarantee are provided for building a healthy ultra-high-definition media content ecology.
In the existing Digital Rights Management (DRM) technology, Digital media content is usually encrypted and packaged, information such as a content encryption key and DRM Rights (e.g., content license and constraint conditions) is packaged into a content license according to a business rule set by an operator according to a certain syntax, the content license is sent to a DRM client through interaction between the DRM client of a terminal device and a DRM server, and the DRM client decrypts and plays the content according to a rule specified by the license and the constraint conditions in the content license.
However, the existing DRM technology system cannot set a personalized content encryption algorithm, an authorization rule, etc. for the media content, resulting in a low degree of protection for the media content. In the existing DRM technology, if a content encryption algorithm, an authorization rule, etc. need to be modified, the DRM server system and the DRM client system need to be upgraded integrally at the same time, and the content encryption algorithm, the authorization rule, etc. cannot be changed flexibly and in real time according to the business operation requirement and the security requirement, which is not favorable for high-strength security protection of media content.
Under the condition of being based on the trusted execution environment, core functions such as decryption and decoding of the DRM client are all operated in the trusted execution environment, and if the DRM client is upgraded, the whole trusted execution environment needs to be upgraded at the same time, which may affect normal use of other non-DRM functions in the trusted execution environment.
In addition, the existing license and constraint analysis and execution mode of the content authorization license has poor constraint on the DRM client, and is prone to have execution vulnerabilities, for example, vulnerabilities such as the DRM client does not decrypt and play content according to the requirements of the license and the constraint.
Disclosure of Invention
It is an object of the present invention to provide a new solution for digital rights management that solves at least one of the above mentioned problems.
According to a first aspect of the present invention, there is provided a Digital Rights Management (DRM) method for media contents, implemented in a terminal device having a DRM client installed therein, comprising the steps of:
step 1: the DRM client receives a calling request of the media application of the terminal equipment and acquires a unique identifier of the media content to be played from the calling request;
step 2: the DRM client sends a DRM authorization request to a DRM server to acquire a content authorization execution unit, wherein the DRM authorization request comprises the identification of the media content and the basic information of the DRM client;
the content authorization execution unit is generated by the DRM server according to the identification of the media content, the content encryption algorithm and the content encryption key adopted by the media content, the basic information of the DRM client and the DRM authority of the DRM client to the media content, wherein the DRM server inquires and obtains the content encryption algorithm and the content encryption key adopted by the media content and the DRM authority of the DRM client to the media content according to the DRM authorization request;
and step 3: and the DRM client runs the content authorization execution unit in the DRM client running environment, verifies whether the terminal running environment accords with the DRM authority of the DRM client to the media content through the content authorization execution unit, and decrypts the media content according to the content encryption algorithm and the content encryption key if the terminal running environment accords with the DRM authority of the DRM client to the media content.
Preferably, the content authorization execution unit is signed by the DRM server and then issued to the DRM client; and after the DRM client acquires the content authorization execution unit, checking the signature of the content authorization execution unit, and operating the content authorization execution unit after the check is passed.
Preferably, in the step 2, the DRM client operates a communication execution unit in a DRM client operation environment, and sends the DRM authorization request to the DRM server through the communication execution unit.
Preferably, between the step 1 and the step 2, the method further comprises the step of acquiring the communication execution unit: the DRM client sends a request for a communication execution unit to the DRM server to acquire the communication execution unit, wherein the request for the communication execution unit comprises basic information of the DRM client; the communication execution unit is generated by the DRM server according to the basic information of the DRM client.
Preferably, the communication execution unit is signed by the DRM server and then issued to the DRM client; and after the DRM client side acquires the communication execution unit, checking the signature of the communication execution unit, and operating the communication execution unit after the check is passed.
Preferably, the DRM rights of the DRM client to the media content include a digital watermark that the media content must be checked for when playing the media content; the content authorization execution unit informs the DRM client to operate a digital watermark execution unit, the DRM client operates the digital watermark execution unit in the DRM client operation environment, the digital watermark embedded in the media content is verified in the playing process of the media content through the digital watermark execution unit, and if the verification fails, the media content is stopped to be played; and the digital watermarking unit is obtained by the DRM client side requesting the digital watermarking unit corresponding to the media content from the DRM server side according to the notification.
Preferably, the digital watermark of the media content contains information of the limitation requirement of the content provider of the media content on the playing environment of the media content; and the digital watermark execution unit judges whether the terminal operating environment meets the limit requirement of a content provider of the media content on the playing environment of the media content in the playing process of the media content, and stops playing the media content if the terminal operating environment does not meet the limit requirement.
Preferably, the DRM rights of the DRM client to the media content include that a digital watermark for tracking the media content must be embedded when playing the media content; the content authorization execution unit informs the DRM client to operate a digital watermark execution unit, the DRM client operates the digital watermark execution unit in the DRM client operation environment, and digital watermarks used for tracking the media content are embedded in the playing process of the media content through the digital watermark execution unit; and the digital watermarking unit is obtained by the DRM client side requesting the digital watermarking unit corresponding to the media content from the DRM server side according to the notification.
Preferably, the digital watermark execution unit is signed by the DRM server and then issued to the DRM client; and after the DRM client side acquires the digital watermark execution unit, checking the signature of the digital watermark execution unit, and operating the digital watermark execution unit after the check is passed.
Preferably, the DRM client runtime environment includes an execution unit engine and a terminal operating system adaptation module; and the DRM client runs an execution unit through the execution unit engine and adapts the execution unit engine to the terminal operating system through the terminal operating system adapting module.
Preferably, the execution unit engine provides a memory management interface, an external storage management interface, a network management interface, a cryptographic algorithm interface, a play control interface, and an output control interface for the operation of the execution unit; and the DRM client adapts the memory management interface, the external storage management interface, the network management interface, the cryptographic algorithm interface, the play control interface and the output control interface of the execution unit engine to corresponding interfaces of a terminal operating system through the terminal operating system adaptation module.
Preferably, the DRM client runtime environment further includes an execution unit scheduling management module; and the DRM client schedules and manages each execution unit through the execution unit scheduling management module, and comprises the steps of scheduling the execution unit to the execution unit engine for running, and adding, deleting and updating the execution unit.
According to a second aspect of the present invention, there is provided a Digital Rights Management (DRM) method for media contents, implemented in a DRM server, comprising the steps of:
step 1: the DRM server side receives a DRM authorization request sent by a DRM client side, wherein the DRM authorization request comprises the unique identifier of the media content and the basic information of the DRM client side;
step 2: the DRM server side inquires and obtains a content encryption algorithm and a content encryption key adopted by the media content and DRM rights of the DRM client side to the media content according to the DRM authorization request;
and step 3: the DRM server generates a content authorization execution unit according to the identification of the media content, a content encryption algorithm and a content encryption key adopted by the media content, the basic information of the DRM client and the DRM authority of the DRM client to the media content; the content authorization execution unit is configured to run in a DRM client running environment to verify whether a terminal running environment of a terminal device where a DRM client is located accords with DRM authority of the DRM client to the media content, and if so, the media content is decrypted according to the content encryption algorithm and a content encryption key;
and 4, step 4: and the DRM server side issues the generated content authorization execution unit to the DRM client side.
Preferably, between the step 3 and the step 4, a step of signing the generated content authorization execution unit by the DRM service end is further included.
Preferably, in the step 3, the DRM server searches a content authorization execution unit template corresponding to the media content according to the identifier of the media content or a content encryption algorithm adopted by the media content; or, the DRM authorization request further includes a DRM version number corresponding to the media content, and the DRM server searches a content authorization execution unit template corresponding to the media content according to the DRM version number corresponding to the media content; and the DRM server generates the content authorization execution unit according to the content authorization execution unit template obtained by searching.
Preferably, the content authorization execution unit template corresponding to the media content contains a step of scheduling a digital watermark execution unit; the DRM server receives a request of the DRM client for a digital watermark execution unit corresponding to the media content, wherein the request of the DRM client for the digital watermark execution unit corresponding to the media content is generated by the DRM client according to the step of scheduling the digital watermark execution unit by the content authorization execution unit; the DRM server searches a digital watermark unit template corresponding to the media content according to the identification of the media content and generates a digital watermark execution unit according to the digital watermark unit template obtained by searching; and the DRM server side issues the generated digital watermark execution unit to the DRM client side.
Preferably, in the step 2, the DRM server queries, from a key management system, an encryption algorithm and a content encryption key used for obtaining the media content according to the identifier of the media content.
Preferably, in step 2, the DRM server queries from an operation support system to obtain the DRM rights of the DRM client to the media content according to the identifier of the media content and the basic information of the DRM client.
According to a third aspect of the present invention, there is provided a DRM client installed in a terminal device having an intelligent operating system installed therein, the DRM client including a media application interface, an execution unit acquisition module, and a content authorization execution unit;
the media application interface is used for receiving a calling request of the media application of the terminal equipment and acquiring a unique identifier of the media content to be played;
the execution unit acquisition module is used for sending a DRM authorization request to a DRM server to acquire the content authorization execution unit, wherein the DRM authorization request comprises the identification of the media content and the basic information of the DRM client;
the content authorization execution unit is used for verifying whether the terminal operating environment accords with the DRM authority of the DRM client to the media content, and if so, decrypting the media content according to the content encryption algorithm and the content encryption key;
the content authorization execution unit is generated by the DRM server according to the identification of the media content, the content encryption algorithm and the content encryption key adopted by the media content, the basic information of the DRM client and the DRM authority of the DRM client to the media content, wherein the DRM server queries and obtains the content encryption algorithm and the content encryption key adopted by the media content and the DRM authority of the DRM client to the media content according to the DRM authorization request.
Preferably, the DRM client further includes an execution unit signature verification module for verifying a signature of the content authorization execution unit.
Preferably, the DRM rights of the DRM client to the media content include a digital watermark that the media content must be checked for when playing the media content; the DRM client further comprises a digital watermark execution unit; the content authorization execution unit is further configured to notify the execution unit acquisition module to acquire the digital watermark execution unit; the execution unit acquisition module is further configured to request the DRM server for a digital watermark unit corresponding to the media content according to the notification; the digital watermark execution unit is used for verifying the digital watermark embedded in the media content in the playing process of the media content, and stopping playing the media content if the verification is not passed.
Preferably, the digital watermark of the media content contains information of the limitation requirement of the content provider of the media content on the playing environment of the media content; and the digital watermark execution unit is also used for judging whether the terminal operating environment meets the limit requirement of a content provider of the media content on the playing environment of the media content in the playing process of the media content, and if not, stopping playing the media content.
Preferably, the DRM rights of the DRM client to the media content include that a digital watermark for tracking the media content must be embedded when playing the media content; the DRM client further comprises a digital watermark execution unit; the content authorization execution unit is further configured to notify the execution unit acquisition module to acquire the digital watermark execution unit; the execution unit acquisition module is further configured to request the DRM server for a digital watermark unit corresponding to the media content according to the notification; the digital watermark execution unit is used for embedding the digital watermark for tracking the media content in the playing process of the media content.
Preferably, the DRM client further comprises an execution unit engine and a terminal operating system adaptation module; the execution unit engine is used for operating the execution unit; and the terminal operating system adapting module is used for adapting the execution unit engine to a terminal operating system.
Preferably, the execution unit engine is configured to provide a memory management interface, an external storage management interface, a network management interface, a cryptographic algorithm interface, a play control interface, and an output control interface for the operation of the execution unit; and the terminal operating system adapting module is used for adapting a memory management interface, an external storage management interface, a network management interface, a cryptographic algorithm interface, a play control interface and an output control interface of the execution unit engine to corresponding interfaces of a terminal operating system.
Preferably, the DRM client further includes an execution unit scheduling management module; the execution unit scheduling management module is used for scheduling and managing each execution unit, and comprises the steps of scheduling the execution unit to the execution unit engine for running, and adding, deleting and updating the execution unit.
According to a fourth aspect of the present invention, a DRM server is provided, which includes a DRM message receiving module, a media content related DRM information obtaining module, an execution unit generating module, and an execution unit issuing module;
the DRM message receiving module is used for receiving a DRM authorization request sent by a DRM client, and the DRM authorization request contains the unique identifier of the media content and the basic information of the DRM client;
the DRM information acquisition module related to the media content is used for inquiring and acquiring a content encryption algorithm and a content encryption key adopted by the media content and DRM authority of the DRM client to the media content according to the DRM authorization request;
the execution unit generation module is used for generating a content authorization execution unit according to the identifier of the media content, a content encryption algorithm and a content encryption key adopted by the media content, the basic information of the DRM client and the DRM authority of the DRM client to the media content and a content authorization execution unit template corresponding to the media content; the content authorization execution unit is configured to run in a DRM client running environment to verify whether a terminal running environment of a terminal device where a DRM client is located accords with DRM authority of the DRM client to the media content, and if so, the media content is decrypted according to the content encryption algorithm and a content encryption key;
and the execution unit issuing module is used for issuing the content authorization execution unit to the DRM client.
Preferably, the DRM server further includes an execution unit signature module; the execution unit signature module is used for signing the content authorization execution unit before the execution unit issuing module issues the content authorization execution unit.
Preferably, the DRM server further includes an execution unit template management module, configured to manage the content authorization execution unit template, including adding, updating, and deleting the content authorization execution unit template.
Preferably, the DRM server further includes a key management interface; and the media content DRM information acquisition module is used for communicating with a key management system through the key management interface and inquiring from the key management system according to the identifier of the media content to acquire the encryption algorithm and the content encryption key adopted by the media content.
Preferably, the DRM server further includes an operation support interface;
the media content DRM information acquisition module is further configured to communicate with an operation support system through the operation support interface, and obtain a DRM right of the media content by the DRM client from an operation support system query according to the identifier of the media content and the basic information of the DRM client.
According to a fifth aspect of the present invention, there is provided a DRM client installed in a terminal device installed with an intelligent operating system, the DRM client including a media application interface, an execution unit scheduling management module, an execution unit engine, and a terminal operating system adaptation module;
the media application interface is used for receiving a calling request of the media application of the terminal equipment and acquiring a unique identifier of the media content to be played;
the execution unit scheduling management module is used for searching an execution unit corresponding to the media content according to the calling request and starting the execution unit engine to run the execution unit so as to realize DRM authorization of the media content; if the execution unit corresponding to the media content cannot be found, sending a DRM message to a DRM server to acquire the execution unit corresponding to the media content, checking the signature of the acquired execution unit to judge the legality of the execution unit, and then starting a DRM execution unit engine to operate the execution unit to realize DRM authorization of the media content;
and the terminal operating system adapting module is used for realizing the adaptation of the DRM execution unit engine and the terminal operating system.
Preferably, the execution unit engine is configured to provide a memory management interface, an external storage management interface, a network management interface, a cryptographic algorithm interface, a play control interface, and an output control interface for the operation of the execution unit; and the terminal operating system adapting module is used for adapting a memory management interface, an external storage management interface, a network management interface, a cryptographic algorithm interface, a play control interface and an output control interface of the execution unit engine to corresponding interfaces of a terminal operating system.
According to a sixth aspect of the present invention, there is provided a DRM server, comprising a DRM message processing module, an execution unit template management module, an execution unit template, and an execution unit generation module;
the DRM message processing module is used for receiving a DRM message sent by a DRM client, and the DRM message contains the identification of the media content and the basic information of the DRM client; selecting a corresponding execution unit template according to the DRM message, calling an execution unit generation module to generate an execution unit according to the selected execution unit template, wherein the execution unit is configured to run in a DRM client running environment to realize DRM authorization on media content; signing the execution unit generated by the execution unit generation module; issuing the signed execution unit to the DRM client;
and the execution unit template management module is used for managing the execution unit template.
Preferably, the execution unit management template comprises a content authorization execution unit template; the DRM message processing module is used for calling an execution unit generation module to generate a content authorization execution unit according to the identifier of the media content, a content encryption algorithm and a content encryption key adopted by the media content, the basic information of the DRM client and the DRM authority of the DRM client to the media content and a selected content authorization execution unit template; the content authorization execution unit is configured to operate in a DRM client operation environment to verify whether a terminal operation environment of a terminal device where a DRM client is located conforms to DRM rights of the DRM client to the media content, and if so, decrypt the media content according to the content encryption algorithm and the content encryption key.
Preferably, the DRM server further includes a key management interface and an operation support interface; the DRM message processing module is also used for communicating with a key management system through the key management interface and inquiring an encryption algorithm and a content encryption key corresponding to the media content from the key management system according to the identifier of the media content; the DRM message processing module is further configured to communicate with an operation support system through the operation support interface, and query DRM rights of the DRM client to the media content from the operation support system according to the identifier of the media content and the basic information of the DRM client.
According to a seventh aspect of the present invention, there is also provided a terminal device comprising the DRM client according to any one of the preceding claims.
Preferably, the DRM client runs in an intelligent operating system of the terminal device or in a trusted execution environment of the terminal device.
According to the eighth aspect of the present invention, there is also provided a DRM server, comprising the DRM server according to any one of the preceding claims.
The invention changes the mode of content authorization through the content authorization license, after receiving the call request of the media application, the DRM client requests the DRM server for the DRM authorization of the media content, the DRM server generates a content authorization execution unit according to the encryption algorithm and the content encryption key of the media content, the DRM authority of the DRM client to the media content and the like and sends the content authorization execution unit to the DRM client, and the DRM client directly operates the content authorization execution unit in the operation environment of the DRM client to realize the decryption of the media content.
Other features of the present invention and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description, serve to explain the principles of the invention.
Fig. 1 is a schematic block diagram of a media content operation-related system provided by an embodiment of the present invention.
Fig. 2 is a schematic diagram illustrating steps of a digital rights management method according to a first embodiment of the present invention.
Fig. 3 is a block diagram of a DRM client and a DRM server provided in a first embodiment of the present invention.
Fig. 4 is a block diagram of a DRM client and a DRM server according to the second and third embodiments of the present invention.
Fig. 5 is a block diagram of a DRM client and a DRM server provided in a fourth embodiment of the present invention.
Fig. 6 shows a schematic block diagram of a terminal device provided by an embodiment of the present invention.
Detailed Description
Various exemplary embodiments of the present invention will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
The invention provides a digital rights management scheme of media contents, relating to a DRM server side for providing DRM service and a DRM client side of user terminal equipment.
The terminal equipment is an intelligent electronic equipment installed with an intelligent operating system (such as android, WINDOWS, IOS and other systems), such as a computer, a smart phone, a PAD and the like.
The DRM client is composed of a DRM client running environment and an execution unit. The execution unit is an entity, such as a program, a statement, an instruction, a code, etc., which is generated by the DRM server according to the requirements of the DRM client and can be run in the running environment of the DRM client. The DRM client execution environment refers to an internal execution environment provided by the DRM client 100 for an execution unit. The execution unit runs in the DRM client running environment, is not directly contacted with the outside of the DRM client, and provides the interface with the terminal operating system by the DRM client running environment.
The DRM client implements a reasonable authorization of the media content by running the execution unit in the DRM client runtime environment. The execution units related to the present invention include, but are not limited to, a communication execution unit, a content authorization execution unit, a digital watermark execution unit, and the like.
Referring to fig. 1, a related system for media content operation according to an embodiment of the present invention is described, which illustrates the technical solution of the present invention as a whole:
the content management system 4 sends the media content to be online to the content encryption system 3 for encryption, after the content encryption system 3 encrypts the media content, the encrypted media content is sent to the operation support system 6 for the user to request, the content encryption key is sent to the key management system 5 for storage management, and the basic information of the media content is sent to the DRM server 2 for storage. The basic information of the media content should at least include the unique identifier of the media content, and further may include other information such as the file name, size, duration, and corresponding DRM version number of the media content. The content encryption system 3 may also send the encryption algorithm used to encrypt the media content to the key management system 5 and/or the DRM server 2 for storage. The content encryption key referred to in the present invention is a key for encrypting a content key, and media content is encrypted using the content key.
The DRM server 200 may generate the content authorization execution unit template by using the encryption algorithm of the media content, or the content authorization execution unit template in the DRM server 200 may be issued to the DRM server 2 by the content encryption system 3 or the operation support system 6. The content authorization execution unit template is used for generating a content authorization execution unit which can directly run in a DRM client running environment, and the content authorization execution unit can be provided with authorization information of the DRM client and an IF statement for judging whether the terminal running environment meets DRM authorization rules or not, for example, a local certificate of the terminal equipment needs to be verified, and the media content can be decrypted and played only when the verification is passed. Those skilled in the art can perform various settings on the content authorization execution unit template, and the present invention is not described in detail. Other types of execution unit templates, such as a communication execution unit template, a digital watermark execution unit template, etc., may also be included in the DRM server 200, and a new template type may be set according to operation needs.
The terminal device 1 has an intelligent operating system 11, a media application 12, and a DRM client 100 running therein. The media application 11 is, for example, a media player or a media APP, and the user can request the media content through the media application 11, and further, the user can purchase and download the media content through the media application 11. The media application 11 acquires media content through the operation support system 6 and presents the media content to the user.
When a user requests media content from the operation support system 6 through the media application 11, the media application 11 acquires the unique identifier of the media content from the operation support system 6, and further may acquire information such as a DRM version number and a DRM server address corresponding to the media content, and then the media application 11 calls the DRM client 100, so as to implement operations such as DRM authorization for the media content to play.
The DRM client 100 sends a DRM message to the DRM server 200 after being called by the media application 11, the DRM server 200 selects a corresponding execution unit template to generate an execution unit according to the DRM message after receiving the DRM message, and then sends the execution unit to the DRM client 100, and the DRM client 100 runs the execution unit in the DRM client running environment and realizes authorization of media content through the running of the execution unit. The DRM message referred to in the present invention includes, but is not limited to, a DRM authorization request, a request to a communication execution unit, and the like.
The DRM server 200 may replace the execution unit template according to the operation requirement, and the execution unit generated according to the execution unit template may be directly executed in the DRM client operating environment after being sent to the DRM client 100, and if a new DRM function is to be added or a new authorization rule is to be added, only a new execution unit template needs to be added in the DRM server 2.
The DRM client 100 may run in the smart operating system of the terminal device 1 or in the trusted execution environment of the terminal device 1. When the DRM client 100 operates in the terminal trusted execution environment, if the content encryption algorithm and the like need to be updated, only a new content authorization execution template needs to be generated at the DRM server 200, and the DRM server 200 generates a content authorization execution unit according to the new content authorization execution template and then sends the content authorization execution unit to the DRM client 100 to operate, thereby avoiding the problem of frequent upgrading of the DRM client 100.
< first embodiment >
Referring to fig. 2 and 3, a digital rights management method, a DRM client 100, and a DRM server 200 according to a first embodiment of the present invention are described. The DRM client 100 includes a media application interface 101, an execution unit acquisition module 108, an execution unit signature verification module 109, an execution unit engine 106, a terminal operating system adaptation module 107, and an execution unit schedule management module (not shown). The DRM server 200 includes an operation support interface 205, a key management interface 206, a DRM message receiving module 207, a media content related DRM information obtaining module 208, an execution unit generating module 204, an execution unit signing module 210, an execution unit issuing module 209, and an execution unit template management module 203.
S101, the DRM client 100 receives a call request of a media application of a terminal device through the media application interface 101, and obtains basic information of media content to be played. The basic information of the media content should at least include the unique identifier of the media content, and further may include other information such as the file name, size, duration, and corresponding DRM version number of the media content.
S102, the DRM client 100 sends a DRM authorization request to the DRM server 200 through the execution unit obtaining module 108, where the DRM authorization request at least includes an identifier of the media content and basic information of the DRM client 100, and further may include DRM version number information corresponding to the media content. The basic information of the DRM client 100 should include at least an ID of the DRM client 100 and may further include address information, version number, certificate, and the like of the DRM client 100.
S103, the DRM server 200 receives the DRM authorization request through the DRM message receiving module 207, the media content related DRM information acquisition module 208 obtains the content encryption algorithm and the content encryption key adopted by the media content and the DRM authority of the DRM client 100 to the media content according to the DRM authorization request, and the execution unit generation module 204 generates the content authorization execution unit 104 according to the identification of the media content, the content encryption algorithm and the content encryption key adopted by the media content, the basic information of the DRM client 100 and the DRM authority of the DRM client 100 to the media content. Finally, the execution unit issuing module 209 issues the generated content authorization execution unit 104 to the DRM client 100.
S104, the DRM client 100 receives the content authorization execution unit 104 through the execution unit acquisition module 108, the content authorization execution unit 104 is operated in the DRM client operation environment, whether the terminal operation environment accords with the DRM authority of the DRM client 100 to the media content is verified through the content authorization execution unit 104, if so, the media content is decrypted according to the content encryption algorithm and the content encryption key, and the playing of the media content is controlled. For example: the DRM authority of the DRM client 100 to the media content is that the DRM client can decrypt and play the media content only between 8 pm and 12 pm, the content authorization execution unit 104 will determine whether the terminal operating environment is between 8 pm and 12 pm, and if the terminal operating environment meets the constraint condition between 8 pm and 12 pm, the content authorization execution unit 104 decrypts the media content and controls the playing of the media content.
In order to further improve the security of the media content, in step S103, after the execution unit generation module 204 generates the content authorization execution unit, the execution unit signing module 210 signs the generated content authorization execution unit, and then the execution unit issuing module 209 issues the signed content authorization execution unit to the DRM client. In step S104, after the DRM client obtains the content authorization execution unit 104, the signature of the content authorization execution unit 104 is verified, and then the content authorization execution unit 104 is executed in the DRM client execution environment after the verification is passed.
The execution unit generation module 204 may search a content authorization execution unit template corresponding to the media content according to the identifier of the media content and/or a content encryption algorithm used by the media content and/or a DRM version number corresponding to the media content, and generate the content authorization execution unit 104 according to the content authorization execution unit template obtained by the search.
The execution unit acquiring module 108 of the DRM client 100 may also be a communication execution unit. After receiving the call request of the media application, the DRM client 100 sends a request for a communication execution unit to the DRM server 200, where the request for the communication execution unit at least includes basic information of the DRM client 100, and further may include an identifier of the media content and DRM version number information corresponding to the media content. After the DRM message receiving module 207 receives the request of the DRM client 100 for the communication execution unit, the execution unit generating module 204 searches the communication execution unit template according to the request for the communication execution unit, and generates the communication execution unit according to the communication execution unit template obtained by searching. The execution unit signing module 210 signs the communication execution unit generated by the execution unit generating module 204, and the execution unit issuing module 209 issues the signed communication execution unit to the DRM client 100. After acquiring the communication execution unit, the DRM client 100 verifies the signature of the communication execution unit, and then runs the communication execution unit in the DRM client running environment after the verification is passed. The execution unit generation module 204 may search the communication execution unit template according to the identifier of the media content and/or the DRM version number corresponding to the media content and/or the basic information of the DRM client.
The DRM server 200 may further include an execution unit template management module 203 for managing the execution unit templates, including downloading, adding, updating, and deleting the execution unit templates.
The DRM information acquisition module 208 is in communication with the key management system through the key management interface 206, and queries from the key management system according to the identifier of the media content to obtain the encryption algorithm and the content encryption key used by the media content. Alternatively, the media content related DRM information acquisition module 208 acquires the content encryption algorithm of the media content from the storage area of the DRM server 2.
The DRM information acquisition module 208 related to the media content communicates with the operation support system through the operation support interface 205, and queries and acquires the DRM authority of the DRM client on the media content from the operation support system according to the identifier of the media content and the basic information of the DRM client.
The DRM client runtime environment includes an execution unit engine 106, a terminal operating system adaptation module 107, and an execution unit scheduling management module. The DRM client 100 schedules and manages the respective execution units through the execution unit scheduling management module, including scheduling the execution units to be executed in the execution unit engine 106, and adding, deleting, and updating the execution units. The DRM client 100 adapts the execution unit engine 106 to the terminal operating system through the terminal operating system adaptation module 107. The execution unit engine 106 further provides a memory management interface, an external storage management interface, a network management interface, a cryptographic algorithm interface, a playback control interface, and an output control interface for the execution unit, and the terminal operating system adapting module 107 adapts the memory management interface, the external storage management interface, the network management interface, the cryptographic algorithm interface, the playback control interface, and the output control interface of the execution unit engine 106 to corresponding interfaces of the terminal operating system.
< second embodiment >
Referring to fig. 4, a digital rights management method, a DRM client 100, and a DRM server 200 according to a second embodiment of the present invention are described. The second embodiment adds a digital watermarking function to the first embodiment, and specifically:
if the media content to be played is embedded with the digital watermark, the DRM authority of the DRM client 100 for the media content includes the digital watermark that must be checked when the media content is played, and the content authorization execution unit template corresponding to the media content includes a step of scheduling the digital watermark execution unit.
The content authorization execution unit 104 runs in the DRM client running environment, and notifies the DRM client 100 that the digital watermark execution unit needs to be started, the execution unit obtaining module 204 requests the DRM server 200 for the digital watermark unit corresponding to the media content according to the notification, where the request for the digital watermark unit may include the identifier of the media content and the basic information of the DRM client 100.
After the DRM server 200 receives the request of the DRM client 100 for the digital watermark execution unit corresponding to the media content, the execution unit generation module 204 searches for the digital watermark unit template corresponding to the media content according to the identifier of the media content and generates the digital watermark execution unit according to the digital watermark unit template corresponding to the media content, the execution unit signature module 210 signs the digital watermark execution unit, and the execution unit issuing module 209 issues the signed digital watermark execution unit 105 to the DRM client 100.
After receiving the digital watermark execution unit 105, the DRM client 100 first verifies the signature of the digital watermark execution unit 105 by the execution unit signature verification module 109, and after the verification is passed, the digital watermark execution unit 105 is operated in the DRM client operation environment, and the digital watermark execution unit 105 verifies the digital watermark embedded in the media content during the playing process of the media content, and if the verification is not passed, the media content is stopped to be played.
Further, if the digital watermark of the media content contains information of a restriction requirement of a content provider of the media content on a playing environment of the media content, the digital watermark execution unit 105 needs to determine whether the terminal operating environment meets the restriction requirement of the content provider of the media content on the playing environment of the media content in the playing process of the media content, and if not, the playing of the media content is stopped. The content provider related to the present invention may be an original provider of content, for example, a movie company is responsible for shooting a movie, the movie company is the original provider of content, the movie company may have special requirements on the playing environment of the movie shot by the movie company, for example, the movie needs to be played on a smart television but cannot be played on a smart phone, the movie company may embed a digital watermark carrying information on the restriction requirement on the playing environment in the movie, the movie is provided to a user after the operator purchases the operation right of the movie, and when the user watches the movie, the user can decrypt and play the movie in addition to meeting the DRM requirement of the operator on the movie and also meeting the requirement of the movie company on the playing environment.
< third embodiment >
Referring to fig. 4, a digital rights management method, a DRM client 100, and a DRM server 200 according to a third embodiment of the present invention are described. The third embodiment adds a digital watermarking function to the first embodiment, specifically:
the DRM rights of the DRM client to the media content comprise the step that when the media content is played, a digital watermark used for tracking the media content must be embedded, and a content authorization execution unit template corresponding to the media content contains a scheduling digital watermark execution unit.
The content authorization execution unit 104 runs in the DRM client running environment, and notifies the DRM client 100 that the digital watermark execution unit needs to be started, the execution unit obtaining module 204 requests the DRM server 200 for the digital watermark unit corresponding to the media content according to the notification, where the request for the digital watermark unit may include the identifier of the media content and the basic information of the DRM client 100.
After the DRM server 200 receives the request of the DRM client 100 for the digital watermark execution unit corresponding to the media content, the execution unit generation module 204 searches for the digital watermark unit template corresponding to the media content according to the identifier of the media content and generates the digital watermark execution unit according to the digital watermark unit template corresponding to the media content, the execution unit signature module 210 signs the digital watermark execution unit, and the execution unit issuing module 209 issues the signed digital watermark execution unit 105 to the DRM client 100.
After receiving the digital watermark execution unit 105, the DRM client 100 first verifies the signature of the digital watermark execution unit 105 by the execution unit signature verification module 109, and after the verification is passed, the digital watermark execution unit 105 is operated in the DRM client operation environment, and the digital watermark execution unit 105 embeds the digital watermark for tracking the media content in the playing process of the media content.
In other embodiments, when the content authorization execution unit 104 notifies the DRM client 100 that the digital watermark execution unit needs to be started, the notification may include basic information of the digital watermark execution unit. The basic information of the digital watermark unit in the invention at least comprises the ID of the digital watermark execution unit, and further can also comprise the information such as the version number of the digital watermark. In this case, when the execution unit obtaining module 108 requests the DRM server 200 for the digital watermarking unit corresponding to the media content, the request for the digital watermarking unit may include the basic information of the digital watermarking unit and the basic information of the DRM client 100. After the DRM server 200 receives the request of the DRM client 100 for the digital watermark execution unit corresponding to the media content, the execution unit generation module 204 finds out the digital watermark execution unit template according to the basic information of the digital watermark unit, and generates the digital watermark execution unit according to the found digital watermark execution unit template.
< fourth embodiment >,
referring to fig. 5, a digital rights management method, a DRM client 100, and a DRM server 200 according to a fourth embodiment of the present invention are described. The DRM client 100 includes a media application interface 1001, an execution unit schedule management module 1002, an execution unit engine 1006, and a terminal operating system adaptation module 1007. The DRM server 200 includes an operation support interface 2005, a key management interface 2006, a DRM message scheduling module 2001, a DRM message processing module 2002, an execution unit generation module 2004, and an execution unit template management module 2003.
S201, the DRM client 100 receives a call request of a media application of a terminal device through the media application interface 101, and obtains basic information of media content to be played. The basic information of the media content should at least include the unique identifier of the media content, and further may include other information such as the file name, size, duration, and corresponding DRM version number of the media content.
S202, the execution unit scheduling management module 1002 queries whether there is an available communication execution unit 1003 according to the identifier of the media content and/or the DRM version number corresponding to the media content, and if so, schedules the DRM execution unit engine 1006 to run the communication execution unit 1003.
S203, the communication executing unit 1003 sends a DRM authorization request to the DRM server 200, where the DRM authorization request at least includes an identifier of the media content and basic information of the DRM client 100, and further may include DRM version number information corresponding to the media content. The basic information of the DRM client 100 should include at least an ID of the DRM client 100 and may further include address information, version number, certificate, and the like of the DRM client 100.
S204, after receiving the DRM authorization request, the DRM message scheduling module 2001 of the DRM server 200 invokes a certain DRM message processing module 2002 to process the DRM authorization request according to the operation condition of the DRM server 200.
S205, the DRM message processing module 2002 queries an encryption algorithm and a content encryption key corresponding to the media content from the key management system through the key management interface 2006 according to the identifier of the media content; querying DRM rights of the DRM client 100 for the media content from the operation support system according to the identification of the media content and the basic information of the DRM client 100 through the operation support interface 2005; the corresponding content authorization execution unit template is queried from the DRM execution unit template management module 2003 based on the identification of the media content.
S206: the DRM message processing module 2002 sends the identifier of the media content, the content encryption algorithm and the content encryption key used by the media content, the basic information of the DRM client 100, the DRM authority of the DRM client 100 on the media content, and the found content authorization execution unit template to the DRM execution unit generation module 2004.
S207, the DRM execution unit generation module 2004 generates a corresponding content authorization execution unit according to the found content authorization execution unit template, the identifier of the media content, the content encryption algorithm and the content encryption key used by the media content, the basic information of the DRM client 100, and the DRM authority of the DRM client 100 on the media content.
S208, the DRM message processing module 2002 signs the generated content authorization execution unit, and sends the signed content authorization execution unit to the DRM client 100.
S209, the DRM client receives the content authorization execution unit 1004 through the communication execution unit 1003, and the communication execution unit 1003 notifies the execution unit to schedule the management module 1002 after receiving the content authorization execution unit.
S210, the execution unit scheduling management module 1002 checks the validity of the signature of the content authorization unit 1004, and schedules the content authorization unit 1004 to the execution unit engine 1006 to run after the check is passed;
s211 and the content authorization executing unit 1004 will determine whether the operating environment of the verification terminal conforms to the DRM authority of the DRM client 100 on the media content, and if so, decrypt the content encryption key to obtain the content key, decrypt the media content according to the content key and the content encryption algorithm, and control playing.
In step S202, if the execution unit scheduling management module 1002 does not find the corresponding communication execution unit, the execution unit scheduling management module 1002 requests the DRM server 200 for the communication execution unit, and after receiving the request, the DRM server 200 queries a communication execution unit template, generates and signs a communication execution unit according to the communication execution unit template according to the basic information of the DRM client, and sends the signed communication execution unit to the DRM client 100. After the DRM client 100 obtains the communication execution unit, the execution unit scheduling management module 1002 first verifies the validity of the signature of the communication execution unit, stores the communication execution unit after the verification is successful, and operates the communication execution unit through the execution unit engine to interact with the DRM server 200 to obtain other execution units such as a content authorization execution unit.
As can be seen from fig. 5, the DRM client 100 further includes a digital watermark execution unit 1005, the principle and function of the digital watermark execution unit 1005 may be similar to those of the second and third embodiments, a content authorization execution unit template corresponding to the media content includes a step of scheduling a digital watermark execution unit, the DRM client 100 generates a request for the digital watermark execution unit according to the operation of the content authorization execution unit 1004, the DRM server 200 searches the digital watermark unit template corresponding to the media content and generates the digital watermark execution unit 1005 according to the template, and issues the digital watermark execution unit 1005 to the DRM client 100.
The execution unit scheduling management module 1002 is responsible for scheduling and managing downloading, verification, installation, update, query, execution and termination of the execution unit, and the execution unit scheduling management module 1002 performs loading operation of the execution unit by starting the execution unit engine 1006.
Referring to the above embodiments, the present invention also provides a terminal device having the above DRM client, and a DRM server having the above DRM server.
Referring to fig. 6, a terminal device 1 provided in an embodiment of the present invention is described, which includes a memory 3020 and a processor 3010, where the memory 3020 is configured to store instructions for controlling the processor 3010 to perform corresponding operations to implement the method for digital rights management of media content according to the present invention.
The terminal apparatus 1 further includes an interface device 3030, a communication device 3040, a display device 3050, an input device 3060, a speaker 3070, a microphone 3080, and the like.
The processor 3010 may be, for example, a central processing unit CPU, a microprocessor MCU, or the like. The memory 3020 includes, for example, a ROM (read only memory), a RAM (random access memory), a nonvolatile memory such as a hard disk, and the like. The interface device 3030 includes, for example, a USB interface, a headphone interface, and the like. The communication device 3040 can perform wired or wireless communication, for example. The display device 3050 is, for example, a liquid crystal display panel, a touch panel, or the like. The input device 3060 may include, for example, a touch screen, a keyboard, and the like. A user can input/output voice information through the speaker 3070 and the microphone 3080.
The terminal device shown in fig. 6 is merely illustrative and is in no way intended to limit the present invention, its application, or uses. It will be appreciated by those skilled in the art that although a plurality of devices are shown in fig. 6, the present invention may relate to only some of the devices therein. Those skilled in the art can design instructions according to the disclosed aspects, and how the instructions control the operation of the processor is well known in the art, and therefore, will not be described in detail herein.
The invention changes the mode of content authorization through the content authorization license, the DRM client requests the DRM server for the DRM authorization of the media content after receiving the call request of the media application, the DRM server generates a content authorization execution unit according to the encryption algorithm and the content encryption key of the media content, the DRM authority of the DRM client to the media content and the like and sends the content authorization execution unit to the DRM client, and the DRM client directly operates the content authorization execution unit in the operation environment of the DRM client to realize the decryption of the media content.
In the technical scheme of the invention, the execution unit generated by the DRM server can be directly executed in the running environment of the DRM client after being sent to the DRM client, so that a personalized content encryption algorithm, an authorization rule and the like can be set for a certain media content, and only a corresponding execution unit template needs to be provided at the DRM server.
The technical scheme of the invention can be used for frequently upgrading or replacing the content encryption algorithm, is particularly suitable for protecting ultra-high definition content, and avoids the problem of frequently upgrading the DRM client.
By utilizing the technical scheme of the invention, a new DRM function or a new authorization rule can be added, only a corresponding execution unit template needs to be provided at the DRM server, and meanwhile, the DRM client and the DRM server do not need to be integrally upgraded, thereby being beneficial to commercial operation.
It can be seen that, by using the technical scheme of the invention, the media content can be flexibly managed and protected, so that the security of the media content is higher.
The DRM client can run in a terminal trusted execution environment, and under the condition of being based on the trusted execution environment, the updating of the content protection algorithm and the like only needs the DRM server to generate different execution units and send the different execution units to the DRM client for running, so that the normal use of the functions of other non-DRM clients in the trusted execution environment can not be influenced.
The DRM client runs the execution unit in the DRM client running environment, the authorization of the media content is realized through the running of the execution unit, and the execution unit is issued by the DRM client, so that the condition that the DRM client does not decrypt and play the content according to the requirements of permission and limiting conditions is avoided, and the defects and disadvantages caused by the existing mode of analyzing the content authorization license are overcome.
The present invention may be a system, method and/or computer program product. The computer program product may include a computer-readable storage medium having computer-readable program instructions embodied therewith for causing a processor to implement various aspects of the present invention.
The computer readable storage medium may be a tangible device that can hold and store the instructions for use by the instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic memory device, a magnetic memory device, an optical memory device, an electromagnetic memory device, a semiconductor memory device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a Static Random Access Memory (SRAM), a portable compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD), a memory stick, a floppy disk, a mechanical coding device, such as punch cards or in-groove projection structures having instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media as used herein is not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission medium (e.g., optical pulses through a fiber optic cable), or electrical signals transmitted through electrical wires.
The computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to a respective computing/processing device, or to an external computer or external storage device via a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. The network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium in the respective computing/processing device.
The computer program instructions for carrying out operations of the present invention may be assembler instructions, Instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer-readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, aspects of the present invention are implemented by personalizing an electronic circuit, such as a programmable logic circuit, a Field Programmable Gate Array (FPGA), or a Programmable Logic Array (PLA), with state information of computer-readable program instructions, which can execute the computer-readable program instructions.
Aspects of the present invention are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.
These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer-readable program instructions may also be stored in a computer-readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer-readable medium storing the instructions comprises an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. It is well known to those skilled in the art that implementation by hardware, by software, and by a combination of software and hardware are equivalent.
Having described embodiments of the present invention, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terms used herein were chosen in order to best explain the principles of the embodiments, the practical application, or technical improvements to the techniques in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein. The scope of the invention is defined by the appended claims.
Claims (34)
1. A DRM method for media content, implemented in a terminal device equipped with a DRM client, comprising the steps of:
step 1: the DRM client receives a calling request of the media application of the terminal equipment and acquires a unique identifier of the media content to be played from the calling request;
step 2: the DRM client sends a DRM authorization request to a DRM server to acquire a content authorization execution unit, wherein the DRM authorization request comprises the identification of the media content and the basic information of the DRM client;
the content authorization execution unit is generated by the DRM server according to the identification of the media content, the content encryption algorithm and the content encryption key adopted by the media content, the basic information of the DRM client and the DRM authority of the DRM client to the media content, wherein the DRM server inquires and obtains the content encryption algorithm and the content encryption key adopted by the media content and the DRM authority of the DRM client to the media content according to the DRM authorization request;
and step 3: the DRM client runs the content authorization execution unit in a DRM client running environment, verifies whether a terminal running environment accords with DRM authority of the DRM client to the media content through the content authorization execution unit, and decrypts the media content according to the content encryption algorithm and the content encryption key if the terminal running environment accords with the DRM authority of the DRM client to the media content;
the DRM rights of the DRM client to the media content comprise digital watermark rights;
the content authorization execution unit informs the DRM client to operate a digital watermark execution unit, and the DRM client operates the digital watermark execution unit in the DRM client operation environment so as to execute the digital watermark right;
the digital watermark execution unit is obtained by the DRM client side requesting the digital watermark execution unit corresponding to the media content from the DRM server side according to the notice.
2. The method according to claim 1, wherein the content authorization execution unit is signed by the DRM server and then issued to the DRM client;
and after the DRM client acquires the content authorization execution unit, checking the signature of the content authorization execution unit, and operating the content authorization execution unit after the check is passed.
3. The method according to claim 1, wherein in step 2, the DRM client runs a communication execution unit in a DRM client running environment, and the DRM authorization request is sent to the DRM server through the communication execution unit.
4. The method according to claim 3, characterized in that between the step 1 and the step 2, the method further comprises the step of acquiring the communication execution unit: the DRM client sends a request for a communication execution unit to the DRM server to acquire the communication execution unit, wherein the request for the communication execution unit comprises basic information of the DRM client;
the communication execution unit is generated by the DRM server according to the basic information of the DRM client.
5. The method according to claim 4, wherein the communication execution unit is signed by the DRM server and then issued to the DRM client;
and after the DRM client side acquires the communication execution unit, checking the signature of the communication execution unit, and operating the communication execution unit after the check is passed.
6. The method of claim 1, wherein the digital watermark authority includes a digital watermark that must be verified when the media content is played;
the DRM client operates the digital watermark execution unit in the DRM client operation environment, and comprises the following steps: and verifying the digital watermark embedded in the media content in the playing process of the media content through the digital watermark executing unit, and stopping playing the media content if the verification is not passed.
7. The method of claim 6, wherein the digital watermark of the media content contains information required by a content provider of the media content to limit a playback environment of the media content;
and the digital watermark execution unit judges whether the terminal operating environment meets the limit requirement of a content provider of the media content on the playing environment of the media content in the playing process of the media content, and stops playing the media content if the terminal operating environment does not meet the limit requirement.
8. The method of claim 1, wherein the digital watermark right comprises that a digital watermark for tracking the media content must be embedded when the media content is played;
the DRM client operates the digital watermark execution unit in the DRM client operation environment, and comprises the following steps: and embedding a digital watermark for tracking the media content in the playing process of the media content through the digital watermark executing unit.
9. The method according to any one of claims 6 to 8, wherein the digital watermark execution unit is signed by the DRM server and then issued to the DRM client;
and after the DRM client side acquires the digital watermark execution unit, checking the signature of the digital watermark execution unit, and operating the digital watermark execution unit after the check is passed.
10. The method of claim 1, wherein the DRM client runtime environment comprises an execution unit engine and a terminal operating system adaptation module;
and the DRM client runs an execution unit through the execution unit engine and adapts the execution unit engine to the terminal operating system through the terminal operating system adapting module.
11. The method of claim 10, wherein the EU engine provides a memory management interface, an external memory management interface, a network management interface, a cryptographic interface, a playback control interface, and an output control interface for execution of the EU;
and the DRM client adapts the memory management interface, the external storage management interface, the network management interface, the cryptographic algorithm interface, the play control interface and the output control interface of the execution unit engine to corresponding interfaces of a terminal operating system through the terminal operating system adaptation module.
12. The method of claim 10, wherein the DRM client runtime environment further comprises an execution unit schedule management module;
and the DRM client schedules and manages each execution unit through the execution unit scheduling management module, and comprises the steps of scheduling the execution unit to the execution unit engine for running, and adding, deleting and updating the execution unit.
13. A DRM method for media content, which is implemented in a DRM server, is characterized by comprising the following steps:
step 1: the DRM server side receives a DRM authorization request sent by a DRM client side, wherein the DRM authorization request comprises the unique identifier of the media content and the basic information of the DRM client side;
step 2: the DRM server side inquires and obtains a content encryption algorithm and a content encryption key adopted by the media content and DRM rights of the DRM client side to the media content according to the DRM authorization request;
and step 3: the DRM server generates a content authorization execution unit according to the identification of the media content, a content encryption algorithm and a content encryption key adopted by the media content, the basic information of the DRM client and the DRM authority of the DRM client to the media content; the content authorization execution unit is configured to run in a DRM client running environment to verify whether a terminal running environment of a terminal device where a DRM client is located accords with DRM authority of the DRM client to the media content, and if so, the media content is decrypted according to the content encryption algorithm and a content encryption key;
and 4, step 4: the DRM server side issues the generated content authorization execution unit to the DRM client side;
the DRM rights of the DRM client to the media content comprise digital watermark rights;
the DRM server receives a request of the DRM client for a digital watermark execution unit corresponding to the media content and generates a digital watermark execution unit; the request of the DRM client to the digital watermark execution unit corresponding to the media content is generated by the DRM client according to the step of scheduling the digital watermark execution unit by the content authorization execution unit;
and the DRM server side issues the generated digital watermark execution unit to the DRM client side.
14. The method as claimed in claim 13, further comprising a step of signing the generated content authorization execution unit by the DRM service end between the step 3 and the step 4.
15. The method according to claim 13, wherein, in the step 3,
the DRM server searches a content authorization execution unit template corresponding to the media content according to the identifier of the media content or a content encryption algorithm adopted by the media content; alternatively, the first and second electrodes may be,
the DRM authorization request also comprises a DRM version number corresponding to the media content, and the DRM server searches a content authorization execution unit template corresponding to the media content according to the DRM version number corresponding to the media content;
and the DRM server generates the content authorization execution unit according to the content authorization execution unit template obtained by searching.
16. The method according to claim 15, wherein the content authorization execution unit template corresponding to the media content comprises a step of scheduling digital watermark execution units;
and the DRM server searches a digital watermark unit template corresponding to the media content according to the identifier of the media content and generates a digital watermark execution unit according to the digital watermark unit template obtained by searching.
17. The method according to claim 13, wherein in step 2, the DRM server queries an encryption algorithm and a content encryption key used for obtaining the media content from a key management system according to the identifier of the media content.
18. The method according to claim 13, wherein in step 2, the DRM server obtains the DRM rights of the DRM client to the media content from an operation support system query according to the identification of the media content and the basic information of the DRM client.
19. A Digital Rights Management (DRM) client is arranged in terminal equipment provided with an intelligent operating system and is characterized in that the DRM client comprises a media application interface, an execution unit acquisition module, a content authorization execution unit and a digital watermark execution unit;
the media application interface is used for receiving a calling request of the media application of the terminal equipment and acquiring a unique identifier of the media content to be played;
the execution unit acquisition module is used for sending a DRM authorization request to a DRM server to acquire the content authorization execution unit, wherein the DRM authorization request comprises the identification of the media content and the basic information of the DRM client;
the content authorization execution unit is used for verifying whether the terminal operating environment accords with the DRM authority of the DRM client to the media content, and if so, decrypting the media content according to a content encryption algorithm and a content encryption key;
the content authorization execution unit is generated by the DRM server according to the identification of the media content, the content encryption algorithm and the content encryption key adopted by the media content, the basic information of the DRM client and the DRM authority of the DRM client to the media content, wherein the DRM server inquires and obtains the content encryption algorithm and the content encryption key adopted by the media content and the DRM authority of the DRM client to the media content according to the DRM authorization request;
the DRM rights of the DRM client to the media content comprise digital watermark rights;
the content authorization execution unit is further configured to notify the execution unit acquisition module to acquire the digital watermark execution unit;
the execution unit acquisition module is further configured to request the DRM server for a digital watermark execution unit corresponding to the media content according to the notification;
and the digital watermark execution unit is used for executing the digital watermark authority.
20. The DRM client of claim 19 further comprising an enforcement unit signature verification module configured to verify a signature of the content authorization enforcement unit.
21. The DRM client of claim 19, wherein the digital watermarking right comprises a digital watermark that must be verified when the media content is played;
the digital watermark execution unit is used for verifying the digital watermark embedded in the media content in the playing process of the media content, and stopping playing the media content if the verification is not passed.
22. The DRM client according to claim 21, wherein the digital watermark of the media content contains information required by a content provider of the media content to limit a playback environment of the media content;
and the digital watermark execution unit is also used for judging whether the terminal operating environment meets the limit requirement of a content provider of the media content on the playing environment of the media content in the playing process of the media content, and if not, stopping playing the media content.
23. The DRM client of claim 19, wherein the digital watermarking right comprises embedding a digital watermark for tracking the media content when the media content is played;
the digital watermark execution unit is used for embedding the digital watermark for tracking the media content in the playing process of the media content.
24. The DRM client according to any of claims 19-23, further comprising an execution unit engine and a terminal operating system adaptation module;
the execution unit engine is used for operating the execution unit;
and the terminal operating system adapting module is used for adapting the execution unit engine to a terminal operating system.
25. The DRM client according to claim 24, wherein the execution unit engine is configured to provide a memory management interface, an external storage management interface, a network management interface, a cryptographic algorithm interface, a playback control interface, and an output control interface for execution of the execution unit;
and the terminal operating system adapting module is used for adapting a memory management interface, an external storage management interface, a network management interface, a cryptographic algorithm interface, a play control interface and an output control interface of the execution unit engine to corresponding interfaces of a terminal operating system.
26. The DRM client of claim 24, further comprising an execution unit schedule management module;
the execution unit scheduling management module is used for scheduling and managing each execution unit, and comprises the steps of scheduling the execution unit to the execution unit engine for running, and adding, deleting and updating the execution unit.
27. A Digital Rights Management (DRM) server is characterized by comprising a DRM message receiving module, a media content related DRM information acquisition module, an execution unit generation module and an execution unit issuing module;
the DRM message receiving module is used for receiving a DRM authorization request sent by a DRM client, and the DRM authorization request contains the unique identifier of the media content and the basic information of the DRM client;
the DRM information acquisition module related to the media content is used for inquiring and acquiring a content encryption algorithm and a content encryption key adopted by the media content and DRM authority of the DRM client to the media content according to the DRM authorization request;
the execution unit generation module is used for generating a content authorization execution unit according to the identifier of the media content, a content encryption algorithm and a content encryption key adopted by the media content, the basic information of the DRM client and the DRM authority of the DRM client to the media content and a content authorization execution unit template corresponding to the media content; the content authorization execution unit is configured to run in a DRM client running environment to verify whether a terminal running environment of a terminal device where a DRM client is located accords with DRM authority of the DRM client to the media content, and if so, the media content is decrypted according to the content encryption algorithm and a content encryption key;
the execution unit issuing module is used for issuing the content authorization execution unit to the DRM client;
the content authorization execution unit template corresponding to the media content comprises a step of scheduling a digital watermark execution unit;
the DRM message receiving module is further used for receiving a request of the DRM client to a digital watermark execution unit corresponding to the media content; the request of the DRM client to the digital watermark execution unit corresponding to the media content is generated by the DRM client according to the step of scheduling the digital watermark execution unit by the content authorization execution unit;
the execution unit generation module is further configured to generate a digital watermark execution unit according to the digital watermark unit template corresponding to the media content.
28. The DRM server according to claim 27, wherein the DRM server further comprises an execution unit signature module; the execution unit signature module is used for signing the content authorization execution unit before the execution unit issuing module issues the content authorization execution unit.
29. The DRM server according to claim 27, wherein the DRM server further comprises an execution unit template management module, configured to manage the content authorization execution unit template, including adding, updating, and deleting the content authorization execution unit template.
30. The DRM server according to claim 27, wherein the DRM server further comprises a key management interface;
and the media content DRM information acquisition module is used for communicating with a key management system through the key management interface and inquiring from the key management system according to the identifier of the media content to acquire the encryption algorithm and the content encryption key adopted by the media content.
31. The DRM server according to claim 27, wherein the DRM server further comprises an operation support interface;
the media content DRM information acquisition module is further configured to communicate with an operation support system through the operation support interface, and obtain a DRM right of the media content by the DRM client from an operation support system query according to the identifier of the media content and the basic information of the DRM client.
32. A terminal device, characterized in that it comprises a DRM client according to any of claims 19-26.
33. The terminal device of claim 32, wherein the DRM client runs in a smart operating system of the terminal device or in a trusted execution environment of the terminal device.
34. A digital rights management DRM server comprising a DRM server according to any of claims 27-31.
Priority Applications (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610185037.5A CN107241620B (en) | 2016-03-29 | 2016-03-29 | Digital rights management method of media content, DRM client and server |
| SG11201808404PA SG11201808404PA (en) | 2016-03-29 | 2017-03-21 | Digital rights management method of media content, drm client and server side |
| EA201891890A EA035157B1 (en) | 2016-03-29 | 2017-03-21 | Digital rights management method for media content, drm client and serving end |
| PCT/CN2017/077552 WO2017167077A1 (en) | 2016-03-29 | 2017-03-21 | Digital rights management method for media content, drm client and serving end |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610185037.5A CN107241620B (en) | 2016-03-29 | 2016-03-29 | Digital rights management method of media content, DRM client and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107241620A CN107241620A (en) | 2017-10-10 |
| CN107241620B true CN107241620B (en) | 2020-03-24 |
Family
ID=59963453
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610185037.5A Active CN107241620B (en) | 2016-03-29 | 2016-03-29 | Digital rights management method of media content, DRM client and server |
Country Status (4)
| Country | Link |
|---|---|
| CN (1) | CN107241620B (en) |
| EA (1) | EA035157B1 (en) |
| SG (1) | SG11201808404PA (en) |
| WO (1) | WO2017167077A1 (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110348177B (en) * | 2018-04-03 | 2022-06-07 | 福建省天奕网络科技有限公司 | Copyright protection method and system for media file |
| CN109168085B (en) * | 2018-08-08 | 2021-01-08 | 瑞芯微电子股份有限公司 | Hardware protection method for video stream of equipment client |
| CN110875820A (en) * | 2018-09-03 | 2020-03-10 | 国家广播电视总局广播电视科学研究院 | Management method and system for multimedia content protection key and key agent device |
| CN109325363A (en) * | 2018-09-26 | 2019-02-12 | 平安普惠企业管理有限公司 | Management method, device, computer equipment and the storage medium of authority information |
| CN111435384B (en) * | 2019-01-14 | 2022-08-19 | 阿里巴巴集团控股有限公司 | Data security processing and data tracing method, device and equipment |
| US20200242213A1 (en) * | 2019-01-28 | 2020-07-30 | Blackberry Limited | Method and system for digital rights management |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1873652A (en) * | 2005-06-01 | 2006-12-06 | 富士施乐株式会社 | Device and method for protecting digit content, and device and method for processing protected digit content |
| CN101350918A (en) * | 2008-09-05 | 2009-01-21 | 清华大学 | Method for protecting copyright of video content |
| CN101719205A (en) * | 2009-12-25 | 2010-06-02 | 国家广播电影电视总局电影数字节目管理中心 | Digital copyright management method and system |
| CN103841469A (en) * | 2014-03-19 | 2014-06-04 | 国家广播电影电视总局电影数字节目管理中心 | Digital film copyright protection method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050066353A1 (en) * | 2003-09-18 | 2005-03-24 | Robert Fransdonk | Method and system to monitor delivery of content to a content destination |
-
2016
- 2016-03-29 CN CN201610185037.5A patent/CN107241620B/en active Active
-
2017
- 2017-03-21 EA EA201891890A patent/EA035157B1/en unknown
- 2017-03-21 WO PCT/CN2017/077552 patent/WO2017167077A1/en active Application Filing
- 2017-03-21 SG SG11201808404PA patent/SG11201808404PA/en unknown
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1873652A (en) * | 2005-06-01 | 2006-12-06 | 富士施乐株式会社 | Device and method for protecting digit content, and device and method for processing protected digit content |
| CN101350918A (en) * | 2008-09-05 | 2009-01-21 | 清华大学 | Method for protecting copyright of video content |
| CN101719205A (en) * | 2009-12-25 | 2010-06-02 | 国家广播电影电视总局电影数字节目管理中心 | Digital copyright management method and system |
| CN103841469A (en) * | 2014-03-19 | 2014-06-04 | 国家广播电影电视总局电影数字节目管理中心 | Digital film copyright protection method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107241620A (en) | 2017-10-10 |
| SG11201808404PA (en) | 2018-10-30 |
| EA201891890A1 (en) | 2019-03-29 |
| WO2017167077A1 (en) | 2017-10-05 |
| EA035157B1 (en) | 2020-05-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107241620B (en) | Digital rights management method of media content, DRM client and server | |
| CN109214168B (en) | Firmware upgrading method and device | |
| US8671452B2 (en) | Apparatus and method for moving rights object from one device to another device via server | |
| JP5314016B2 (en) | Information processing apparatus, encryption key management method, computer program, and integrated circuit | |
| EP2628125B1 (en) | Method and apparatus for downloading drm module | |
| KR20200131889A (en) | System and method for processing content item operation based on anti-corruption device identifier | |
| CN110611657A (en) | File stream processing method, device and system based on block chain | |
| US8638935B2 (en) | System and method for key space division and sub-key derivation for mixed media digital rights management content | |
| CN106845160A (en) | A kind of digital copyright management for intelligent operating system(DRM)Method and system | |
| EP2345000A1 (en) | Technique for content management using group rights | |
| CN109358859B (en) | Method, device and storage medium for installing intelligent contract in block chain network | |
| US20180067777A1 (en) | Application protection method, server, and terminal | |
| WO2015045172A1 (en) | Information processing device and information processing method | |
| CN108881122B (en) | APP information verification method and device | |
| US8850602B2 (en) | Method for protecting application and method for executing application using the same | |
| CN111143788B (en) | License processing method, electronic device, and storage medium | |
| CN112528239B (en) | Method and device for automatic authorization of software | |
| CN107463808B (en) | Method for calling functional module integrated in operating system | |
| CN110602075A (en) | File stream processing method, device and system for encryption access control | |
| CN109614114B (en) | License file acquisition method and device, readable storage medium and electronic equipment | |
| CN108900871B (en) | Video copyright management method and system | |
| CN107392589B (en) | Android system intelligent POS system, security verification method and storage medium | |
| CN110875820A (en) | Management method and system for multimedia content protection key and key agent device | |
| JP2021118444A (en) | Information processing device, information processing method, and program | |
| CN111723344B (en) | Digital content protection method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100866 Fuxing door street, Xicheng District, Xicheng District, Beijing Applicant after: Research Institute of Radio and Television Science, State Administration of Radio and Television Address before: 100866 Fuxing door street, Xicheng District, Xicheng District, Beijing Applicant before: National news publishes broadcast research institute of General Bureau of Radio, Film and Television |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |