CN112242994B

CN112242994B - Method for checking position between entities and digital content protection system

Info

Publication number: CN112242994B
Application number: CN202010930616.4A
Authority: CN
Inventors: 高明; 杨浩然; 石颖; 赵海阔; 葛建华; 岳安军; 张沉思
Original assignee: Shenzhen National Engineering Laboratory Of Digital Television Co ltd
Current assignee: Shenzhen National Engineering Laboratory of Digital Television Co.,Ltd.
Priority date: 2020-09-07
Filing date: 2020-09-07
Publication date: 2021-10-08
Anticipated expiration: 2040-09-07
Also published as: CN112242994A

Abstract

The invention discloses a method for checking the position between entities and a digital content protection system; the method comprises the following steps: the initiating terminal calculates a first message authentication code based on the maintained sequence number, intercepts first position checking information from the code, and sends the first position checking information and the sequence number to the responding terminal to start countdown; the response terminal calculates a second message authentication code in advance based on the maintained sequence number, and selects: whether to intercept the second position checking information from the second message authentication code and return the second position checking information to the initiating terminal and whether to update the sequence number and the second message authentication code; when the initiating terminal receives the second position checking information before the countdown is finished, determining a position checking result based on the second position checking information; if not, if the serial number does not reach the upper limit, the next position check is carried out, and if the serial number reaches the upper limit, the position check is finished. The invention can effectively reduce the communication overhead caused by position check among entities in the digital content protection system.

Description

Method for checking position between entities and digital content protection system

Technical Field

The invention belongs to the technical field of information security, and particularly relates to a method for checking positions among entities and a digital content protection system.

Background

The digitalization of multimedia contents and the popularization of consumer digital electronic terminals enable users to conveniently obtain and spread digital contents, so that the digital contents are easily pirated when being transmitted between entities, and great damage is caused to the interests of copyright owners of the digital contents. Among them, the so-called entities are electronic devices with digital interfaces and electronic devices capable of receiving, decoding and playing digital contents; digital interfaces such as HDMI (High Definition Multimedia Interface), DVI (Digital Visual Interface), and IEEE 1394-one 1995, etc.

In order to prevent Digital Content from being illegally copied, intercepted, and tampered during Transmission between entities, the HDCP (High-bandwidth Digital Content Protection System) standard and the DTCP (Digital Transmission Content Protection) standard are widely used in Digital Content Protection systems. In this digital content protection system, an entity authentication process is indispensable. The authentication process includes: authentication and key agreement, location checking and key exchange. The position check is completed after the authentication and the key negotiation, belongs to a part of a content control function, and is mainly used for controlling a responder of an authentication protocol within a certain distance range and coacting with a hierarchical control function to limit the final responder of the digital content within a certain range from a source end, so that the locality of the digital content is ensured.

The location checking scheme of the HDCP standard includes two types: a position checking scheme requires a responder to respond to a random number by using a shared secret key within a certain time, and the waiting time set by an initiator contains the time for the responder to calculate a message authentication code, so that the efficiency is low, and more unreliable factors are easily introduced due to overlong waiting time; another position checking scheme requires that a responder calculates a response of a random number sent by an initiator by using a shared key in advance, then informs the initiator of completion of calculation, and then the responder returns the value which is already calculated within a certain time, and the whole position checking process needs 4 rounds of message receiving and sending, so that the communication overhead is large. The location checking process of the DTCP standard also requires that the responder returns a value pre-calculated by using the shared key within a certain time to complete location checking, and the whole location checking process needs 6 rounds of message receiving and sending to complete the location checking process, which seriously prolongs the location checking process and increases the communication overhead of the initiator and the responder. Therefore, the prior art has no feasible solution for reducing the communication overhead caused by the location check between the entities in the digital content protection system.

Disclosure of Invention

In order to effectively reduce communication overhead caused by position checking among entities in a digital content protection system, the invention provides a method and a system for checking the position among the entities in the digital content protection system.

The technical problem to be solved by the invention is realized by the following technical scheme:

in a first aspect, the present invention provides a method for checking a location between entities, where the entities include an initiating end and a responding end of digital content in a digital content protection system; the initiating terminal and the responding terminal respectively maintain a serial number, and the initial values of the serial numbers maintained by the initiating terminal and the responding terminal are equal; the method comprises the following steps:

the initiating terminal calculates a first message authentication code based on the maintained sequence number; intercepting first location check information from the first message authentication code; sending the first position checking information and the currently maintained serial number to the response end; at the same time, updating the maintained serial number and starting to count down;

the response terminal calculates a second message authentication code for standby on the basis of the maintained sequence number in advance; when receiving the first location check information and the sequence number from the initiating terminal, selecting, based on the sequence number and the first location check information: whether to intercept second location check information from the second message authentication code and return the second location check information to the initiating terminal, and whether to update the maintained sequence number and the second message authentication code;

the initiating terminal determines the position checking result based on the second position checking information and the first message authentication code when receiving the second position checking information before the countdown is finished; and when the second position checking information is not received when the countdown is finished, if the currently maintained sequence number does not reach the upper limit, returning to the step of calculating the first message authentication code based on the maintained sequence number, carrying out the next position checking, and if the currently maintained sequence number reaches the upper limit, finishing the position checking.

In an optional implementation manner, the duration required by the response end to calculate the second message authentication code is not less than the countdown duration;

when receiving the first location check information and the sequence number from the originating terminal, the responding terminal selects whether to intercept the second location check information from the second message authentication code and return the second location check information to the originating terminal based on the sequence number and the first location check information, including:

when receiving the first location check information and the sequence number sent by the initiator, determining whether the sequence number used when the second message authentication code is calculated in advance is consistent with the sequence number sent by the initiator;

if not, not intercepting second position checking information from the second message authentication code and returning the second position checking information to the initiating terminal;

if so, further determining whether the first location check information matches the second message authentication code; if the first message authentication code is matched with the second message authentication code, intercepting second position checking information from the second message authentication code and returning the second position checking information to the initiating terminal, and if the first message authentication code is not matched with the second message authentication code, not intercepting the second position checking information from the second message authentication code and returning the second position checking information to the initiating terminal.

In an optional implementation manner, when receiving the first location check information and the sequence number sent by the initiating terminal, the responding terminal selects whether to update the maintained sequence number and the second message authentication code based on the sequence number and the first location check information, including:

upon receiving the first location check information and the sequence number from the originating terminal,

in response to the fact that the sequence number used when the second message authentication code is calculated in advance is not consistent with the sequence number sent by the initiating terminal, the maintained sequence number is updated based on the sequence number sent by the initiating terminal, and the second message authentication code is recalculated according to the updated sequence number;

responding to the fact that the sequence number used when the second message authentication code is calculated in advance is consistent with the sequence number sent by the initiating terminal, and the first position checking information does not match the second message authentication code, and not responding;

and in response to that the sequence number used when the second message authentication code is pre-calculated is consistent with the sequence number sent by the initiator and the first location check information matches the second message authentication code, after intercepting the second location check information from the second message authentication code and returning the second location check information to the initiator, updating the maintained sequence number based on the sequence number sent by the initiator, and re-calculating the second message authentication code according to the updated sequence number.

In an optional implementation manner, a time length required for the response end to calculate the second message authentication code is less than the countdown time length;

when receiving the first location check information and the sequence number sent by the initiator, determining whether the sequence number used in calculating the second message authentication code is consistent with the sequence number sent by the initiator;

if so, further determining whether the first location check information matches the pre-computed second message authentication code; if the first message authentication code is matched with the second message authentication code, intercepting second position checking information from the pre-calculated second message authentication code and returning the second position checking information to the initiating terminal; if not, no response is made;

if not, recalculating the second message authentication code based on the sequence number sent by the initiator; determining whether the first location check information matches a recalculated second message authentication code; if the first message authentication code is matched with the second message authentication code, intercepting second position checking information from the recalculated second message authentication code and returning the second position checking information to the initiating terminal; if not, no response is made.

in response to the fact that the sequence number used when the second message authentication code is pre-calculated is consistent with the sequence number sent by the initiating terminal, and the first position checking information matches the pre-calculated second message authentication code, after intercepting the second position checking information from the pre-calculated second message authentication code and returning the second position checking information to the initiating terminal, updating the maintained sequence number based on the sequence number sent by the initiating terminal, and recalculating the second message authentication code according to the updated sequence number;

in response to the fact that the sequence number used when the second message authentication code is calculated in advance is not consistent with the sequence number sent by the initiating terminal, and the first position checking information matches the recalculated second message authentication code, after intercepting the second position checking information from the recalculated second message authentication code and returning the second position checking information to the initiating terminal, updating the maintained sequence number based on the sequence number sent by the initiating terminal, and recalculating the second message authentication code again according to the updated sequence number;

responding to the condition that the sequence number used when the second message authentication code is pre-calculated is consistent with the sequence number sent by the initiating terminal, and the first position checking information does not match the pre-calculated second message authentication code, and not making any response;

responding to the fact that the sequence number used when the second message authentication code is calculated in advance is not consistent with the sequence number sent by the initiating terminal, and the first position checking information does not match the recalculated second message authentication code, and not responding.

In an optional implementation manner, when the originating terminal receives the second location check information before the countdown is finished, determining a location check result based on the second location check information and the first message authentication code, including:

determining whether the second location check information matches the first message authentication code when the second location check information is received before the countdown ends;

if the position is matched with the position, the position is determined to pass the checking;

and if not, determining that the position check does not pass.

In an alternative implementation, the method further comprises:

and the initiating terminal returns to the step of calculating the first message authentication code based on the maintained sequence number when the current position check is determined to be failed, and enters the next position check, and the initiating terminal ends the position check if the current maintained sequence number reaches the upper limit.

In an optional implementation manner, the first message authentication code and the second message authentication code are both 256-bit hash operation based message authentication codes HMACs;

the first location check information is intercepted from the lower 128 bits of the first message authentication code;

the second location check information is intercepted from the upper 128 bits of the second message authentication code;

the determining, by the responder, whether the first location check information matches the second message authentication code includes: determining whether the first location check information is identical to the lower 128 bits of the second message authentication code; if the first location check information is the same as the second location check information, determining that the first location check information is not matched with the second message authentication code;

the determining, by the originating terminal, whether the second location check information matches the first message authentication code, includes: determining whether the second location check information is identical to upper 128 bits of the first message authentication code; and if the first location check information is the same as the second location check information, determining that the second location check information matches the second message authentication code, and if the first location check information is not the same as the second location check information, determining that the second location check information does not match the second message authentication code.

In a second aspect, the present invention provides a digital content protection system comprising: an initiating end and a responding end of the digital content; the initiating terminal and the responding terminal respectively maintain a serial number, and the initial values of the serial numbers maintained by the initiating terminal and the responding terminal are equal; wherein the content of the first and second substances,

the initiating terminal is used for calculating a first message authentication code based on the maintained sequence number; intercepting first location check information from the first message authentication code; sending the first position checking information and the currently maintained serial number to the response end; at the same time, updating the maintained serial number and starting to count down;

the response terminal is used for calculating a second message authentication code for standby based on the maintained sequence number in advance; when receiving the first location check information and the sequence number from the initiating terminal, selecting, based on the sequence number and the first location check information: whether to intercept second location check information from the second message authentication code and return the second location check information to the initiating terminal, and whether to update the maintained sequence number and the second message authentication code;

the initiating terminal is further configured to determine a location check result of this time based on the second location check information and the first message authentication code when the second location check information is received before the countdown is finished; or, when the second location check information is not received when the countdown is finished, if the currently maintained sequence number does not reach the upper limit, returning to the step of calculating the first message authentication code based on the maintained sequence number, performing the next location check, and if the currently maintained sequence number reaches the upper limit, finishing the location check.

In a digital content protection system, a response end calculates the time length required by a second message authentication code to be not less than the countdown time length;

when receiving the first location check information and the sequence number from the initiator, the responder selects whether to intercept the second location check information from the second message authentication code and return the second location check information to the initiator based on the sequence number and the first location check information, including:

when receiving the first position checking information and the sequence number sent by the initiating terminal, determining whether the sequence number used when the second message authentication code is calculated in advance is consistent with the sequence number sent by the initiating terminal;

if not, not intercepting the second position checking information from the second message authentication code and returning the second position checking information to the initiating terminal;

if so, further determining whether the first location check information matches the second message authentication code; if the first message authentication code is matched with the second message authentication code, the first location check information is intercepted from the first message authentication code and returned to the initiating terminal, and if the first message authentication code is not matched with the second message authentication code, the first location check information is not intercepted from the first message authentication code and returned to the initiating terminal.

In a digital content protection system, a responder, upon receiving a first location check message and a sequence number from an initiator, selects whether to update a maintained sequence number and a second message authentication code based on the sequence number and the first location check message, comprising:

responding to the fact that the sequence number used when the second message authentication code is calculated in advance is consistent with the sequence number sent by the initiating terminal, and the first position checking information does not match the second message authentication code, and not making any response;

and in response to that the sequence number used when the second message authentication code is calculated in advance is consistent with the sequence number sent by the initiating terminal and the first position checking information is matched with the second message authentication code, after the second position checking information is intercepted from the second message authentication code and returned to the initiating terminal, updating the maintained sequence number based on the sequence number sent by the initiating terminal and recalculating the second message authentication code according to the updated sequence number.

In a digital content protection system, a response end calculates that the time length required by a second message authentication code is less than the countdown time length;

the responding end, when receiving the first location check information and the sequence number sent by the initiating end, based on the sequence number and the first location check information, selects whether to intercept the second location check information from the second message authentication code and return the second location check information to the initiating end, including:

when receiving the first position checking information and the sequence number sent by the initiating terminal, determining whether the sequence number used when calculating the second message authentication code is consistent with the sequence number sent by the initiating terminal;

if so, further determining whether the first location check information matches a pre-computed second message authentication code; if the first message authentication code is matched with the second message authentication code, intercepting second position checking information from the pre-calculated second message authentication code and returning the second position checking information to the initiating terminal; if not, no response is made;

if not, recalculating the second message authentication code based on the sequence number sent by the initiator; determining whether the first location check information matches the recalculated second message authentication code; if the first message authentication code is matched with the second message authentication code, intercepting second position checking information from the recalculated second message authentication code and returning the second position checking information to the initiating terminal; if not, no response is made.

in response to the fact that the sequence number used when the second message authentication code is calculated in advance is consistent with the sequence number sent by the initiating terminal, and the first position checking information is matched with the second message authentication code calculated in advance, after the second position checking information is intercepted from the second message authentication code calculated in advance and returned to the initiating terminal, the maintained sequence number is updated based on the sequence number sent by the initiating terminal, and the second message authentication code is recalculated according to the updated sequence number;

in response to the fact that the sequence number used when the second message authentication code is calculated in advance is not consistent with the sequence number sent by the initiating terminal, and the first position checking information is matched with the recalculated second message authentication code, after the second position checking information is intercepted from the recalculated second message authentication code and returned to the initiating terminal, the maintained sequence number is updated based on the sequence number sent by the initiating terminal, and the second message authentication code is recalculated according to the updated sequence number;

responding that the sequence number used when the second message authentication code is pre-calculated is consistent with the sequence number sent by the initiating terminal, and the first position checking information does not match the pre-calculated second message authentication code, and not making any response;

and responding to the fact that the sequence number used when the second message authentication code is calculated in advance is not consistent with the sequence number sent by the initiating terminal, and the first position checking information does not match the recalculated second message authentication code, and not responding.

In a digital content protection system, an originating terminal, when receiving second location check information before a countdown ends, determines a location check result of this time based on the second location check information and a first message authentication code, comprising:

determining whether the second location check information matches the first message authentication code when the second location check information is received before the countdown is finished;

and if not, determining that the position check does not pass.

In a digital content protection system, an initiating terminal, upon determining that the location check fails, is further configured to:

if the currently maintained sequence number does not reach the upper limit, returning to the step of calculating the first message authentication code based on the maintained sequence number, entering the next position check, and if the currently maintained sequence number reaches the upper limit, ending the position check.

In a digital content protection system, a first message authentication code and a second message authentication code are both 256-bit message authentication codes HMC based on Hash operation;

the response end determines whether the first position checking information matches the second message authentication code, and the method comprises the following steps: determining whether the first location check information is identical to the lower 128 bits of the second message authentication code; if the first position checking information is the same as the second information authentication code, the first position checking information is determined to be not matched with the second information authentication code;

the initiating terminal, determining whether the second location check information matches the first message authentication code, includes: determining whether the second location check information is identical to the upper 128 bits of the first message authentication code; if the two pieces of location check information are the same, the second location check information is determined to be matched with the second message authentication code, and if the two pieces of location check information are not the same, the second location check information is determined not to be matched with the second message authentication code.

In the method for checking the position between the entities, the initiating terminal and the responding terminal respectively maintain a serial number, and the initial values of the serial numbers maintained by the initiating terminal and the responding terminal are equal; through the serial numbers maintained by the initiating terminal and the responding terminal, the initiating terminal and the responding terminal can calculate the message authentication code by themselves without being limited by the other side; thus, the response end can calculate the second message authentication code in advance before not receiving the first position checking information, and does not need to wait for the notification of the initiating end; thus, after the initiating terminal sends the first message authentication code and the serial number calculated by the initiating terminal to the responding terminal, if the responding terminal determines that the condition of passing the verification is met based on the serial number and the first position checking information, the responding terminal can select to directly intercept the second position checking information from the second message authentication code and return the second position checking information to the initiating terminal; the initiating terminal can determine the corresponding position checking result after receiving the second position checking information; through the two-round message receiving and sending, namely, pre-calculation is realized, the communication overhead is greatly saved, and the execution speed of position checking is improved. In addition, the invention ensures that the countdown set by the initiating terminal does not need to be related to the calculation time of HMAC (Hash-based Message Authentication Code) and is only related to the round-trip time of the Message in the actual digital content protection system, thereby reducing the uncertainty.

In addition, in the invention, the receiving end correspondingly selects whether to update the maintained serial number and the second message authentication code or not based on the serial number sent by the initiating end and the first position checking information, so that the serial numbers respectively maintained by the initiating end and the receiving end can be synchronized.

In the invention, if the response end finds that the sequence number used by the pre-calculated second message authentication code is not consistent with the sequence number sent by the initiating end, the response end considers that the sequence number is not synchronous with the initiating end, and under the mode that the time length required by the response end for calculating the second message authentication code is less than the countdown time length, the response end can calculate and verify the first message authentication code sent by the initiating end at present, and the message authentication code is returned to the initiating end after the verification is passed; then, the response end forcibly updates the sequence number value maintained by the response end based on the received sequence number, thereby maintaining the synchronization with the sequence number maintained by the initiating end, and pre-calculating the next second message authentication code according to the updated sequence number. And under the mode that the time length required by the response end for calculating the second message authentication code is not less than the countdown time length, directly and forcibly synchronizing the maintained sequence number with the received sequence number, and pre-calculating the next second message authentication code value. Therefore, the method for checking the position between the entities is suitable for position checking under the two different modes and has strong practicability.

The present invention will be described in detail with reference to the accompanying drawings.

Drawings

Fig. 1 is a schematic flowchart of a method for checking a location between entities according to an embodiment of the present invention;

fig. 2 is an interaction diagram of an initiating terminal and a responding terminal in a method for checking a location between entities according to an embodiment of the present invention;

fig. 3 is a flowchart of an originating end in a method for checking a location between entities according to an embodiment of the present invention;

fig. 4 is a flowchart illustrating a work of a responding end when a time required for the responding end to calculate a second message authentication code is less than a countdown time of an initiating end in the inter-entity location checking method according to the embodiment of the present invention;

fig. 5 is a flowchart of a work of a response end when a time required for the response end to calculate a second message authentication code is not less than a countdown time of an initiator in the inter-entity location checking method according to the embodiment of the present invention;

fig. 6 is a schematic structural diagram of a digital content protection system according to an embodiment of the present invention.

Detailed Description

The present invention will be described in detail with reference to specific examples, but the embodiments of the present invention are not limited thereto.

In order to effectively reduce communication overhead caused by location check between entities in a digital content protection system, embodiments of the present invention provide a location check method between entities and a digital content protection system. The method for checking the position between the entities provided by the embodiment of the invention can be applied to a digital content protection system, and particularly applied between an initiating terminal and a responding terminal of any digital content in the digital content protection system; in practical applications, the initiating terminal and the responding terminal may be electronic devices, which are entities in the digital content protection system. A practical digital content protection system may include a plurality of entities, and when digital content needs to be transmitted between any two entities, the two entities are a pair of an initiator and a responder.

In the embodiment of the invention, an initiating terminal and a responding terminal respectively maintain a serial number, and the initial values of the serial numbers maintained by the initiating terminal and the responding terminal are equal; and, in the course of position checking, through the synchronization of serial numbers that the two maintain, realize the position checking. First, a method for checking a location between entities according to an embodiment of the present invention will be described in detail. As shown in fig. 1, the method may include the steps of:

s10: the initiating terminal A calculates a first message authentication code based on the maintained sequence number; intercepting first location check information from the first message authentication code; sending the first position checking information and the currently maintained serial number to a response end B; at the same time, the maintained sequence number is updated and a countdown begins.

The initiating terminal a, calculating the first message authentication code based on the maintained sequence number, may specifically include:

and calculating the first message authentication code by utilizing a Hash operation mode based on a shared key between the initiating terminal A and the responding terminal B, the identity of the initiating terminal A, the identity of the responding terminal B and the maintained serial number.

It should be noted that the message authentication code in the prior art is a random number, which is different from the embodiment of the present invention.

The specific implementation mode of intercepting the first position checking information from the first message authentication code by the initiating terminal A is various; for example, it is reasonable to truncate a few bits from the lower bits of the first message authentication code, or truncate a few bits from the upper bits of the first message authentication code, etc.

In practical applications, the countdown started by the initiator a may be set with reference to a maximum allowable time from when the initiator initiates the interactive request until the responder returns a response in the digital content protection system.

S20: the response terminal B calculates a second message authentication code for standby on the basis of the maintained sequence number in advance; when receiving the first location check information and the sequence number from the initiator a, selecting, based on the sequence number and the first location check information: whether to intercept the second location check information from the second message authentication code and return it to the originating terminal, and whether to update the maintained sequence number and the second message authentication code.

It will be appreciated that the responder B may calculate a second message authentication code back-up based on the maintained sequence number before the initiator a initiates the location check. In this way, the time it takes to calculate the second message authentication code during the location check can be saved.

The responding terminal B selects whether to intercept the second location check information from the second message authentication code and return the second location check information to the initiating terminal a based on the sequence number sent by the initiating terminal a and the first location check information, and specifically, the responding terminal B determines whether to synchronize with the sequence number maintained by the responding terminal B based on the sequence number sent by the initiating terminal a; if the synchronization is carried out, the first position checking information sent by the initiating terminal A is further verified by utilizing a pre-calculated second message authentication code, and the second position checking information is intercepted from the second message authentication code and returned to the initiating terminal A after the verification is passed; otherwise, the responder B will not intercept the second location check information from the second message authentication code and return the second location check information to the initiator a. And, the responding terminal B may respond to the above result of whether the sequence numbers are synchronized or not and the result of whether the verification passes or not, and correspondingly select whether to update the maintained sequence numbers and the second message authentication codes, so that the sequence numbers maintained by the initiating terminal a and the responding terminal B respectively maintain synchronization.

The responding terminal B determines whether to synchronize with the self-maintained sequence number based on the sequence number sent by the initiating terminal a, which may be that the responding terminal B determines whether the sequence number sent by the initiating terminal a is the same as the self-maintained sequence number. In addition, the specific implementation manner of the responder B intercepting the second location check message from the second message authentication code may be similar to the manner of the initiator a intercepting the first location check message from the first message authentication code; preferably, the bits intercepted when the responder B intercepts the second location check message from the second message authentication code are different from the bits intercepted when the initiator a intercepts the first location check message from the first message authentication code.

S30: the initiating terminal A determines the position checking result based on the second position checking information and the first message authentication code when receiving the second position checking information before the countdown is finished; when the second position check information is not received at the end of the countdown, if the currently maintained serial number does not reach the upper limit, the flow returns to step S10 to perform the next position check, and if the currently maintained serial number reaches the upper limit, the position check is ended.

In addition, if the originating terminal a determines that the current location check result does not pass based on the second location check information and the first message authentication code, if the current serial number maintained by the originating terminal a does not reach the upper limit, the process may also return to step S10, that is, the process returns to calculate the first message authentication code based on the maintained serial number to perform the next location check, and if the current serial number maintained by the originating terminal a reaches the upper limit, the location check is ended, that is, the location check fails.

In the method for checking the position between the entities, the initiating terminal and the responding terminal respectively maintain a serial number, and the initial values of the serial numbers maintained by the initiating terminal and the responding terminal are equal; through the serial numbers maintained by the initiating terminal and the responding terminal, the initiating terminal and the responding terminal can calculate the message authentication code by themselves without being limited by the other side; thus, the response end can calculate the second message authentication code in advance before not receiving the first position checking information, and does not need to wait for the notification of the initiating end; thus, after the initiating terminal sends the first message authentication code and the serial number calculated by the initiating terminal to the responding terminal, if the responding terminal determines that the condition of passing the verification is met based on the serial number and the first position checking information, the responding terminal can select to directly intercept the second position checking information from the second message authentication code and return the second position checking information to the initiating terminal; the initiating terminal can determine the corresponding position checking result after receiving the second position checking information; through the two-round message receiving and sending, the pre-calculation of the message authentication code is realized, the communication overhead is greatly saved, and the execution speed of the position check is improved. In addition, the invention can also make the countdown set by the initiating terminal not related to the calculation time of HMAC (Hash-based Message Authentication Code) and only related to the round-trip time of the Message in the actual digital content protection system, thereby reducing the uncertainty.

Next, in step S20, a specific implementation manner that, when receiving the first location check information and the sequence number from the originating terminal, the responding terminal B selects whether to intercept the second location check information from the second message authentication code and return the second location check information to the originating terminal based on the sequence number and the first location check information, and a specific implementation manner that selects whether to update the maintained sequence number and the second message authentication code based on the sequence number and the first location check information will be exemplarily described.

Illustratively, in a digital content protection system, the time length required for the response end to calculate the second message authentication code is not less than the countdown time length set by the initiation end. In this mode, when receiving the first location check information and the sequence number from the originating terminal a, the responding terminal B selects whether to intercept the second location check information from the second message authentication code and return the second location check information to the originating terminal based on the sequence number and the first location check information, which may include:

It can be understood that, if the sequence number used when the second message authentication code is pre-calculated is consistent with the sequence number sent by the initiating terminal, the pre-calculated second message authentication code can be used to verify the first location check information sent by the initiating terminal; otherwise, the pre-computed second message authentication code cannot be used to verify the first location check information sent by the originating terminal, so that it is not necessary to intercept the second location check information from the pre-computed second message authentication code and return the second location check information to the originating terminal.

Correspondingly, when receiving the first location check information and the sequence number sent by the initiator a, the responder B selects whether to update the maintained sequence number and the second message authentication code based on the sequence number and the first location check information, which may include: upon receiving the first location check information and the sequence number from the originating terminal,

case (a): in response to the fact that the sequence number used when the second message authentication code is calculated in advance is not consistent with the sequence number sent by the initiating terminal, the maintained sequence number is updated based on the sequence number sent by the initiating terminal, and the second message authentication code is recalculated for standby according to the updated sequence number;

case (b): responding to the fact that the sequence number used when the second message authentication code is calculated in advance is consistent with the sequence number sent by the initiating terminal, and the first position checking information does not match the second message authentication code, and not making any response;

case (c): and in response to that the sequence number used when the second message authentication code is calculated in advance is consistent with the sequence number sent by the initiating terminal and the first position checking information is matched with the second message authentication code, after the second position checking information is intercepted from the second message authentication code and returned to the initiating terminal, updating the maintained sequence number based on the sequence number sent by the initiating terminal and recalculating the second message authentication code according to the updated sequence number.

In the case (a), the response terminal B finds that the sequence number used when the second message authentication code is pre-calculated is inconsistent with the sequence number sent by the initiating terminal, that is, the sequence numbers maintained by the response terminal B and the initiating terminal a are not synchronous; at this time, the responder B forcibly updates its own maintained sequence number based on the sequence number sent from the initiator a, and synchronizes with the sequence number updated by the initiator in step S10, so as to calculate in advance the second message authentication code required for the next location check. In case (c), the responder B completes the task in one complete location check, and it is forced to update the sequence number maintained by the responder B based on the sequence number sent by the initiator a, and also to synchronize with the sequence number updated by the initiator in step S10.

In the case (B), although the sequence numbers maintained by the responder B and the initiator a are synchronous, the first location check information may be interfered by an abnormal interference signal and changed during transmission, so that the first location check information cannot match the second message authentication code; at this time, the responder B does not respond, and waits for the next time the initiator sends a new sequence number and the first location check information, and then performs a corresponding response with reference to step S20. Specifically, since the responding terminal B does not make any response, the initiating terminal a does not receive the second position check information before the countdown is finished, and the step S10 is returned, and the next position search is started; at this time, the sequence number maintained by the initiator a has been updated during the last position check, and then after the sequence number is sent to the responder B, the responder B finds that the sequence number maintained by the responder B is not synchronized with the initiator a, that is, a condition (a) occurs, and then the responder B forcibly updates the sequence number maintained by the responder B, that is, forcibly synchronizes with the initiator a. When the starting end A starts the position check again, the serial numbers of the starting end A and the response end B can be synchronous, if the abnormal signal disappears, the response end B can pass the verification of the first position check information, and the position check can be continuously and smoothly completed. Of course, it should be noted that both the case (a) and the case (b) belong to the processing flow in the abnormal case, and are not common in the actual conventional position checking process.

It is understood that, in the above-mentioned mode, the second message authentication code of the responder B is pre-calculated, so this mode may be referred to as a full pre-calculation mode.

In another digital content protection system, the time length required for the response terminal B to calculate the second message authentication code is less than the countdown time length set by the initiating terminal. In this mode, when receiving the first location check information and the sequence number from the originating terminal a, the responding terminal B selects whether to intercept the second location check information from the second message authentication code and return the second location check information to the originating terminal based on the sequence number and the first location check information, which may include:

when receiving the first position check information and the sequence number sent by the initiator A, determining whether the sequence number used in calculating the second message authentication code is consistent with the sequence number sent by the initiator A;

if so, further determining whether the first location check information matches a pre-computed second message authentication code; if the first message authentication code is matched with the second message authentication code, intercepting second position checking information from the pre-calculated second message authentication code and returning the second position checking information to the initiating terminal A; if not, no response is made;

if not, recalculating the second message authentication code based on the sequence number sent by the initiator A; determining whether the first location check information matches the recalculated second message authentication code; if the first message authentication code is matched with the second message authentication code, intercepting second position checking information from the recalculated second message authentication code and returning the second position checking information to the initiating terminal A; if not, no response is made.

It can be understood that, in step S20, if the responder B finds that the sequence number maintained by the responder B is not synchronous with the sequence number of the initiator a, since the time duration required for the responder B to calculate the second message authentication code is less than the countdown time duration set by the initiator, the responder B may have extra time to forcibly synchronize the sequence number maintained by the responder B with the sequence number of the initiator a and recalculate the second message authentication code; further, the first location check information sent from the originating terminal a is verified using the recalculated second message authentication code. It can be seen that in the second mode, the second message authentication code of the responder B is normally pre-calculated, but there is also a possibility of current calculation, so this mode may be referred to as a semi-pre-calculation mode.

Correspondingly, when receiving the first location check information and the sequence number from the originating terminal, the responding terminal B selects whether to update the maintained sequence number and the second message authentication code based on the sequence number and the first location check information, which may include:

case (d): in response to the fact that the sequence number used when the second message authentication code is calculated in advance is consistent with the sequence number sent by the initiating terminal, and the first position checking information is matched with the second message authentication code calculated in advance, after the second position checking information is intercepted from the second message authentication code calculated in advance and returned to the initiating terminal, the maintained sequence number is updated based on the sequence number sent by the initiating terminal, and the second message authentication code is recalculated according to the updated sequence number;

case (e): in response to the fact that the sequence number used when the second message authentication code is calculated in advance is not consistent with the sequence number sent by the initiating terminal, and the first position checking information is matched with the recalculated second message authentication code, after the second position checking information is intercepted from the recalculated second message authentication code and returned to the initiating terminal, the maintained sequence number is updated based on the sequence number sent by the initiating terminal, and the second message authentication code is recalculated according to the updated sequence number;

case (f): responding that the sequence number used when the second message authentication code is pre-calculated is consistent with the sequence number sent by the initiating terminal, and the first position checking information does not match the pre-calculated second message authentication code, and not making any response;

case (g): and responding to the fact that the sequence number used when the second message authentication code is calculated in advance is not consistent with the sequence number sent by the initiating terminal, and the first position checking information does not match the recalculated second message authentication code, and not responding.

Here, the case (d) is the same as the case (c) in the full pre-calculation mode, and the case (f) is the same as the case (b) in the full pre-calculation mode, and the description of the case (d) and the case (f) is omitted here. The case (e) and the case (g) are two cases of verifying the first location check information sent from the originating terminal a by using the new second message authentication code after the responding terminal B recalculates the second message authentication code.

Based on the full pre-calculation mode and the semi-pre-calculation mode, the method for checking the position between the entities, provided by the embodiment of the invention, is suitable for position checking under the two different modes, and has strong practicability.

In addition, the determining, by the originating terminal a, a result of the current location check based on the second location check information and the first message authentication code when the second location check information is received before the countdown is ended may include:

determining whether the second location check information matches the first message authentication code when the second location check information is received before the countdown is finished; if the position is matched with the position, the position is determined to pass the checking; and if not, determining that the position check does not pass.

It can be understood that, if the originating terminal a determines that the location check is failed, if the currently maintained serial number does not reach the upper limit, the process returns to step S10, and enters the next location check, and if the currently maintained serial number reaches the upper limit, the location check is ended.

In an optional embodiment, the first message authentication code and the second message authentication code are both 256-bit hash-based message authentication codes HMACs; wherein the first location check information may be intercepted from the lower 128 bits of the first message authentication code; the second location check information may be intercepted from the upper 128 bits of the second message authentication code.

Accordingly, the determining, by the responder B, whether the first location check information matches the second message authentication code may include: determining whether the first location check information is identical to the lower 128 bits of the second message authentication code; if the first location check information is the same as the second location check information, the first location check information is determined to be matched with the second message authentication code, and if the first location check information is not the same as the second location check information, the first location check information is determined not to be matched with the second message authentication code.

Similarly, the determining, by the originating terminal a, whether the second location check information matches the first message authentication code may include: determining whether the second location check information is identical to the upper 128 bits of the first message authentication code; if the two pieces of location check information are the same, the second location check information is determined to be matched with the second message authentication code, and if the two pieces of location check information are not the same, the second location check information is determined not to be matched with the second message authentication code.

For the sake of better clarity, the method for checking the location between entities provided in the embodiment of the present invention is further illustrated below.

Fig. 2 is a schematic diagram illustrating a conventional interaction between an initiator a and a responder B in the method for checking a location between entities according to an embodiment of the present invention.

The interactive message encapsulation format between the initiating terminal A and the responding terminal B is as follows: LCN | | message load; the LCN is a label identifying the Nth encapsulation message in the location check process.

Specifically, in fig. 2, LCN | | | LC _ MAC _ n_0-127The | n is a position check starting message sent by the initiating terminal A to the responding terminal B; in the following message payload, n is the sequence number sent by the initiator A to the responder B, LC _ MAC _ n_0-127First bit sent to responder B for initiator ASetting a check message; LC _ MAC _ n represents the first message authentication code computed by the originating terminal a, and bits 0-127 represent bits 0-127 truncated from LC _ MAC _ n.

Correspondingly, LCN +1| | LC _ MAC _ n'_128-255A position checking response message returned to the initiating terminal A for the responding terminal B; in the following message load, n' is a sequence number maintained by the response terminal B; LC _ MAC _ n'_128-255Second position checking information returned to the initiating terminal A for the responding terminal B; LC _ MAC _ n' is a second message authentication code calculated by the response terminal B; 128-255 represents intercepting the 128-th 255 bits from the LC _ MAC _ n'.

The calculation formula of LC _ MAC _ n is as follows: LC _ MAC _ n ═ HMAC (K)₂ID _ B | | | ID _ a | | | n); in the calculation formula, K₂The key is shared by an initiating terminal A and a responding terminal B, ID _ B is the equipment identification of the responding terminal B, and ID _ A is the equipment identification of the initiating terminal A; HMAC () represents the meaning of the message authentication code obtained by hashing the information in the parentheses. It will be appreciated that LC _ MAC _ n' can be calculated accordingly with reference to this formula.

It is understood that fig. 2 shows an interactive schematic diagram of only two rounds of message sending and receiving to realize location checking under the conventional situation; while for the complete position checking procedure in the unconventional case, reference can be continued to the description below.

Fig. 3 exemplarily shows a workflow diagram of an originating terminal a in the method for checking a location between entities according to the embodiment of the present invention. The workflow is briefly described as follows:

s301: initializing n to 1, and starting position checking.

S302: calculating LC _ MAC _ n and intercepting LC _ MAC _ n_0-127(ii) a Sending LCN LC MAC n to response end B_0-127I | n, update n ═ n +1, and start the countdown.

S303: detecting whether LCN +1| | LC _ MAC _ n 'returned by the response end B is received before countdown is finished'_128-255(ii) a If yes, go to S304; if not, the process proceeds to S305.

S304: contrast LC _ MAC _ n'_128-255And LC _ MAC _ n_128-255Whether they are the same; if they are the same, the position is checked asWork; if not, the process proceeds to S305.

S305: judging whether n reaches an upper limit; if so, the location check fails; if not, return to S302.

As can be seen from fig. 3, before the sequence number n reaches the upper limit, the initiating terminal a may initiate a location check a plurality of times if it does not receive the location check reply message returned by the responding terminal B.

Fig. 4 exemplarily shows a work flow diagram of the responding end when the time length required for the responding end to calculate the second message authentication code is less than the countdown time length. The workflow is briefly described as follows:

s401: initializing n' to 1 and starting the position check.

S402: LC _ MAC _ n' is calculated.

S403: receive MLC | | LC _ MAC _ n | | LC1| | | | |_0-127||n。

S404: judging whether n is consistent with n'; if the two are consistent, the step is shifted to S405; if not, the process proceeds to S408.

S405: contrast LC _ MAC _ n'_0-127And LC _ MAC _ n_0-127Whether they are the same; if the two are the same, go to S406; if not, the process proceeds to S407.

S406: transmitting LC _ MAC _ n 'to initiator A'_128-255Updating n '═ n +1, and calculating new LC _ MAC _ n' for standby; then, the process proceeds to S407.

S407: waiting to receive a new MLC; the process proceeds to S404 when a new MLC is received.

S408: let n ═ n, calculate new LC _ MAC _ n'; and then proceeds to S405.

It can be understood that, after calculating a new LC _ MAC _ n' for standby in step S406, the work of the responding peer B in the location check is completed, and the process proceeds to step S407, and when a new MLC from the originating peer a is received next time, the process may be directly executed from step S404.

Fig. 5 exemplarily shows a work flow diagram of the responder B when the time length required for the responder to calculate the second message authentication code is not less than the countdown time length. The workflow is briefly described as follows:

s501: initializing n' to 1 and starting the position check.

S502: LC _ MAC _ n' is calculated.

S503: receive MLC ═ LCN | | | LC _ MAC _ n_0-127||n。

S504: judging whether n is consistent with n'; if yes, go to S505; if not, proceed to S508.

S505: contrast LC _ MAC _ n'_0-127And LC _ MAC _ n_0-127Whether they are the same; if the two are the same, the step proceeds to S506; if not, the process proceeds to S507.

S506: transmitting LC _ MAC _ n 'to initiator A'_128-255Updating n '═ n +1, and calculating new LC _ MAC _ n' for standby; then, the process proceeds to S507.

S507: waiting to receive a new MLC; the process proceeds to S504 when a new MLC is received.

S508: let n +1, calculate new LC _ MAC _ n'; then, the process proceeds to S507.

It can be understood that, after calculating a new LC _ MAC _ n' for standby in step S506, the work of the responder B in the location check is completed, and the process proceeds to step S507, and when a new MLC from the initiator a is received next time, the process may be directly executed from step S504.

Comparing fig. 4 and 5, it can be seen that the main difference between the full pre-calculation mode and the semi-pre-calculation mode is that: the specific differences between the processing manners when the responder B finds that the self-maintained serial number n' is inconsistent with the serial number n sent by the initiator a are as shown in step S408 in fig. 4 and step S508 in fig. 5.

Based on the same inventive concept, an embodiment of the present invention further provides a digital content protection system, as shown in fig. 6, the system includes: an initiating terminal A and a responding terminal B of the digital content; the initiating terminal A and the responding terminal B respectively maintain a serial number, and the initial values of the serial numbers maintained by the initiating terminal A and the responding terminal B are equal; it will be appreciated that a practical digital content protection system may comprise a plurality of entities, i.e. a pair of an initiator and a responder, when digital content needs to be transferred between any two entities.

The initiating terminal A is used for calculating a first message authentication code based on the maintained sequence number; intercepting first location check information from a first message authentication code; sending the first position checking information and the currently maintained serial number to a response terminal B; at the same time, the maintained sequence number is updated and a countdown begins.

The response terminal B is used for calculating a second message authentication code for standby on the basis of the maintained sequence number in advance; when receiving the first location check information and the sequence number from the initiator a, selecting, based on the sequence number and the first location check information: whether to intercept the second location check information from the second message authentication code and return it to the originating terminal a, and whether to update the maintained sequence number and the second message authentication code.

The initiating terminal A is also used for determining the position checking result based on the second position checking information and the first message authentication code when the second position checking information is received before the countdown is finished; or, when the second position checking information is not received when the countdown is finished, if the currently maintained sequence number does not reach the upper limit, returning to the step of calculating the first message authentication code based on the maintained sequence number, carrying out the next position checking, and if the currently maintained sequence number reaches the upper limit, finishing the position checking.

In a digital content protection system, a response terminal B calculates the time length required by a second message authentication code to be not less than the countdown time length;

when receiving the first location check information and the sequence number sent by the initiator a, the responder B selects whether to intercept the second location check information from the second message authentication code and return the second location check information to the initiator a based on the sequence number and the first location check information, including:

when receiving the first position check information and the sequence number sent by the initiator A, determining whether the sequence number used when the second message authentication code is calculated in advance is consistent with the sequence number sent by the initiator A;

if not, not intercepting the second position checking information from the second message authentication code and returning the second position checking information to the initiating terminal A;

if so, further determining whether the first location check information matches the second message authentication code; if the first message authentication code is matched with the second message authentication code, the first location check information is intercepted from the first message authentication code and returned to the initiating terminal A, and if the first message authentication code is not matched with the second message authentication code, the first location check information is not intercepted from the first message authentication code and returned to the initiating terminal A.

In a digital content protection system, a responder B, upon receiving a first location check message and a sequence number from an initiator a, selects whether to update a maintained sequence number and a second message authentication code based on the sequence number and the first location check message, comprising:

upon receiving the first location check information and the sequence number from the originating terminal a,

in response to the fact that the sequence number used when the second message authentication code is calculated in advance is not consistent with the sequence number sent by the initiating terminal A, the maintained sequence number is updated based on the sequence number sent by the initiating terminal A, and the second message authentication code is recalculated according to the updated sequence number;

responding to the fact that the sequence number used when the second message authentication code is calculated in advance is consistent with the sequence number sent by the initiating terminal A, and the first position checking information does not match the second message authentication code, and not making any response;

in response to that the sequence number used when the second message authentication code is pre-calculated is consistent with the sequence number sent by the initiator a and the first location check information matches the second message authentication code, after intercepting the second location check information from the second message authentication code and returning the second location check information to the initiator a, the maintained sequence number is updated based on the sequence number sent by the initiator a, and the second message authentication code is re-calculated according to the updated sequence number.

In a digital content protection system, a response terminal B calculates that the time length required by a second message authentication code is less than the countdown time length;

In a digital content protection system, a responder B, upon receiving a first location check message and a sequence number from an initiator, selects whether to update a maintained sequence number and a second message authentication code based on the sequence number and the first location check message, comprising:

in response to the fact that the sequence number used when the second message authentication code is calculated in advance is consistent with the sequence number sent by the initiating terminal A, and the first position checking information is matched with the second message authentication code calculated in advance, after the second position checking information is intercepted from the second message authentication code calculated in advance and returned to the initiating terminal A, the maintained sequence number is updated based on the sequence number sent by the initiating terminal A, and the second message authentication code is recalculated according to the updated sequence number;

in response to the fact that the sequence number used when the second message authentication code is calculated in advance is not consistent with the sequence number sent by the initiating terminal A, and the first position checking information is matched with the recalculated second message authentication code, after the second position checking information is intercepted from the recalculated second message authentication code and returned to the initiating terminal A, the maintained sequence number is updated based on the sequence number sent by the initiating terminal A, and the second message authentication code is recalculated according to the updated sequence number;

responding that the sequence number used when the second message authentication code is pre-calculated is consistent with the sequence number sent by the initiating terminal A, and the first position checking information does not match the pre-calculated second message authentication code, and not making any response;

and responding to the fact that the sequence number used when the second message authentication code is calculated in advance is not consistent with the sequence number sent by the initiating terminal A, and the first position checking information does not match the recalculated second message authentication code, and not responding.

In a digital content protection system, an originating terminal a, when receiving second location check information before a countdown ends, determines a location check result of this time based on the second location check information and a first message authentication code, comprising:

and if not, determining that the position check does not pass.

In a digital content protection system, the initiating terminal a, upon determining that the location check is failed, may further be configured to:

In a digital content protection system, a first message authentication code and a second message authentication code are both 256-bit message authentication codes HMAC based on Hash operation;

the responding terminal B, determining whether the first position checking information matches the second message authentication code, includes: determining whether the first location check information is identical to the lower 128 bits of the second message authentication code; if the first position checking information is the same as the second information authentication code, the first position checking information is determined to be not matched with the second information authentication code;

the initiating terminal a, determining whether the second location check information matches the first message authentication code, includes: determining whether the second location check information is identical to the upper 128 bits of the first message authentication code; if the two pieces of location check information are the same, the second location check information is determined to be matched with the second message authentication code, and if the two pieces of location check information are not the same, the second location check information is determined not to be matched with the second message authentication code.

In the digital content protection system provided by the invention, an initiating terminal and a responding terminal respectively maintain a serial number, and the initial values of the serial numbers maintained by the initiating terminal and the responding terminal are equal; through the serial numbers maintained by the initiating terminal and the responding terminal, the initiating terminal and the responding terminal can calculate the message authentication code by themselves without being limited by the other side; thus, the response end can calculate the second message authentication code in advance before not receiving the first position checking information, and does not need to wait for the notification of the initiating end; thus, after the initiating terminal sends the first message authentication code and the serial number calculated by the initiating terminal to the responding terminal, if the responding terminal determines that the condition of passing the verification is met based on the serial number and the first position checking information, the responding terminal can select to directly intercept the second position checking information from the second message authentication code and return the second position checking information to the initiating terminal; the initiating terminal can determine the corresponding position checking result after receiving the second position checking information; through the two-round message receiving and sending, namely, pre-calculation is realized, the communication overhead is greatly saved, and the execution speed of position checking is improved. In addition, the embodiment of the invention ensures that the countdown set by the initiating terminal does not need to be related to the calculation time of an HMAC (Hash-based Message Authentication Code) and is only related to the round-trip time of the Message in the actual digital content protection system, thereby reducing the uncertainty.

In addition, in the digital content protection system according to the embodiment of the present invention, the receiving end correspondingly selects whether to update the maintained sequence number and the second message authentication code based on the sequence number sent by the initiating end and the first location check information, so that the sequence numbers maintained by the initiating end and the receiving end can be synchronized.

In the embodiment of the invention, if the response end finds that the sequence number used by the pre-calculated second message authentication code is not consistent with the sequence number sent by the starting end, the response end considers that the sequence number is not synchronous with the starting end, and under the mode that the time length required by the response end for calculating the second message authentication code is less than the countdown time length, the response end can calculate and verify the first message authentication code sent by the starting end at present, and the message authentication code is returned to the starting party after the verification is passed; then, the response end forcibly updates the sequence number value maintained by the response end based on the received sequence number, thereby maintaining the synchronization with the sequence number maintained by the initiating end, and pre-calculating the next second message authentication code according to the updated sequence number. And under the mode that the time length required by the response end for calculating the second message authentication code is not less than the countdown time length, directly and forcibly synchronizing the maintained sequence number with the received sequence number, and pre-calculating the next second message authentication code value. Therefore, the digital content protection system provided by the embodiment of the invention is suitable for position detection in the two different modes, and has strong practicability.

It should be noted that, for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to part of the description of the method embodiment.

It should be noted that the terms "first" and "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more features. In the description of the present invention, "a plurality" means two or more unless specifically defined otherwise.

In the description of the specification, reference to the description of the term "one embodiment", "some embodiments", "an example", "a specific example", or "some examples", etc., means that a particular feature or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples described in this specification can be combined and combined by those skilled in the art.

While the present application has been described in connection with various embodiments, other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed application, from a review of the drawings, the disclosure, and the appended claims.

The foregoing is a detailed description of the invention in connection with specific preferred embodiments and is not intended to limit the practice of the invention to those descriptions. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.

Claims

1. A method for checking the position between entities is characterized in that the entities comprise an initiating end and a responding end of digital content in a digital content protection system; the initiating terminal and the responding terminal respectively maintain a serial number, and the initial values of the serial numbers maintained by the initiating terminal and the responding terminal are equal; the method comprises the following steps:

the response terminal calculates a second message authentication code for standby on the basis of the maintained sequence number in advance; according to two conditions that the time length required for calculating the second message authentication code is less than or not less than the countdown time length set by the initiating terminal, when the first position checking information and the serial number sent by the initiating terminal are received, whether the serial number sent by the initiating terminal is consistent with the serial number used for calculating the second message authentication code or not and whether the first position checking information is matched with the second message authentication code or not are judged, and the method comprises the following steps: whether to intercept second location check information from the second message authentication code and return the second location check information to the initiating terminal, and whether to update the maintained sequence number and the second message authentication code;

2. The method according to claim 1, wherein the time length required for the response end to calculate the second message authentication code is not less than the countdown time length;

3. The method of claim 2, wherein the responding peer, upon receiving the first location check information and the sequence number from the initiating peer, selects whether to update the maintained sequence number and the second message authentication code based on the sequence number and the first location check information, and comprises:

in response to the fact that the sequence number used when the second message authentication code is calculated in advance is not consistent with the sequence number sent by the initiating terminal, the maintained sequence number is updated based on the sequence number sent by the initiating terminal, and the second message authentication code is recalculated for standby according to the updated sequence number;

4. The method according to claim 1, wherein the time length required for the response end to calculate the second message authentication code is less than the countdown time length;

5. The method of claim 4, wherein the responding peer, upon receiving the first location check information and the sequence number from the initiating peer, selects whether to update the maintained sequence number and the second message authentication code based on the sequence number and the first location check information, and comprises:

6. The method according to any one of claims 2-5, wherein the determining, by the initiating terminal, the location check result based on the second location check information and the first message authentication code when the second location check information is received before the countdown is finished comprises:

and if not, determining that the position check does not pass.

7. The method of claim 6, further comprising:

8. The method of claim 7, wherein the first message authentication code and the second message authentication code are each a 256-bit hash-based message authentication code (HMAC);

9. A digital content protection system, comprising: an initiating end and a responding end of the digital content; the initiating terminal and the responding terminal respectively maintain a serial number, and the initial values of the serial numbers maintained by the initiating terminal and the responding terminal are equal; wherein the content of the first and second substances,

the response terminal is used for calculating a second message authentication code for standby based on the maintained sequence number in advance; according to two conditions that the time length required for calculating the second message authentication code is less than or not less than the countdown time length set by the initiating terminal, when the first position checking information and the serial number sent by the initiating terminal are received, whether the serial number sent by the initiating terminal is consistent with the serial number used for calculating the second message authentication code or not and whether the first position checking information is matched with the second message authentication code or not are judged, and the method comprises the following steps: whether to intercept second location check information from the second message authentication code and return the second location check information to the initiating terminal, and whether to update the maintained sequence number and the second message authentication code;