CN1728262A - Systme, device and method of providing encryption content via network and decryption to such content - Google Patents
Systme, device and method of providing encryption content via network and decryption to such content Download PDFInfo
- Publication number
- CN1728262A CN1728262A CNA2004100557702A CN200410055770A CN1728262A CN 1728262 A CN1728262 A CN 1728262A CN A2004100557702 A CNA2004100557702 A CN A2004100557702A CN 200410055770 A CN200410055770 A CN 200410055770A CN 1728262 A CN1728262 A CN 1728262A
- Authority
- CN
- China
- Prior art keywords
- key
- deciphering
- decrypted
- encryption
- encrypted content
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims description 17
- 230000004044 response Effects 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 4
- 238000012360 testing method Methods 0.000 description 17
- 229910052594 sapphire Inorganic materials 0.000 description 7
- 239000010980 sapphire Substances 0.000 description 7
- 230000008569 process Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
- H04N21/23476—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption by partially encrypting, e.g. encrypting the ending portion of a movie
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
- H04N21/4405—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
- H04N21/4405—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption
- H04N21/44055—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption by partially decrypting, e.g. decrypting a video stream that has been partially encrypted
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
- H04N21/835—Generation of protective data, e.g. certificates
- H04N21/8352—Generation of protective data, e.g. certificates involving content or source identification data, e.g. Unique Material Identifier [UMID]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/173—Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
- H04N7/17309—Transmission or handling of upstream communications
- H04N7/17318—Direct or substantially direct transmission and handling of requests
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Multimedia (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Storage Device Security (AREA)
Abstract
A system being used to provide ciphering content through network comprises server including receiver for receiving content download request, generator for generating the first cipher key, ciphering device for providing the ciphering content and for providing the first ciphered key and transmitter for transmitting the ciphering content and the first ciphered key. The equipment used to decipher ciphering content consists of application unit for receiving said content and the first ciphered key through network and cipher key management unit for obtaining the second special cipher key from storage media.
Description
Technical field
The present invention relates to a kind of Apparatus and method for that the encrypted content that receives via network is decrypted of being used for.The invention still further relates to a kind of system of encrypted content being provided and this content is decrypted by network of being used for, this system comprises the server of the Web content that is used to provide encryption, the storage medium that is used for the equipment that the Web content of encrypting is decrypted and is used to provide decruption key (for example, record carrier or recording medium), and corresponding method and software program.
Background technology
Now, by CD or internet when content distributed, content protecting becomes one of problem of content provider's major concern for example.The Sapphire system provides accurate protection mechanism, and is introduced into the CD2 standard.In the Sapphire system, the content on the dish (being A/V stream, file or the like) is encrypted, and in Sapphire keylockers (key locker), the decruption key of correspondence is stored as asset key (Asset Key).
No. 03102257.7 european patent application described and has been used to utilize the above-mentioned Sapphire system protection mechanism of mentioning to read disk player (disc player), record carrier and method with the protecting network data, and wherein network data is relevant with the data in being stored in record carrier.
Fig. 1 is the schematic block diagram that illustrates the system of the disk player, dish and the server that comprise No. 03102257.7 patented claim.The system of Fig. 1 comprises disk player 11, dish (disc) 12 and network element 13 (for example, server), shown in network element be used for providing the network data relevant with the dish data 122 that are stored in dish 12.This network element 13 is connected with disk player 11 via the internet.As being shown specifically among 2 figure, except that dish data 122, also store keylockers 121 on the dish 12.Fig. 2 shows the table that illustrates the keylockers content.In the Sapphire system, this keylockers 121 normally comprises the tables of four row, and four classify as: as the sign of the application program of disk player operation and be used to limit application program ID to the visit of keylockers subclass; Be used as with same key Asset ID (Asset ID) that encrypt and that have the sign of identical usufructuary (one group) file; As the asset key of decruption key, this key need be maintained secrecy to the public; And right character string (rightstring), it has undefined format and variable-length.In the system shown in Fig. 1, the right character string comprises the network identifier as the URL of network element 13, and comprises the asset key with the decruption key of doing network data is decrypted.
By prior art as can be seen, applying unit uses the decruption key identical with asset key that Web content is decrypted.Usually, applying unit is a hardware that is used for carrying out (software) application program, and this application program is similar to the situation of operating system of moving on computers (OS) or software.In this case, the application program of moving in the applying unit is open to attack/invasion, as the hacker software of operation is on computers done.Therefore, the access decryption key is relatively easy, and decruption key is used for Web content is decrypted by applying unit, and should maintain secrecy to the public, and prevents that key is disclosed.
Summary of the invention
Therefore, one object of the present invention is to provide a kind of system of encrypted content being provided and this content is decrypted by network of being used for, equipment and method, and it can reduce key possibility under attack effectively.
According to a first aspect of the invention, this purpose realizes the equipment that the encrypted content that receives via network is decrypted by a kind of being used for is provided, this equipment comprises: applying unit, be used for receiving first key of encrypted content and encryption via network, wherein first key is associated with the encryption of content, and the second special-purpose key is associated with the encryption of first key; And cipher key management unit, be used for obtaining the second special-purpose key, and utilize the second special-purpose key that first key of encrypting is decrypted, so that provide first key to come encrypted content is decrypted to applying unit from storage medium.
According to a second aspect of the invention, a kind of system of encrypted content being provided and this encrypted content being decrypted of being used to is provided, this system comprises the server that is used to provide encrypted content, be used for equipment and storage medium that encrypted content is decrypted, wherein, server also is set to comprise: receiver is used for from the equipment received content download request that is used to decipher; Generator is used for response request and generates first key; Encryption equipment is used to utilize first key to come content-encrypt so that encrypted content is provided, and utilizes the second special-purpose key to come first secret key encryption so that first key of encryption is provided; And transmitter, be used to send first key of encrypted content and encryption; And the equipment that is used for that encrypted content is decrypted also is set to comprise: applying unit, be used for receiving first key of encrypted content and encryption via network, wherein first key is associated with the encryption of content, and the second special-purpose key is associated with the encryption of first key; And cipher key management unit, be used for obtaining the second special-purpose key, and utilize the second special-purpose key that first key of encrypting is decrypted, so that provide first key so that encrypted content is decrypted to applying unit from storage medium.
According to a third aspect of the invention we, a kind of method that the content that receives via network is decrypted is provided, this method may further comprise the steps: first key that receives encrypted content and encryption via network, wherein first key is associated with the encryption of content, and the second special-purpose key is associated with the encryption of first key; From storage medium, obtain the second special-purpose key; And utilize the second special-purpose key that first key of encrypting is decrypted, so that provide first key so that encrypted content is decrypted to applying unit.
According to a forth aspect of the invention, a kind of computer program that the content that receives via network is decrypted is provided, this computer program comprises: first software section, be used for receiving first key of encrypted content and encryption via network, wherein first key is associated with the encryption of content, and the second special-purpose key is associated with the encryption of first key; Second software section is used for obtaining the second special-purpose key from storage medium, and utilizes the second special-purpose key that first key of encrypting is decrypted, so that provide first key so that encrypted content is decrypted to applying unit.
The applicant notices, cipher key management unit (for example, driver) is parts that use by equipment basically, consistance rule with himself (for example, the rule of abideing by the Sapphire system), and have interface between itself and the applying unit via secure authenticated channel (SAC), secure authenticated channel is pre-defined by the Sapphire system.Therefore, as the extremely difficult attack that is subjected to resembling applying unit takes place of the cipher key management unit of single parts.
According to decryption system of the present invention, equipment and method, second key (promptly, asset key) maintains secrecy to using the unit, applying unit only uses the response contents download request and first key that generates at random, and cipher key management unit is to know the only element of asset key, and this is more comparatively safe and more stable than applying unit.Given this, equipment of the present invention and method prevent that more effectively content protecting key (for example, asset key) is under attack.
Description of drawings
Referring now to accompanying drawing embodiments of the invention are discussed by way of example, wherein identical drawing reference numeral relates to identical part, and wherein:
Fig. 1 is the structural representation block diagram that illustrates the system that network data is decrypted according to prior art, and wherein system comprises disk player, server and record carrier;
Fig. 2 shows the table of the keylockers on the record carrier that is stored in Fig. 1;
Fig. 3 is the structural representation block diagram that illustrates the system that network data is decrypted according to first embodiment of the invention, and wherein system comprises disk player, server and record carrier; And
Fig. 4 is the structural representation block diagram that illustrates the system that network data is decrypted according to second embodiment of the invention, and wherein system comprises disk player, server and record carrier.
Embodiment
In Fig. 3, show according to first embodiment of the invention be used to provide network data and the structure of system that network data is decrypted.This system comprises the server 31 that is used to provide encrypted content, be used for disk player 32 that encrypted content is decrypted, and the dish 33 that is used to store keylockers 121 as shown in Figure 2 and coils data 122, wherein disk player 32 is connected with server 31 via network, and server is shared the relevant information that is stored in the keylockers on the dish.Server also comprises the receiver (not shown), be used for receiving the request of downloading the Web content relevant with the dish data from disk player, wherein preferably, on dish, stored under the situation of various dish application programs (for example a plurality of java application bag), this request comprises application program ID (for example, the application program ID 2 in the keylockers of Fig. 2); Generator 311 is used for generating password (pass phase) randomly in response to request; Encryption equipment 312, be used to utilize password that the Web content of being asked is encrypted, this Web content is stored in the content library 313, use then from dish cipher key shared case the asset key selected, asset key ASDF1234 in the keylockers for example shown in Figure 2, password encrypted (, below this asset key is called dedicated asset key (dedicated asset key) in order to distinguish the other assets key that is stored in the keylockers.Can also select this dedicated asset key that the password that other generate is at random encrypted); And transmitter, be used to send the password of encrypted content, encryption and the Asset ID that is associated with dedicated asset key, for example Asset ID among Fig. 2 80.
Disk player 32 comprises applying unit 321, is used to receive the encrypted content that comes from server 31, the password and the related Asset ID of encryption, and is used to utilize password that encrypted content is decrypted; Driver 322 is used for retrieving dedicated asset key according to the Asset ID of association from the keylockers 121 that is stored in dish 33, and utilizes dedicated asset key that the password of encrypting is decrypted, so that provide password to applying unit.
Applying unit 322 also comprises access element, is used to receive the encrypted content that comes from server, the password and the Asset ID of encryption, sends the password of encryption and the password of the deciphering that reception comes from driver to driver; And the deciphering element, be used to use the password of deciphering that encrypted content is decrypted.Driver 322 also comprises access element, is used for retrieving dedicated asset key according to Asset ID from the keylockers that is stored on the dish, and the password of deciphering is sent to applying unit via secure authenticated channel (SAC); And the deciphering element, the dedicated asset key that is used to utilize retrieval is decrypted the password of the encryption that receives from applying unit.
The process that the system of first embodiment of the invention provides network data and network data is decrypted will be described below:
At first, the access element of applying unit sends content download request to server.Then, server generates password randomly in response to this request.Here, content download request is optionally for the generative process of random password, and server can be that the basis generates password with time.Then, the server by utilizing password is encrypted the Web content of being asked, and utilizes dedicated asset key that password is encrypted.
To comprise that the password of Asset ID, encryption and the data of encrypted content send to applying unit, wherein the password with Asset ID and encryption sends to driver.Driver receives password and the Asset ID of encrypting from applying unit, then according to retrieving asset key the keylockers of Asset ID from dish.Then, the asset key of driver utilization retrieval is decrypted password, and sends the password of deciphering to applying unit via SAC.At last, applying unit uses the password of the deciphering that is sent by driver that encrypted content is decrypted.
From above description as can be seen, in the whole process that the content that receives via network is decrypted, applying unit is not directly to preserve and handle asset key.On the contrary, applying unit uses the password that generates at random that Web content is decrypted.Therefore, the possibility that can retrieve asset key from applying unit is zero basically.In addition, because the above embodiment of the present invention is not used the right character string field in the keylockers that is stored on the dish, so the row of right character string are empty.Whether use right character string field to depend on each application program.
Figure 4 illustrates according to second embodiment of the invention be used to provide network data and the structure of system that network data is decrypted.Difference between Fig. 3 and 4 the system is: the generator 311 of the applying unit 421 of Fig. 4 also generate meet the predefined data structure cycle tests (promptly, bit sequence), definition such as sequence length, certain bits, and applying unit 421 also comprises retrieve element, is used to deciphering element retrieve password so that Web content is decrypted.
To describe below according to process second embodiment of the invention, that network data is provided and network data is decrypted by the system of Fig. 4.
In Fig. 4, the access element of applying unit 421 sends content download request to server 31.Then, the generator 311 of server produces password and cycle tests randomly in response to this request.As mentioned above, this request is optionally for the generation of password, and generator can be that the basis generates data with time.The encryption element 312 of server utilizes the password that generates that the content that is stored in the content library 313 is encrypted, utilize dedicated asset key that password and cycle tests are encrypted then, this dedicated asset key is from electing the 33 cipher key shared case information with dish.The transmitter of server (not shown among Fig. 4) sends the password and the cycle tests of encrypted content, encryption to disk player 32.
The access element of the applying unit 421 of disk player is passed on password and the cycle tests of encrypting to driver 322.Read all asset key in the clauses and subclauses that are associated with application program ID the keylockers 121 of the access element of driver 322 on being stored in dish 33, and the asset key that is read comprises dedicated asset key, and this dedicated asset key is selected so that password and cycle tests are encrypted by server.Then, the deciphering element of driver utilizes each asset key that reads that password and cycle tests are decrypted, so as to applying unit 421 provide with respect to each asset key many to the deciphering password and cycle testss.The access element of applying unit 421 was received many passwords and cycle tests to deciphering from driver after, the retrieve element of applying unit 421 was retrieved the password and the cycle tests of a pair of deciphering, and wherein Xie Mi cycle tests meets predefined data structure.Then, the deciphering element of applying unit uses the password of retrieval that the encrypted content of receiving from server is decrypted.
That summarizes says, discloses to be used to provide network data and the system that network data is decrypted, equipment and method.It should be understood that those skilled in the art can make any modification, interpolation and additional to the present invention, these contents all fall within the protection domain that requires in the appended claims.
For instance, according to second embodiment, the encryption element of server 31 utilizes dedicated asset key that cycle tests is encrypted.Yet those skilled in the art can suspect encryption element and can also utilize password that cycle tests is encrypted.In this case, the deciphering element of driver 322 only utilizes each asset key that reads that the password of encrypting is decrypted, and the password of a plurality of deciphering is provided to the access element of applying unit 421.Then, the deciphering element of applying unit utilizes the password of each deciphering that the cycle tests of encrypting is decrypted, and provide many cycle tests and passwords to deciphering to retrieve element, so that retrieve the cycle tests and the password of a pair of deciphering, wherein cycle tests meets predefined data structure.Then, the password of the deciphering element utilization of applying unit retrieval is decrypted the encrypted content from downloaded.
In addition, in all embodiment of the present invention, by password Web content is encrypted, and password is encrypted by dedicated asset key.It will be understood by those skilled in the art that and to use any alternative to carry out encryption Web content and password.For example; Web content is not all to encrypt by content protecting key (for example dedicated asset key); and just part is encrypted; for example have only that file headers/important parameters/or specific part is encrypted; password not only comprises encrypted content protection key simultaneously, but also comprises that some shows the data which partial content is encrypted.
In addition, in an embodiment, being used for the equipment that network data is decrypted is disk player.Yet all those skilled in the art can be contemplated to other equipment, such as having the computing machine that is used to read the driver that is stored in the data on the storage medium.The cipher key management unit that the driver functions of disk player can also utilize compression to dodge card (for example smart card or usb memory stick) form realizes, perhaps utilizes the chip (chip on the so-called dish " Chip-in-Disc " technology) that is attached to record carrier to realize.
Claims (18)
1. one kind is used for equipment that the encrypted content that receives via network is decrypted, comprising:
Applying unit is used for receiving via described network first key of described encrypted content and encryption, and wherein said first key is associated with the encryption of described content, and the second special-purpose key is associated with the encryption of described first key; And
Cipher key management unit, be used for obtaining second key of described special use from storage medium, and second key that utilizes described special use is decrypted first key of described encryption, so that provide described first key that described encrypted content is decrypted to described applying unit.
2. equipment as claimed in claim 1, wherein said applying unit also are set to via described network reception hint.
3. equipment as claimed in claim 2, wherein said index are the data corresponding to second key of described special use.
4. equipment as claimed in claim 3, wherein said cipher key management unit also are set to retrieve from described storage medium according to described index second key of described special use.
5. equipment as claimed in claim 4, wherein said applying unit comprises:
First access element is used for receiving via described network first key and the described index of described encrypted content, described encryption, and first key and the described index of described encryption is transmitted to described cipher key management unit; And
The first deciphering element is used to utilize described first key that comes from described cipher key management unit that described encrypted content is decrypted.
6. equipment as claimed in claim 5, wherein said driver comprises:
Second access element is used for according to described index from the described private key of described storage medium retrieval;
The second deciphering element, second key that is used to utilize the described special use that comes from described second access element is decrypted first key of described encryption, and provides described first key to described second access element, so that it is transmitted to described applying unit.
7. equipment as claimed in claim 2, wherein said index is a ciphered data, the predefined data structure of this data fit.
8. equipment as claimed in claim 7, wherein said cipher key management unit also is set to read a plurality of second keys from described storage medium, wherein said a plurality of second key comprises second key of described special use, and utilize each described second key that first key and the described index of described encryption are decrypted, so that provide many to first key of deciphering and the index of deciphering.
9. equipment as claimed in claim 8, wherein said applying unit also is set to according to described predefined data structure, the index of a pair of deciphering of retrieval from described cipher key management unit and first key of deciphering, and utilizes first key of described retrieval that described encrypted content is decrypted.
10. equipment as claimed in claim 9, wherein said applying unit comprises:
First access element, be used for receiving first key and the described index of described encrypted content, described encryption via described network, first key and the described index of described encryption are transmitted to described cipher key management unit, and reception comes from the described many to the index of deciphering and first key of deciphering of described cipher key management unit; And
First retrieve element is used for retrieving the index of a pair of deciphering and first key of deciphering according to described predefined data structure; And
The first deciphering element is used to utilize first key of described retrieval that described encrypted content is decrypted.
11. as the equipment of claim 10, wherein said cipher key management unit comprises:
Second access element is used for reading a plurality of second keys from described storage medium; And
The second deciphering element, be used to utilize each first key of described a plurality of second keys to be decrypted to described encryption, and provide described many to first key of deciphering and the index of deciphering, so that it is transmitted to described applying unit to described second access element.
12. equipment as claimed in claim 7, wherein said applying unit also is set to utilize first key of the described a plurality of deciphering that come from the described cipher key management unit that described index is decrypted, so that provide many to the index of deciphering and first key of deciphering, retrieve the index of a pair of deciphering and first key of deciphering according to described predefined data structure, and utilize first key of described retrieval that described encrypted content is decrypted.
13. equipment as claimed in claim 12, wherein said applying unit comprises:
First access element, be used for receiving first key and the described index of described encrypted content, described encryption via described network, first key of described encryption is transmitted to described cipher key management unit, and receives first key of a plurality of deciphering that come from described cipher key management unit;
The first deciphering element is used to utilize first key of the described a plurality of deciphering that come from described cipher key management unit that described index is decrypted, so that provide many to the index of deciphering and first key of deciphering; And
First retrieve element is used for retrieving the index of a pair of deciphering and first key of deciphering according to described predefined data structure, so that the described first deciphering element utilizes first key of described retrieval that described encrypted content is decrypted.
14. equipment as claimed in claim 13, wherein said cipher key management unit comprises:
Second access element is used for reading described a plurality of second key from described storage medium; And
The second deciphering element is used to utilize each first key to described encryption of described a plurality of second keys to be decrypted, and provides first key of described a plurality of deciphering to described second access element, so that it is transmitted to described applying unit.
15. one kind is used for computer program that the encrypted content that receives via network is decrypted, comprises:
First software section is used for receiving via described network first key of described encrypted content and encryption, and wherein said first key is associated with the encryption of described content, and the second special-purpose key is associated with the encryption of described first key; And
Second software section, be used for obtaining second key of described special use from storage medium, and second key that utilizes described special use is decrypted first key of described encryption, so that provide described first key so that described encrypted content is decrypted to described applying unit.
16. record carrier that comprises computer program as claimed in claim 15.
17. one kind is used to the system that encrypted content is provided and described encrypted content is decrypted, and comprise the server that is used to provide described encrypted content, be used for equipment and storage medium that described encrypted content is decrypted, wherein,
Described server also comprises:
Receiver is used to receive the content download request from described decryption device;
Generator is used for generating first key in response to described request;
Encryption equipment is used to utilize described first key described content to be encrypted so that described encrypted content is provided, and utilizes the second special-purpose key described first key to be encrypted so that first key of encryption is provided; And
Transmitter is used to send first key of described encrypted content and described encryption; And
Described decryption device is as described in arbitrary claim among the claim 1-14.
18. the method that the encrypted content that receives via network is decrypted may further comprise the steps:
Receive first key of described encrypted content and encryption via described network, wherein said first key is associated with the encryption of described content, and the second special-purpose key is associated with the encryption of described first key;
Obtain second key of described special use from storage medium; And
Second key that utilizes described special use is decrypted first key of described encryption, so that provide described first key so that described encrypted content is decrypted to described applying unit.
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2004100557702A CN1728262A (en) | 2004-07-29 | 2004-07-29 | Systme, device and method of providing encryption content via network and decryption to such content |
EP05758468A EP1774696A1 (en) | 2004-07-29 | 2005-07-04 | Device and method for providing and decrypting encrypted network content using a key encryption key scheme |
PCT/IB2005/052205 WO2006013477A1 (en) | 2004-07-29 | 2005-07-04 | Device and method for providing and decrypting encrypted network content using a key encryption key scheme |
JP2007523180A JP2008508763A (en) | 2004-07-29 | 2005-07-04 | Apparatus and method for providing and decrypting network content encrypted using key encryption key scheme |
CNA2005800252586A CN1989728A (en) | 2004-07-29 | 2005-07-04 | System, device and method for providing encrypted content and decrypting said content by network |
KR1020077004468A KR20070039157A (en) | 2004-07-29 | 2005-07-04 | Device and method for providing and decrypting encrypted network content using a key encryption key scheme |
TW094123394A TW200704092A (en) | 2004-07-29 | 2005-07-11 | Device and method for providing and decrypting encrypted network content |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2004100557702A CN1728262A (en) | 2004-07-29 | 2004-07-29 | Systme, device and method of providing encryption content via network and decryption to such content |
Publications (1)
Publication Number | Publication Date |
---|---|
CN1728262A true CN1728262A (en) | 2006-02-01 |
Family
ID=34972552
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNA2004100557702A Pending CN1728262A (en) | 2004-07-29 | 2004-07-29 | Systme, device and method of providing encryption content via network and decryption to such content |
CNA2005800252586A Pending CN1989728A (en) | 2004-07-29 | 2005-07-04 | System, device and method for providing encrypted content and decrypting said content by network |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNA2005800252586A Pending CN1989728A (en) | 2004-07-29 | 2005-07-04 | System, device and method for providing encrypted content and decrypting said content by network |
Country Status (6)
Country | Link |
---|---|
EP (1) | EP1774696A1 (en) |
JP (1) | JP2008508763A (en) |
KR (1) | KR20070039157A (en) |
CN (2) | CN1728262A (en) |
TW (1) | TW200704092A (en) |
WO (1) | WO2006013477A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103856322A (en) * | 2012-11-28 | 2014-06-11 | 英飞凌科技股份有限公司 | Methods and systems for securely transferring embedded code and/or data designed for device to customer |
CN107534559A (en) * | 2015-04-07 | 2018-01-02 | Divx有限责任公司 | Use the dialogue-based watermark of the media content of stream of encrypted content |
CN109040107A (en) * | 2018-08-29 | 2018-12-18 | 百度在线网络技术(北京)有限公司 | Data processing method, server, unmanned equipment and readable storage medium storing program for executing |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105471832A (en) * | 2014-10-22 | 2016-04-06 | 航天恒星科技有限公司 | Processing method and device of IP packet in satellite communication |
CN105337954A (en) * | 2014-10-22 | 2016-02-17 | 航天恒星科技有限公司 | Method and device for encryption and decryption of IP message in satellite communication |
US10601588B2 (en) | 2014-11-18 | 2020-03-24 | Nokia Technologies Oy | Secure access to remote data |
DE102019212959B3 (en) * | 2019-08-28 | 2021-03-04 | Volkswagen Aktiengesellschaft | Method for protected communication between a vehicle and an external server, device for carrying out key derivation in the method and vehicle |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4078802B2 (en) * | 2000-12-26 | 2008-04-23 | ソニー株式会社 | Information processing system, information processing method, information processing apparatus, information recording medium, and program recording medium |
DE60202568T8 (en) * | 2001-08-08 | 2005-10-20 | Matsushita Electric Industrial Co., Ltd., Kadoma | Copyright protection system, recording device, and playback device |
EP1501304A1 (en) * | 2003-07-23 | 2005-01-26 | Axalto S.A. | Procedure for monitoring the usage of a broadcasted content |
-
2004
- 2004-07-29 CN CNA2004100557702A patent/CN1728262A/en active Pending
-
2005
- 2005-07-04 EP EP05758468A patent/EP1774696A1/en not_active Withdrawn
- 2005-07-04 CN CNA2005800252586A patent/CN1989728A/en active Pending
- 2005-07-04 JP JP2007523180A patent/JP2008508763A/en not_active Withdrawn
- 2005-07-04 KR KR1020077004468A patent/KR20070039157A/en not_active Application Discontinuation
- 2005-07-04 WO PCT/IB2005/052205 patent/WO2006013477A1/en active Application Filing
- 2005-07-11 TW TW094123394A patent/TW200704092A/en unknown
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103856322A (en) * | 2012-11-28 | 2014-06-11 | 英飞凌科技股份有限公司 | Methods and systems for securely transferring embedded code and/or data designed for device to customer |
CN103856322B (en) * | 2012-11-28 | 2018-09-14 | 英飞凌科技股份有限公司 | Method and system for the embedded code and/or data safety that are designed for equipment to be sent to client |
CN107534559A (en) * | 2015-04-07 | 2018-01-02 | Divx有限责任公司 | Use the dialogue-based watermark of the media content of stream of encrypted content |
CN107534559B (en) * | 2015-04-07 | 2019-06-04 | Divx公司 | The method of dialogue-based watermark for media content |
CN109040107A (en) * | 2018-08-29 | 2018-12-18 | 百度在线网络技术(北京)有限公司 | Data processing method, server, unmanned equipment and readable storage medium storing program for executing |
Also Published As
Publication number | Publication date |
---|---|
WO2006013477A1 (en) | 2006-02-09 |
TW200704092A (en) | 2007-01-16 |
EP1774696A1 (en) | 2007-04-18 |
JP2008508763A (en) | 2008-03-21 |
KR20070039157A (en) | 2007-04-11 |
CN1989728A (en) | 2007-06-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7155745B1 (en) | Data storage device provided with function for user's access right | |
US8694799B2 (en) | System and method for protection of content stored in a storage device | |
US20060149683A1 (en) | User terminal for receiving license | |
US20130346492A1 (en) | Content Reading System and Method | |
JP4167476B2 (en) | Data protection / storage method / server | |
CN1771487A (en) | Method and apparatus for limiting number of times contents can be accessed using hashing chain | |
CN1263305A (en) | Digital data file scrambler and its method | |
CN1820482A (en) | Method for generating and managing a local area network | |
CN1783102A (en) | Method and device for copy protection | |
EP1320796A2 (en) | Protect by data chunk address as encryption key | |
WO2009010985A2 (en) | Method and apparatus for securing data and communication | |
CN1989728A (en) | System, device and method for providing encrypted content and decrypting said content by network | |
CN101345624A (en) | Document access system and method | |
KR101036701B1 (en) | System for binding secrets to a computer system having tolerance for hardware changes | |
US8281155B1 (en) | Content protection using block reordering | |
JP2002539545A (en) | Anonymization method | |
Babatunde et al. | Information security in health care centre using cryptography and steganography | |
JP2009122731A (en) | System for safely transmitting and/or managing file | |
US20100293390A1 (en) | Secure movie download | |
CN1223946C (en) | Method for safety managing information of data base | |
CN1826569A (en) | Record carrier, read-out device and method for reading carrier data and network data | |
CN212969708U (en) | Campus network safety protection system | |
WO2004114122A2 (en) | Secure number generator and content distribution network employing the same | |
US20150371013A1 (en) | Method and system for locking content | |
JP6919484B2 (en) | Cryptographic communication method, cryptographic communication system, key issuing device, program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |